The Federal Bureau of Investigation paid tens of thousands of dollars on internet data, known as “netflow” data, collected in bulk by a private company, according to internal FBI documents obtained by Motherboard.
The documents provide more insight into the often overlooked trade of internet data. Motherboard has previously reported the U.S. Army’s and FBI’s purchase of such data. These new documents show the purchase was for the FBI’s Cyber Division, which investigates hackers in the worlds of cybercrime and national security.
“Commercially provided net flow information/data—2 months of service,” the internal document reads. Motherboard obtained the file through a Freedom of Information Act (FOIA) request with the FBI.
Do you work at a company that handles netflow data? Do you work at an ISP distributing that data? Or do you know anything else about the trade or use of netflow data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email firstname.lastname@example.org.
Netflow data creates a picture of traffic volume and flow across a network. This can include which server communicated with another, information that is ordinarily only available to the owner of the server or to the internet service provider (ISP) carrying the traffic. Team Cymru, the company ultimately selling this data to the FBI, obtains it from deals with ISPs by offering them threat intelligence in return. These deals are likely conducted without the informed consent of ISPs’ users.
Team Cymru explicitly markets its product’s capability of being able to track traffic through virtual private networks, and show which server traffic is originating from. Multiple sources previously told Motherboard that netflow data can be used to identify infrastructure used by hackers.