FBI Admits Use of Zero-Day Exploits and Stingrays
Alexander Neil / 6 years ago
In a profile of Amy Hess, the FBI’s executive assistant director for science and technology and overseer of the bureau’s Operational Technology Division, conducted by the Washington Post in the wake of the San Bernardino shootings, the FBI executive openly admitted to the use of a number of techniques the FBI use in order to track down criminals. Amongst the methods brought to light by reporter Ellen Nakashima are Zero-Day Exploits, Stingrays and the OTD’s Remote Operations Unit of hacking technicians.
For those unaware, a Stingray is a type of “cell-site simulator” that imitate cellular towers, in order to collect communications data from mobile telephones within range, both suspect and bystander alike. The tool has been a long-kept secret by the FBI, with them requiring local law enforcement members involved in their use to sign nondisclosure agreements. While Hess insisted that the FBI never enacted a gag on the police, they wanted to keep the details of the device’s functionality shielded.
A zero-day exploit is a flaw in a piece of software that can be manipulated in order to exploit it in some way, that are unknown to the software’s vendor and thus unpatched. Usage of these can allow for easier hacks into suspects PCs or mobile devices, however favoring such techniques is unreliable, and thus not a preferred method to use.
The real worry with these types of attacks are the privacy implications on the common person. A stingray’s data would have to be checked in order to identify the suspect’s data, meaning that the privacy of everyone within proximity of the device potentially has their privacy violated. Holding on to known exploits instead of reporting them to the software developers for patching opens any user of the software open to attack from a hacker were the exploit discovered by another unsavory party. As a result of these implications, both are seen as controversial by privacy advocates and as a result, governments have often tried to distance themselves from discussion of their use. Now, in an unusual moment of transparency, the FBI has potentially put itself a little closer to the disc