I would need to do some more research to determine if this sort of attack would require a warrant. I believe wiretaps that are only capable of gathering illegal communications are somewhat of a gray area, there used to be a lot of discussion about carrying out Bayesian traffic classification at ISPs and looking for traffic patterns consistent with child pornography. Some distinction between viewing *communicated data* to find illegal data and viewing *communications metadata* to get a warrant to view data that is determined to be illegal. Unfortunately it has been quite some time since I was looking into traffic classification at ISPs, and I am not certain of the actual laws regarding wiretaps in this instance. However, I am aware of other subtleties of the wiretapping laws. For one they only apply to payload data, not routing metadata. The government does not need a warrant to see which IP addresses you communicate with and when, only to see what you actually send to those IP addresses. They can also see which IP addresses communicate with you without a warrant, just not what they send to you. Sometimes knowing this information is enough to determine the payload data of the communications, however it is not technically a wiretap and doesn't require a warrant. There are a lot of "loopholes" in the wiretapping laws that allow for people to be essentially wiretapped in some instances, without the requirement of any warrant.