Industry News

When is malware not malware? When the FBI says so, of course

Is there such a thing as good malware?

The FBI would argue that there is, if they are the ones who created it.

The origins of the case date back to February 2015, when the FBI seized control of a child sexual abuse website called Playpen.

You might have expected the FBI to shut down the site immediately. But instead, rather sneakily, they chose to continue to make the site available from a government server, planting code that could grab identifying information about computers – such as IP addresses – used by the site’s users, as well as downloading malware to their computers.

What makes that particularly interesting is that Playpen was on the dark web, and its users were attempting to remain anonymous by using Tor to cover their tracks.

That’s all very well and good, but when the FBI refused to share details of how it had managed to exploit Tor with a “Network Investigative Technique” (NIT) to discover the identities of alleged paedophiles, a judge threw out the evidence.

Now, as Julian Sanchez noted on Twitter, the FBI has claimed in a legal brief that its code simply isn’t malware.

Source: Twitter

As William Turton at Gizmodo reports, the FBI is bristling at the suggestion that its malware could in any way be considered.. umm… malware:

Obviously, the FBI is not pleased with any suggestion that what the agency may have done is wrong or that its malware wasn’t above board. In fact, the FBI is saying, well, it couldn’t possibly be malware because FBI agents are the good guys! Hmmmmmmmmm.

If you didn’t know, malware is just short for malicious software. Now, the FBI is trying to dispute what it really means.

The definition of malware has nothing to do with who might have created it. It’s to do with its function. Malicious software is simply code which does something that is designed to do something without the authorisation of the computer’s owner. Quite often that will include stealing information or invading a user’s privacy – something which clearly (regardless of whether you agree with its intentions or not) the FBI’s code did.

Look at it this way.

Code is just code. If the same snooping code were to spread by a stalker or internet fraudster as was used by the FBI, it’s code remains the same. How could you say that code which is byte-for-byte identical can be malware in one case and not in another? If you want to take it to its logical extreme, how should anti-virus software handle situations where sometimes the same piece of code might be spread by a criminal and in others it is planted by someone wearing a policeman’s uniform?

I understand that the FBI may very well wish to keep the details of its Tor exploit under wraps – no doubt they are keen to use it again and again.

But as long as a vulnerability exists, and code to exploit it, opportunities remain for malicious attackers to use the same security hole to invade the privacy of innocent, law-abiding members of society.

None of us wish to obstruct investigations into alleged child abuse by law enforcement agencies.

But we do all want to feel that the software we are using to protect us from criminals online is working safely, and not riddled with security holes that have been left unpatched.

Because it’s a grave error if the very people who are supposed to be protecting us are deliberately not sharing details of security vulnerabilities with those best placed to fix them.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment
  • To malware or not , my question would be … did the FBI operate under a court order if so then planting tracking software should be considered with in bounds if not their actions are illegal just like law enforcement using stingrays …… when law enforcement operates outside legal bounds they become the criminal and lose the moral high ground ……