Government hacking

Government hacking permits the exploitation of vulnerabilities in electronic products, such as software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation.^[1] Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

Security hackers have extensive knowledge of technology (particularly electronic devices and computer programs and networks), and may use their knowledge for illegal or unethical purposes. Hackers take advantage of vulnerabilities in software and systems; the hacking consists of manipulating computer systems or electronic devices to remotely control a machine or access stored data.^[2]

Due to new technologies, it was necessary to update cryptographic algorithms. This need has raised the level of complexity of techniques used for encrypting the data of individuals to guarantee network security. Because of the difficulty of deciphering data, government agencies have begun to search for other ways to conduct criminal investigations; one such option is hacking.^[3]

Since government hacking is characterized by the use of technology to obtain information on citizens' devices, some say that government agents could also manipulate device data or insert new data.^[4] In addition to manipulating data from individuals, tools developed by the government could be used by criminals.^[5]

To conduct searches and gain remote access on a regular, large scale, legal attempts have been made to change encryption. Weaker encryption would make technology less secure overall. Governments could copy, modify, or delete data during digital investigations.

Hacking is a set of actions which exploit the capabilities of electronic devices. Cyberwarfare is a set of practices in defense of political, socio-environmental, socio-technological and cultural causes which is waged in cyberspace (particularly the Internet). Intergovernmental cyberwarfare is a consciously-defined, orderly action by a government to attack another government, focusing on the other country's resources, systems and organizations. A cyberattack, thought to be a joint US-Israeli operation, was made on Iran's nuclear power plants in 2010. The attack was made by Stuxnet, a computer worm which targets Microsoft Windows systems and Siemens devices.^[6]

Government attacks on security use several methods.

This technique sends malware over the Internet to search computers remotely, usually for information which is transmitted (or stored) on anonymous target computers. Malware can control a computer's operating system, giving investigators great power. According to attorney and educator Jennifer Granick, the courts should restrict government use of malware due to its uncontrollable distribution.^[7]

A government may find system vulnerabilities and use them for investigative purposes. The Vulnerability Action Process (VEP), a system-vulnerability policy, was created to allow the US government to decide whether to disclose information about security vulnerabilities. The policy does not require disclosure of security breaches to technology vendors, and discussion leading to a decision is not open to the public.^[8]

Because of the complexity of encryption, governments attempt to unravel and defeat such security features to obtain data. Encryption backdoors allow the strongest encryption to be ignored.^[8]

This section does not cite any sources. Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged and removed. (July 2019) (Learn how and when to remove this message)

The government can hack into computers remotely, whether authorized or not by a court. To meet needs, agents CAN copy, modify, delete, and create data. With inadequate oversight of the judicial system, this practice occurs stealthily through the creation of warrants; it is possible to deny the sharing of malware details with defendants during a trial.

From the moment a government allows hacking for investigations and other reasons of state, positive or negative impacts are possible; a number of harms may occur.

Generally, hackers cause damage to devices or software and may limit its operability. The data on the devices involved in the attack can be permanently lost. Replacing devices and efforts to recover data can also be costly, increasing financial damage.

Hackers can also harm the image of a target, be it specific or the general public. The reputation of the individual is put at risk for a number of reasons, including the setting for which someone is innocent but there is the hypothesis that was the target of the attack. In most cases, the individual can not perceive that he is being attacked and risks being involved in improper security practices.

As there is the possibility of government operations to create offensive resources on the internet with the aim of assisting in certain operations, this mitigates security in the digital environment. In addition to this scenario, many others are susceptible to vulnerability, both by black market and government actors, such as introducing viruses into software updates or even creating or maintaining hardware. The result is a decrease in the credibility of the internet for the user, which can affect communication and even the economy.^[2]

Due to technological innovations, the US government has focused more on innovating research techniques. An example is the use of hackers and malware through software deployment. The great interest in this is to diversify the way of infiltrating and monitoring others, especially when the target is an irregular activity by the computer network, where the only possible investigation is the remote.^[9] The government calls this type of hacking operation a “Network Investigative Technique,” or NIT.

In recent years, the government has increasingly turned to hacking as an investigative technique. Since 2002, the US government, in particular the Federal Bureau of Investigation (FBI), has employed the use of malware as a tool to aid in virtual criminal investigations.^[10] At the beginning of the use of this virtual virus, the main research targets were individual computers. Over the years, the FBI has adopted a form of hacking that allows attacking millions of computers in a single operation, which is usually authorized by only a single judge of the magestrado.^[11] The use of this technique was encouraged by privacy technologies, which ensure that their users have their identity omitted as well as their activities. Installing the malware is precisely so that the government can identify its targets even if they use tools that hide the IP address, location or identity.

Nowadays, the most well-known and legitimate form of government hacking is the watering hole operation, which the government takes control of a criminal activity site and continues to operate it in order to distribute the virus to computer to access it. The malware can be installed through a link, in which the user clicks, or secretly, through access to a certain site. The user is not aware of the virtual virus infection on his machine because the malware partially controls it, only to search for identifying information and send it back to the source.

To perform this malware deployment, the FBI requires authorization and uses search warrants issued by magistrates in accordance with Rule 41 of the Federal Rules of Criminal Procedure. Numerous operations like this were done and thousands of computers across the country scanned remotely. According to one survey, one operation was responsible for affecting 8,000 computers in 120 different countries.^[12]

One case that demonstrated this new use of the technology by the government was when the FBI obtained access from a server located in North Carolina, which was being used to store photos and videos of child victims of sexual abuse and share through a website, which was accessed by thousands of users. Instead of shutting down the site's activities when it took over, the FBI opted to hold for two weeks to carry out a major harrier operation to create hundreds of criminal cases. Nonetheless, the FBI argues that this action was justified by the arrests of hundreds of alleged pedophiles.^[13]

In addition to this hacking campaign, it is likely that there will be another in the future and will not necessarily be in cases of child pornography distribution. This was just an example of the power of data access that can be done with the digital investigations of the United States government in partnership with the FBI.

In June 2013, Edward Snowden, a former agent of the National Security Agency (NSA), announced the existence of a program, called PRISM, which monitors everything travels on the internet. Thus, the US can obtain information about the market, internal security and what other countries plan and do within their borders.

Still in this wave of news, it was discovered that in Brazil the Ministry of Mines and Energy, Petrobras, former president Dilma and its main advisers were investigated. The data obtained would have been shared between USA, Canada, England, Australia and New Zealand.

The Ethiopian government was accused of using FinSpy software to obtain personal data from a naturalized American citizen Ethiopian. According to the report, Kidane, the pseudonym of the person, had data from Skype calls, internet searches and e-mails monitored by the software.

This case was strongly impacted by its implications for cyber surveillance within the US.

• Internet Security
• Cybercrime
• Cyberativism
• Hacker culture
• Cyberwarfare
• Edward Snowden
• Timeline of global surveillance disclosures (2013–present)