Safety researcher Sam Curry describes a nerve-racking state of affairs he encountered upon his return to the U.S. when border officers and federal brokers seized and searched his digital units.
Curry was additional served with a ‘Grand Jury’ subpoena that demanded him to seem in court docket for testimony.
Why, you ask? All as a result of his IP handle landed within the logs of a crypto pockets related to a phishing rip-off that Curry had earlier helped examine as part of his job—a rip-off that the feds have been now investigating.
The untypical suspects
This week, moral hacker and safety researcher Sam Curry shared how he ended up being investigated by the feds, satirically merely for doing his investigative job.
Curry describes he had simply returned to the U.S. from Japan when he was directed in the direction of the secondary inspection space by officers from the IRS Felony Investigation (CI) division and the U.S. Division of Homeland Safety (DHS) that additionally oversees Customs & Border Safety (CBP).
(BleepingComputer)
Curry additional instructed BleepingComputer that he had arrived on the Dulles Worldwide Airport, Virginia, which is in shut proximity to Washington, DC. He was, nonetheless, served a subpoena issued by the Southern District of New York demanding his look on the court docket for testimony:
“After they’d questioned me, I used to be requested to depart the room whereas they sat and searched via my unlocked system for an additional hour,” the researcher shared on X (Twitter) in a thread that has now been deleted.
“At this level I might been given virtually no data on whether or not or not I used to be a topic, witness, or something associated to the case in any respect.”
“As soon as they have been completed, I used to be instructed that I might go away and instantly contacted a lawyer. Over the subsequent few days, the lawyer spoke with the AUSA and in addition the IRS-CI and DHS brokers. They discovered that I used to be the goal of the grand jury subpoena and for a very foolish motive…”
Researcher’s IP handle lands in logs
The explanation concerned Curry’s position as an investigator of a crypto rip-off, he explains.
In December 2022, the researcher helped probe right into a crypto phishing web site that had stolen hundreds of thousands of {dollars}.
“Within the JavaScript of the web site, the scammer had unintentionally printed their Ethereum non-public key. Sadly, I might discovered it 5 minutes too late and the stolen property have been gone.”
“Throughout this course of, I might imported the non-public key into my MetaMask and navigated to OpenSea to verify if there was something left within the pockets. Once I did this, I used to be on my dwelling IP handle and clearly not trying to hide my identification as I used to be merely investigating this,” wrote Curry.
“The brokers had requested the authorization logs of the account from OpenSea and noticed that my IP. They subpoenaed the IP, came upon who I used to be, then determined to make use of immigration as an excuse to ask for my system and summon me to a grand jury, somewhat than simply e mail me or one thing.”
Fortunately, Curry’s lawyer, after emailing the federal brokers forwards and backwards was in a position to make clear the state of affairs and have the “subpoena fully dismissed” after confirming that every one information from the researcher’s system had been deleted.
Might all the difficulty and further time and sources relentlessly spent by the prosecution on this case have been prevented by a easy phone name? Presumably.
Curry describes that the investigating brokers had a “manila folder” along with his photograph, Twitter, social media, and different particulars in it, “and I might have assumed that they might have appeared into it just a little bit… Even only a temporary learn… simply who I’m and what I do I really feel it could have cleared issues up lots.”
It’s value noting, that Curry is a longtime internet app safety researcher within the area who has beforehand found and responsibly reported flaws within the APIs of Toyota, Mercedes, BMW, amongst different automotive firms.
The researcher has earlier recognized safety vulnerabilities in airline rewards program techniques that allowed snatching “limitless” air miles. Curry had additionally disclosed the Uber inner techniques breach that concerned the theft of the corporate’s vulnerability reviews.
“It is odd to me that they did not see I work as a safety engineer who responds to those issues recurrently,” says Curry.
Nevertheless, current occurrences the place a (malicious) hacker later claims they have been conducting ‘moral analysis’ and college researchers circumventing what constitutes ‘moral’ have made all of it a authorized grey space for everybody concerned, together with prosecutors.
In any case, Curry’s motivation to share his story is to unfold consciousness for defenders and moral hackers. Merely having the title of a “safety researcher” will not exempt you from the scrutiny of legislation enforcement businesses ought to your IP handle or system fingerprint get caught up in property pertaining to legal exercise.
“I am sharing this as a result of I feel it is one thing individuals ought to pay attention to in the event that they’re doing related work. It was broadly shared that the non-public key was leaked and my background as a safety researcher wasn’t sufficient to dissuade utilizing [Immigration] and a grand jury to intimidate me.”
BleepingComputer contacted the DHS, CBP, and IRS CI with questions properly prematurely of publishing however we’ve got not heard again.
