Industry News

US Judge: Hacking into Suspects’ Computers is a No-No

The FBI’s petition to plant spyware on suspects’ computers to harvest information helpful for an investigation has been dismissed by a judge in the U.S. District Court for the Southern District of Texas.

The petition was sent in March, when the FBI sought a warrant to search a computer of an unknown suspect at an unknown location, in relation to e-banking fraud.

According to Computerworld, the software would disclose the location of the device, take snapshots of the suspects using the device via the webcam and exfiltrate browsing activity, firewall logs, caches, cookies, bookmarks and search queries.

U.S. Magistrate Judge Stephen Smith dismissed the request in a 13-page ruling this week, as this type of search would be “overly intrusive and infringing on Fourth Amendment protections against unreasonable search.”

In between snapping photographs, the government will have real time access to the camera’s video feed. That amounts to video surveillance,” ruled the judge.

Another reason for dismissing the petition was that IP addresses can be easily spoofed, so the FBI could end up investigating an innocent user. Jurisdiction was also a key concern, as the computer could be located anywhere, even outside the jurisdiction of the United States.

Government espionage for crime investigation has gained a lot of traction lately. A number of governments, including repressive regimes, are known to use cyber-surveillance solutions such as the FinFisher (FinSpy) to monitor citizens’ online behavior and information exchange.


About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment
  • don’t get it,
    they have an ip, but can’t find a physical address for it … weird
    if that ip was a proxy/vpn/etc. for traffic tunneling i presume that they should ask for connection/trafic logs not for permission to install a keylogger/info-stealer… weird again

    • If a connection is mobile (i.e. 3G modem), they probably can’t track it via IP2Geo services and – most likely – need to subpoena the ISP to silently pass a Trojan to the target as it exchanges data with the rest of the Internet.

      Tracking an IP, even if it sounds pretty much doable, may provide highly difficult in real time.

      • let’s say you are a bad guy and i am from fbi, and want to catch you :))
        what i know about you: in day 30 feb 2013,hour 05:39:17 you had ip x.y.z.q

        Step I: use ip2geo and find your Country + Internet provider
        By low, all isp have to keep user logs(when user connect and disconnect) 6 month
        Step II: i go to judge and take papers, go to isp and tell them i want to know what user had ip x.y.z.q in 30 feb 2013; 05:39:17 they will have to search in db logs and tell me you name, address, phone number, bills etc

        After dissecting the problem i think i get it: Mobile Connection via prepay card,
        isp can know only the area from where you connect, phone number &modem model, but not exactly the place and who you are

        • Exactly. One just has to buy a data SIM in cash, insert it into a 3G / LTE modem and that’s that. Plus the fact that they are also interested in exfiltrating HDD data and take headshots of the device owner plus accomplices.

          Although coarse location (obtained via cell triangulation) would allow the mobile ISP to pinpoint the user within one kilometer or less.

  • Thank you U.S. Magistrate Judge Stephen Smith! It’s good to see that the courts aren’t letting all our rights go down the tubes. I hate bad guys as much as the next guy, but trying to infect unknown computers/devices at unknown locations belonging to unknown people (possibly victims themselves) is just wrong!

    The idea that the IP address can be spoofed is silly. A machine cannot use a TCP connection over a spoofed IP address. A machine can’t really do much of anything with a spoofed IP address except SEND IP packets.

    Maybe they were thinking of VPNs and/or tunnels, but that is completely different from spoofing. And if the machine in question is using some form of VPN or tunnel, then machine is probably a zombie or bot, and the owner is an innocent victim as well. Or it’s an anonymizing service that can be legally queried (via appropriate channels) for the information about its customers.

    Even with an IP address, don’t think that IP2Geo is going to give you very accurate results? My own Class C network shows up 1000’s of miles away from where the IPs are actually located (as has for years!).

    “Take snapshots”? Really? You don’t think if the bad guy is sitting there at the computer, he/she won’t see the little light on the camera flash on and off? This bad guy is smart enough to commit acts that draw the attention of law enforcement, yet he/she won’t realize something is up with his camera light activates randomly?