The FBI is offering the world a dangerous example by illegally breaking into computers beyond its jurisdiction, opening the US to widespread hacking attacks from outside its borders.
The Federal Bureau of Investigations, hacking computers all over the world in their never ending stated quest to eradicate child pornography, finds their clumsy methods backfire on a regular basis when it comes to countries with which the US has unnecessarily poor relations, including Russia, Iran and China, according to the Daily Beast.
When the FBI conducted its 2015 Operation Pacifier — aimed at tracking visitors to child porn website ‘the Playpen,’ the agency deployed malware on the website that spread to computers around the world. The FBI then blindly broke into any and every infected computer it could identify, without knowing its country of origin or whether or not it was suspected of any crime.
The FBI reportedly hacked over 8,000 computers in 120 countries, according to the Daily Beast, severely overstepping the boundaries of the agency’s US-only jurisdiction. Aside from damaging diplomatic ties, the actions raised the likelihood of those affected countries hacking computers on US soil in return, experts warn.
According to Scarlet Kim, legal officer at UK-based activist group Privacy International, which has closely followed the FBI’s inept and arguably illegal global hacking operation, the agency’s actions are “essentially opening the door for other countries to unilaterally hack devices located in the US in the law-enforcement context.”
Hacking computers may provide the FBI with personal information from IP address to personal files. What’s worse, the agency’s clumsy malware attack does not tell a victim that it is a criminal investigation. A victim of the FBI hack will simply see the malware and its connection to a US government agency — and anyone would assume that it is software being used for the purpose of spying.
“Those risks are especially potent in the hacking context because the identity of the attacker and the purpose of the hack may not be immediately clear,” Kim said.
The FBI annoyed Russian networks and security experts in 2002, after the agency hacked several Russian computers to gather evidence on a cybercrime case.
“We conducted the hack and collection and notified the Russian authorities; only to be notified that arrest warrants had been issued for the agents involved for hacking a Russian computer system,” said E.J. Hilbert, a former FBI special agent who worked on that case.
According to Ahmed Ghappour of the Boston University School of Law, international hacking is not yet legally codified. There are no internationally acclaimed norms of conduct, therefore the FBI’s actions create a dangerous precedent.
“Without the articulation of specific norms on when, how, and who law-enforcement actors should be permitted to hack, cross-border cyberoperations that are attributed to US law enforcement may send unintended signals to other states,” he said.
Collin Anderson, a cybersecurity researcher, echoed the concerns:
“The true risk is how the FBI’s procedures and communications about their use of malware creates international norms that are adopted by countries where rule of law is weak,” he told the Daily Beast.