The incident came to light last week after the indictment of two Russians on charges of breaking into the networks of banks, Internet service providers and other companies. While the charges were somewhat routine, the methods the FBI used to nab the pair were novel and potentially worrisome, said security experts.
According to court documents filed in the case, the FBI and US Department of Justice lured two suspected Russian hackers to Seattle with job offers at a fictitious security company. After monitoring the duo's connection to two servers in Russia, the FBI used the suspects' passwords to download incriminating data from those servers.
The tactic is likely to be challenged in court; if it is deemed lawful, the precedent could allow law enforcement and intelligence communities free rein to hack foreign computers. In addition, such a ruling could provide a legal loophole for other countries to break into US-based computers in search of data that could aid their own investigations.
"It's extremely dangerous just to throw the door open--it will be a free-for-all," said Jennifer Granick, clinical director for the Stanford University Center for Internet and Society. "It won't just be individuals (hacking each other). It will be corporate espionage."
Although US officials downplay the incident, some legal experts fear that this first publicly acknowledged government "hack" could spark a rash of indiscriminate, international hacking by individuals, foreign governments and corporations.
In this case, the FBI was determined to obtain the Russian-based information before it could be deleted.
On November 10, FBI agents and officials from the Department of Justice nabbed two suspected Russian hackers after luring the duo to the United States with employment offers for a mythical security company, Invita.
Details of the case became public after the suspects were indicted early in April.
