FBI Used Spyware for Online Search

juct writes "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security, a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."

Are the editors boycotting reading /. again?

Yet another dupe [slashdot.org]! (From yesterday!)

Re:

Ummm... maybe it's a "Slashvertisement" for antivirus software? Subtle.

Re:Are the editors boycotting reading /. again?

Ha! The quote displayed as of the time I'm writing this is:

If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde

Re:

And that is why the Mossad uses Macs...

Oh... oh! And the good guys in 24 too!

Re:

But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.

But with Linux the kernel is presumably trustworthy and you can firewall off any means of access for remote exploits. Can you say the same with Windows?

Course if big brother really wants you all they have to do is a sneak and peek and rootkit your PC.

Please tell me why I should run Windows?

Of course, the "if you have nothing to hide..." crowd are likely to be out, but what about rogue agents? What about investigations that target the wrong people by accident?

I suspect that getting such a tool installed on my Linux box would be much harder.

Re:

What about investigations that target the wrong people by accident?

With the government, there are NO "accidents".

Security through obscurity

Well if you have nothing to hide and don't do anything that attracts attention, the security through obscurity principle kicks in.

Sure some poor sap will be done over, but hopefully it won't be you.

Re:

If you have one thing that you don't want someone else to know about, you have something to hide. And this one thing doesn't have to be illegal or unethical either. as long as we have freedom, we are free to hide things.

Something to hide != guilty of a cri

Re:

Sure, there are lots of reasons to hide things that are perfectly legal. When I travel in less-safe countries, I sometimes hide money in an interior pocket or even my shoe. I hide a key in a certain place outside my house in case I lock myself out. When

Re:

> I suspect that getting such a tool installed on my Linux box would be much harder. Do you verify everything you download? Did you get the certificates from a trusted store? How do you know your ISP (cooperating with the gov) or the certificate autho

Good !

From the story:
which Google and MySpace supplied to the FBI therefore referred to the Italian computers. In order to trace the perpetrator, the FBI sent the CIPAV via Google Mail or MySpace after receiving a search warrant from the authorities so that the

Re:

glad to hear they've caught on with this whole thing with warrants and due process.

see? you don't need NSLs to catch bad guys!

Re:

The problem is, even with a warrant, how do you know the software they install isn't installed to make you look guilty? The software can do anything they tell it to do, would you be able to have the source code examined at your trial?

Re:

There sure is a lot of fus over the treatment of the people at club gitmo. I think a lot of people would hear you scream, it just wouldn't be too many that cared.

But yea, your probably right. You would be shove off to the side where they could control how

How long will it be before...

the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Re:

How long will it be before... the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Hmmm, where have I heard tha

Re:

I figured if the editors weren't going to take the time to post new content, there wasn't much reason for us to, either.

Re:

Do we have to guess the right negative number to win the prize, or is knowing the sign enough?

Re:

Yeah, but that would probably work just as well as the Clipper chip...remember that? Exactly...

Re:

From the search warrant request:

Because the FBI cannot predict whether any particular formulation of a CIPAV to be used will cause a person(s) controlling the activating computer to activate a CIPAV, I request [...] to continue using additional CIPAVs [...

Gosh this looks familiar...

Where have I seen this before? [slashdot.org]

More Firefighters Needed!

It would seem that there's a kink [slashdot.org] in the Firehose [slashdot.org] again [slashdot.org].

Re:More Firefighters Needed!

Now I can see the purpose of Firehose now...

It's now our fault in voting up a dupe, not /. editors, definitely not...

Now /. needs to develop another system to penalize those who repeatedly vote a dupe, namely "List of idiotic dupers"

Re:

Well, it's both of our faults. We just don't get paid for continuously fucking up.

Re:

Maybe they're going for the all-time dupe record.

Interesting speculation

The Feds would have the $$$ and be able to hire the skilled labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.

The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.

Re:

MS built lots of back doors into windows... oh, you mean intentionally?

d

Re:

The problem with either of those options is if they get out in the wild.

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

---

Commercial software bigots - a dying breed.

Re:

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digi

Re:

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server.

That's true but my point is that

concerned

what if the goverment installs and controls/spys your computer? bad or good. what can become of this?

black security

The article refers to a company heise security. The name heise is actually romanized mandarin for the word black. If you have a proper font the characters are [] [] or here [tigernt.com]

The Problem

I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the gover

Re:The Problem

The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

Fuck that. Sorry, but you guys (US citizens) should start to become really concerned about your government violating personal, constitutional-granted rights in order to further the fight against "terrorism". This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control. Who cares about future artificial limbs when these people decide it's ok to install malware in your PC so they can eavesdrop private, personal files and communications, today?

Re:

This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control.

I guess that pond is smooth as glass and all you are seeing is your own reflection as you gaze across. How quickly you forget abou

Re:

Heh, wrong expresion (i'm Argentinian, down in South America)... guess it should've been "from the other side of the pond and Mexico" :). But yes, nasty stuff in England aswell. I wish that the 1984 comparison one is so bound to make in this case wasn't so

Re:

"The Pond" usually refers to the Atlantic Ocean, at least for native English-speakers. Do you guys consider Chileans to be west coasters?

Maybe 1984 was a roadmap, not a cautionary tale. Or maybe Orwell was actually a historian from the future.

Re:

Well, you see, the guy who originally retorted with "The Pond" incorrectly assumed that the guy who retorted, "You Americans..." was from England, so the latter guy responded to the "The Pond" guy by correcting him. Which makes *your* retort baseless....I

Re:

There's not much functional difference between that and a telephone tap.

Be grateful that there is a due process which was followed. I'd be more concerned when such due process is considered a hindrance to the "war on terror" and done away with.

Re:

They had a search warrant for the instance the article reports about. So this particular story isn't about an abuse of power (for once!). There's nothing (yet, sigh) to indicate they're going on warrantless fishing expeditions with their spyware, or trying

Re:

A search warrant makes it legal, it doesn't make it right. If they really had a probable cause (or cause :) and a search warrant you could seize and inspect the PC directly.

over the pond?

would that include London the most heavily surveillance oriented city in the western world? the city wehre they are working on launching UAV's for spying on regular citizens in addition to a billion and 9 cameras on every corner? Don't get me wrong, the US

Trivial to defeat?

With a little bit of technical ability, this seems like it would be trivial to defeat.

If the kid was already hopping over three computers (maybe using Tor), he probably had the technical ability to:
1. Put his machine on a private NAT'd network so that 'ipc

Re:

99 times out of 100, people with that kind of technical ability don't waste their time emailing bomb threats to a school every few days saying "it rly will go off nxt tim, prmse!! LOL ROFL OMGWTFBBQ".

okay...

The FBI has used PC spyware for the first time

Oh! It was there first time? They've lost their spyware virginity? Why do they write bullshit like this? Is it so that one guy won't go "Drat! I had no idea the FBI ever installed keystroke loggers" that articl

Not sure what to think

On the one side it is good that they go after people like this and use the tools available. On the other side with how things are going in the US, this might have been a proof of concept.
Also I see it just a s a tool and just like anything it can be used a

This is an international issue.

This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.

It is possible that this particular case has been picked for its public relations value. The U.S. gove

CIA

Running a comp repair shop I removed a Trojan that possibly came from the CIA. Breaking it down in HEX revealed that. It snooped IE cache, and was as easy to remove as running toolbarcop, then hijack this, then removing the binary manually. Dumped IE cache

Given that the NSA knows how to crack Windows

and hasn't told Microsoft about it, this merely indicates that the FBI is either being inefficient again (unless of course they used the methods developed by the NSA) or is once again on the tail end of an intra-agency dispute - meaning that the NSA delibe