The Code the FBI Used To Wiretap the World (vice.com) 39
The FBI operation in which the agency intercepted messages from thousands of encrypted phones around the world was powered by cobbled together code. From a report: Motherboard has obtained that code and is now publishing sections of it that show how the FBI was able to create its honeypot. The code shows that the messages were secretly duplicated and sent to a "ghost" contact that was hidden from the users' contact lists. This ghost user, in a way, was the FBI and its law enforcement partners, reading over the shoulder of organized criminals as they talked to each other.
Last year, the FBI and its international partners announced Operation Trojan Shield, in which the FBI secretly ran an encrypted phone company called Anom for years and used it to hoover up tens of millions of messages from Anom users. Anom was marketed to criminals, and ended up in the hands of over 300 criminal syndicates worldwide. The landmark operation has led to more than 1,000 arrests including alleged top tier drug traffickers and massive seizures of weapons, cash, narcotics, and luxury cars. Motherboard has obtained this underlying code of the Anom app and is now publishing sections of it due to the public interest in understanding how law enforcement agencies are tackling the so-called Going Dark problem, where criminals use encryption to keep their communications out of the hands of the authorities. The code provides greater insight into the hurried nature of its development, the freely available online tools that Anom's developers copied for their own purposes, and how the relevant section of code copied the messages as part of one of the largest law enforcement operations ever.
Last year, the FBI and its international partners announced Operation Trojan Shield, in which the FBI secretly ran an encrypted phone company called Anom for years and used it to hoover up tens of millions of messages from Anom users. Anom was marketed to criminals, and ended up in the hands of over 300 criminal syndicates worldwide. The landmark operation has led to more than 1,000 arrests including alleged top tier drug traffickers and massive seizures of weapons, cash, narcotics, and luxury cars. Motherboard has obtained this underlying code of the Anom app and is now publishing sections of it due to the public interest in understanding how law enforcement agencies are tackling the so-called Going Dark problem, where criminals use encryption to keep their communications out of the hands of the authorities. The code provides greater insight into the hurried nature of its development, the freely available online tools that Anom's developers copied for their own purposes, and how the relevant section of code copied the messages as part of one of the largest law enforcement operations ever.
Re: (Score:2, Insightful)
Somewhere, someone once had a thought about doing something inappropriate to a child. We should probably just have all our brains hooked directly into a scanner so that they can deprogram the wrong-think from the source.
they are everywhere (Score:3, Insightful)
Re: (Score:3, Informative)
The feds are essentially black hat hackers.
Abusing exploits for their own purposes instead of reporting/fixing them.
Re: (Score:3)
The FBI has plenty of complaints about criminals going dark/using the darkweb. You can see the code in TOR/TAILS and many have conducted code reviews on the software. What special sauce do you think the FBI has that magically subverts encryption?
Re: (Score:1)
"What special sauce do you think the FBI has that magically subverts encryption?"
the keys
Not all algo have a secret key. (Score:3)
the keys
Tor does NOT run on Dual_EC_DRBG [wikipedia.org], just FYI.
Re: they are everywhere (Score:5, Insightful)
How do you explain to a millennial why the East German surveillance state was so bad? The US is a thousand times worse than any other regime in history - including China.
Um, the problem with East Germany wasn't the quality or volume of intel the Stasi collected, it was the whole state of fear, imprisoning dissidents, and hunting down people that fled part.
Or the re-education camps and imprisoning of dissidents that China does.
But the Intel apparatus is the problem, not the totally fucked authoritarian state behind it?
How in the FUCK can you be that dense?
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2, Insightful)
Interesting idea, got any proof beyond unhinged conspiracy theories?
I mean I might see they could have a leg to stand on under their obligations to share information on serial killers but if its only defined as such in one jurisdiction then it seems like quite the stretch. It seems unlikely the feds will get involved unless there is some legislation first.
Re: (Score:2)
Interesting idea, got any proof beyond unhinged conspiracy theories?
NSA willing to accept culpability for informing the FBI? That seems entirely unlikely not just hinge-free.
Simple Complex (Score:2)
Another fine example of a simple solution where it would have been easy to do something quite complicated. Can anyone tell me why those variables are named the way they are? Or did someone find and replace to obfuscate?
Re: (Score:3)
Can anyone tell me why those variables are named the way they are?
The code was decompiled from an APK file, which generated meaningless variable names. The variables in the article were manually renamed from their decompiled names to something meaningful to humans.
Forgive my naivete but (Score:1)
What business does the FBI have wiretapping the world? Isn't that the NSA and the CIA's job? I thought the FBI concerned itself with domestic tyranny rather than foreign.
Re: (Score:2)
No one is ever held accountable for wrongdoing so why not?
Re: Forgive my naivete but (Score:5, Insightful)
FBI can investigate crimes internationally when it is related to crimes committed in US jurisdictions or when US citizens and companies are the victims. When you consider the criminal support services (banking, technologies, hacking, communications, law evasion, etc) almost any domestic criminal operation will have some international ties worthy of investigation. Furthermore, CIA and NSA are intelligence organizations, not law enforcement. They do not investigate crimes for the purposes of prosecuting criminals and they are unlikely to share their information for those purposes as it would compromise their classified tools and operatives used for collecting said information.
Re: (Score:1, Troll)
Okay. I'll ask my question again then: what business does the FBI have wiretapping the world? Is that what's required to investigate crime nowadays, wherever it may take place?
The NSA and the CIA do it because they're essentially lawless organization with a black budgets and zero oversight. And if you're dumb enough to believe it, total information awareness is essential to the pursuit of gathering intelligence in order to protect Americans. Probably. Possibly.
But certainly none of that applies to the FBI.
Re: Forgive my naivete but (Score:4, Informative)
Nope. The NSA deals with cryptography [nsa.gov]:
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) insights and cybersecurity products and services and enables computer network operations to gain a decisive advantage for the nation and our allies. Throughout the site, NSA/CSS will be referred to collectively as NSA.
Central Security Service provides timely and accurate cryptologic support, knowledge, and assistance to the military cryptologic community, while promoting partnership between the NSA and the cryptologic elements of the Armed Forces.
The CIA collects intelligence and provides information [cia.gov] to elected leaders and, when directed, takes action. They do not do law enforcement:
To stop threats before they happen and further U.S. national security objectives, we:
Collect foreign intelligence;
Produce objective analysis; and
Conduct covert action, as directed by the president.
We do not make policy or policy recommendations. Instead, our Agency serves as an independent source of information for people who do.
We are not a law enforcement organization. However, we do work with the Intelligence Community, Department of Defense, and law enforcement agencies on many complex issues ranging from counterintelligence to counterterrorism.
Meanwhile, the FBI investigates [fbi.gov] all federal crimes not assigned to another agency as well as threats to national security. They are also chartered to take action as needed.
Re: (Score:2)
https://fortune.com/2022/02/11... [fortune.com]
The CIA is doing plenty of their own wiretapping.
Re: Forgive my naivete but (Score:2)
Re: (Score:2)
You missed the word "law" in "law enforcement". They don't do "law enforcement".
When you negate a compound noun (e.g. "not law enforcement") the negation applies to that entire compound noun. You can't draw any meaningful conclusion about negating any one part of that compound noun by itself. For example, if you point to a liquid and say "not ginger ale" it just means the liquid isn't "ginger ale". It does not mean the liquid is not an ale at all, or doesn't have ginger in it at all. It could be a pale ale,
Re: (Score:2)
Re: (Score:2)
The FBI is a law enforcement agency. Law enforcement is not a euphemism, it's a well-defined activity. It involves finding people who did something illegal and to correct that situation. Sometimes it's a traffic ticket. Sometimes it's an arrest. It can involve wiretapping and searching. Any organized group of people needs law enforcement for the laws of the group. The FBI is there to enforce the laws of the United States.
The CIA is, as the name plainly says,
Re: Forgive my naivete but (Score:5, Insightful)
When every criminal organization at scale is using international banking to hide their money, international supply chains for hardware like skimming devices, international communications for routing call center scams, international employees to write malware and hacking tools, etc, then yes, there is justification for the FBI to conduct international investigations. Organized crime rarely stops at borders.
And the FBI didn't "wiretap the world". They didn't slip malware into everyone's iPhones and Androids. They created a targeted honeypot device especially tantalizing to criminals and it worked exactly as intended.
Re: (Score:3)
Wait till they learn about Monero...
Re: Forgive my naivete but (Score:2)
This program wasn't designed to catch the smart criminals, just the lazy ones.
Even Monero can be somewhat deanonymized by monitoring the exchanges. At some point criminals want to turn it into a usable currency.
Let me pose a difficult question: (Score:1, Troll)
1. Any US company that's motivated enough can collect it
2. Any foreign company that's motivated enough can collect it
3. China can.
4. Russia can.
5. Israel can.
6. *insert name of most other countries here* can
So. Do we want our government to be blind to this information? I realize that a lot of people will say "hell yes". However, please keep
Re: (Score:2)
Re: (Score:2)
1. Companies keep figuring out ways to circumvent privacy protections and harvest data at massive scale.
2. Go
Same tatics different platform (Score:3)
The very exact tactic is used by a lot of online scammers these days. Once a bad actor has gained access to an email account, they often create mail processing rules that bcc all messages to another account. Since these rules are created server side and many times they try to hide the rules with empty spaces or other hard to see characters that many users do not see them. Since the rules section is also something very little users look at/manage on the daily, many times these rules remain in the system for long periods of time.