Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

FBI Used Spyware for Online Search

Posted by CowboyNeal on Thu Jul 19, 2007 10:18 PM
from the not-surprised-here dept.
United States Security The Internet
juct writes "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security, a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."
+ -
story

Related Stories

[+] What We Know About the FBI's CIPAV Spyware 207 comments
StonyandCher writes "What is CIPAV? CIPAV stands for 'Computer and Internet Protocol Address Verifier'; a lengthy term for powerful spyware the Federal Bureau of Investigation can bring to bear on web-based crime. It was used last month in a case where someone was emailing bomb threats regularly to a Washington high school. An affidavit by an FBI agent revealed some of the workings of CIPAV. 'According to the court filing, this is [some of] what the CIPAV collects from the infected computer: IP address, Media Access Control address for the network card, List of open TCP and UDP ports, List of running programs ... Last visited URL. Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.' In a Computerworld article, the author attempts to dissect CIPAV's purpose and raises a number of questions such as: What happens to the data the CIPAV collects? Does the CIPAV capture keystrokes? Can the CIPAV spread on its own to other computers, either purposefully or by accident? Does it erase itself after its job is done?"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

FBI Used Spyware for Online Search 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Are the editors boycotting reading /. again? (Score:4, Informative)

    by Anonymous Coward on Thursday July 19 2007, @10:20PM (#19922803)
    Yet another dupe [slashdot.org]! (From yesterday!)
    • Ummm... maybe it's a "Slashvertisement" for antivirus software? Subtle.

    • Re:Are the editors boycotting reading /. again? (Score:4, Funny)

      by RuBLed (995686) on Thursday July 19 2007, @11:15PM (#19923113)
      Ha! The quote displayed as of the time I'm writing this is:

      If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde


    • And that is why the Mossad uses Macs...

      Oh... oh! And the good guys in 24 too!

      • But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.

        But with Linux the kernel is presumably trustworthy and you can firewall off any means of access for remote exploits. Can you say the same with Windows?

        Course if big brother really wants you all they have to do is a sneak and peek and rootkit your PC. Really doesn't matter what OS you are using.....

  • Please tell me why I should run Windows? (Score:5, Interesting)

    by whoever57 (658626) on Thursday July 19 2007, @10:26PM (#19922835) Journal
    Of course, the "if you have nothing to hide..." crowd are likely to be out, but what about rogue agents? What about investigations that target the wrong people by accident?

    I suspect that getting such a tool installed on my Linux box would be much harder.
    • What about investigations that target the wrong people by accident?

      With the government, there are NO "accidents".
    • Well if you have nothing to hide and don't do anything that attracts attention, the security through obscurity principle kicks in.

      Sure some poor sap will be done over, but hopefully it won't be you.

      • Re: (Score:3, Insightful)

        by sumdumass (711423)
        If you have one thing that you don't want someone else to know about, you have something to hide. And this one thing doesn't have to be illegal or unethical either. as long as we have freedom, we are free to hide things.

        Something to hide != guilty of a crime.
        • Sure, there are lots of reasons to hide things that are perfectly legal. When I travel in less-safe countries, I sometimes hide money in an interior pocket or even my shoe. I hide a key in a certain place outside my house in case I lock myself out. When I buy a pint of haagen-daz, I hide it in the back of the freezer so my wife doesn't eat it.

          I'm not trying to be clever here. There's not a soul that has "nothing to hide". If someone says their life is an open book, ask to see their wallet and start loo
    • > I suspect that getting such a tool installed on my Linux box would be much harder. Do you verify everything you download? Did you get the certificates from a trusted store? How do you know your ISP (cooperating with the gov) or the certificate authority (verisign? trust them?) did not mess with whatever you are downloading. It might just come attached to your latest firefox binaries :/
  • From the story:
    which Google and MySpace supplied to the FBI therefore referred to the Italian computers. In order to trace the perpetrator, the FBI sent the CIPAV via Google Mail or MySpace after receiving a search warrant from the authorities so that the spyware could install itself as more threats were sent. Use of the CIPAV was granted by the judge with the stipulation that the software was only to transmit its IP data between 6:00 and 22:00. However, it was permitted to log IP addresses round the clock.
    • glad to hear they've caught on with this whole thing with warrants and due process.

      see? you don't need NSLs to catch bad guys!

      • Re: (Score:3, Interesting)

        by sumdumass (711423)
        The problem is, even with a warrant, how do you know the software they install isn't installed to make you look guilty? The software can do anything they tell it to do, would you be able to have the source code examined at your trial?
          • There sure is a lot of fus over the treatment of the people at club gitmo. I think a lot of people would hear you scream, it just wouldn't be too many that cared.

            But yea, your probably right. You would be shove off to the side where they could control how much you can do about the program. It just seems to me that if you could sneak it into the computer, you could almost sneak anything into it, even if you needed evidence to go further into the computer.

  • How long will it be before... (Score:5, Insightful)

    by bconway (63464) on Thursday July 19 2007, @10:29PM (#19922867) Homepage
    the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

    • How long will it be before... the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

      Hmmm, where have I heard that before? Maybee in this post by "140Mandak262Jamuna" [slashdot.org]
      Really, what was the point of ripping off his post?

      • I figured if the editors weren't going to take the time to post new content, there wasn't much reason for us to, either.

    • Do we have to guess the right negative number to win the prize, or is knowing the sign enough?

    • Yeah, but that would probably work just as well as the Clipper chip...remember that? Exactly...

    • Re: (Score:2, Informative)

      by chriddy (1130907)
      From the search warrant request:

      Because the FBI cannot predict whether any particular formulation of a CIPAV to be used will cause a person(s) controlling the activating computer to activate a CIPAV, I request [...] to continue using additional CIPAVs [...] until a CIPAV has been activated.

      Read "activate"="double-click on attachment". So much for the FBI exploting secret security holes that are otherwise unknown or actually paying OS vendors to install backdoors and security software vendors to not detect

  • More Firefighters Needed! (Score:5, Insightful)

    by garcia (6573) on Thursday July 19 2007, @10:32PM (#19922881) Homepage
    It would seem that there's a kink [slashdot.org] in the Firehose [slashdot.org] again [slashdot.org].

  • Interesting speculation (Score:5, Insightful)

    by bconway (63464) on Thursday July 19 2007, @10:35PM (#19922893) Homepage
    The Feds would have the $$$ and be able to hire the skilled labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.

    The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.
    • MS built lots of back doors into windows... oh, you mean intentionally?

      d

    • The problem with either of those options is if they get out in the wild.

      M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

      ---

      Commercial software bigots - a dying breed.

      • M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

        Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server. It's easier and more subtle to attack the weak link in the chain - the human being who's sat at the computer.

        It's a bit like how most sysadmins these days know that open por

        • Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server.

          That's true but my point is that an intelligence agency backdoor could have exactly the same digital signature protections etc. In other words unlike what bconway said [slashdot.org] official backdoors would would be no more a compromisable hole than Update. Keeping in mind that the NSA has two missions

  • what if the goverment installs and controls/spys your computer? bad or good. what can become of this?
  • The article refers to a company heise security. The name heise is actually romanized mandarin for the word black. If you have a proper font the characters are [] [] or here [tigernt.com]
  • I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?

    The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narr

    • Re:The Problem (Score:4, Insightful)

      by Lisandro (799651) on Thursday July 19 2007, @11:13PM (#19923105)
      The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

      Fuck that. Sorry, but you guys (US citizens) should start to become really concerned about your government violating personal, constitutional-granted rights in order to further the fight against "terrorism". This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control. Who cares about future artificial limbs when these people decide it's ok to install malware in your PC so they can eavesdrop private, personal files and communications, today?
      • This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control.

        I guess that pond is smooth as glass and all you are seeing is your own reflection as you gaze across. How quickly you forget about those traffic congestion cameras [slashdot.org] the police now have real-time access to.
        • Heh, wrong expresion (i'm Argentinian, down in South America)... guess it should've been "from the other side of the pond and Mexico" :). But yes, nasty stuff in England aswell. I wish that the 1984 comparison one is so bound to make in this case wasn't so close to reality.
          • "The Pond" usually refers to the Atlantic Ocean, at least for native English-speakers. Do you guys consider Chileans to be west coasters?

            Maybe 1984 was a roadmap, not a cautionary tale. Or maybe Orwell was actually a historian from the future.
            • Well, you see, the guy who originally retorted with "The Pond" incorrectly assumed that the guy who retorted, "You Americans..." was from England, so the latter guy responded to the "The Pond" guy by correcting him. Which makes *your* retort baseless....I think.
      • There's not much functional difference between that and a telephone tap.

        Be grateful that there is a due process which was followed. I'd be more concerned when such due process is considered a hindrance to the "war on terror" and done away with.

      • They had a search warrant for the instance the article reports about. So this particular story isn't about an abuse of power (for once!). There's nothing (yet, sigh) to indicate they're going on warrantless fishing expeditions with their spyware, or trying to get it pervasively installed so they can data-mine "in the interest of national security". I agree that either of those cases would be cause for outrage.

        Heck, if the FBI wasn't allowed to use spyware, with a warrant, they could just install a hidden

        • A search warrant makes it legal, it doesn't make it right. If they really had a probable cause (or cause :) and a search warrant you could seize and inspect the PC directly.
      • would that include London the most heavily surveillance oriented city in the western world? the city wehre they are working on launching UAV's for spying on regular citizens in addition to a billion and 9 cameras on every corner? Don't get me wrong, the US sucks it hard for spying, hell they even asked teh postal service to read your mail for "suspicious" activity but afiak there are no bastions of personal freedom in Europe short of the Dutch
  • With a little bit of technical ability, this seems like it would be trivial to defeat.

    If the kid was already hopping over three computers (maybe using Tor), he probably had the technical ability to:
    1. Put his machine on a private NAT'd network so that 'ipconfig' would show an unroutable address.
    2. Use a firewall that alerted him when software was trying to make an outbound connection. Better, drop it using that gateway he's sitting behind.

    Granted, if he had just been using something besides Windows (which I
    • 99 times out of 100, people with that kind of technical ability don't waste their time emailing bomb threats to a school every few days saying "it rly will go off nxt tim, prmse!! LOL ROFL OMGWTFBBQ".
  • The FBI has used PC spyware for the first time

    Oh! It was there first time? They've lost their spyware virginity? Why do they write bullshit like this? Is it so that one guy won't go "Drat! I had no idea the FBI ever installed keystroke loggers" that articles like this lie to everybody? C'mon.
  • On the one side it is good that they go after people like this and use the tools available. On the other side with how things are going in the US, this might have been a proof of concept.
    Also I see it just a s a tool and just like anything it can be used and it can be abused.
  • This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.

    It is possible that this particular case has been picked for its public relations value. The U.S. government's spy agencies have for many years been using ANY tool at their disposal to spy ANYWHERE. It is possible that this case is designed to try to get approval from U.S. citizens for this kind of spying, when much of the spying they do is not to prevent
  • Running a comp repair shop I removed a Trojan that possibly came from the CIA. Breaking it down in HEX revealed that. It snooped IE cache, and was as easy to remove as running toolbarcop, then hijack this, then removing the binary manually. Dumped IE cache, then put the user on a cacheless firefox configuration. That fixed the problem.
  • and hasn't told Microsoft about it, this merely indicates that the FBI is either being inefficient again (unless of course they used the methods developed by the NSA) or is once again on the tail end of an intra-agency dispute - meaning that the NSA deliberately didn't tell them how to crack Windows because the NSA is using that method to crack the FBI's computers...:-)

    In this current posting, however, the issue is /.'s inability to remember what's on the front page for 24 hours...

    Or maybe the FBI just crac

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.