The FBI can hack too.
The Wall Street Journal reports that based on court documents and interviews with people involved with federal agencies, law enforcement officials in the U.S. are resorting to tools typically used by hackers to gather information on suspects. Use of these tools under court order has grown as suspects look for new ways to communicate including various types of chat and encryption tools.
Sources said that the FBI has been developing its own hacking tools for more than a decade, but also purchases them from the private sector. One such tool allows the agency to remotely activate microphones on Android-based devices to record conversations. This same tool can also remotely access the microphone of a laptop to record conversations unknowing by the device owner.
A former U.S. official told the paper that the FBI typically doesn't resort to hacking tools unless it involves organized crime, child pornography or counterterrorism. The agency also doesn't use hacking tools when investigating an actual hacker for fear that the suspect will make the technique public knowledge. The FBI rarely discloses its techniques publicly in legal cases, the paper said.
Court documents reportedly show that a federal warrant application in a Texas-based identity-theft case asked the court permission to use software to secretly take photos using a computer's camera and extract files. The judge denied the application, wanting to know exactly how the files would be extracted without exposing information on innocent people.
The paper also said that the FBI has been using "web bugs" since at least 2005 to gather a computer's IP address, a list of programs running and other data. The agency has also been hiring people with hacking skills, and purchasing hacking tools when other surveillance methods don't work.
Christopher Soghoian, principal technologist at the American Civil Liberties Union, indicated that local cops are going to hack into surveillance targets whether it’s a legit method or not. He also said that more information about the practice is now slipping out because there's a growing industry of selling hacking tools to law enforcement. There are even posts and resumes on social networks in which people talk about helping the FBI with surveillance while employed with private companies. Keeping the hacking activities secret is seemingly no longer possible.
Naturally a search warrant is required to gain access to content stored on a suspect's computer. But software that remotely gathers only Internet metadata (IP addresses, email header) can do so under a court with a lower standard because authorities are not actually touching the suspect's property. Thus many officials manage to install surveillance tools remotely by sending the suspect a document or link that loads the software in the background. Secretly gaining physical access to the computer and loading software via a USB drive is also another common practice.
Sources told the paper that the FBI has controls to ensure that only relevant data is obtained. To read the full report, head here.