see url: https://regmedia.co.uk/2018/02/24/playpen.pdf
FBI Malware NIT-picker
The NIT’s deployment worked in multiple steps.
First, the FBI modified Playpen’s code so that each accessing computer
unknowingly to the user and
no matter the computer’s physical location downloaded the NIT whenever a “user
log[ged] into [Playpen] by entering a username and password.”
.Once downloaded, the NIT searched the accessing computer for seven discrete
pieces of identifying
(1) an IP address;
(2) a unique identifier to distinguish the data from that of other computers;
(3) the type of operating system;
(4) information about whether the NIT had already been delivered;
(5) a Host Name;
(6) an active operating system username; and
(7) a Media Access Control address.
Finally, the NIT transmitted this information back to a government controlled
computer in EDVA.
The FBI postulated that it could then rely on this information to identify
users’ premises and
distinguish their computers from other computers located within their proximity