14 DAY TRIAL // It has been discovered that, for the past two years, the FBI has been testing black hat techniques to catch criminals by planting malware in specific websites and infecting their visitors.
The method is called drive-by download and consists in a web page serving its visitors malware that could then be leveraged to collect information from their system. This is the cybercriminals’ preferred technique to make victims.
FBI has resorted to this method for criminal websites hidden in the TOR (The Onion Router) network. Although controversial, it appears that operating this way, officials managed to bring to justice more than a dozen users of child pornography websites available only through ToR, a report from Wired says.
The law enforcement agency has used malware before, calling the method NIT (Network Investigative Technique). They created full-blown backdoor programs that can provide access to information such as location, browser history, files on the computer and even to the webcam, if present.
Alternatively, the bureau relies on a piece of code that can collect the name and address of the infected computer, only to remove itself afterwards.
In such a case, the code planted by the FBI in a criminal website reached the computer of the visitors and collected identification information about the machine (IP and MAC address, and hostname), allowing the investigators to catch at least 25 visitors.
The general concern with this method is that innocent users (researchers, journalists, lawyers) could land on the criminal websites laden with government malware and infect their computers. This way, the FBI would have access to the systems of users that may not be part of their investigation.
The existence of malware that has been created within a legal framework is known for quite some time.
Kaspersky, in cooperation with Citizen Lab at University of Toronto, disclosed that an Italian company called Hacking Team was providing spyware tools to different government agencies around the world.
The company developed a spying tool called Remote Control System (RCS), which can be planted on mobile devices running Android or iOS. The device is infected as soon as it is connected to a computer (Windows or Mac).
Hacking Team developed the program to initiate the spying activity at specific times, such as when the device is plugged to a wall charger or the WiFi network it connects to is under the control of the attacker; these measures have been taken in order to maintain persistency on the device.