An unknown group of ransomware hackers crippled federal domestic spying efforts in February. The effects are being described as temporary but significant. A computer network operated by the Technical Operations Group, which is nestled within the U.S. Marshals Service, was infiltrated a full ten weeks ago and still isn’t fixed. The feds can finally talk about it because they came up with a set of “workarounds” and are already back in business. As reported by the Washington Post, the past two-and-a-half months have been sheer misery for frustrated spooks.
Spying on cellphones crippled
Spying on American citizens is generally frowned upon but that doesn’t stop the federal government from doing it. Some elite federal spooks who specialize in digital operations were disconcerted to find themselves in the role of victim, when they got hit by a ransomware attack.
One “that has frustrated efforts by senior officials to get the system back up and running.” It also raises “concerns about how to secure critical crime-fighting operations.”
Cellphones are everywhere. Almost, but not quite, everyone has them. Everyone but those who know how evil they can be. The Marshals’ Technical Operations Group is described as “a secretive arm within the agency that uses technically sophisticated law enforcement methods to track criminal suspects through their cellphones, emails and web usage.” In other words, spying on American citizens.
“The computer network was operated by the Marshals’ Technical Operations Group (TOG)”
Key law enforcement computers still down 10 weeks after breachhttps://t.co/frPXCnjmtI
— GS-59 (@GS5913) May 1, 2023
The term “criminal suspects” is frequently claimed to include journalists and politically vocal social media posters. Big Brother doesn’t like his dirty laundry out there in the wind. “Its techniques are kept secret to prolong their usefulness, and exactly what members of the unit do and how they do it is a mystery even to some of their fellow Marshals personnel.”
One thing they do is put “dirtboxes” or “stingrays” in Piper Archer aircraft and fly them in regular surveillance patterns, spying on everyone within electronic line of sight. No warrant necessary. Despite the secrecy, “with more than two dozen offices in the United States and Mexico, the Technical Operations Group also operates airplanes in a smaller number of U.S. cities as part of its cellphone tracking work.”
According to Orin Kerr, a law professor at the University of California at Berkeley who specializes in criminal procedure and privacy, it’s “a way to track cellphones, and it’s a way to track account usage.” They don’t track the actual messages “that people are sending, but the information about them, which is helpful to finding them.” That’s how down in Texas they recently ended up surrounding a killer’s phone while he got away clean.
Breached since February
Everything was moving along just fine for the spying crews until a day in early February when the whole computer froze and demanded heavy bitcoin to start working again. “A system that handles a vast amount of court-approved tracking of cellphone data, including location data, had been compromised.”
They make sure to include that phrase “court-approved” to make it seem less sinister. Those orders are handed out for the asking. They go for the location data because getting the actual messages means actually proving to a judge it’s necessary for an ongoing investigation.
It’s a mixed blessing for the spying marshals that the network which was hacked wasn’t hooked up to the rest of the DOJ. “In the case of the TOG system, the network has existed outside regular Justice Department computer systems for years, unnoticed in the open, crowded internet.” Until now.
The computer network was operated by the Marshals' Technical Operations Group (TOG), a secretive arm within the agency that uses technically sophisticated law enforcement methods to track criminal suspects through their cellphones, emails and web usage.https://t.co/PuwTd7xnei
— Stars and Stripes (@starsandstripes) May 2, 2023
They refused to pay the terrorist ransom and shut it down cold. It was time for an upgrade anyway. Even so, the users were freaking out. “To limit the potential spread of infected devices and systems, officials decided to wipe the cellphones of those who worked in the hacked system — clearing out their contacts and emails.”
Even worse, the “action was taken with little advance notice on a Friday night, meaning some employees were caught by surprise.” One staffer “was working the security detail for a Supreme Court justice when the person discovered their device had been wiped of data.” That’s a little alarming. “While the phone still worked, the person had no emails or contacts.” Suck it up cupcake, you’re supposed to be a pro, the spying honchos replied. “Marshals still carry their two-way radios.”
That’s because they know exactly how easy it is to compromise a cellphone. The privacy expert has an afterthought to add. There’s “another reason for concern beyond the system shutdown.” Big Brother is a hoarder. “What happens after the government gets this information is also important. Part of this story is about how the system they created was vulnerable and all this information was available to someone else.” China maybe?
