FBI says that its Tor-exploiting malware is not really malware when they have a warrant
The FBI used NIT to identify and arrest thousands of child pornographers on the dark web Getty Images

The FBI used its Tor exploiting malware, titled Network Investigative Technique (NIT), to identify and bring down the members of a child pornography website called Playpen, on the dark web in January. However, it is now arguing that its hacking tool is not really malware, since it was "authorised by a court". An FBI agent testified recently that NIT could not be classified as a malware because the FBI had a warrant.

In the case of US vs Jay Michaud, FBI special agent Daniel Alfin provided testimony, in which he stressed that NIT, which was used to identify the activities of Michaud and thousands of others who used Playpen, is not malware as the FBI had a warrant to use it and because NIT caused no security damage to Michaud's computer.

"The NIT utilized in this investigation was court-authorised and made no changes to the security settings of the target computers to which it was deployed. As such, I do not believe it is appropriate to describe its operation as 'malicious'", said Alfin. He also mentioned that he loaded NIT into one of his own machines and noted that "it did not make any changes to the security settings on my computer or otherwise render it more vulnerable to intrusion than it already was."

Although security experts are yet to reach an agreement on how best to define malware, it is commonly accepted that it is a code that is surreptitiously installed in systems and runs without the knowledge of the owner and in most cases, gains access to data within the system. In this regard, the NIT could be classified as a malware, given that it was covertly installed onto the systems of anyone using the Playpen website, which could only be accessed using the Tor browser. Once installed, NIT then provided the FBI with the original IP addresses of Playpen users.

However, the FBI's interpretation of malware does not align with its generally understood meaning. Nonetheless, how the FBI chooses to define malware may be key as courts and the US Congress take steps to redefine the FBI's hacking powers. In April, the US Supreme Court approved making changes to Rule 41, which would effectively expand the FBI's hacking powers across the US. However, Senator Ron Wyden recently introduced a bill, the Stop Mass Hacking Act, which would prevent the FBI from mass hacking with just a single warrant, like it did in the Playpen case.

The recent rise in cybercrime has brought international law enforcement agencies under the spotlight. Cybercriminals appear to be constantly evolving such that a recent Pew survey indicated that after the Islamic State (Isis), what Americans fear most are cyberattacks.