Microphone and camera activating malware are allegedly employed by the FBI

A report in The Wall Street Journal is citing sources within the U.S. Federal Bureau of Investigation (FBI), as well as former agents in claims that the federal law enforcement agency is taking up tactics typically used by criminals to spy on suspects.

I. ACLU, EFF Riled by FBI Using Criminal Tactics

The agency is reportedly both actively developing its own malware and purchasing tools from the private sector to use in investigations that officials reportedly said include organized crime, child pornography, and counterterrorism cases.  The agency reportedly avoids using these tools on the cybercriminals it investigates, fearing they will discover and publicize them.

Among the tools believed to be in use by the agency are malware that runs in the background and can be used to remotely activate the microphone and camera on the suspect's smartphone, if it runs Google Inc.'s (GOOG) Android operating system, or on a personal computer running Microsoft Corp.'s (MSFT) Windows operating system.

FBI spying with malware
The WSJ alleges the FBI is using"criminal" [Image Source: WSJ]

These techniques have been under scrutiny by the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) for the last couple of years, in part due to details discovered in resume postings from programmers who claimed to have worked as contractors developing malware for the FBI.  A source claims, "[The FBI] hires people who have hacking skill, and they purchase tools that are capable of doing these things.  When [the FBI uses these tools], it's because [it doesn't] have any other choice."

The sources hinted that the malware is "delivered to computers and phones through email or Web links" -- making these efforts spear phishing campaigns of sorts.  In other cases agents manually target suspects with physical attacks, by plugging thumb drives with malware on them into their computers if they leave them unoccupied in public locations.

FBI spying
The FBI alleges uses infected websites and malicious email links to infect targets with malware. [Image Source: Wired]

After the data is mined, a "screening team" reportedly sanitizes it, extracting any "relevant data" to the case and deleting any other captured information.

II. A Brief History of FBI Malware Ops

Here's what is known publicly:
  • 1999: Accused mobster Nicodemo Scarfo Jr. is targeted by FBI keylogger

    • Mr. Scarfo was using PGP (Pretty Good Privacy)
    • Physical keylogger attached to PS/2 style keyboard was installed with warrant

    • Suspect's passwords were used to decrypt files, providing incriminating evidence

  • 2000: "Carnivore" outed in Congressional testimony

      [Image Source:]

    • Malware used to monitor network traffic in Windows
    • Similar to WildPackets' EtherPeek

    • Could collect email message contents [source]

    • Was renamed DSC1000 as more capabilities were built up [source]
  • 2007: "Magic Lantern" malware outed [PDF] by Wired magazine

    • Euphemised as "computer and internet protocol address verifier," or CIPAV

  • 2009: "Remote Operations Unit" revealed [PDF]

    • Is responsible for FBI malware, hacking efforts

    • Part of "Operation Going Dark"

    • Based in Quantico, Virg.

  • 2011: "Web Bugs" confirmed by EFF

    • Developed prior to 2005

    • Used in 2007 to catch a Washington State suspect making bomb threats

  • 2013 (April): Judge rejects [Scribd] FBI request to use suspect's camera

    • FBI proposed planting malware on suspect's computer

    • Judge reject request, writing that more data was needed on how the agency planned to remove privacy risks of innocent people the suspect was interacting with.
The FBI spying is believed to much less sweeping than the U.S. National Security Agency (NSA) campaign, which taps into 99 percent of American's phone locations and associated metadata, as well as millions of Americans' chats and emails.  Still, civil liberties advocates still aren't happy with the FBI using malware, even if it's more selective in doing so.  Comments Christopher Soghoian, principal technologist at the ACLU, "People should understand that local cops are going to be hacking into surveillance targets."

III. Growing Number of Private Firms Cell "Cybercrime" Tools to the FBI

Mark Eckenwiler, the former U.S. Department of Justice (DOJ) federal criminal surveillance law senior counsel who left in Dec. 2012 to join Seattle, Wash. corporate law firm Perkins Coie LLP as a senior counsel, argues that in his perspective it depends on the kind of data you're collecting.  He tells the WSJ that metadata (e.g. websites visited, email headers, etc.) is not believed to meet the criteria of the subject's property and hence law enforcement can seize it without warrant (the NSA does this on a massive scale).  Metadata can be used to track an individual's location and whom they're communicating with.

By contrast, he argues that short-term malware-aided video, audio, key-logging, or screengrab surveillance requires a stricter standard -- a warrant.  And he says that long-term surveillance with these tactics meets an even higher bar, requiring a more in depth warrant request.  A current DOJ source says the tools are used "on a case-by-case basis."

Keyboard typing
The FBI is allegedly buying keyloggers and other common "cybercrime" tools from specialist firms. [Image Source: Tech Crazy]

Among the companies the FBI reportedly buys its spy tools from include:
  • Gamma International UK Ltd.

    • Specializes in tools to spy on Skype and other VoIP services
    • Sold tools to Syrian and Egyptian gov'ts to help them crack down on dissidents
    • Advertises having "0 day exploits" (utilizing vulnerabilities not known by the maker of the affected software) for Microsoft's Internet Explore browser
  • HackingTeam SRL

    • Provides suite of mobile and PC monitoring malware
    • Opened sales office in Maryland in 2012
  • Telesoft Technologies Ltd.

    • UK-based
    • Specialized in tools to simultaneously intercept "tens of thousands" of cell phone conversations on a network
  • Net Optics Inc.

    • Calif.-based
    • Real-time monitoring of cell phone networks
  • Vupen Security SA

    • France-based
    • Sells keyloggers, screengrabbers, and other tools
It's likely we'll hear more on this issue in the future as the leaks and controversy over government spying and surveillance -- both with warrant and warrantless -- continue.

Source: WSJ

"I want people to see my movies in the best formats possible. For [Paramount] to deny people who have Blu-ray sucks!" -- Movie Director Michael Bay

Latest Blog Posts
T-Mobile Data Problems
Saimin Nidarson - Oct 20, 2016, 10:17 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki