Report: FBI Turning to Cybercriminal Tactics to Spy on "Suspects"
August 2, 2013 7:10 PM
Microphone and camera activating malware are allegedly employed by the FBI
The Wall Street Journal
is citing sources within the
U.S. Federal Bureau of Investigation
(FBI), as well as former agents in claims that the federal law enforcement agency is
taking up tactics typically used by criminals
spy on suspects
I. ACLU, EFF Riled by FBI Using Criminal Tactics
The agency is reportedly both actively developing
its own malware
and purchasing tools from the private sector to use in investigations that officials reportedly said include organized crime, child pornography, and counterterrorism cases. The agency reportedly avoids using these tools on the cybercriminals it investigates, fearing they will discover and publicize them.
Among the tools believed to be in use by the agency are malware that runs in the background and can be used to
remotely activate the microphone
and camera on the suspect's smartphone, if it runs Google Inc.'s (
Android operating system
, or on a personal computer running Microsoft Corp.'s (
) Windows operating system.
alleges the FBI is using"criminal" [Image Source: WSJ]
These techniques have been under scrutiny by the
American Civil Liberties Union
Electronic Frontier Foundation
(EFF) for the last couple of years, in part due to details discovered in resume postings from programmers who claimed to have worked as contractors developing malware for the FBI. A source claims, "[The FBI] hires people who have hacking skill, and they purchase tools that are capable of doing these things. When [the FBI uses these tools], it's because [it doesn't] have any other choice."
The sources hinted that the malware is "delivered to computers and phones through email or Web links" -- making these efforts spear phishing campaigns of sorts. In other cases agents manually target suspects with physical attacks, by plugging thumb drives with malware on them into their computers if they leave them unoccupied in public locations.
The FBI alleges uses infected websites and malicious email links to infect targets with malware. [Image Source: Wired]
After the data is mined, a "screening team" reportedly sanitizes it, extracting any "relevant data" to the case and deleting any other captured information.
II. A Brief History of FBI Malware Ops
Here's what is known publicly:
1999: Accused mobster Nicodemo Scarfo Jr. is
by FBI keylogger
Mr. Scarfo was using PGP (Pretty Good Privacy)
Physical keylogger attached to PS/2 style keyboard was installed with warrant
Suspect's passwords were used to decrypt files, providing incriminating evidence
2000: "Carnivore" outed in
[Image Source: Spyworld.fr]
Malware used to monitor network traffic in Windows
Similar to WildPackets' EtherPeek
Could collect email message contents [
Was renamed DSC1000 as more capabilities were built up [
2007: "Magic Lantern" malware
Euphemised as "computer and internet protocol address verifier," or CIPAV
2009: "Remote Operations Unit"
Is responsible for FBI malware, hacking efforts
Part of "Operation Going Dark"
Based in Quantico, Virg.
2011: "Web Bugs"
Developed prior to 2005
Used in 2007 to catch a Washington State suspect making bomb threats
2013 (April): Judge
[Scribd] FBI request to use suspect's camera
FBI proposed planting malware on suspect's computer
Judge reject request, writing that more data was needed on how the agency planned to remove privacy risks of innocent people the suspect was interacting with.
The FBI spying is believed to much less sweeping than the
U.S. National Security Agency
(NSA) campaign, which taps into
99 percent of American's phone locations and associated metadata
, as well as
millions of Americans' chats and emails
. Still, civil liberties advocates still aren't happy with the FBI using malware, even if it's more selective in doing so. Comments
, principal technologist at the ACLU, "People should understand that local cops are going to be hacking into surveillance targets."
III. Growing Number of Private Firms Cell "Cybercrime" Tools to the FBI
Mark Eckenwiler, the former
U.S. Department of Justice
(DOJ) federal criminal surveillance law senior counsel who left in Dec. 2012 to join Seattle, Wash. corporate law firm
Perkins Coie LLP
as a senior counsel, argues that in his perspective it depends on the kind of data you're collecting. He tells the
that metadata (e.g. websites visited, email headers, etc.) is not believed to meet the criteria of the subject's property and hence law enforcement can seize it without warrant (the NSA does this on a massive scale). Metadata can be used to track an individual's location and whom they're communicating with.
By contrast, he argues that short-term malware-aided video, audio, key-logging, or screengrab surveillance requires a stricter standard -- a warrant. And he says that long-term surveillance with these tactics meets an even higher bar, requiring a more in depth warrant request. A current DOJ source says the tools are used "on a case-by-case basis."
The FBI is allegedly buying keyloggers and other common "cybercrime" tools from specialist firms. [Image Source: Tech Crazy]
Among the companies the FBI reportedly buys its spy tools from include:
Gamma International UK Ltd.
Specializes in tools to spy on Skype and other VoIP services
Sold tools to Syrian and Egyptian gov'ts to help them crack down on dissidents
Advertises having "0 day exploits" (utilizing vulnerabilities not known by the maker of the affected software) for Microsoft's Internet Explore browser
Provides suite of mobile and PC monitoring malware
Opened sales office in Maryland in 2012
Telesoft Technologies Ltd.
Specialized in tools to simultaneously intercept "tens of thousands" of cell phone conversations on a network
Net Optics Inc.
Real-time monitoring of cell phone networks
Vupen Security SA
Sells keyloggers, screengrabbers, and other tools
It's likely we'll hear more on this issue in the future as the leaks and controversy over government spying and surveillance -- both with warrant and warrantless -- continue.
"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov
Report: NSA is Reading Your Email, Chats without Warrant
July 31, 2013, 5:40 PM
Source: Don't Worry, NSA Spies on "99 Percent" of Americans' Locations, Call Records
June 14, 2013, 3:57 PM
Obama, FBI Silence Critics, Plan Warrantless VoIP Wiretaps, ISP Fines
May 8, 2013, 9:40 AM
Feds Can't Crack Apple's iMessage Encryption for Investigation Purposes
April 4, 2013, 10:46 AM
Android Malware "DDSpy" Pretends to be Gmail, Steals Phone Logs
June 7, 2012, 10:59 PM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Most Popular Articles
Samsung Galaxy S8, Rumored Launch Date!
March 18, 2017, 6:45 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Lenovo ThinkPad T460 - Ultra-Thin and Feather-light
March 3, 2017, 6:00 AM
Huawei P8 Lite 2017 – Android 7 Nougat Smartphone with Octa-Core Processor
March 8, 2017, 7:03 AM
Intel Optane SSd DC P4800X – Super Fast 3D Storage
March 20, 2017, 7:35 AM
Latest Blog Posts
Are you thinking of performance and speed? Intel claims:
Mar 25, 2017, 7:45 AM
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
Jaguar Land Rover invests in ride-sharing
Mar 3, 2017, 7:00 AM
Mixed News of The World:
Mar 2, 2017, 7:02 AM
World New 3-1
Mar 1, 2017, 6:30 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information