Government hacking

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

The term lawful hacking has been used for law enforcement agencies who utilize hacking.

Hackers
Security hackers have extensive knowledge of technology (particularly electronic devices and computer programs and networks), and may use their knowledge for illegal or unethical purposes. Hackers take advantage of vulnerabilities in software and systems; the hacking consists of manipulating computer systems or electronic devices to remotely control a machine or access stored data.

Due to new technologies, it was necessary to update cryptographic algorithms. This need has raised the level of complexity of techniques used for encrypting the data of individuals to guarantee network security. Because of the difficulty of deciphering data, government agencies have begun to search for other ways to conduct criminal investigations; one such option is hacking.

Since government hacking is characterized by the use of technology to obtain information on citizens' devices, some say that government agents could also manipulate device data or insert new data. In addition to manipulating data from individuals, tools developed by the government could be used by criminals.

Hacking by governments
To conduct searches and gain remote access on a regular, large scale, legal attempts have been made to change encryption. Weaker encryption would make technology less secure overall. Governments could copy, modify, or delete data during digital investigations.

Cyberwarfare
Hacking is a set of actions which exploit the capabilities of electronic devices. Cyberwarfare is a set of practices in defense of political, socio-environmental, socio-technological and cultural causes which is waged in cyberspace (particularly the Internet). Intergovernmental cyberwarfare is a consciously defined, orderly action by a government to attack another government, focusing on the other country's resources, systems and organizations. A cyberattack, thought to be a joint US-Israeli operation, was made on Iran's nuclear power plants in 2010. The attack was made by Stuxnet, a computer worm which targets Microsoft Windows systems and Siemens devices.

Types
Government attacks on security use several methods.

Malware
This technique sends malware over the Internet to search computers remotely, usually for information which is transmitted (or stored) on anonymous target computers. Malware can control a computer's operating system, giving investigators great power. According to attorney and educator Jennifer Granick, the courts should restrict government use of malware due to its uncontrollable distribution.

Stockpiling or exploiting vulnerabilities
A government may find system vulnerabilities and use them for investigative purposes. The Vulnerability Action Process (VEP), a system-vulnerability policy, was created to allow the US government to decide whether to disclose information about security vulnerabilities. The policy does not require disclosure of security breaches to technology vendors, and discussion leading to a decision is not open to the public.

Backdoors
Because of the complexity of encryption, governments attempt to unravel and defeat such security features to obtain data. Encryption backdoors allow the strongest encryption to be ignored.

Malicious hacking
The government can hack into computers remotely, whether authorized or not by a court. To meet needs, agents CAN copy, modify, delete, and create data. With inadequate oversight of the judicial system, this practice occurs stealthily through the creation of warrants; it is possible to deny the sharing of malware details with defendants during a trial.

Harms
From the moment a government allows hacking for investigations and other reasons of state, positive or negative impacts are possible; a number of harms may occur.

Property
Generally, hackers damage devices or software and may limit their operation; data on devices involved in the attack may be lost. Replacing devices and efforts to recover data may also be costly, increasing financial damage.

Reputation
Hackers may also harm a target's image, specifically or generally. The reputation of an individual is placed at risk for a number of reasons; a person may be innocent but is hypothesized as the target of an attack. In most cases, the individual cannot perceive that he is being attacked and risks being involved in improper security practices.

Digital security
Government operations on the Internet to assist in certain operations may reduce digital security. Other users may also be vulnerable to black-market actors, who could introduce viruses into software updates or create (or maintain) hardware. Loss of confidence in the Internet could affect communications and the economy.

Criminal cases
Due to technological innovations, the US government has focused on research techniques; examples include the use of hackers and malware through software deployment. Diversified methods infiltrate and monitor others, especially when the target is an irregular activity by the computer network and an investigation must be remote. The Federal Bureau of Investigation uses Network Investigative Techniques (NITs).

The US government has increasingly used hacking as an investigative technique. Since 2002, the FBI has used malware in virtual criminal investigations. The main research targets of early NITs were individual computers. The FBI has since developed a form of hacking that attacks millions of computers in one operation. The use of this technique was encouraged by privacy technologies which ensure that users have their identity, and their activities, hidden. Malware is installed so the government can identify targets who use tools that hide their IP address, location, or identity.

The best-known and legitimate form of government hacking is the watering hole attack, in which the government takes control of a criminal-activity site and distributes a virus to computers that access the site. The malware can be installed through a link clicked by a user or through access to a site. The user is unaware of the infection on their machine; the malware partially controls it, searches for identifying information, and sends it to the source.

To deploy malware, the FBI requires authorization and uses search warrants issued by magistrates in accordance with Rule 41 of the Federal Rules of Criminal Procedure. According to a court transcript, one operation affected 8,000 computers in 120 countries.

In one case which demonstrated this new use of technology by the government, the FBI obtained access to a server in North Carolina that stored photos and videos of child victims of sexual abuse and shared them through a website accessed by thousands of users. Instead of shutting down the site, the bureau controlled it for 13 days to create hundreds of criminal cases. According to the FBI, its action was justified by the arrest of hundreds of alleged pedophiles.

National Security Agency
Former National Security Agency agent Edward Snowden announced in June 2013 the existence of the PRISM program, which monitors the Internet.

FinSpy in Ethiopia
The Ethiopian government was accused of using FinSpy software to obtain personal data from an Ethiopian naturalized American citizen. Kidane (the person's pseudonym) reportedly had data from Skype calls, Internet searches and emails monitored by the software.