Malware as surveillance tool…

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker).”

In legal mumbo-jumbo, it’s called “computer contaminant” and there are number of laws that carry a stiff penalty, if and when the perpetrator(s) are caught.

Except when it comes to law enforcement…

Federal, and presumable local, law enforcements agencies, had been purchasing malware for surveillance purposes. The solution purchased by your tax dollars is a “turn-key Remote Control System” that manages infecting computers/portable devices including smartphones, collects data from the victims… oops, from the suspects, deletes itself from the target system, etc. Most of the solutions are purchased from Italy, France, Israel, etc., and it is  booming market. Just in recent years, DEA and US Army had purchased $1.2M worth of hacking… oops, surveillance tools.

From the recipient’s perspective, there’s no difference between the malware and computer surveillance. In either case, the system is compromised and it’s at the mercy of malware, or surveillance.

How do you differentiate between the good and bad guys? How do you differentiate between hackers and law enforcement agencies compromising your system?

The answer for the first question is simple, you don’t. There’s no difference between the two, regardless of the purpose of the hacking.

The answer to the second question is more complex. Generally, hackers compromise your system for financial gain, stealing information etc. You’ll know in a relatively short timeframe if and when the hacker owns your system. On the other hand, law enforcement surveillance/hacking you won’t know about, until they show up with an arrest/search warrant.

Protection against the malware, be that by hackers or law enforcement agencies, are limited. The major culprit for this limitation is the vulnerability of operating systems and applications, in addition to technologies developing against malware. By no means I am suggesting that software companies intentionally leave some backdoors in their software. While it is possible, I am not that suspicious… yet…

But I am suspicious enough to suspect that antivirus company may exempt the “surveillance tools” from being detected in their solutions. It’s probably relatively easy to achieve, but unfortunately, the actual hackers’ can easily mimic these “surveillance tools” and evade detection.

Depending on where live, you may want to install an antivirus and other security solution that is developed in a foreign country. For example… If you live in the US, Kaspersky might be a better solution than Symantec for detection surveillance tools from US law enforcement agencies. The drawback is that Kaspersky may not detect Russian hackers and law enforcement agencies malware.

Yeah, you cannot win this battle…