Google Notifies People Targeted by Secret FBI Investigation

Dozens of people reported receiving an email from Google revealing a potential FBI investigation into people who purchased malware.

|
Sep 4 2018, 6:22pm

Image: Shutterstock

At least dozens of people have received an email from Google informing them that the internet giant responded to a request from the FBI demanding the release of user data, according to several people who claimed to have received the email. The email did not specify whether Google released the requested data to the FBI.

The unusual notice appears to be related to the case of Colton Grubbs, one of the creators of LuminosityLink, a $40 remote access tool (or RAT), that was marketed to hack and control computers remotely. Grubs pleaded guilty last year to creating and distributing the hacking tool to hundreds of people.

Several people on Reddit, Twitter, and on HackForums, a popular forum where criminals and cybersecurity enthusiast discuss and sometimes share hacking tools, reported receiving the email.

A copy of the email, posted by a Reddit user.

“Google received and responded to legal process issue by Federal Bureau of Investigation (Eastern District of Kentucky) compelling the release of information related to your Google account,” the email read, according to multiple reports from people who claimed to have received it.

The email included a legal process number. When Motherboard searched for it within PACER, the US government’s database for court cases documents, it showed that it was part of a case that’s still under seal.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

Despite the lack of details in the email, as well as the fact that the case is still under seal, it appears the case is related to LuminosityLink. Several people who claimed to have received the notice said they purchased the software. Moreover, Grubbs’ case was investigated by the same district mentioned in the Google notice.

Luca Bongiorni, a security researcher who received the email, said he used LuminosityLink for work, and only with his own computer and virtual machines.

The FBI declined to comment. Google did not respond to a request for comment. Lawyers that specialize in cybercrime told me that it’s not unusual for Google to disclose law enforcement requests when it is allowed to.

Read more: The SIM Hijackers

“It looks to me like the court initially ordered Google not to disclose the existence of the info demand, so Google was legally prohibited from notifying the user. Then the nondisclosure order was lifted, so Google notified the user. There's nothing unusual about that per se,” Marcia Hoffman, a lawyer who specializes in cybercrime, told Motherboard in an online chat. “It's common when law enforcement is seeking info during an ongoing investigation and doesn't want to tip off the target(s).”

What may be unusual and controversial is for the FBI to try to unmask everyone who purchased software that may not necessarily be considered illegal.

“If one is just buying a tool that enables this kind of capability to remotely access a computer, you might be a good guy or you might be a bad guy,” Gabriel Ramsey, a lawyer who specializes in internet and cybersecurity law, told Motherboard in a phone call. “I can imagine a scenario where that kind of request reaches—for good or bad—accounts of both type of purchasers.”

Solve Motherboard’s weekly, internet-themed crossword puzzle: Solve the Internet.