According to a plea agreement, filed on April 28, 2017, Clinton Scott Bass of Georgia (US) tried in a first time to purchase a car bomb. The man, who was using two different pseudo names, contacted an undercover FBI agent on a darknet marketplace.
Later on, the man decided to acquire a mail bomb from the undercover officer. The agent agreed to sell the explosive to the suspect who paid $550 in digital currency, likely Bitcoin or Monero.
“He was keen, at first, to buy a car bomb that would explode as soon as the vehicle’s door was opened or closed. But he then decided he wanted a mail bomb, which would go off on being opened.” reported Thomas Fox-Brewster from Forbes.
“The undercover agent agreed to sell him a bomb, which was in fact inert and delivered to an address provided by one of Bass’ monikers, who paid $550 in virtual currency for the service. Hidden in the fake explosive, however, was a location tracker.”
The police sent an inert device to the address provided by the suspect, they have also hidden a location tracker in the pack.
The location tracker allowed the agents to discover the real Bass’s target, they tracked the pack discovering that is was sent to someone in Hahira, Georgia on the morning of April 27, then Feds arrested the man.
Bass used an email address at the temporary mail provider Guerilla Mail while communicating with the undercover agent. The defendant used the email address to receive instructions from the vendor on how to use the mail bomb.
The FBI sent a phishing message to the Guerilla Mail address used by Bass in an attempt to locate him (i.e. tracking his IP address). The message included a weaponized attached document, which, once opened, would send target information to the FBI’s server. The FBI used the Network Investigative Technique (NIT), a method used by Feds in many other cases and that was questioned by privacy advocates that consider it a tool for dragnet surveillance.
“The message included a document, which, once opened, would send that identifying data to an FBI server, somehow overcoming the IP-masking provided by Tor. A separate document indicated the government also installed what’s known as a pen-trap tool to record all the information coming from the hack.” continues Fox Brewster.
An executed warrant document reported that the FBI retrieved 19 different IP addresses in the investigation by using the NIT, likely because the suspect was using a VPN service and the Tor network to mask his IP address. It is not clear is the NIT was useful to track the man.
Experts and privacy advocated consider legitimate the NIT usage in the specific case, it was a targeted attack that not impacted other individuals, such as the case of a watering hole attack.
“The way I see it is, the FBI has to do something to catch criminals, and at least in this case they didn’t resort to draconian methods such as mass surveillance without a warrant,” Flashmob, the administrator of Guerilla Mail, told the media. “Instead, they used a simple procedure with a warrant that doesn’t need much technical ability,”
The Electronic Frontier Foundation (EFF) security researcher Cooper Quintin also confirmed that the FBI’s phishing in the current case was legitimate.
But what makes this hack unique is that it appears to be the first public example of the FBI legally using a controversial update to the Rule 41 , that allows searches on users of anonymizing services, including the Tor network.
Anyway, there is an element of concern about the Bass case, authorities used “Stingray” technology to spy on the suspect and track his movements,
Bass pleaded guilty in April to charges of attempting to receive and transport explosive materials with the intent to kill, injure or intimidate. The man risks 120 months in prison, the trial will be held on July 12.
[ad rotate banner=”9″]
(Security Affairs – DarkWeb Black Market, FBI)