A U.S. government contract website that is supposed to show the public what agencies are spending money on is quietly removing listings detailing the FBI's purchase of hacking tools and other products, Motherboard has found.
In March, Motherboard reported that the FBI paid anti-child predator charity The Innocent Lives Foundation $250,000 for a set of network investigative techniques, the Department of Justice's overarching term for hacking tools. Motherboard discovered the sale due to a listing on the Federal Procurement Data System (FPDS), a site for searching U.S. government purchases. In a phone call with Motherboard at the time, Chris Hadnagy, CEO of the charity, said that the listing included his personal information.
The listing is no longer available on the FPDS. Hadnagy did not respond to an emailed question asking if he requested the removal.
Another FBI contract has disappeared from FPDS recently. This one involves cryptocurrency exchange Coinbase, which also sells an analytics product. While Motherboard previously viewed the relevant listing on the FPDS, it is no longer available.
Do you know about any other hacking tools the U.S. government is buying? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
Some of the removals are likely due to a legitimate concern of private individuals unknowingly having their phone numbers or other personal information posted to the contracting sites and asking for that to be removed. But instead of just deleting or altering that data, the site is removing the listings in their entirety, meaning that the government is ultimately being less transparent around technologies it is purchasing.
"Transparency of federal spending ensures that taxpayer dollars are spent wisely. While there are timing delays and completeness problems with federal spending data, the public deserves to see what the federal government is buying and for how much, and Congress should be enhancing spending transparency laws so that we have a more complete picture," Scott Amey, general counsel at watchdog group the Project on Government Oversight, told Motherboard in an email.
Coinbase told Motherboard that a party acting on the company's behalf did reach out to Tech Inquiry, a site that mirrors the FPDS data, about exposed personal information. Jack Poulson who runs Tech Inquiry showed Motherboard emails related to this request. Coinbase said it did not know if it asked FPDS for a removal as well.
"Our client, Coinbase, has discovered an incorrect phone number being displayed on the following URL," an email from cybersecurity firm RiskIQ to Poulson reads.
The FBI and the General Services Administration (GSA) which maintains the FPDS declined to comment.
Subscribe to our new cybersecurity podcast, CYBER.