Judge Rules FBI Must Reveal Malware It Used to Hack Over 1,000 Computers by Joseph Cox.
From the post:
On Wednesday, a judge ruled that defense lawyers in an FBI child pornography case must be provided with all of the code used to hack their client’s computer.
When asked whether the code would include the exploit used to bypass the security features of the Tor Browser, Colin Fieman, a federal public defender working on the case, told Motherboard in an email, simply, “Everything.”
“The declaration from our code expert was quite specific and comprehensive, and the order encompasses everything he identified,” he continued.
Fieman is defending Jay Michaud, a Vancouver public schools administration worker. Michaud was arrested after the FBI seized ‘Playpen’, a highly popular child pornography site on the dark web, and then deployed a network investigative technique (NIT)—the agency’s term for a hacking tool.
This NIT grabbed suspects’ real IP address, MAC address, and pieces of other technical information, and sent them to a government controlled server.
The case has drawn widespread attention from civil liberties activists because, from all accounts, one warrant was used to hack the computers of unknown suspects all over the world. On top of this, the defense has argued that because the FBI kept the dark web site running in order to deploy the NIT, that the agency, in effect, distributed child pornography. Last month, a judge ruled that the FBI’s actions did not constitute “outrageous conduct.”
…
If that sounds like a victory for those trying to protect users from government overreaching, consider the Department of Justice response to questions about the ruling:
…
“The court has granted the defense’s third motion to compel, subject to the terms of the protective order currently in place,” Carr wrote to Motherboard in an email.
I’m just guessing but I suspect “…the terms of the protective order currently in place,…” means that post-arrest the public may find out about the FBI hack but not before.