#1 US says it can hack into foreign servers without warrants
Posted: Tue Oct 07, 2014 5:47 pm
Now, I have no real remorse for Mr. Ulbrecht's fate. However, the methods used by the FBI to bring him to justice seem... legally murky, at best.arstechnica.com wrote:The US government may hack into servers outside the country without a warrant, the Justice Department said in a new legal filling in the ongoing prosecution of Ross Ulbricht. The government believes that Ulbricht is the operator of the Silk Road illicit drug website.
Monday's filing in New York federal court centers on the legal brouhaha of how the government found the Silk Road servers in Iceland. Ulbricht said last week that the government's position—that a leaky CAPTCHA on the site's login led them to the IP address—was "implausible" and that the government (perhaps the National Security Agency) may have unlawfully hacked into the site to discover its whereabouts.
Assistant US Attorney Serrin Turner countered (PDF).
"In any event, even if the FBI had somehow 'hacked' into the SR Server in order to identify its IP address, such an investigative measure would not have run afoul of the Fourth Amendment," Turner wrote. "Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise."
Turner added, "Given that the SR Server was hosting a blatantly criminal website, it would have been reasonable for the FBI to 'hack' into it in order to search it, as any such 'hack' would simply have constituted a search of foreign property known to contain criminal evidence, for which a warrant was not necessary."
The prosecution's papers were in response to Ulbricht's defense team crying foul on the government's explanation of how they discovered the servers. Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page. That raises the question of how the authorities obtained the IP address and located the servers.
"Thus, the leaky CAPTCHA story is full of holes," said Nicholas Weaver, a University of California, Berkeley computer scientist who analyzed traffic logs the government submitted as part of the case.
The authorities also disputed assertions that they found the servers through illegal wiretapping.
"However, no wiretap of any kind was used in the FBI’s investigation—let alone any wiretap intercepting Ulbricht’s communications," Turner wrote. "Indeed, Ulbricht did not even become a suspect in the FBI’s investigation until well after the SR Server was searched. Hence, no information collected from or about Ulbricht, through a wiretap or otherwise, was ever used to locate the SR Server."
The underground drug website Silk Road was shuttered last year as part of a federal raid, and it was only accessible through the anonymizing tool Tor. The government alleges that Ulbricht, as Dread Pirate Roberts, "reaped commissions worth tens of millions of dollars” through his role as the site's leader. Trial is set for next month. Ulbricht has pleaded not guilty.