Dozens of people, possibly more, have received an email from Google informing them that the internet giant responded to a court-ordered FBI demand for the release of their data, according to Motherboard, citing several people who claim to have received the email. The notice did not say whether Google had already released the requested information to the FBI.
The notice appears to be related to the case of Colton Grubbs, who has been indicted for selling a $40 remote access tool (RAT) which claims to be able to hack and control computers remotely. Last year Grubbs pleaded guilty to creating and distributing the hacking tool to thousands of people.
Federal prosecutors say Colton Ray Grubbs of Stanford, Ky. conspired with others to market and distribute the LuminosityLink RAT, a $40 Remote Access Tool that made it simple for buyers to hack into computers to surreptitiously view documents, photographs and other files on victim PCs. The RAT also let users view what victims were typing on their keyboards, disable security software, and secretly activate the webcam on the target’s computer.
Grubbs, who went by the pseudonym “KFC Watermelon,” began selling the tool in May 2015. By mid-2017 he’d sold LuminosityLink to more than 8,600 customers, according to Europol, the European Union’s law enforcement agency. -KrebsonSecurity
Grubbs has been indicted on nine counts, including infringing on privacy, conspiracy and causing at least $5,000 in damage. He faces up to 25 years in prison and a fine of $750,000.
Rafael Eladio Nunez Aponte read: ‘LuminosityLink RAT’ Author Pleads Guilty — Krebs on Sec https://t.co/T6FX8phC6W pic.twitter.com/1rDu9fgn9l — Caroline Lopez (@carolpez_) August 18, 2018
Several users on Reddit, Twitter and HackForums have reported receiving the email, which reads in part:
“Google received and responded to legal process issue by Federal Bureau of Investigation (Eastern District of Kentucky) compelling the release of information related to your Google account."
Ever seen this?! 😒 pic.twitter.com/1xJO1rALTh — ☎️Luca Bongiorni☎️ (@LucaBongiorni) August 30, 2018
Contained within the email is a legal process number, which reveals that the judge in the legal action has sealed the case.
Despite the lack of details in the email, as well as the fact that the case is still under seal, it appears the case is related to LuminosityLink. Several people who claimed to have received the notice said they purchased the software. Moreover, Grubbs’ case was investigate by the same district mentioned in the Google notice.
Luca Bongiorni, a security researcher who received the email, said he used LuminosityLink for work, and only with his own computer and virtual machines. -Motherboard
That said, the PACER court filing system did contain an unredacted indictment filed in Kentucky's Eastern District Court, which reads:
"Colton Grubbs together with others, knowingly and voluntarily joined and participated in a conspiracy to commit the crime of intentionally and without authorization accessing a computer used in or affecting interstate or foreign commerce or communication, thereby obtaining information from a protected computer to further a tortious and criminal act."
The indictment also confirms that the case is related to LuminosityLink, which "made it possible for purchasers to access and control victim computers; to view their files, login credentials, and personal identifying information; and to surveil and record user activity on victim computers."
Grubbs received approximately 115 bitcoin for the software, according to the complaint, worth approximately $845,000 at today's price, and $134,141 in "proceeds from the felony crimes." The Feds also want $52,482 in a JPMorgan Chase bank account, and $45,007 in cash found in Grubbs's bedroom.
"It looks to me like the court initially ordered Google not to disclose the existence of the info demand, so Google was legally prohibited from notifying the user. Then the nondisclosure order was lifted, so Google notified the user. There's nothing unusual about that per se,” said Marcia Hoffman, a lawyer specializing in cybercrime. “It's common when law enforcement is seeking info during an ongoing investigation and doesn't want to tip off the target(s)." 
KFC Watermelon’s Skype profile (the “HF” in his Skype name is a likely reference to HackForums, where both Luminosity RAT and Plasma RAT were primarily sold and marketed). via Krebs
Of particular concern is that the FBI appears to be trying to "unmask" everyone who bought the software which may or may not be considered illegal.
“If one is just buying a tool that enables this kind of capability to remotely access a computer, you might be a good guy or you might be a bad guy,” Gabriel Ramsey, a lawyer who specializes in internet and cybersecurity law, told Motherboard in a phone call. “I can imagine a scenario where that kind of request reaches—for good or bad—accounts of both type of purchasers.”