Australian Law Enforcement Hacked US Users' Computers During Child Porn Investigation

Thanks to the internet, more law enforcement agencies are exceeding jurisdictional limitations than ever before. The FBI's Network Investigative Technique (NIT) -- deployed during a child porn investigation to strip Tor users of their anonymity -- travelled all over the United States and the world beyond. IP addresses and computer information harvested by the FBI were turned over to Europol and details obtained by Motherboard suggested at least 50 computers in Austria alone had been compromised by the FBI's hacking.

Rule 41 imposes jurisdictional limitations on the FBI's hacking attempts -- something the DOJ is trying (and succeeding, so far) to have changed. But the hacking goes both ways. Not only does the FBI go cruising past US borders while tracking down Tor users accessing seized child porn servers, but law enforcement agencies in other countries are doing the same thing -- and raising the same questions.

Australian authorities hacked Tor users in the US as part of a child pornography investigation, Motherboard has learned.

[...]

In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address.

"I think that's problematic, because they've got no jurisdiction," Greg Barns, an Australian barrister who practices criminal and human rights law who's also a former national president of the Australian Lawyers Alliance, told Motherboard in a phone call.

It might be problematic, but no one seems all that interested in doing anything about it. No defendants garner less sympathy than those viewing child pornography, and law enforcement partnerships fighting the problem span the globe. No law enforcement agency is going to turn down child porn tips from another agency -- no matter where that agency is located or how it obtained this information.

The issues raised by these extraterritorial searches are likely to only be addressed (inconsistently) by local courts. Legislators aren't interested in restricting the pursuit of child pornographers, and as long as cases are handled locally and setting aside any chances of extradition demands, there's really no compelling reason for them to head off these abuses before they get worse.

The technique deployed by Australian law enforcement does raise a few questions of its own, though. It appears the agency deployed a phishing attack that prompted recipients to click a malicious link that phoned home with user info. The link, though, turned the agency into an actual distributor of child porn, rather than the more passive technique the FBI used when it took over hosting duties for a few weeks after seizing a child porn site's server.

Details on how exactly this was achieved are limited, but according to a court document from another case, "When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video file from an external website. If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file."

The file was configured in such a way as to route the target's traffic outside of the Tor network, the document explains.

Seems like a somewhat dubious use of law enforcement resources, but considering undercover officers are able to distribute other contraband (like drugs) in sting operations, it's likely this child porn distribution will be viewed as a lawful part of the agency's investigation.