What We Know About the FBI's CIPAV Spyware 207
StonyandCher writes "What is CIPAV? CIPAV stands for 'Computer and Internet Protocol Address Verifier'; a lengthy term for powerful spyware the Federal Bureau of Investigation can bring to bear on web-based crime. It was used last month in a case where someone was emailing bomb threats regularly to a Washington high school. An affidavit by an FBI agent revealed some of the workings of CIPAV. 'According to the court filing, this is [some of] what the CIPAV collects from the infected computer: IP address, Media Access Control address for the network card, List of open TCP and UDP ports, List of running programs ... Last visited URL. Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.' In a Computerworld article, the author attempts to dissect CIPAV's purpose and raises a number of questions such as: What happens to the data the CIPAV collects? Does the CIPAV capture keystrokes? Can the CIPAV spread on its own to other computers, either purposefully or by accident? Does it erase itself after its job is done?"
What about zombies? (Score:5, Insightful)
So many questions raised by this... I'm sure others can think of many more.
I read the article (Score:1, Insightful)
So, if you're a criminal.... (Score:2, Insightful)
Don't click on any links sent to you and don't visit any sites sponsored by the FBI.
I guess if the FBI is targeting you and they know that you like kiddie porn, they would set up a kiddie porn site to get a trojan on your machine.
Re:Better question (Score:4, Insightful)
A lot of effort for 90 days detention. (Score:4, Insightful)
They spent a log of money on that. Sounds to me like it was actually a "test run" to make sure things work as expected. And now that they know it will work...
Re:The real threat of "government spyware" (Score:4, Insightful)
Moral to this story? (Score:3, Insightful)
Re:Better question (Score:3, Insightful)
Yeah, because the US government has never grabbed someone who is on foreign soil and whisked them away in an airplane late at night when nobody was looking. (No, really [usatoday.com].)
If they want you bad enough, they will send someone to retrieve you. Domestic and international laws be damned. Now, they won't do it for sending spam, but if you seem like a potentially serious enough threat, they will.
Cheers
Re:does it... (Score:5, Insightful)
Mod parent down. SELinux is support for more fine-grained rights management in Linux. It's a mandatory access control policy system, basically. Unless parent has proof that there is a back door in there somewhere, I'm pretty sure parent is full of it.
Just because the software is partially paid for by the government, it does not necessarily follow that it's a back door. Take off the tinfoil hat.
Re:The real threat of "government spyware" (Score:3, Insightful)
I think it's fairly secure to assume that one of them would have used a security hole like this in the meantime, e.g. by rewriting the hosts-file, then sending to the (rerouted) cipav.fbi.gov and the AV tool would let it be.
And this, in turn, would have been detected immediately by an AV company (who is competing with the AV company that lets this leak exist), as soon as they got a sample of that malware.
Question for 100 bucks: Think we'd have read a blog about it by now?
Malware writers usually don't care, neither for the FBI nor for the goodwill of AV companies. Actually, they are quite happy when they can piss off both.
Re:Zombie or not, one specimen WILL be found. (Score:3, Insightful)
Let's up the ante and get this thing going - I'll throw in $10 to the first slashdotter who contains and publishes the 'bins' and/or reverse engineers this piece of code. $20 if you can isolate the signature of executables that it's binded to with a high degree of success (say, =>75% confidence). It's $10 well spent to sleep at night, IMO. I kinda' want to play with this thing and I'm willing to fund the hunt for it. Anyone else wanna' throw in?