Why the FBI Can't Hack a Bank Hacker
CREDIT: Shutterstock: Tankist27i6
When it comes to hackers, turnabout is apparently not fair play. A federal judge has denied the FBI's request to install software on a suspected bank hacker's computer that would grant it access to the user's files, location and even his webcam.
The judge explained that such an installation could exceed search and seizure limitations, and might even be unconstitutional. The FBI has been tracking the suspect since early 2013, but its search has yielded precious few results.
The judge's response to the warrant request details a John Doe in Texas who found that a hacker had acquired his email credentials. From there, the malefactor used Doe's email to access his financial information and transfer a considerable amount of money into a foreign bank account.
Had the warrant been approved, the FBI would, if successful, gain access to the suspect's Internet history, online bookmarks, bank records, identifying personal information and the program(s) he used to scam Doe.
Stephen W. Smith, the judge who considered and ultimately denied the warrant request, acknowledged that the FBI's request was perfectly valid under Rule 41. This search-and-seizure statute allows a judge to grant a search warrant to agencies investigating either crime or terrorism within or outside the United States.
Smith considered two major factors in his decision: territoriality and constitutionality. "[Rule 41] sets out five alternative territorial limits on a magistrate judge's authority to issue a warrant," wrote Smith in his decision. "The [FBI's] application does not satisfy any of them."
Even though the crime took place within his district, Smith ruled that issuing a warrant to search for a perpetrator in a foreign country was beyond the scope of his court. Furthermore, Smith decided that the suspected criminal constitutes a "transient target," which could grant the FBI incredible leeway to search personal property across a huge swath of foreign territory within a warrant's constraints. [See also: 9 Safe Ways to Bank Online With Your Smartphone]
The Fourth Amendment, which protects citizens against unreasonable searches, also factors into Smith's decision. Despite the fact that the suspect is, in all likelihood, not an American, Smith believed that the FBI may have to invade a number of intermediary computers before finding the right one.
"It is not unusual for those engaged in illegal computer activity to 'spoof' Internet Protocol addresses as a way of disguising their actual on-line presence," wrote Smith. "The [FBI's] application offers nothing but indirect and conclusory assurance that its search technique will avoid infecting innocent computers or devices."
For what it's worth, Smith did call the request "novel" and asserted that "such a potent investigative technique [could] be authorized under Rule 41" and "there may well be a good reason to update the territorial limits of that rule."
Nevertheless, as it stands, hacking the hackers is a no-go.