Palantir Bug Allowed FBI Access to Virgil Griffith’s Social Media

Reading Time: 2 minutes
  • A bug in the Palantir supposedly led to the FBI accessing the social media data of Virgil Griffith
  • Griffith is accused of helping North Korean officials circumnavigate U.S. sanctions through cryptocurrency
  • The software was left on default settings which allowed FBI officials to effectively spy on him

Virgil Griffith, the former Ethereum developer charged with supplying North Korean officials with information on how to use cryptocurrency to circumnavigate U.S. sanctions, was spied on by the FBI thanks to a bug in privacy software Palantir. The revelation was made in a letter by prosecutors in the case against Griffith, who claim that a glitch in the software meant that FBI employees were able to view data recovered from his Twitter and Facebook accounts for more than a year when, under normal circumstances, they would not have been able to.

FBI Agents Accessed Social Media Data for Over a Year

Palantir is the software created by the company of the same name, which was founded by Bitcoin maximalist Peter Thiel in 2003. It has been criticized for supplying data-sifting software to government agencies and has clients ranging from the CIA to French plane manufacturer Airbus, but if Griffith’s prosecutors are to be believed then Thiel may be starting to sweat over some of those contracts.

The prosecutors contend that a bug in Palantir’s code meant that at least four FBI employees, all of whom work outside New York and were not investigating the case, were able to access data from Griffith’s social media accounts that was obtained through a federal search warrant in March 2020. They were allegedly able to look at this material for over a year before the breach was noticed earlier this month.

Palantir Left on Default Settings

The FBI agents were able to view the material because it was entered into Palantir through the program’s default settings which, the prosecutor’s said, “is to permit access to the data to other FBI personnel otherwise authorized to access the Platform.”

Palantir denied the charges that their software was to blame, giving the following statement:

There was no glitch in the software. Our platform has robust access and security controls. The customer also has rigorous protocols established to protect search warrant returns, which, in this case, the end user did not follow.

Griffith’s attorney, Brian Klein, said of the leak that his team were “very troubled by what happened” and that they were “looking into the legal remedies”. Griffith recently faced a spell in jail when he, or someone close to him, tried to sell some Ethereum from his Coinbase account in violation of his bail conditions.