As the pressure to improve information sharing between public and private sectors increases from the top levels of the federal government, the Federal Bureau of Investigation is promoting a tool that can help companies guard themselves against malware.
At a University of Maryland cybersecurity forum Wednesday, the FBI demonstrated its Malware Investigator, which allows anyone with access — law enforcement, government agencies and private industry — the ability to search through millions of malware files as well as network with others to identify different versions of malicious software.
The platform, which works on Microsoft’s Azure cloud platform, works by allowing the upload of whole or partial pieces of malware, tagging certain behaviors or other unique indicators. Users can then search through the FBI’s database using an internal proprietary algorithm that sorts malware by several different cryptologic hashes. Within two minutes, users will have access to any and all information the platform has recorded on a specific piece of software.
The investigator can also log details that speak to how sophisticated each piece of software is, such as the number of network connections the malware attempted to make or the number of registry keys modified.
Once a piece of malware is uploaded to the investigator, the platform can be used like social media: Users can ping law enforcement at the federal, state and local levels, or send messages to any working groups they create on the platform.
Steven Pandelides, chief of the FBI’s information crime unit, said the platform will ultimately allow law enforcement to use malware in the “same way we tie criminal activity to fingerprints.”
The Malware Investigator is an update to the FBI’s Binary Analysis Characterization and Storage System ( BACSS), which allowed a team of 10 to 20 officers to reverse engineer malware found during investigations. Prior to implementing the BACSS system, the FBI was only able to manually reverse engineer about 200 pieces of malware a year. With this system in place, they were able to analyze and catalog around 2.5 million in 2013.
However, even with BACSS, FBI investigators could not keep up with all of the malware being uncovered.
“What we were finding is we couldn’t keep up with the demands of the mission,” Pandelides said. “It was just becoming very, very complicated.”
While the platform has been available for a few months, Pandelides said they are constantly updating it. At the forum, he said the FBI is constantly adding different operating systems to its database and in talks to integrate the National Institute of Standards and Technology’s National Vulnerability Database into the Investigator.
While the platform is accessible to all federal agencies through the FBI’s Law Enforcement Enterprise Portal (LEEP), it will soon be available to the private sector through InfraGuard, a public-private information sharing partnership overseen by the FBI.