US law enforcement is known for entrapment tactics, and the secrecy around a recent terrorism case is suspicious
A high-level conspiracy of silence surrounding a US terrorism prosecution raises serious questions over whether the FBI possesses technological means to bypass dark web user anonymity, or alternatively manages extremist group recruitment sites in secret, in order to entrap unsuspecting visitors.
US citizen Muhammed Momtaz Al-Azhari was charged in May 2020 with attempting to provide material support to ISIS. He came to the attention of the FBI due to a series of visits he made to a dark web site, which hosts "unofficial propaganda and photographs related to ISIS" in May 2019.
The Bureau pinpointed specific pages of the site Al-Azhari perused including sections on making donations, ISIS media assets, photos and videos, and stories of military operations allegedly conducted by ISIS fighters in Iraq, Syria, and Nigeria. These actions were linked to him directly by uncovering his IP address, and therefore his identity and location.
Al-Azhari accessed the site via the TOR browser, which theoretically provides anonymity to users, and makes it difficult if not impossible for a site's owner or external prying eyes to track visitor IPs. A recent court filing by Al-Azhari's lawyers reveals that's precisely what the FBI did though and exactly how they achieved this is being withheld by government decree.
"[Using TOR] onion-like layers of additional IP addresses prevent the true IP address of the user from being visible like it would typically be on a clear-web site," the filing states. "However, as the government's complaint affidavit indicates, the government was able to bypass TOR's protections to identify the IP address of the visitor to the ISIS website. In discovery, the government has declined to provide any information related to its TOR operation."
Al-Azhari's legal team attempted to compel the US government to disclose the method by which the FBI unearthed his IP address, but authorities without explanation requested the prosecuting Court treat their formal request as a "highly sensitive document." This is a file containing "sensitive or confidential information that may be of interest to the intelligence service of a hostile foreign government and whose use or disclosure by a hostile foreign government would likely cause significant harm."
While the filing records that "few documents" filed in US courts ever qualify as "highly sensitive," the government's request was granted, again without any explanation. However, the filing hints at a possible explanation chanced upon by Al-Azhari's lawyers.
In researching how to legally compel the government to release details of their client's identification, they discovered "at least two federal cases" in which authorities blocked disclosure of similar information on the grounds "network investigative techniques" - a euphemism for hacking - were used by investigators.
The filing suggests these techniques might have been one of the ways in which the FBI "may have bypassed TOR's protections in the operation," and determined Al-Azhari's IP address. The FBI's use of "network investigative techniques" is well-known and openly admitted. Yet, the "highly sensitive document" designation is, the lawyers acknowledge, only employed "when necessary to protect highly classified or highly confidential information."
The filing suggests this means the FBI is attempting to classify publicly-available information as "top secret", but another interpretation is the FBI could be actively running the website Al-Azhari visited for the purposes of entrapment. How the FBI uses "network investigative techniques" was revealed in a 2016 affidavit, related to an extraordinary Bureau operation that ensnared the users of Playpen, then one of the largest child porn sites on the dark web.
A year earlier, the FBI seized Playpen's servers, and indicted its founder and owner, but kept the site operating from government servers rather than closing it, installing tracking viruses on the computer of each and every visitor. Then, with just one search warrant, they were able to hand over the locations of Playpen's users across the US, leading to their mass arrest.
While it only remained open for two weeks after the FBI's takeover, it's estimated the Bureau distributed over one million images of child abuse during this time, and the affidavit indicates Playpen was just one of 23 child porn sites where it had the ability to identify users. Cybersecurity researchers believe it to be "a pretty reasonable assumption" that this figure meant the FBI was running around half of the dark web's child porn sites at the time.
This led University of Kansas law scholar Corey Rayburn Yung to argue the FBI had "actively participated in the revictimization of those depicted in child pornography,"and the operation was "immoral and inexcusable," particularly given that there was no control over whether the material was then sold and/or shared again once downloaded. While no one at the Bureau was ever penalized, let alone prosecuted, for the ruse, it created a large number of prosecutorial issues in other ways for the Department of Justice.
While the FBI accumulated 1,300 separate IP addresses through its management of Playpen, less than 100 cases actually made it to court. Judges in several US states ruled the operation was absolutely illegal, and the evidence gathered on suspects was inadmissible. In one successful trial, despite the defendant being convicted of grave crimes, the presiding justice condemned the Bureau's "outrageous" tactic of using "child victims as bait."
To say the least, the FBI would have every interest in concealing its deployment of the same highly controversial and likely criminal strategy from the public, its targets, and their legal teams to catch terror suspects. Alternatively, it could be the case that the Bureau has developed an entirely new technology for deanonymizing dark web users it does not want the world to know about.
In June 2021, the FBI achieved perhaps the biggest, most elaborate and successful sting in its history, which resulted in over 500 arrests all over the globe. The Bureau pulled off this coup by setting up a front company, ANOM, which sold encrypted devices that were marketed to criminals as unbreakable by any law enforcement entity or security or intelligence agency.
Over 12,000 ANOM devices were sold to over 300 criminal syndicates operating in over 100 countries. Little did the users know that every message they sent and received was stored, making a very simple matter of tracking the movements and activities of, and building cases against, major drug traffickers and mafia clans.
This is particularly relevant given that European and North American sanctions on Russia have forced millions of people all over the world to turn to the dark web to use the internet as normal, and many of the tools being promoted to people to circumvent these measures in the mainstream, such as Psiphon VPN, are quietly funded by the US intelligence community, and only provide users privacy from their own governments.