The FBI hacked computers in more than a hundred countries in 2015, and it turns out one of those was Russia.
The Daily Beast reported on Wednesday that an operation aimed at taking down a child porn ring included hacking into Russian computers.
The operation was first disclosed last year by Vice, which found out that the FBI had hacked into more than 8,000 computers in 120 countries but didn't name the countries. The FBI had permission from a court to proceed with the hacking, which used a type of software called a network investigative technique to track computers that accessed a child pornography site.
In addition to Russia, the Daily Beast said, computers in Iran and China had been hit.
The FBI had taken over a child pornography website, Playpen, and proceeded to add the software to the site in an attempt to track all of its users. Because of the way the software was implanted, the FBI would not have known what countries would get hit by it n advance.
Megan Stifel, a senior fellow at the Atlantic Council who previously worked as an attorney in the Department of Justice's national security division, said at times it is not feasible to work with difficult countries on law enforcement issues such as this one.
"We've gone to the Russian prosecutors and said can you help us with this investigation, and years later the individual becomes a source for the Russian government," she said. "It's not to say that we need to have a new global treaty around cyber crime. We're not going to get any better than we have."
Stifel said the U.S. has fairly strict limitations on when law enforcement may use software bugs to break into computers, but other countries without such protections could be a problem. Russia in particular has used the justification of attempting to crack down on child pornography as a means to limit freedom of expression, according to several human rights groups.
"The challenge is what happens when China or Russia want to do the same thing under the guise of law enforcement activity," she said. "We have a challenge in communicating what happened in this case. What happened in this case is that the prosecutors gathered evidence, put it before a court and asked if they could do it. The court said yes."
The technique that the FBI used is also fairly similar to some those used by commercial sites to keep track of users, meaning there is little potential for the software to run rampant and do something like shut down a hospital.
The U.S. has been careful to differentiate between military hacking and other types of computer attacks used for law enforcement or espionage. Not every country is as careful with making distinctions.
