The FBI Is in the Market for Malware

By Aliya Sternstein

February 4, 2014

Federal detectives want to buy viruses and other types of malicious software for assistance in cracking criminal cases, according to a "combined synopsis/solicitation for malware" published this week on the government's contracting database. 

The specific organization in need is the FBI Investigative Analysis Unit of the Operational Technology Division, a team of specialists providing on-the-scene tech support and "employing innovative, custom developed analytical methods" to analyze digital evidence, according to the solicitation.

"The collection of malware from multiple industries, law enforcement and research sources is critical to the success of the IAUs mission to obtain global awareness of malware threat," the request for bids states. "The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters."

It's not exactly clear whether the bureau wants to buy the kind of spyware that feds reportedly use to eavesdrop on a suspect's Internet communications, or whether it simply needs to better understand the nature of malware to trace it back to its originator. 

In either case, there are existing -- free -- avenues for the FBI to obtain these kinds of hacking tools. 

Since 1996, the FBI has used a public-private program called Infragard to share information with local information technology experts and academics for assistance with cyber investigations. "We passed along what we knew about cyber intrusions and crime trends to our partners to help them secure their facilities and computer networks," the bureau's website states. "And our partners shared with us their IT expertise and information they had on possible cybercrimes."

But some companies in possession of such free knowledge, having been the victims of hacks, are reluctant to share it. 

On Jan. 27, the Financial Services Roundtable, which represents banks -- frequent targets of cybercriminals, wrote a letter to Congress noting that certain malware-intelligence sharing is illegal. The industry group urged lawmakers to pass legislation that "offers liability protection for good faith sharing of threat information and data affords protection from disclosure through the Freedom of Information Act or to prudent regulators."

Contractors interested in this job must act soon. Price quotes for the following malware information are due on Valentine's Day:

1.1.1Functional Requirements

Feed shall:

i.Contain a rollup of sharable malware as included in the malicious URL report

ii.Be organized by SHA1 signatures

iii.Be updated once every 24 hours

iv.Be a snapshot of the prior 24 hours

v.Be, on average, 35 GB per day and include the following file types:

1.Executable file types from Unix/Linux, Windows and Macintosh

2.Archives files

3.Image files

4.Microsoft Office documents

5.Audio and Video files

6.RTF files

7.PDF files

8.PHP files

9.PHP files

10.JavaScript files

11.HTML files

vi.Be able to retrieve feed in an automated way through machine-to-machine communication

vii.Initiations of accessing feed shall be pulled by IAU not pushed to IAU

(Image via Pavel Ignatov/Shutterstock.com)


By Aliya Sternstein

February 4, 2014

http://www.govexec.comhttp://www.nextgov.com/cybersecurity/cybersecurity-report/2014/02/fbi-market-malware/78218/