DEA Looking To Buy More Malware From Shady Exploit Dealers

from the ends-and-something-about-means dept

The DEA -- like other federal agencies involved in surveillance -- buys and deploys malware and exploits. However, it seems to do better than most at picking out the sketchiest malware purveyors to work with.

When Italian exploit retailer Hacking Team found itself hacked, obtained emails showed the company liked to route around export bans through middlemen to bring the latest in surveillance malware to UN-blacklisted countries with horrendous human rights records. It also, apparently, sold its wares to the DEA -- an agency in a country with only periodic episodes of horrendous human rights violations.

Maybe there's a shortage of exploit sellers, but it would be nice to see a US agency be a bit more selective about who it buys from, rather than jumping into the customer pool with Saudi Arabia, Sudan, and Egypt. But the DEA has done it again. Emails obtained via FOIA by Motherboard show the DEA attempting to get in bed with another questionable malware purveyor.

The Drug Enforcement Administration held a meeting with the US sales arm of NSO Group, a controversial malware company whose products can remotely siphon data from iPhones and other devices, according to internal DEA emails obtained by Motherboard.

The news highlights law enforcement agencies' increased interest in using hacking tools and malware, as well as NSO's efforts to enter the lucrative US market.

The problems with NSO are multitudinous. Not only have its iPhone zero-days been used to target a dissident in the United Arab Emirates, but the Mexican government apparently deployed NSO malware on several occasions, each time with highly-questionable targets.

Privacy International has uncovered NSO malware in operation in Mexico, targeting journalists, lawyers, soda tax supporters [?!]... even children. Some of the targets were investigating government corruption. Others were investigating the mass disappearance of 43 schoolchildren from Iguala, Mexico. The deployment methods were at least as troubling as the demographics of those targeted.

The targets received SMS messages that included links to NSO exploits paired with troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats. The operation also included more mundane tactics, such as messages sending fake bills for phone services and sex-lines. Some targets only received a handful of texts, while others were barraged with dozens of messages over more than one and a half years.

This is what governments are doing with NSO's malware. Certainly NSO can't be expected to prevent end users from using its malware for evil, but it could be more selective about who it sells to. Perhaps the pitch to the DEA was viewed as a step towards legitimacy. But the DEA entertaining offers from NSO should be viewed as a step backwards for an agency that already has a few issues with its malware deployment.

Joseph Cox of Motherboard makes it clear the obtained emails don't show any purchases from NSO. But they do show the agency is interested in its wares. The lack of concerns about the source are par for the course. The DEA can't seem to find the time to deliver required Privacy Impact Assessments for its malware/exploit deployment and routinely thwarts its oversight. Buying from shady dealers is just another component of the DEA way.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dea, exploits, hacking, malware, vulnerabilities


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 14 Aug 2017 @ 3:48am

    Because Drugs!!!!!!!!!!!!

    That's the only justification that has to be offered up to anyone questioning them. Drugs are bad mmmmkay, so we need to ignore the business practices of those we purchase from, so what if they are violating UN rules those are mainly guidelines.

    Of course most of this malware isn't actually needed, it just makes sure the budget stays big.

    In an alternate dimension where logic and reason win, they don't spent $150K to tap the iPhone of a pot dealer, because pot is legal & regulated. They focus more on big concerns & there is plenty of money to help addicts deal with their addiction rather than throwing them in jail or into the field as CI's of questionable worth who use their pay to purchase more drugs.

    Of course they will NEVER use this improperly, despite the 1000's of cases of LEO's abusing tools of the trade to spy on former flames & hassle rival suitors.

    They tap all the data moving in and out of the country as is, and offer few safeguards (that they promptly work around) about its use... why waste more money funding bad actors who develop tools used by the worst of the worst to abuse citizens we allegedly care about.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Aug 2017 @ 5:31am

      Re:

      In an alternate dimension where logic and reason win, they don't spent $150K to tap the iPhone of a pot dealer, because pot is legal & regulated.

      Despite some recent nut-case roadblocks being thrown up, that alternate dimension is starting to bleed into our reality... and the DEA is, I'm sure, completely aware of it. Like any of the shadier dealers who know when their market is drying up, they're simply pulling an Exit Scam.

      link to this | view in chronology ]

    • icon
      JoeCool (profile), 14 Aug 2017 @ 7:45am

      Re:

      Of course they will NEVER use this improperly, despite the 1000's of cases of LEO's abusing tools of the trade to spy on former flames & hassle rival suitors.

      You forgot the most important target... bloggers who irritate them with posts about how they're failing to protect and serve.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2017 @ 3:52am

    Are the DEA, or other law enforcement agencies allowed to break into a house or safe without a warrant? If not, why are they allowed to break into a computer without a warrant?

    Just because it is a computer connected to the Internet does not make it any less somebodies private property.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Aug 2017 @ 5:20am

      Re:

      "Are the DEA, or other law enforcement agencies allowed to break into a house or safe without a warrant?"

      Yes, they are also allowed to manufacture evidence and lie during court. No the 4th does not matter, it has not for a long time unless you have the money/power to fight back.

      "If not, why are they allowed to break into a computer without a warrant?"

      Because we fellow citizens are too busy fighting each other than realizing government corruption is far more important than the petty issues we currently fight over. As a politician, I am only going to tell you what you need to hear to get you to vote for me. If you think I am going to do what is best for you, then great, my lies suckered you. I will tell you that I am tough on crime, and you like it. I will tell you that I care for your BLM cause, but my administration will not prosecute out of control law enforcement when they breach the constitution, but I am going to pay a whole lotta lip service to it because that shuts you up.

      "Just because it is a computer connected to the Internet does not make it any less somebodies private property."

      You don't own any piece of software that makes that machine work, someone else does, 3rd party doctrine clearly dictates that we only need their permission via NSL to get your data.

      We are the government, you are at a disadvantage because you don't know your rights and we convinced you, your parents, your grandparents, and even your great grandparents to give them up. We and several other fellow citizens that we have suckered too, that your interpretation of a clear as day document does not mean what YOU think it means. It means what we want it to mean when we need it to mean that, and the courts agree.

      Have a nice day citizen and mind your p's and q's... or else!

      link to this | view in chronology ]

  • identicon
    Yes, I know I'm commenting anonymously, 14 Aug 2017 @ 3:53am

    Contamination through proximity

    If you have a police-force that focusses on drug-dealers, they're going to think like drug-dealers (just like the patent-court judges meet so many patent-lawyers that they are thinking like patent-lawyers).

    link to this | view in chronology ]

  • identicon
    Michael, 14 Aug 2017 @ 6:34am

    "Certainly NSO can't be expected to prevent end users from using its malware for evil, but it could be more selective about who it sells to."

    I can see maybe not wanting to sell to North Korea, or a country that we are banned from selling software to, but are there any current restrictions about selling to the Mexican government?

    "Perhaps the pitch to the DEA was viewed as a step towards legitimacy."

    Actually, I think they may be worse than selling to the Mexican government.

    link to this | view in chronology ]

  • icon
    Sok Puppette (profile), 14 Aug 2017 @ 6:46am

    "Selective"??????

    Certainly NSO can't be expected to prevent end users from using its malware for evil, but it could be more selective about who it sells to.

    To heck with that.

    Selling exploits and malware is out of bounds, period. It doesn't matter who you sell them to. These people need to get real jobs.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2017 @ 8:35am

    In a list of bad ways the government had used the software, you listed "Others were investigating the mass disappearance of 43 schoolchildren from Iguala, Mexico."

    Ummm, so that is a troubling topic for it to be deployed for Tim?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Aug 2017 @ 9:18am

      Re:

      When it is being used on people trying to find out what happened to those people, yes it is troubling. Please find out what you are commenting on before actually doing so.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Aug 2017 @ 9:24am

        Re: Re:

        I went by Tim's article, which did not mention that, which reflects poor writing. If that were the case, he could have wrote "spying on those that were investigating the mass disappearance of 43 schoolchildren..."

        link to this | view in chronology ]

        • icon
          orbitalinsertion (profile), 14 Aug 2017 @ 2:23pm

          Re: Re: Re:

          _"Some of the targets were investigating government corruption. Others were investigating the mass disappearance of 43 schoolchildren from Iguala, Mexico."_

          That is unclear?

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2017 @ 8:45am

    NSO can't be expected to check every user of its software to see if they are doing something bad, can they? They are not responsible for its use, the users are, right?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2017 @ 8:45am

    how different this is compared to how Marcus Hutchins (famous for accidentally stopping the WannaCry attack) is being treated. they can openly buy and use malware, he is arrested and jailed for stopping one form of it! seems like, as usual, law enforcement can do what they like but others cant, even when they stop an exploit and save an industry money and embarrassment.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2017 @ 9:48am

    Give us a back door,

    so we won't have to violate the law anymore.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.