Network Investigative Technique

Network Investigative Technique, or NIT, is a form of malware (or hacking) employed by the FBI since at least 2002. It is a drive-by download computer program designed to provide access to a computer. Now, we’ve got some extra details, thanks to this case. Court documents show the spyware – likely a piece of Flash or JavaScript that exploits a vulnerability in the Firefox-based Tor Browser – looked for seven pieces of information:

  • The IP address
  • A unique identifier to distinguish the data from that of other computers
  • The type of operating system
  • Information about whether the NIT had already been delivered
  • A Host Name
  • An active operating system username
  • Media Access Control (MAC) address

The NIT likely has multiple components: one to exploit the bug or otherwise get a second part, the information gatherer onto the PC, and then a means to send this information back to the Feds.

So, you think you’re being clever by using Tor. If they want to find you, they will. And if they don’t, then you’ll probably tell them who you are – especially if you like to make purchases at dark web markets. It’s no secret that the TLA’s have infiltrated this area and are offering anything from drugs to guns – all you have to do is give them your address so that they can deliver.

There are, of course, ways to try and prevent you from assisting these people with their inquiries. My first thoughts on defeating NIT, and some of this is still under review, is by using a tablet at a public wi-fi location. This is a brand new tablet* that has never been used anywhere, by you, except at a very large [think Westfield] shopping centre or in the CBD. If the device can’t be identified as being used anywhere else, then that’s one hurdle you’ve jumped. And, OF COURSE, it’s not to be used anywhere else!

*brand new tablet – A tablet, or a laptop, that is new to you. An item that you purchased new or at gumtree, WITH CASH, and that cannot be tracked back to you.

Warning: Although the device can’t be identified YOU CAN! If they do a tower dump and your mobile number appears every time your tablet’s MAC address does, then you’re pretty well fucked – unless you work in the area and your mobile is a constant on that tower. The point is that every system can be beaten, but think hard and long about how you intend to do that. As far as solving the delivery problem goes, you’re on your own – for now.