Spy Tool Helped FBI Solve Pipeline Hack, Other Major Crimes, U.S. Officials Say

The disclosure of the use of the law in pursuing the culprits behind one of the most disruptive cyberattacks ever on U.S. critical infrastructure comes as part of a campaign by the Biden administration to rally congressional support for renewing Section 702 before it expires at the end of December.

The program allows the National Security Agency, the nation’s premier electronic eavesdropping outfit, to collect communications of foreigners living overseas from U.S. companies like Alphabet’s Google, Meta Platforms, Microsoft, and . But due to the global nature of communications, it also collects texts, calls, emails and other digital content belonging to Americans.

Classified details about Section 702 were revealed 10 years ago by former intelligence contractor Edward Snowden.

U.S. intelligence officials say the foreign surveillance program powered by the law, which was last renewed in 2018 by Congress, is vital to a wide range of national security interests, including counterterrorism, cybersecurity and strategic competition with China and Russia. But privacy advocates and skeptics of government surveillance have called for the overhaul—or termination—of the program over concerns it collects information on Americans that the Federal Bureau of Investigation can search without a warrant. 

The Section 702 authority attracted fresh scrutiny last month when a declassified court opinion revealed the FBI had improperly searched a trove of intelligence gathered through the program for information on people suspected of participating in the Jan. 6, 2021, attack on the U.S. Capitol and the George Floyd protests in 2020, among other mistakes. The FBI said those errors predated internal efforts to reduce misuse, such as requiring analysts to opt in to using the spying program when conducting a search of available databases and to provide written justifications for searches for U.S. information within the 702 repository.

On Tuesday, U.S. officials revealed other cases in which Section 702 had been used to fight crime and fend off cyberattacks. Investigators used the law to identify and mitigate an Iranian ransomware attack against a nonprofit organization. Officials didn’t identify the nonprofit, but said the government helped it recover without paying a ransom.

Officials said narcotics investigators had used Section 702 in anti-trafficking efforts, including against the deadly synthetic opioid fentanyl. The program has yielded insight into the Chinese origins of a chemical used to manufacture the drug, the officials said, as well as smuggling techniques cartels have used to import the drugs into the U.S.

Officials also are seeking to demonstrate the value of the program’s use in the hunt for clues by searching its databases for terms related to Americans, the main area of concern for lawmakers weighing changes to Section 702. A senior official said that such searches enabled the FBI to identify Chinese efforts to hack into a U.S. transportation hub.

In another example, the official said the FBI used Section 702 to discover that Iranian hackers had researched a former head of a federal department.

The Biden administration has said it would seek to make more examples of the spying tool’s value available to lawmakers and the public as it presses to renew Section 702. Privacy advocates, however, have said the program’s utility doesn’t remedy concerns about the surveillance abuses. A coalition of nearly two dozen organizations, including the American Civil Liberties Union and Center for Democracy and Technology, said Monday that Congress needed to require warrants for searches of U.S. data, impose tighter and more transparent judicial review, and install other limits on the program.

“Although purportedly targeted at foreigners, Section 702 has become a rich source of warrantless government access to Americans’ phone calls, texts, and emails,” they wrote.

Write to Dustin Volz at [email protected]