DOJ Describes Its Use Of Malware As 'Augmenting Content' As It Pushes For Great Ability To Hack Computers

from the augment-that-content dept

Over at the Wall Street Journal, there's a good article about the DOJ's push for greater powers to use malware and to hack into computers in pursuit of criminals. The key issue, as the DOJ sees it, is that it normally needs a warrant from a local judge in order to make use of a malware exploit -- and when you're talking about networked computers, it's not always clear what's local. Thus, at least one warrant request for installing malware has been rejected over privacy concerns when the physical location of a computer was unknown (other courts, however, have approved such warrants). Given that, the DOJ is seeking to expand the rules making it easier to use malware (and to use it across multiple computers, rather than just a single computer per warrant).

The article points to a massive 402 page document to the rule making body of the courts, in which it explains how it has used malware to find criminal suspects. Of course, this is the DOJ that we're talking about, so it's not going to come right out and say "hey, here's the malware we used and how we use it." Instead, as noted by the ACLU's Christopher Soghoian, the DOJ hides its description of malware on page 201 (smack dab in the middle of such a giant document) in a single paragraph using some rather incredible language:
In the normal course of operation, websites send content to visitors. A user's computer downloads that content and uses it to display web pages on the user's computer. Under the NIT authorized by this warrant, the website would augment that content with some additional computer instructions. When a computer successfully downloads those instructions from Website A, the instructions are designed to cause the "activating" computer to deliver certain information to a computer controlled by or known to the government. That information is described with particularity on the warrant (in Attachment B of this affidavit), and the warrant authorizes obtaining no other information. The NIT will not deny the user of the "activating" computer access to any data or functionality of that computer.
As Soghoian notes, if you blink, you might miss it. The DOJ calls its malware insertion man-in-the-middle attack by describing it as "augmenting" the content sought by the user "with some additional computer instructions." That's certainly one way to look at it, but you have to assume that less than technologically savvy judges aren't likely to understand what this means at all.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    limbodog (profile), Mar 27th, 2014 @ 1:11pm

    Makes sense. Much like how shooting a suspect in custody is "augmenting his body with metal".

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:13pm

    Re:

    Came here to say something similar ;)

    Or augmenting my bank account with someone else's money...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:15pm

    I prefer 'augmenting my illegal activites with the law'.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:16pm

    augmenting content?

    I never asked for this...

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:18pm

    In the words of Adam Jensen, "I didn't ask for this."

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:23pm

    So what happens with this malware if it hits the wrong target or the user is actually innocent. is it an oops or something along those lines.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:27pm

    Re:

    Well obviously, that wouldn't have been the right "target", and since they didn't target them, no law was broken.

    You haven't been paying attention, I take it.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:30pm

    How long before they are augmenting the evidence found on the computer?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:33pm

    How long?

    until someone else gets the malware code and augments it for their own purposes?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:42pm

    Re:

    Beat me too it. I was going to say, "augmenting the criminals chest with additional airways."

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:44pm

    Re: How long?

    I'm sure it's already happened. For all they know, they infected a virtual machine running a honeypot...watched and monitored the entire time from a level up.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    That One Guy (profile), Mar 27th, 2014 @ 1:46pm

    Re:

    Probably about 5-10 years or so... in the past.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    mcinsand, Mar 27th, 2014 @ 1:49pm

    Exactly!

    That's the whole problem with the strategy of making us secure by adding software/internet insecurities! Software to create weaknesses is also useful to teach others how to create and manipulate weaknesses. Stuxnet didn't only hurt Iran's nuclear program; Stuxnet code has the potential to allow others to attack us.

    If the NSA actually cares about security, then it will work with industry to plug security holes instead of constantly creating new ones.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    That One Guy (profile), Mar 27th, 2014 @ 1:52pm

    Gotta love how yet again those double-standards pop their heads up, if someone else were to do something like this the government would be doing everything they could to throw them in jail, but the freaking Department of 'Justice' does it and they don't see any problem with it.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 1:57pm

    Re: Exactly!

    Stuxnet didn't hurt Iran's nuclear program, it 'augmented' it.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    bshock, Mar 27th, 2014 @ 2:31pm

    The DOJ declares cyberwar

    Essentially the DOJ has announced itself to be a clear and present danger to the U.S. people, U.S. business, and the U.S. Constitution.

    How long will it be before the FBI starts referring to its hapless victims as "insurgents" rather than "suspects?"

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 2:38pm

    Encryption isn't going to help much with this sort of malware. It is taken right from the computer prior to it being saved to HD. If they can legally do this, there is no need of email monitoring. They get it hot off the kb and make their own records, getting around the privacy issues by making it no privacy at all.

    As you can see, the security side has no conception that any thing they are doing is wrong. It's all about the police state and nothing short of that is good enough.

    Obama's idea of ending the bulk email grab just took another turn for the worst.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 2:39pm

    Acts of war

    These days, there's little serious argument that the President of the United States has constitutional authority to order the armed forces to invade the territory of another nation. Further, this principle seems to extend into the military's “cyber domain”. In short, the President can authorize DoD (NSA) to invade another nation's computing infrastructure.

    But, under our current constitution, does a U.S. magistrate judge have the authority to order an act of war?

    DoJ wants to get a magistrate judge in any district to ok breaking into a computer located “outside that district”. There's no additional language limiting the breakin to some U.S. judicial district, rather, “within or outside that district” reads as the whole world. The whole world.

    DoJ says they need this rule change because sometimes they don't know the location of the computer they want to break into.

    Does a U.S. magistrate judge have the authority to order armed men to break into someone's house in Canada? In Mexico? In Russia? Does a U.S. magistrate judge have the constitutional authority to start a war?

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    beltorak (profile), Mar 27th, 2014 @ 3:12pm

    Re: Acts of war

    > Does a U.S. magistrate judge have the authority to order armed men to break into someone's house in Canada?

    yes.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Crusty the Ex-Clown, Mar 27th, 2014 @ 6:51pm

    Bunch of young whippersnappers

    So the DOJ thinks it should be OK to install spyware on MY computer, in MY house, using the electricity and Internet connection I pay for, to eavesdrop on me? Juvenile delinquents, that's what I call 'em. You kids better stay off my lawn!

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Tice with a J (profile), Mar 27th, 2014 @ 7:43pm

    This must be that "augmented reality" I've heard so much about.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    john senchak, Mar 27th, 2014 @ 8:04pm

    "instructions" means a drive by down load remote access trojan of some type

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Mar 27th, 2014 @ 8:59pm

    I imagine the DOJ infects mostly smartphones with spyware these days, instead of traditional computers. Smartphone operating systems are soft targets, full of proprietary backdoors.

    Heck, most smartphones are probably still running an outdated version of Gingerbread, with an out-of-date linux kernel.

    All that fancy encryption you're using on your smartphone, just got bypassed with a DOJ rootkit trojan.

    If you ever need to communicate in private over a smartphone, tether your laptop to the smartphone and make sure the tethering software running on the laptop doesn't have root/admin permission.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    btrussell (profile), Mar 28th, 2014 @ 2:34am

    "In the normal course of operation, websites send content to visitors. A user's computer downloads that content and uses it to display web pages on the user's computer."

    That is not the normal course of operations.

    I invite the website to be a guest. The website is the visitor. If they don't behave, they are not invited back.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Mar 28th, 2014 @ 4:37am

    Can we use that defense?

    If "Augmenting Content' is legal then can I augment the content of their networks, voice mail, and data archives?

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Mar 28th, 2014 @ 5:40am

    They wrote it to sound like a cookie. Maybe an extra powerful cookie but still cookie like.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    A. Nnoyed (profile), Mar 28th, 2014 @ 7:39am

    Use Of Malware As 'Augmenting Content'

    Once the authorities target and access a citizens computer, they can upload illegal felonious content without the owners knowledge. Like when the cops plant an illegal substance on a person then arrest them for possession of an illegal substance. One citizen got lucky when a computer technician reported him for possessing illegal images. After the arrest a computer forensic expert determined the citizen a victim of a malware attack that allowed unauthorized third parties to use his computer as a drop box. The prosecution was short circuited because there was no way to determine who uploaded the illegal images. A judge dismissed the case.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Dirkmaster (profile), Mar 28th, 2014 @ 10:55am

    I have One word for you

    NoScript

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Mar 29th, 2014 @ 4:11am

    Re: I have One word for you

    The exploits used to plant this stuff are not always blocked by NoScript. They sometimes exploit buffer overruns in various media handlers, such as for images or video, or the HTML parser itself.

    To be even safer, boot and run from non-writable media (cd or DVD), though they can still infect the runtime and any attached storage, such as USB drives.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    GEMont (profile), Mar 30th, 2014 @ 2:13pm

    A False Rumor

    This is a 100% fake report, designed to show how the activities of the NSA are actually doing more harm than good, by forcing the NSA and its sister agencies to perform criminal acts in order to continue spying on their own people.

    ========================


    From Rooters News
    Dateline March 32, 2014

    It is hard to comprehend how the federal tri-letter agencies can participate in such unamerican activities as has been exposed by various means such as the Snowden files, and still maintain the facade that they do no harm - not only to their own employer's credibility, but to the nation's security as well.

    As more and more Americans begin to realize that much of what they took for granted as being directives of sound scientific reasoning - such as the national habit of leaving computers on 24/7 - are in reality, social engineering stunts perpetrated by the tri-letter agencies, at the behest of the federal government, designed to give the fed more access to the public's private information, more and more Americans are trying to circumvent such intrusion by whatever means are at their disposal, such as simply turning off their computers whenever they are no longer being used.

    And naturally, as more and more American citizens learn to turn their computers off when not in use, the tri-letter agencies have been doing their best to find new avenues into the treasure trove of personal data they have come to feel belongs to them, and to regain control of the army of computers they have been able to access and use secretly for so many years.

    Now word comes from un-named sources inside Microsoft, that NSA - in cahoots with MS - has begun using an ingenious bit of sleight-of-hand code to thwart this new trend in common sense among the members of what the Fed considers its private "public" resource base.

    Planted via regular MicroSoft updates, a new bit of cool code has been installed in most of the nation's PCs over the last 8-12 weeks, which simply intercepts the user's "power-down" command, and runs a fake shut-down scenario on screen, designed to convince the user that the PC is shutting down, while in reality, the PC is simply switching to "stealth" mode.

    The monitor is turned off, the drive light is turned off and any mother board or tower lights are turned off and the computer appears to be indeed totally shut down.

    Sleep mode is also mimmicked by the software, if that is the user's normal behaviour.

    The code runs a 6 day analysis of the user's normal shut down procedure before instituting its own fake shutdown scenario in order to best imitate the events the user would normally expect to see. Since the lights on modern external modems never really stop blinking on and off, the transfer of data is not apparent to the typical user who believes his computer has shut down.

    Once the stealth scenario goes into operation, a shutdown notification is sent to the NSA monitoring station in charge of stealth zombies, as soon as the user initiates a shut-down, so that the spooks' monitoring computers can immediately add the stealthed computer to their army of zombied PCs for use in everything from DDOS assaults on foreign systems to spoofing Tweets on Twitter. The contents of all such zombied computers are of course, routinely scanned for any tidbits of data that can be used to NSA's advantage later.

    Since the code is standard Microsoft machine code and installed by the user along with a normal update and runs only after the user has initiated the faked computer termination, it is virtually invisible and impossible for a normal user to detect by any means.

    Of course both the NSA and Microsoft have denied such code exists and both claim that the report is entirely bogus. Microsoft has gone so far as to claim that such code is indeed not possible to make, install or run.

    It just goes to show you that where there's a will, there is a way, and even if this code is not currently possible or in use, we are certain that it soon will be, if the national habit of shutting off PCs not in use, continues to escalate.

    By Smarmy Ersazt

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Apr 2nd, 2014 @ 5:10am

    Re:

    It looks like malware inserted on p. 201 of a 402 page report.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Apr 10th, 2014 @ 11:18am

    Re: Re: I have One word for you

    NoScript is utterly pointless if you're running Windows and allow regular updates. MS has shown time and again how little it cares for its customers' security and how eager it is to assist the NSA.

    Even if MS has not willingly offered the NSA a piggyback on its update system, there is absolutely no way that the NSA has not learned how to pipe into these daily/weekly updates, since they get executed, in most cases, automatically with zero scrutiny.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.