humble3d Posted December 1, 2016 Share Posted December 1, 2016 The FBI Can legally hack You... How The DOJ’s New Rules Mean The FBI Can Hack You The updated Rules of Criminal Procedure will help stop bad guys. But are they worth it? Nov 30, 2016 at 11:28 AM ET On Thursday, with little fanfare except outrage from tech-savvy activists, the rules for fighting online crime in the United States will change. The controversy is twofold. First, critics fear the rules themselves, while intended to help solve real issues that come with fighting internet crime, will open up a Pandora’s box of new authorities for federal law enforcement agencies, like the FBI, giving them vast new powers to hack individuals without an individual warrant and without much cause. Second, such a drastic expansion of legal powers usually is far more public, and comes either through a congressional bill or a president’s executive order. But these changes are simply handed down by the Department of Justice. The rules being expanded are called Rule 41, and the criticism is of the upcoming changes to them. Here, Vocativ breaks the issue down. What is Rule 41? It’s one of the 61 Federal Rules of Criminal Procedure, which are the guidelines for how the U.S. government conducts criminal investigations. Rule 41 is already a big one: It covers search and seizure, and how warrants are issued. For the most part, as the rules currently stand, warrants are issued for a given judicial district. If a crime is committed in the suburbs of Dallas, for example, a federal agent would probably go through the Northern District of Texas to get a warrant. The Department of Justice thinks the rules aren’t updated for the age of internet crimes, and wants to change them. It’s already gotten the Supreme Court’s blessing, but as critics are quick to note, it notably never had to pass through Congress. Why does the DOJ think a change is necessary? The internet makes some definitions, like the legal definition of location, extremely tricky. Online crimes don’t often fit neatly into geographical districts. Take the case of infamous neo-Nazi hacker Andrew “weev” Auernheimer, who figured out a vulnerability with certain iPads that made AT&T disclose customers’ personal information. After his conviction, an appeals court reviewed his case because it had been tried in the District Court of New Jersey. But the connection there was slim, and was based just on the fact that some of the victims were in that state. It would have made more sense to hold it in Arkansas, where weev was when he committed the crime, or in Texas or Georgia, the locations of the servers he exploited. An appeals court threw out his conviction over the venue, and weev walked free. Besides, any internet criminal worth their salt knows how to mask their location by, for instance, using the Tor browser to detour their internet connection around the world as they browse. There’s another issue, too. A number of online crimes capitalize on botnets, which are are coalitions of hacked computers that can be directed to act together. A botnet could easily include tens of thousands of computers, each conducting an identical criminal act, with at least one located in each of the 94 federal judicial districts in the country. So what would the DOJ’s Rule 41 changes do? They would let any magistrate judge issue search and seizure warrants for electronic media if it fits one of two qualifications. Either if the location of the information if “concealed through technological means,” or if it’s a hacking case that concerns computers in at least five districts. What’s wrong with that? Technology and privacy legal experts have raised a litany of potential problems with this. Groups like the Center for Democracy and Technology, Access Now, and the Electronic Frontier Foundation agree with the DOJ’s desire for updated rules, but fear they’re written without safeguards. One of their most fundamental concerns is defining just what it means to legally uncover a device that’s “concealed through technological means.” It’s true that any criminal worth their salt will probably use Tor, but so do millions of legit users, including dissenters in authoritarian countries, privacy advocates, and regular people who simply don’t like advertising their location to every website they visit. So how would, for example, the FBI determine who’s behind a given activity? By hacking them, most likely, after getting that warrant. Another is that not all districts are created equal. One theory for why prosecutors wanted to try weev in New Jersey — again, that seemingly arbitrary choice is why his case was thrown out — is because it’s a state where a misdemeanor hacking crime can be a felony if that hack is in furtherance of another crime. And many legal experts worry that if U.S. law enforcement is given warrants that allow them to hack anywhere, there will be no stopping them from hacking foreign targets with impunity. What about fighting botnets? With the proposed changes, federal agents could also obtain warrants for computers thought to be hacked. That’s by design, and on one hand, would definitely be a positive. Look, for example, at enormous botnets that can threaten the stability of some of the internet’s favorite sites. In October, an enormous botnet, made up largely of hacked Internet of Things devices, was used to crash a service fundamental to the operation of a lot of major sites, including LinkedIn, Reddit, and Twitter. That botnet singlehandedly largely slowed down much of the internet experience for hundreds of millions of people. If the FBI had been legally authorized to hack a number of those IoT devices to remove the malicious code that made them part of that botnet, the damage could have been mitigated. But there’s a drawback to that, too. By one estimate, 30 percent of computers are infected with some kind of malware. Does that mean they should all be fair game for law enforcement to hack in the case of a crime? The DOJ has defended itself here, with Assistant Attorney General Leslie Caldwell blogging Monday that those warrants would “typically, be done only to investigate the extent of the botnet.” But even though she admits that hacking botnets to return them to owners “could arguably involve conduct that would constitute a search and seizure” — meaning it would possibly violate the Fourth Amendment — Caldwell says that’s a different fight, and isn’t an issue of venue, which is what these changes would alter. What are people doing to stop Rule 41? Senator Ron Wyden (D-Oreg.), one of the most privacy- and cybersecurity-savvy members of Congress, has introduced a bill, called the Stop Mass Hacking Act, to delay the Rule 41 changes from taking place until April. A number of privacy advocates have launched campaigns, like Access’s No Global Warrants, which encourage people to call their representatives in Congress to support Wyden’s bill. But the SMH Act hasn’t gotten much attention in the Senate, and almost certainly won’t pass before Dec. 1. The rules will take effect Thursday as scheduled. But that doesn’t mean they’re permanent. A source on the Hill told Vocativ there was hope that the bill would fare better in 2017, with a new Congress. And as a Stanford Law School Center for Internet and Society analysis found, the rules will probably be readdressed: “Courts, Congress and the Administration will likely grapple with the substantive problems at some point down the road,” it found. Read more: https://www.law.cornell.edu/rules/frcrmp/rule_41 http://www.vocativ.com/379333/rule-41-how-the-dojs-new-rules-mean-the-fbi-can-hack-you/ Link to comment Share on other sites More sharing options...
steven36 Posted December 1, 2016 Share Posted December 1, 2016 Time to start installing os in a vm too access the internet so encase they send you 0 day malware you can delete the whole O/S and use more than one vpn . They just patched a exploit with java script in TOR browser/Firefox yesterday that Was in Firefox from v40-50 . No one is safe anymore Link to comment Share on other sites More sharing options...
steven36 Posted December 1, 2016 Share Posted December 1, 2016 Quote You can't hide from government hacking US law enforcement now has an easier legal path to hack into any computer, anywhere in the world. The FBI will now find it easier to hack your computer no matter where you are. A controversial shift in how judges issue search warrants can be thanked -- or blamed. The change, effective Thursday, affects Rule 41 of the Federal Rules of Criminal Procedure, which are proposed by the US Department of Justice and approved by the US Supreme Court. The change will allow federal investigators to seek permission from a magistrate judge in, say, Texas, to plant hacking software on a computer that's disguising its location. This form of government hacking is a tool that prosecutors have used to identify suspects in financial crimes and child porn cases, who typically use anonymizing tools to hide their computers' IP addresses. That makes them challenging to catch. The changes will also let investigators use a single warrant to access the computers of hacking victims in some cases. The Justice Department has called the change essential to fighting crime, but privacy advocates say it gives federal investigators too much power. Some lawmakers also chafed at the lack of public debate on the matter. On Wednesday, a group of US senators tried to introduce three separate bills that would have either stopped or stalled the rule change. The Senate didn't take up any of the proposed bills, allowing the change to take effect. "While the proposed changes are not necessarily bad or good, they are serious, and they present significant privacy concerns that warrant careful consideration and debate," Sen. Christopher Coons (D-Delaware) said on the Senate floor Wednesday. A procedural change or a surveillance boost? Susan Hennessey, a fellow at the Brookings Institution who previously worked as an attorney for the National Security Agency, said the change simply makes it possible for judges to consider these warrants. If there was no judge to consider the warrant, a given search would become impossible, she said. "It would be really absurd if individuals in the US were able to use technological means to immunize themselves from federal warrants," Hennessey said. But Andrew Crocker, a staff attorney at the privacy-oriented Electronic Frontier Foundation, said the change is more than procedural. "Realistically," he said, "a court is going to say, 'This is more authorized than before.'" Until now, some judges have refused to approve warrants that allow investigators to plant software on computers that could be anywhere -- Oregon, Maryland or Timbuktu. That uncertainty over location has caused these judges to question whether they have the authority to grant the warrant in the first place. Normally, magistrate judges can allow searches only within their jurisdictions; their authority ends at the border of their judicial district. Now the rules will clearly state they can consider these unique requests from investigators. Government was already hacking citizens It's hard to know how long law enforcement agencies have been hacking computers as part of their investigations, and even harder to know exactly what tools they've been using. But they are using them, according to a letter from US Assistant Attorney General Peter Kadzik. "The use of remote searches is not new, and warrants for remote searches are currently issued under Rule 41," Kadzik wrote earlier this month. Crocker estimates that the government has been hacking regular people's computers in the US for at least 15 years. But three recent government hacks have prompted public debate over whether the approach is allowed under federal rules -- and under the Constitution. The first two are investigations of visitors to sites that host child pornography. In one of those cases, investigators used a warrant to plant hacking software on more than 8,000 computers and launched more than 200 investigations based on the evidence they found. All those cases resulted in vastly different decisions from judges about whether, in retrospect, the single warrant was valid. In a third case, a magistrate judge in the Southern District of Texas refused to grant a warrant in an investigation of financial crimes because law enforcement didn't know where the suspects' computers were. Government hacking: Not just for bad guys Government investigators wouldn't just target criminal suspects with hacking software with warrants obtained under Rule 41. The rule changes also let investigators seek a single warrant to hack computers of hacking victims in their efforts to fight a particular kind of online menace: the botnet. Hackers cobble together networks of hacked computers to carry out nefarious tasks. Increasingly, these attacks are also targeting internet-connected devices we don't always think of as computers, such as security cameras. The rule changes would let government investigators get one warrant to hack all the computers in a botnet and potentially try to disable it. While that sounds like it could be a good thing, privacy advocates say it's a bridge too far for the government to access victim's computers without their consent or knowledge. It's also just strange to contemplate, said Jill Bronfman, a privacy law expert at UC Hastings College of the Law. Would some version of Microsoft's much-maligned Clippy appear in your screen, letting you know the government was at work on your computer offering unsolicited help? "We'll have to think of a good icon for this," Bronfman said. https://www.cnet.com/news/rule-41-you-cant-hide-from-government-hacking-warrant/ Link to comment Share on other sites More sharing options...
straycat19 Posted December 2, 2016 Share Posted December 2, 2016 On 12/1/2016 at 8:35 AM, humble3d said: It’s one of the 61 Federal Rules of Criminal Procedure Actually there are 62 Federal Rules of Criminal Procedure. Rule 62, not publicly published, basically states that if something doesn't fall under the first 61 rules then rule 62 will apply. This isn't unusual in the Federal Justice system. The US military lives by its own set of rules (called Articles) and this is known as Article 134 of the Uniform Code of Military Justice which states that if something doesn't fall under the first 133 Articles then 134 applies. Link to comment Share on other sites More sharing options...
humble3d Posted December 3, 2016 Author Share Posted December 3, 2016 Yes, in da hood, day calls it... THE UNITED STATES OF HYPOCRISY Link to comment Share on other sites More sharing options...
straycat19 Posted December 3, 2016 Share Posted December 3, 2016 We call da hood the modern version of a plantation, the largest plantation being Chicago. But, looking at the rule change from a neutral perspective, it makes sense. Cyber Crimes don't just occur in one jurisdiction so a judge only being able to order a search in his/her jurisdiction only makes absolutely no sense. Now a judge can order a search of any computer in the world if there exists credible evidence that it participated in the crime. Link to comment Share on other sites More sharing options...
steven36 Posted December 4, 2016 Share Posted December 4, 2016 21 hours ago, humble3d said: Yes, in da hood, day calls it... THE UNITED STATES OF HYPOCRISY It's not just the USA other countries are worse even It stared with China they have laws to put back doors in software China Wants Source Codes And Back Doors; US Tech Firms Fight Back http://www.universityherald.com/articles/53114/20161203/china-wants-source-codes-and-back-doors-us-tech-firms-fight-back-video.htm UKs new bill Snooper's charter' bill becomes law, extending UK state surveillance https://www.theguardian.com/world/2016/nov/29/snoopers-charter-bill-becomes-law-extending-uk-state-surveillance Russia got new data retention laws. Russia’s Scary New Internet Data Retention Law https://www.goldenfrog.com/blog/russias-scary-new-internet-data-retention-law Now Canada wants back doors in software and in encryption . Canada Wants Software Backdoors, Mandatory Decryption Capability And Records Storage http://www.tomshardware.com/news/canada-software-encryption-backdoors-feedback,33131.html Privacy on the internet died in the USA with the Patriot ACT after 9-11 the only thing that changed is now they do in you're face instead of hiding it because of Snowden forced them to admit to it . It would not mater if this never happened they would still be doing it . Would you rather believe a lie and them hiding the truth from you and doing it any way or them telling you the truth ? The FBI has been spying on people every since existed and because of Sonwden they now admit to it and had to pass laws to make it legal They always done it. . Quote AntiProtonBoy The problem here is that the issue of privacy is more complicated than it seems on the surface. The bad consequences of buying poisoned meat is quite immediate. Whereas privacy is quite abstract in sense where prying is done, which is out of sight and out of mind in most cases. When people access the internet at home, they are still under the illusion that their activities are happening in private. As long as that illusion remains, implications of systematic spying will be never fully understood, and thus motivation for change will remain practically non-existent. It's hard to explain a typical Facebook user the scale and severity of their privacy violation that is happening on some hidden back-end server. Quote windpinball I just love these "we're very concerned about the loss of privacy!" tech-blog articles that try to load tracking javascript from ten different domains. hajaha ! :most of the sites were you read these articles will have some journalist acting he cares about you're privacy and the site be full of spying trackers and ads if they cared about privacy they would start a clean website to post on . P Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.