The Federal Bureau of Investigation will soon open its Malware Investigator portal to the private sector.
Malware Investigator, which the agency began developing in 2013 based on the success of its Binary Analysis Characterization and Storage System, is an automated analysis and repository system for suspected malware. The tool was previously available exclusively to law enforcement and other government organizations, but a presentation given last week at the Virus Bulletin conference in Seattle by Jon Burns, a program manager in the FBI's Advanced Digital Forensics Program, revealed that private sector entities, such as corporations and nonprofits, will soon have access to Malware Investigator.
Suspicious files are submitted to Malware Investigator through a Web-based portal, and analysis of them is generally completed within an hour. Analysis involves running files through a number of anti-malware engines and correlating them to known malware. The FBI says that Malware Investigator is an "80% solution for malware analysis" and is designed to support further investigation and early response in advance of a full reverse engineering of a suspicious file.
Malware Investigator is capable of analyzing Windows executables and common document types, such as PDFs and Microsoft Word files. Support for other operating systems is planned. For entities wanting to integrate Malware Investigator directly into their existing systems, an API is available.
Open Government as a Two-Way Street
Spurred by both a growing demand for government transparency and formal legislation, open government initiatives have gained steam in recent years. But unlike many open government efforts, the FBI's decision to open its Malware Investigator portal to the private sector isn't just about the sharing of government data with the public. By giving entities outside of government access to its data, the FBI is also hoping to encourage those entities to share their data with the agency.
The FBI's Burns admitted as much. "We are essentially in this to collect samples. The more we can provide tools out to law enforcement and industry to fight cybercrime, the more we’re helping the government fight cybercrime," he told attendees at the Virus Bulletin conference.
How much data the FBI receives, and how quickly, is crucial to its efforts to respond to emerging cyber threats. As the agency itself notes on the Malware Investigator website, "Cyber crimes have become more complex over time, as have the cyber investigations into these crimes. The trail of cyber criminals fades quickly, and the law enforcement officers investigating them need a robust tool to analyze malware, gain investigative leads, and move their cases forward quickly."
If giving the private sector access to Malware Investigator helps the FBI identify cyberattacks earlier and disrupt the cybercriminals behind them, its private sector outreach could very well prove to be a win-win for everybody involved.