A recent Washington Post profile about the FBI’s executive assistant director for science and technology reveals a lot about the bureau’s methods for dealing with modern gadgets, and one stark and possibly unsettling fact: The FBI uses the same security loopholes in software that unscrupulous hackers do.
The Post’s article gives an interesting insight into Amy Hess’s job. As a senior FBI figure in charge of technology, Hess’ role is a timely and important one. As we all use technology more, so do the “bad guys,” and the FBI finds itself having to try many of the same tricks seen in high-tech crime dramas on TV. Where, after a serious incident for example, the FBI’s technicians tear into phones, computers, and other technology belonging to suspects in order to identify them or discover information that may prevent future incidents.
It’s easy to see this kind of investigation is an important part of the Bureau’s work. But in the article, Hess also admitted for the first time that the FBI actively uses so-called “zero-day” exploits to remotely hack computers.
A zero-day exploit is a flaw in a piece of software that allows hackers who know about it to easily gain access to a computer system. It gets its name because once the flaw becomes public knowledge, the designer of the system has no time—zero days—to fix the issue before it becomes an active threat to anyone running the software. Before fixes or patches are released, clever hackers are free to use the loophole…