The FBI wants to buy some malware
By Aliya Sternstein for Nextgov From Mashable
Federal detectives want to buy viruses and other types of malicious software for assistance in cracking criminal cases, according to a “combined synopsis/solicitation for malware” published this week on the government’s contracting database.
The specific organization in need is the FBI Investigative Analysis Unit of the Operational Technology Division, a team of specialists providing on-the-scene tech support and “employing innovative, custom developed analytical methods” to analyze digital evidence, according to the solicitation.
“The collection of malware from multiple industries, law enforcement and research sources is critical to the success of the IAUs mission to obtain global awareness of malware threat,” the request for bids states. “The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters.”
It’s not exactly clear whether the bureau wants to buy the kind of spyware that feds reportedly use to eavesdrop on a suspect’s Internet communications, or whether it simply needs to better understand the nature of malware to trace it back to its originator.
In either case, there are existing — free — avenues for the FBI to obtain these kinds of hacking tools.
Since 1996, the FBI has used a public-private program called Infragard to share information with local information technology experts and academics for assistance with cyber investigations. “We passed along what we knew about cyber intrusions and crime trends to our partners to help them secure their facilities and computer networks,” the bureau’s website states. “And our partners shared with us their IT expertise and information they had on possible cybercrimes.”
But some companies in possession of such free knowledge, having been the victims of hacks, are reluctant to share it.
On Jan. 27, the Financial Services Roundtable, which represents banks — frequent targets of cybercriminals, wrote a letter to Congress noting that certain malware-intelligence sharing is illegal. The industry group urged lawmakers to pass legislation that “offers liability protection for good faith sharing of threat information and data affords protection from disclosure through the Freedom of Information Act or to prudent regulators.”
Contractors interested in this job had to act quickly. Price quotes for the malware information were due last Valentine’s Day.
IMAGE: ISTOCK, MUSTAFAHACALAKI, ART12321
For more on this story go to: