With all these local law enforcement alerts about scams that wind up infecting computers and compromising private information I just can’t help but comment.
A couple of years back, on TLS, I wrote about this scam where the user received an email purportedly from the FBI that directed them to a website that installed malware on their computer that logged every key stroke. Every online account login and password sucked up by cyber-criminals. Not good. But the FBI has turned the tables. Malware is a good thing!
Israel’s Homeland Security Home blog reports that the FBI is infecting the computers of crime suspects with malware on a large scale to beat the hacker’s encrypted communications. The FBI’s tactics came to light in court documents in a recent case against child pornographers who used The Onion Router (TOR) network to hide their activities. The TOR network is the Grand Central Station for launching cyber-attacks to infect our innocent networks and computers.
The IHSH post goes on to say that in search warrants signed by a federal magistrate the FBI referred to the malware as a Network Investigation Tool or NIT. The software used by the bureau was custom coded to only identify computers, collect Internet Protocol addresses and Media Access Control identifiers, as well as Microsoft Windows operating system hostnames of visitors (potential cyber-creeps) to TOR site.
The use of malware by law enforcement is deemed controversial by privacy advocates, who fear it may be deployed outside clear-cut criminal cases as well to spy on innocent individuals for political purposes.
There are bad apples in any agency, the news is full of NSA and IRS. It’s a people problem, not a technology problem. Attackers and defenders both need their tools and weapons. In this case let’s hope that the good guys get the jump on the bad guys.
I am a Security Consultant for a company that caters to Fortune 100 and up companies. Having read this article, I have something to say.
You, dear author, are a (moderated).
Malware is bad. Malware ruins lives, destroys families, and leaves people with worthless identities. It does not matter if malware is spread by the “good guys” or not, it is a computer program and cannot differentiate who it attacks. I know, because I have analyzed pieces from both sides of the fence.
Imagine if someone were to have a case of hiccups, and get into a severe car crash, totaling his car. When he notices his hiccups are gone, he then runs and publishes an article saying CAR CRASHES ARE GOOD! THEY CURE HICCUPS!
That, good sir, is your article in a nutshell. Malware is bad. Malware should be stopped, and should never be glorified, especially to the general public, many of whom don’t know a trojan from a worm.
If you truly think malware is good, I can direct you to some links that will get you the malware that you profess to enjoy. Maybe getting hit with Cryptolocker, like 500,000+ others, and ruinging your personal files, will change your mind about whether or not malware is a good thing.
Please do not mislead an entire community on a subject that is already fraught with confusing terms and ideas.
I take exception with your character assassination. Not professional. Please read my previous articles here on TLS and read this one as well.
Would you say Stuxnet is bad?
http://www.linkedin.com/in/benvenisti
I did not attack you as a person, I attacked your actions. I will explain.
I showed this article to several people and the overwhelming response was “what is malware?”. After they read it, the impression given was that malware was not something destructive, but rather a tool for law enforcement. This could not be further from the truth. Any malware is bad and an article that paints any malware as a force of good opens the door to all malware. The uneducated and not computer savvy will ignore warnings as a result of this. You asked me: was stuxnet bad. I’ll respond like this.
Yes!! Undeniably so! It accomplished something great and it was a work of art, true. But it also exposed FOUR 0days to the attackers! And that is a terrible thing. People are already lax with patches and an article written by a computer professional telling them to ignore malware will just make them more lax, opening the door to hackers. While the ability to use counter offensive technologies in law enforcement is great, there should be a huge disclaimer that was absent: malware is terrible, but we are harnessing that terrible energy.
First get people to understand the importance of antivirus and patching, then tell them some things about law enforcement. Ignoring the destructive inherent nature is a recipe for disaster.
I stand by what I said. Malware is bad and will always be bad, no matter who uses it. We can be bad to the bad people in return but that runs the risk of opening more attack surfaces for exploitation. And with the level of general ignorance regarding these topics already, any author touting the benefits of malware should include a disclaimer explaining the true nature of how it works and what it does.
That was absent here and as a result people that I saw with my own eyes were ready to ignore earnings. When everyone is aware of how bad something is, then and only then can we talk about possible positive uses. This applies to all of life by the way, not just computers.
I’m also in IT and I agree with one!!!
I get your point about the FBI, but I don’t understand why u would put out a headline Melaare is good. You could have said FBI uses Melware to catch criminals!
Radiation is bad! A fact know to everyone. You cod however say doctors use radiation to kill tumor…
People will feel the same about radiation as before only now they will be a bit more impressed with scientists who figured out with Hashem’s help to use this destructive energy for good.
But I think you will aggred that it would be irresponsible for a news outlet to write a headline ” Radiation is a good thing”.
I think news sites in general are writing more and more controvercial headlines just to get more clicks… Es Iz Nisht Ois Gehalten.
Well Stuxnet has been analyzed by professional and other government hackers. They can now infect our nuclear, electric, gas refineries.
What comes around goes around.