The Washington Post reports on the use of malware for remote surveillance, including the ability to turn on a computer’s camera.
The FBI’s elite hacker team designed a piece of malicious software that was to be delivered secretly when Mo signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents. The goal of the software was to gather a range of information — Web sites he had visited and indicators of the location of the computer — that would allow investigators to find Mo and tie him to the bomb threats.
Such high-tech search tools, which the FBI calls “network investigative techniques,” have been used when authorities struggle to track suspects who are adept at covering their tracks online. The most powerful FBI surveillance software can covertly download files, photographs and stored e-mails, or even gather real-time images by activating cameras connected to computers, say court documents and people familiar with this technology.
The article describes the FBI’s “elite team of hackers,” which is absurd and glosses over the scary technical reality. It makes it sound like someone at a computer is actively breaking into another computer in real time.
The truth is, a (not that elite) group of developers can create this spying malware and it can be deployed en masse, to millions (or billions) of computers continuously, and the results stored, indexed, and analyzed.
The fact that it is occasionally used in a specific ad hoc fashion that sounds (to some, at least) reasonable hides the underlying problem, which is that this sort of thing could be (and probably is) going on already on a massive scale.
The Russian Mafia (with deep ties to the Russian government) has been doing this sort of thing for over a decade - using spam, email, and illicit-content websites to deliver malware that recruits infected computers into a botnet for the purpose of (primarily) having more computers from which to send spam email and deliver illicit content from, as well as a host of other things you need massive computing power for.
I’ve suspected for a long time that they (Russian Mafia) also use this ability to conduct directed surveillance for the purpose of blackmail and extortion (who wouldn’t?), but news reports to that effect have been sketchy at best.
Now the US Government is either getting in on the act or (more likely) getting noticed for it. Like the take down of the Silk Road and Freedom Hosting, highly publicized police-state actions reinforce the narrative that this sort of thing is needed to fight crime and protect the homeland.
This allows the debate (such as it is) to hinge on whether this one specific case is justified, whether the warrants were served properly, what oversight is in place, and what permissions need to be sought before pursuing some specific person who clearly is a criminal.
Online surveillance pushes the boundaries of the constitution’s limits on searches and seizures by gathering a broad range of information, some of it without direct connection to any crime. Critics compare it to a physical search in which the entire contents of a home are seized, not just those items suspected to offer evidence of a particular offense.
But that’s missing the point.
It’s silly to think that the only thing the Russian Mafia wants your computer for is to send spam email and host porn. The logical conclusion is that they are doing a wide range of activities, like blackmailing government clerks or attempting to fix stock market prices (just for example). While it’s up to invesigative journalists to determine the specifics, anyone who knows anything at all can see the obvious fact that a criminal syndicate with nearly unlimited computing resources is going to find fun and profitable uses for it.
In exactly the same way, the logical thing to assume about the U.S. Government is that it is using its massive computing power for its own purposes. Or, more accurately - many different agencies and groups within the government are likely using their massive computing powers for a wide variety of activites.
Over the next few years we’ll continue to hear about specific cases - leakers and investigative journalists will bring out the details of what is actually going on. But we shouldn’t pretend like we don’t already know the general gist of it. Anyone should be able to see that a criminal syndicate with nearly unlimited computing resources is going to find fun and profitable uses for it.