The FBI has its eye on malware and is willing to pay to collect it. In a recent listing on the Federal Business Opportunities website, the bureau's Investigative Analysis Unit (IAU) has invited security vendors to give quotes on malicious software. While the listing does not give hard specifics on how this software might be implemented, the FBI writes that it needs the malware to gain a "global awareness" of the malware threat.
According to the document that accompanies the listing, the IAU's purpose is to aid FBI investigations by providing technical support and analysis on computers, networks, and malicious software. "Critical to the success of the IAU," it reads, "is the collection of malware from multiple industry, law enforcement and research sources." Said collection allows the IAU to provide solid, "actionable intelligence" to criminal investigators. The document goes on to give specific requirements for the kind of software it expects vendors to offer, including how up-to-date the malware is and suitable filetypes.
Malware is already a massive concern for the federal government, even as the intelligence community makes use of it to conduct clandestine investigations. Court documents revealed late last year that the bureau's high-tech investigations unit uses software to hack into suspects' computers, though their methods are far from all-powerful. Meanwhile, the NSA recently came under fire for hacking into global networks with malicious software and even intercepting laptops to aid in spy-craft. Security experts like the University of Pennsylvania's Matt Blaze, however, contend that the IAU's listing is for the purpose of building a database for forensic analysis:
@bartongellman This appears soliciting for malware samples found in the wild for forensic analysis, not malware for the FBI to deploy.— matt blaze (@mattblaze) February 6, 2014
We've reached out to the FBI for comment.