Playpen: FBI repeatedly hacked computers in Russia, China and Iran raising 'hack-back' concerns
The FBI's investigation into child pornography involved the agency hacking targets in hostile nations.
The FBI's infamous investigation into dark web child pornography website Playpen involved the agency hacking into thousands of computers across the globe. New court documents reveal that the agency also repeatedly hacked devices of targets located in hostile nations, including Russia, China and Iran. The revelations have raised concerns about the FBI's hacking possibly opening doors for foreign nations to hack US targets as part of their criminal investigations.
The FBI seized Playpen's servers after uncovering that the dark web site's administrators were running the site from within the US. Instead of shutting down the site, the agency decided to keep it running for nearly a fortnight. Within this timeframe, the FBI deployed its internal malware NIT (Network Investigative Technique) to hack Playpen's visitors and gather data, particularly the users' IP addresses.
In total, the agency hacked around 8,000 computers in over 120 countries. The Playpen operation resulted in hundreds of arrests.
But experts now reportedly fear that the FBI's decision to break into devices of targets located in foreign nations may result in similar "hack-back" attacks on US citizens.
The FBI's hacking operation could be "essentially opening the door for other countries to unilaterally hack devices located in the US in the law-enforcement context," Scarlet Kim, legal officer at Privacy International told The Daily Beast.
The UK-based privacy advocacy group is among several others who has been following the Playpen operation and has filed briefs in a court case against the agency. The appeals case – US vs Tippens – saw David Tippens' lawyer push back against FBI's hacking after a judge sentenced the defendant based on evidence from the agency's Playpen operation.
Experts fear the geopolitical firestorm the FBI's hacking operation may cause. "Without the articulation of specific norms on when, how and who law enforcement actors should be permitted to hack, cross-border cyber operations that are attributed to US law enforcement agencies may send unintended signals to other states," Ahmed Ghappour, an associate professor at Boston University School of Law, told The Daily Beast.
"It's unlikely that the FBI hacking, especially against an individual and where it doesn't lead to destruction, would prompt further deterioration in US-Iran relations," Ghappour added. "The true risk is how the FBI's procedures and communications about their use of malware creates international norms that are adopted by countries where the rule of law is weak."