Federal detectives want to buy viruses and other types of malicious software for assistance in cracking criminal cases, according to a "combined synopsis/solicitation for malware" published this week on the government's contracting database.
The specific organization in need is the FBI Investigative Analysis Unit of the Operational Technology Division, a team of specialists providing on-the-scene tech support and "employing innovative, custom developed analytical methods" to analyze digital evidence, according to the solicitation.
"The collection of malware from multiple industries, law enforcement and research sources is critical to the success of the IAUs mission to obtain global awareness of malware threat," the request for bids states. "The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters."
It's not exactly clear whether the bureau wants to buy the kind of spyware that feds reportedly use to eavesdrop on a suspect's Internet communications, or whether it simply needs to better understand the nature of malware to trace it back to its originator.
In either case, there are existing — free — avenues for the FBI to obtain these kinds of hacking tools.
Since 1996, the FBI has used a public-private program called Infragard to share information with local information technology experts and academics for assistance with cyber investigations. "We passed along what we knew about cyber intrusions and crime trends to our partners to help them secure their facilities and computer networks," the bureau's website states. "And our partners shared with us their IT expertise and information they had on possible cybercrimes."
But some companies in possession of such free knowledge, having been the victims of hacks, are reluctant to share it.
On Jan. 27, the Financial Services Roundtable, which represents banks — frequent targets of cybercriminals, wrote a letter to Congress noting that certain malware-intelligence sharing is illegal. The industry group urged lawmakers to pass legislation that "offers liability protection for good faith sharing of threat information and data affords protection from disclosure through the Freedom of Information Act or to prudent regulators."
Contractors interested in this job must act soon. Price quotes for the malware information are due on Valentine's Day.
This article originally published at Nextgov here
Nextgov is a Mashable publishing partner that is the all-day technology resource for federal decision makers, delivering news, analysis and a nationwide community of expert voices on how technology and innovation are transforming government. This article is reprinted with the publisher's permission.