X
Tech

Uncle Sam: I want you to sell me malware

The FBI has an RFQ out to buy malware for research. Read the document and the project sounds legitimate, but the RFQ is still funny to read.
Written by Larry Seltzer, Contributor

Do you have a malware feed you can sell? About 35GB a day? If so, the FBI wants to do business.

They have put out an RFQ (request for quote) for "malware." The project is a perfectly reasonable one: The Operational Technology Division (OTD), Investigative Analysis Unit (IAU) of the FBI investigates digital threats and provides consulting and support to the FBI and intelligence services. A live feed of malware is a good tool for such an organization to have.

But what's funny is how they shove the square malware feed peg into the round RFQ hole. Consider this part of the bid:

quantity1

What if the second feed is on sale, maybe 50% off?

The RFQ also directs the supplier to send the malware to a specific mailing address for the FBI's Engineering Research Facility in Quantico, "Attention: Supply Technician". One envisions a Fedex box of malware arriving every day.

Another part of the RFQ has some detail on what they are looking for and shows they have some idea of what they're doing, even if they are a little too interested in PHP files:

    Feed shall:
  • i. Contain a rollup of sharable malware as included in the malicious URL report
  • ii. Be organized by SHA1 signatures [sic: probably should be "hashes"]
  • iii. Be updated once every 24 hours
  • iv. Be a snapshot of the prior 24 hours
  • v. Be, on average, 35 GB per day and include the following file types:
    • 1. Executable file types from Unix/Linux, Windows and Macintosh
    • 2. Archives files
    • 3. Image files
    • 4. Microsoft Office documents
    • 5. Audio and Video files
    • 6. RTF files
    • 7. PDF files
    • 8. PHP files
    • 9. PHP files
    • 10. JavaScript files
    • 11. HTML files
  • vi. Be able to retrieve feed in an automated way through machine-to-machine communication
  • vii. Initiations of accessing feed shall be pulled by IAU not pushed to IAU
Editorial standards