Forensics

FBI: Our Malware Sends Unencrypted Evidence, and That's a Good Thing

The FBI is facing plenty of controversy over its Network Investigative Technique (NIT), the innocuously-named malware it used to identify thousands of anonymous users viewing images of child abuse on a hidden darkweb site called Playpen.

Under a single warrant, the NIT (which the FBI staunchly refuses to call “malware”) infected thousands of computers around the globe, injecting malicious code that caused any machine visiting the Playpen site to quietly transmit information back to the FBI—most importantly, their IP address, which is normally obscured by the anonymous Tor network. The hacking tool sent that information back to the FBI unencrypted, leaving it open to interception or manipulation by third parties.

But the government doesn't seem to think that's such a big deal. In fact, the FBI argued earlier this week in one of the Playpen cases that not encrypting the information captured by the NIT is actually a good thing, because it allows the defendants to see the transmitted data and use it in their defense.