FBI refuses to release Tor exploit details, evidence thrown out of court

tor-evidence-fbi-court-case.jpgSymantec

The FBI’s refusal to release the full details of an exploit used against the Tor network to track alleged paedophiles has resulted in evidence against a user being thrown out of court.

The court overseeing the case of Jay Michaud, an alleged visitor to a dark web domain hosting child pornography, ruled that evidence gathered by the FBI tracking the Vancouver school administrator cannot be used as the legal grounding for the evidence is in question.

In February 2015, visitors to a website on the dark web called Playpen which hosted child pornography were unaware that for a number of weeks, the FBI had seized the forum and domain’s servers. Traffic to the domain was rerouted through to servers controlled by the FBI and warrants were issued allowing law enforcement to track viewers.

One of these warrants allowed US investigators to use a Network Investigative Technique (NIT) to compromise Tor and track these visitors. The Tor network is an anti-surveillance platform which uses nodes and relays to cover your tracks and online activity and is also a prerequisite for visiting ‘dark web’ .onion websites, which are not indexed by standard, ‘clear web’ search engines such as Google or Bing.

Although little is known about the NIT, it was able to spy on targets, gather information including IP addresses and MAC addresses — details which should have been shrouded by Tor — as well as download malware onto suspect PCs.

However, the FBI has refused to reveal the full source code of the exploit in court, and so a thorny legal debate has occurred.

In March, the FBI was asked to release the full exploit code to security expert Vlad Tsyrklevich, who is part of Michaud’s defense in order to ascertain whether the use of the NIT was within the warrant’s boundaries.

As reported by The Register, the FBI refused to do so, and so the defense lawyers have moved to have the case dismissed.

In an order on Wednesday (.PDF), US District Judge Robert Bryan refused to dismiss the case but has dismissed the evidence. The order states:

“For the reasons stated orally on the record, evidence of the NIT, the search warrant issued based on the NIT, and the fruits of that warrant should be excluded and should not be offered in evidence at trial. The court should not now order dismissal.”

There are 1,200 cases pending against alleged visitors to the website and the formal refusal of evidence gained by tracking these visitors could destroy the FBI’s hopes of winning these cases. Without being able to submit evidence that each defendant viewed or downloaded child abuse images, many — if not all — of these cases are at risk of collapse.

In April, Massachusetts District Court Judge William Young decreed the use of the exploit was no more than a “warrantless search,” as in at least one of these outstanding cases — against Alex Levin — the NIT warrant was issued by a magistrate without the authority to do so, and while NITs are “legitimate law enforcement tools,” without the right paperwork, use of them are not acceptable.

More security news

Read on: Top picks