The FBI paid a non-profit organization focused on unmasking child predators $250,000 for access to a series of hacking tools, according to public procurement records viewed by Motherboard.
The news provides more insight into how the FBI obtains some of its hacking tools, or so-called network investigative techniques (NITs). The contract also highlights the close relationship between private parties and the FBI when hacking suspects. Facebook, for example, previously bought a hacking tool for the FBI to use to unmask one of the social network's users who was aggressively targeting minors on the platform.
The procurement record says the FBI's Child Exploitation Operational Unit (CEOU) is "purchasing a set of NITs." The contract dates from June 2020.
The NITs "have been demonstrated for OTD and CEOU and which have the capability, if activated, of providing the true internet address of the subject," the product description continues, referring to the Operational Technology Division, a part of the FBI that carries out hacking operations. The latter half of the product description is cut-off, but reads in part "of providing the true internet address of the subject even when hidden behi," presumably referring to whether the target is behind a proxy or anonymization network.
Do you produce NITs for the government? Do you know someone who does? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
The non-profit that the FBI paid for the NITs is called the Innocent Lives Foundation (ILF).
"We unmask anonymous child predators to help bring them to justice," the organization's website reads. "We use Open Source Intelligence Gathering (OSINT) methods to identify child predators. Once we have gathered the appropriate amount of information to confirm the identification of the predator, that file is then submitted to law enforcement," the website continues.
The ILF includes a board of directors, various corporate roles such as a Chief Operating Officer, and a number of volunteers who are accepted by invitation only, the website reads. In 2019, hacking conference DerbyCon selected the ILF as one of the featured non-profits of the conference, and provided the charity with more than $25,800 in donations, the ILF website adds.
U.S. law enforcement's umbrella term of network investigative technique has previously encompassed a wide range of different technologies and approaches. In some investigations NIT has referred to a booby-trapped Word document that once opened phoned home to an FBI controlled server, revealing the recipient's IP address. At the higher end, the FBI has deployed non-public exploits that break through the security protections of the Tor Browser.
In a phone call with Motherboard, Chris Hadnagy, founder, executive director, and board member of the ILF declined to specify what sort of tool the NITs were, nor whether the charity developed the NITs itself or sourced them from another party.
At one point a company that sources zero-day exploits and then sells them to governments offered $80,000 for an attack targeting Firefox, which the Tor Browser is based on. That company, Exodus Intelligence, later provided a Firefox exploit to an offensive customer; a law enforcement agency deployed it to visitors of a dark web child abuse site, Motherboard previously reported.
Law enforcement agencies have used NITs to investigate financially-motivated crime, bomb threats, and hackers. Most prolifically, the FBI has deployed NITs in child abuse investigations, particularly on the dark web. Among other large scale cases, in 2015 the FBI hacked over 8,000 computers in 120 countries based on one warrant. Some judges threw out evidence in subsequent cases as they ruled that the judge who signed the warrant did not have the authority to do so. The campaign, dubbed Operation Pacifier, led to the arrest of 55 hands-on-abusers and 26 producers of child pornography, as well as recovering 351 children, according to a report from the Department of Justice Office of the Inspector General.
The report also mentioned how between 2012 and 2017 the FBI’s Remote Operations Unit, which is part of the OTD, was largely responsible for the development and deployment of dark web solutions.
"However, over the past 2 years, its dark web role has eroded due to budget decreases and an increased prioritization on tools for national security investigations. This has resulted in the operational units seeking tools useful to dark web investigations independently without a mechanism to share the product of their efforts," the report added.
The FBI declined to comment.
Update: This piece has been updated with a response from the FBI.
Subscribe to our cybersecurity podcast CYBER, here.