Uncle Sam: I want you to sell me malware

Summary:The FBI has an RFQ out to buy malware for research. Read the document and the project sounds legitimate, but the RFQ is still funny to read.

Do you have a malware feed you can sell? About 35GB a day? If so, the FBI wants to do business.

They have put out an RFQ (request for quote) for "malware." The project is a perfectly reasonable one: The Operational Technology Division (OTD), Investigative Analysis Unit (IAU) of the FBI investigates digital threats and provides consulting and support to the FBI and intelligence services. A live feed of malware is a good tool for such an organization to have.

But what's funny is how they shove the square malware feed peg into the round RFQ hole. Consider this part of the bid:

quantity1

What if the second feed is on sale, maybe 50% off?

The RFQ also directs the supplier to send the malware to a specific mailing address for the FBI's Engineering Research Facility in Quantico, "Attention: Supply Technician". One envisions a Fedex box of malware arriving every day.

Another part of the RFQ has some detail on what they are looking for and shows they have some idea of what they're doing, even if they are a little too interested in PHP files:

    Feed shall:
  • i. Contain a rollup of sharable malware as included in the malicious URL report
  • ii. Be organized by SHA1 signatures [sic: probably should be "hashes"]
  • iii. Be updated once every 24 hours
  • iv. Be a snapshot of the prior 24 hours
  • v. Be, on average, 35 GB per day and include the following file types:
    • 1. Executable file types from Unix/Linux, Windows and Macintosh
    • 2. Archives files
    • 3. Image files
    • 4. Microsoft Office documents
    • 5. Audio and Video files
    • 6. RTF files
    • 7. PDF files
    • 8. PHP files
    • 9. PHP files
    • 10. JavaScript files
    • 11. HTML files
  • vi. Be able to retrieve feed in an automated way through machine-to-machine communication
  • vii. Initiations of accessing feed shall be pulled by IAU not pushed to IAU

Topics: Security, Government : US

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.