DEA Looking To Buy More Malware From Shady Exploit Dealers

from the ends-and-something-about-means dept

The DEA -- like other federal agencies involved in surveillance -- buys and deploys malware and exploits. However, it seems to do better than most at picking out the sketchiest malware purveyors to work with.

When Italian exploit retailer Hacking Team found itself hacked, obtained emails showed the company liked to route around export bans through middlemen to bring the latest in surveillance malware to UN-blacklisted countries with horrendous human rights records. It also, apparently, sold its wares to the DEA -- an agency in a country with only periodic episodes of horrendous human rights violations.

Maybe there's a shortage of exploit sellers, but it would be nice to see a US agency be a bit more selective about who it buys from, rather than jumping into the customer pool with Saudi Arabia, Sudan, and Egypt. But the DEA has done it again. Emails obtained via FOIA by Motherboard show the DEA attempting to get in bed with another questionable malware purveyor.

The Drug Enforcement Administration held a meeting with the US sales arm of NSO Group, a controversial malware company whose products can remotely siphon data from iPhones and other devices, according to internal DEA emails obtained by Motherboard. The news highlights law enforcement agencies' increased interest in using hacking tools and malware, as well as NSO's efforts to enter the lucrative US market.

The problems with NSO are multitudinous. Not only have its iPhone zero-days been used to target a dissident in the United Arab Emirates, but the Mexican government apparently deployed NSO malware on several occasions, each time with highly-questionable targets.

Privacy International has uncovered NSO malware in operation in Mexico, targeting journalists, lawyers, soda tax supporters [?!]... even children. Some of the targets were investigating government corruption. Others were investigating the mass disappearance of 43 schoolchildren from Iguala, Mexico. The deployment methods were at least as troubling as the demographics of those targeted.

The targets received SMS messages that included links to NSO exploits paired with troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats. The operation also included more mundane tactics, such as messages sending fake bills for phone services and sex-lines. Some targets only received a handful of texts, while others were barraged with dozens of messages over more than one and a half years.

This is what governments are doing with NSO's malware. Certainly NSO can't be expected to prevent end users from using its malware for evil, but it could be more selective about who it sells to. Perhaps the pitch to the DEA was viewed as a step towards legitimacy. But the DEA entertaining offers from NSO should be viewed as a step backwards for an agency that already has a few issues with its malware deployment.

Joseph Cox of Motherboard makes it clear the obtained emails don't show any purchases from NSO. But they do show the agency is interested in its wares. The lack of concerns about the source are par for the course. The DEA can't seem to find the time to deliver required Privacy Impact Assessments for its malware/exploit deployment and routinely thwarts its oversight. Buying from shady dealers is just another component of the DEA way.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dea, exploits, hacking, malware, vulnerabilities