DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets

Written by
Apr 8, 2022 | CYBERSCOOP

The notion that citizens are protected from unreasonable search and seizure is a bedrock legal principle: A court must issue a search warrant before police can enter a private home and ransack it looking for evidence. 

In what former prosecutors and legal experts call a landmark operation, the Department of Justice has now tested that principle to disrupt a Russian botnet that was spreading malware on a far-flung network of computers. Using so-called remote access techniques, law enforcement effectively broke into infected devices from afar to destroy what the U.S. government calls the “Cyclops Blink” botnet — and did so without the owners’ permission.

While the search warrant publicized by DOJ makes clear that this access did not allow the FBI to “search, view, or retrieve a victim device owner’s content or data,” legal experts say the case does raise questions about how far the government’s power should extend under a federal criminal procedure provision known as Rule 41.

The Kremlin-backed hackers responsible for the botnet — a group known to cybersecurity researchers as Sandworm — exploited a vulnerability in WatchGuard Technologies firewall devices to install malware on

Read More: