DOJ Describes Its Use Of Malware As 'Augmenting Content' As It Pushes For Great Ability To Hack Computers
from the augment-that-content dept
The article points to a massive 402 page document to the rule making body of the courts, in which it explains how it has used malware to find criminal suspects. Of course, this is the DOJ that we're talking about, so it's not going to come right out and say "hey, here's the malware we used and how we use it." Instead, as noted by the ACLU's Christopher Soghoian, the DOJ hides its description of malware on page 201 (smack dab in the middle of such a giant document) in a single paragraph using some rather incredible language:
In the normal course of operation, websites send content to visitors. A user's computer downloads that content and uses it to display web pages on the user's computer. Under the NIT authorized by this warrant, the website would augment that content with some additional computer instructions. When a computer successfully downloads those instructions from Website A, the instructions are designed to cause the "activating" computer to deliver certain information to a computer controlled by or known to the government. That information is described with particularity on the warrant (in Attachment B of this affidavit), and the warrant authorizes obtaining no other information. The NIT will not deny the user of the "activating" computer access to any data or functionality of that computer.As Soghoian notes, if you blink, you might miss it. The DOJ calls its malware insertion man-in-the-middle attack by describing it as "augmenting" the content sought by the user "with some additional computer instructions." That's certainly one way to look at it, but you have to assume that less than technologically savvy judges aren't likely to understand what this means at all.