Network Investigative Technique, or NIT, is a form of
malware (or
hacking) employed by the
FBI since at least 2002. It is a
drive-by download computer program designed to provide access to a computer.
Controversies
Its usage has raised both
Fourth Amendment concerns[1] and
jurisdictional issues.[2] The FBI has to date, despite a court order, declined to provide the complete code[3] in a child sex abuse case involving the
Tor anonymity network.[4] On May 12, 2016
Mozilla filed an
amicus curiae brief inasmuch as the FBI's exploit against the
MozillaFirefox web browsers potentially puts millions of users at risk. It asked that the exploit be told to them before it is told to the defendant, thus raising
Fifth Amendment issues as well.[5] Also, US District Judge Robert J. Bryan in Tacoma, Washington has ruled that while the defendant in United States v. Michaud has the right to review the code, the government also has the right to keep it secret (two other federal judges in related cases have ruled to suppress evidence found as a result of the NIT);[6] On May 25, 2016, however, he ruled that "For the reasons stated orally on the record, evidence of the NIT., the search warrant issued based on the NIT., and the fruits of that warrant should be excluded and should not be offered in evidence at trial..."[7]
The ACLU and
Privacy International successfully litigated (see [18-cv-1488]) the release of U.S. sealed court records that revealed details about a NIT deployed in 2016 on 23 separate
onion services of the
Tor (network).
The
sworn affidavit submitted by a Special Agent of the FBI (affidavit template formerly written by the
NAIC) indicated the NIT had the following abilities:
"The NIT will reveal to the government environmental variables and certain registry-type information that may assist in identifying the computer, its location, and the user of the computer...."
The "activating" computer's actual IP address, and the date and time that the NIT determines what that IP address is;
A unique identifier (e.g., a series of numbers, letters, and/or special characters) to distinguish the data from that of other "activating" computers. That unique identifier will be sent with and collected by the NIT;
The type of operating system running on the computer, including type (e.g., Windows), version (e.g., Windows 7), and architecture (e.g., x 86);
Information about whether the NIT has already been delivered to the "activating" computer;
The "activating" computer's Host Name. A Host Name is a name that is assigned to a device connected to a computer network that is used to identify the device in various forms of electronic communication, such as communications over the Internet;
The "activating" computer's Media Access Control ("MAC") address. The equipment that connects a computer to a network is commonly referred to as a network adapter. Most network adapters have a MAC address assigned by the manufacturer of the adapter that is designed to be a unique identifying number. A unique MAC address allows for proper routing of communications on a network. Because the MAC address does not change and is intended to be unique, a MAC address can allow law enforcement to identify whether communications sent or received at different times are associated with the same adapter.
List of Government Operations
There is a growing list of government operations that are known to have used NITS.