Law Enforcement using Malware to SPY via Webcam


The Federal Bureau of Investigation, or FBI, controls a computer team, which uses malware to keep tabs on suspects, and has the ability to secretly turn on a webcam, according to a report about the agency’s search of a man called “Mo,” who is said to have used different forms of Internet communication to issue bomb threats across the United States last year.

Court documents showed that Mo, allegedly an Iranian, used to communicate through e-mail, video chat and Internet-based phone services without revealing his true identity, and was adept at covering his tracks. To zero in on such suspects, the FBI decided to call on its hackers to put together a piece of malware that was then delivered to Mo’s Yahoo e-mail account. The goal was to obtain information about Mo’s Internet usage and help investigators find his location, the Washington Post reported.

“We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, told the Post. “Judges are having to make up these powers as they go along.”

According to the Post, the most common delivery mechanism is a simple phishing attack. When the suspect hits a link sent to his inbox by the FBI, it connects to a computer at the agency’s offices in Quantico, Va., and downloads the malicious software that allows the authorities to spy on the suspect through his webcam even without its indicator light turning on.

In Mo’s case, however, the FBI-backed hackers could not turn up much about him. Mo did click on the link that was sent to him, but the tool malfunctioned and “never actually executed as designed.” The only key information that the investigators managed to obtain was that Mo appeared to be in Tehran.

Meanwhile, as the Post noted, such types of online surveillance have pushed the boundaries of the constitutional limits on searches and seizures. According to the report, critics compare it to a physical search that seizes the entire contents of a home, rather than just those items that could be linked to a particular crime.

“You can’t just go on a fishing expedition,” Laura K. Donohue, a Georgetown University law professor who reviewed the court ruling on FBI surveillance software in Mo’s case, told the Post. “There needs to be a nexus between the crime being alleged and the material to be seized. What they are doing here, though, is collecting everything.”

While a federal magistrate in Denver approved sending the malware to Mo’s computer last year, another federal magistrate in Houston rejected an FBI plan in April to send surveillance software to a suspect in a different case, on grounds that it was “extremely intrusive” and could violate the Fourth Amendment.


The Next Question is..Will anti-malware software discover and remove LAW ENFORCEMENT sponsored malware?


Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we've been wondering if it's done anything to antivirus products. Given that it engages in offensive cyberattacks -- and launches cyberweapons like Stuxnet and Flame -- it's reasonable to assume that it's asked antivirus companies to ignore its malware. (We know that antivirus companies have previously done this for corporate malware.)

My guess is that the NSA has not done this, nor has any other government intelligence or law enforcement agency. My reasoning is that antivirus is a very international industry, and while a government might get its own companies to play along, it would not be able to influence international companies. So while the NSA could certainly pressure McAfee or Symantec -- both Silicon Valley companies -- to ignore NSA malware, it could not similarly pressure Kaspersky Labs (Russian), F-Secure (Finnish), or AVAST (Czech). And the governments of Russia, Finland, and the Czech Republic will have comparable problems.

Even so, I joined a group of security experts to ask antivirus companies explicitly if they were ignoring malware at the behest of a government. Understanding that the companies could certainly lie, this is the response so far: no one has admitted to doing so.  Original post by Bruce Schneier @

Up until this moment, only a handful of the vendors have replied ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro. All of the responding companies have confirmed the detection of state sponsored malware, e.g. R2D2 and FinFisher. Furthermore, they claim they have never received a request to not detect malware. And if they were asked by any government to do so in the future, they said they would not comply. All the aforementioned companies believe there is no such thing as harmless malware.



Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed


US-CERT Latest Warnings

Latest US-CERT Released Warnings