The FBI declares malware-like software isn’t malware as they are good guys, we ponder the ethics of using such tools
According to legal briefs filed by the FBI, “Malicious, in criminal proceedings and in the legal world, has very direct implications, and a reasonable person or society would not interpret the actions taken by a law enforcement officers pursuant to a court order to be malicious.” The ‘court order’ part of that statement being of most import it seems to us, and Nathan Dornbrook, CTO at ECS Security for that matter. “The deployment of computer tools should meet the same standard as the deployment of any other electronic attack tool,” he told SCMagazineUK.com. “A judge should determine whether there is enough cause to issue a warrant.”
Dornbrook also thinks that it’s about time that, when it comes to such usage of ‘offensive security’, we “should acknowledge it, make it public, and put in place strong oversight to patrol its use”. Not everyone agrees per se. “The idea that law enforcement, government and the security industry could be using the same tools as the bad guys sets a dangerous precedent,” said Kevin Bocek, vice president security strategy at Venafi. “And is certainly not something the public should accept.” Bocek suggested that law enforcement agencies are hardly the most competent custodians of technology and data. “By creating malware that does exactly the same job as that of a cyber-criminal, the government is essentially releasing the weapon, or the designs to build new weapons.”