How did the feds acquire all those MegaUpload conversations? There are hints that the FBI managed to place government-issued spyware on the defendants' computers.
One of the most curious aspects of the U.S. government's case against MegaUpload is the large number of the company's internal communications acquired by the FBI.
In one exchange, MegaUpload managers fretted via Skype IM chat in 2007 that founder Kim Dotcom wasn't "safe with his money" and "the current situation is a bit risky," according to documents U.S. authorities filed with a New Zealand court this month as part of their criminal pursuit of the embattled cyberlocker service.
While it's still not clear how federal investigators gained access to the conversations of founder Kim DotCom and other top managers, there are hints that the FBI managed to place government-issued spyware on the defendants' computers.
The FBI cites alleged conversations between DotCom and his top lieutenants, including e-mail and Skype instant-messaging logs. Some of the records go back nearly five years, to MegaUpload's earliest days as a cyberlocker service--even though Skype says "IM history messages will be stored for a maximum of 30 days" and the criminal investigation didn't begin until a few months ago.
Sources told CNET yesterday that Skype, the Internet phone service now owned by Microsoft, was not asked by the feds to turn over information and was not served with legal process.
The U.S. Department of Justice told CNET that it obtained a judge's approval before securing the correspondence, which wouldn't have been necessary in the case of an informant. "Electronic evidence was obtained though search warrants, which are reviewed and approved by a U.S. court," a spokesman for the U.S. Attorney for the Eastern District of Virginia said.
In 2007, the FBI obtained court approval to implant spyware called CIPAV on a suspect's computer, which transmitted to government computers an ongoing log of the user's outbound connections. Documents obtained by CNET through the Freedom of Information Act in 2009 show that CIPAV has been used in investigations designed to nab extortionists, database-deleting hackers, child molesters, and hitmen.
Skype saves chat records with contacts in a directory on the local hard drive, which could be accessed by FBI-planted spyware.
It's not only the FBI that uses spyware to intercept communications. Last fall, the Chaos Computer Club discovered that German police were using spyware that could activate the suspect's microphone and webcam.
The MegaUpload indictment is unusually long and detailed, weighing in at over 70 pages, and was drafted last year. U.S. officials filed additional documents with the New Zealand court during DotCom's bail hearing. DotCom (aka Kim Schmitz) wasn't arrested in New Zealand until January 19. Yesterday MegaUpload users learned that their data would not be deleted for at least two weeks.
The feds allege that DotCom and six other MegaUpload employees enabled millions of people to use the company's cyberlockers to store pirated TV shows and films and then share them with each other without compensating creators. The government accuses MegaUpload's administrators of pocketing millions and has charged them with money laundering, racketeering, and piracy.
Ira Rothken, MegaUpload's attorney, declined to comment yesterday about how his client's internal documents were obtained by the government, but said the government's "allegations are flimsy under the law."
On January 19, New Zealand police raided the home of DotCom in a rural area outside of Auckland. The U.S. government is seeking to extradite DotCom; a local judge denied bail and an extradition hearing is scheduled for February 22.