Forgot your password?
typodupeerror
Security Privacy United States

The Secret History of the FBI's Classified Spyware 133

Posted by timothy
from the but-we-just-want-to-peek dept.
An anonymous reader writes "A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, according to newly declassified documents obtained by Wired.com. The so-called 'computer and internet protocol address verifier,' or CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia. Among other cases, the FBI used it to track a Swedish hacker responsible for cracking thousands of computers at national labs and NASA's JPL in 2005."
This discussion has been archived. No new comments can be posted.

The Secret History of the FBI's Classified Spyware

Comments Filter:
  • by QuantumG (50515) * <qg@biodome.org> on Friday April 17, 2009 @08:15AM (#27609959) Homepage Journal

    How is this not breaking the law?

    Breaking the law to enforce the law.. way to piss on justice.

    • by Jrabbit05 (943335)
      It appears it was highly targeted and only used on a warrant. But I don't see how they can't discolose more to save face...
    • Re: (Score:3, Insightful)

      by tygerstripes (832644)

      In the same way that police regularly assault, kidnap or otherwise harass citizens?

      Look, I'm not saying I disagree with you, but you need to refine the ethics of your argument a bit if you want to make a useful point. Unless you were just hoping to bash out something that sounded relevant in order to FP...

    • by WCMI92 (592436) on Friday April 17, 2009 @08:25AM (#27610127) Homepage

      "How is this not breaking the law?

      Breaking the law to enforce the law.. way to piss on justice."

      I've always been skeptical about this and other tricks used by the FBI and other law enforcement. The Constitution is QUITE clear that a search of private property requires a warrant.

      Another thing that has always bothered me is that law enforcement lying to citizens is routine and legal, but lying to law enforcement is a crime (even if you don't know the person you are talking to is law enforcement).

      Seems to me that if the government wants us to respect the FAR too many laws on the books that it should start following them itself. And that starts with respecting the Constitution.

      • Re: (Score:3, Insightful)

        by conureman (748753)

        It seems that the vast majority of citizens don't understand the concept of Constitutional law, or that by adherence to the supremacy of The Constitution, The People should be protected by the law, from their government. too bad, so sad.

      • by Eevee (535658) on Friday April 17, 2009 @10:18AM (#27612225)

        The Constitution is QUITE clear that a search of private property requires a warrant.

        From the fine article, emphasis added by me: "But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online."

        And from further down in the article: "The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful."

      • Re: (Score:3, Insightful)

        Read the article. They went through the courts. However the fourth amendment not only requires a court order it requires that the search be limited in scope in duration. That's why AT&Ts indiscriminate monitoring of all users traffic is a violation of the fourth amendment even though it was court ordered.

      • Re: (Score:3, Insightful)

        "How is this not breaking the law?

        Breaking the law to enforce the law.. way to piss on justice."

        Actually, when you think about it, the police regularly break the law to uphold it. Look at how they catch speeders: They usually have to speed themselves to catch up to the speeder in order to pull him over, or they even might just tail behind a speeder for a while and clock him with their own speedometer - thus breaking the law themselves by speeding themselves.
        To a degree, in general, law enforcement has to operate a little outside the law, at times, to do the job. At times. I'm not saying give them

        • Re: (Score:1, Informative)

          by Anonymous Coward

          Actually, when you think about it, the police regularly break the law to uphold it. Look at how they catch speeders: They usually have to speed themselves to catch up to the speeder in order to pull him over, or they even might just tail behind a speeder for a while and clock him with their own speedometer - thus breaking the law themselves by speeding themselves.

          Not to be pedantic, but this isn't a good analogy since many laws are written with specific exemptions for law enforcement during the performance of their official duty.

        • Is the furor over this system they deployed, or over the matter of obtaining warrants to use it? Without such a system, they'd be relatively crippled in their ability to catch real net criminals and cyber-terrorists, and if they failed in that endeavor, everyone would just bitch about how useless they are, why aren't they doing something about crime, etc.

          OH NOES teh cyber-terrorists are going to get me, what are they going to do?, blow up my computer? Anyone that uses the term cyber-terrorists seriously loses a lot of credibility

      • by DM9290 (797337)

        Another thing that has always bothered me is that law enforcement lying to citizens is routine and legal, but lying to law enforcement is a crime (even if you don't know the person you are talking to is law enforcement).

        (emphasis added)

        I don't think you've got it right. It would violate a fundamental principle of justice to turn a completely innocent act into a criminal offense on the basis of facts that a person could not possibly know.

        This has a chilling effect on the innocent act and specifically on the 1st amendment right to tell a lie.

        the only reason lying to cops is illegal is because when they ask you something, they aren't asking for your opinions or your creativity, but rather they are trying to solve a crime and

    • by bconway (63464) on Friday April 17, 2009 @08:26AM (#27610145) Homepage

      RTFA.

      But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online.

      • Re: (Score:3, Insightful)

        by Vu1turEMaN (1270774)

        Indeed, but they did not obtain court authorization to use it against members of video hosting sites outside of the US 5 years ago. They just used it.

    • by mysidia (191772)

      Law enforcement officers have special rights that other citizens don't have; they're not breaking the law per se, but enforcing the law, and getting a special exception to other laws.

      Officers can shoot people. They can steal^H^H^H^H^Hseize shit. They just have to have the right reasons to do it.

      Under the patriot act they can sneak and search (warrantless covert search). CIPAV is just an extension of that, perhaps.

      It would be disturbing if they do/did drive-by installs in a way that could effect in

      • The problem is that it is being used internationally. Why should the FBI, even with a court order in America be able to search a PC outside of America. It also sets a nasty precedent as other countries could argue that if the FBI, etc, claims this is legal then their local law enforcement could perform searches of property in America without involving American police etc.
    • by mccrew (62494)

      So far, all the evidence presented indicates that the FBI obtained court authorization as required by law.

      So what is your point, exactly?

    • To be fair, do we not allow police to speed and run red lights when they're doing their jobs?
  • by MrKaos (858439) on Friday April 17, 2009 @08:22AM (#27610065) Journal
    I wonder if they have a Linux version?
    • Re:Linux version? (Score:4, Insightful)

      by srollyson (1184197) on Friday April 17, 2009 @09:12AM (#27610925)
      This paragraph from TFA is telling:

      In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."

      Seems like the FBI exploits browser vulnerabilities a la the Pwn2Own contest in order to deliver CIPAV, but CIPAV itself might not run in linux. I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident. Probably a bash or perl script so they don't have to worry about different architectures.

      On a side note, there was probably some good porn on that page for the hacker to load it 30 times.

      • by v1 (525388)

        Reminds me of a certain recent xkdc [xkcd.com] but I know there was one that hit closer to home. Something along the lines of, "Drat! He's running linux! foiled again!"

      • by MrKaos (858439)

        I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident.

        Recently I read 'The Uncensored History of the 9/11 Investigation' which noted that 9/11 investigators were shocked how behind the FBI was in terms of technological capabilities when compared to the NSA or the CIA. I was surprised to read that in many FBI offices there was only a single computer per floor!!!. However the next paragraph...

        The agent phoned the FBI's Special Technologies Operations Unit for "urgent" he

        • Apologies about the "hacker" faux pas.

          Anyway, you might be right about the cracker coming back with a honeypot. I wish I was a fly on the cracker's wall so I could see how this played out.

          As far as gov't grey-hats go, there is definitely a turf war between agencies. Hell, even the Air Force [af.mil] wants a piece of the pie. God help us all!

          • by MrKaos (858439)

            Apologies about the "hacker" faux pas.

            Oh, it wasn't directed at you. I mean Wired, you'd think they would know their audience a bit better.

            God help us all!

            Indeed. Life, liberty and the pursuit of happiness, in carefully monitored and regulated doses. -- Thanks for the link

      • by HexaByte (817350)
        Well, they can get a Linux version if they want to, I keep a copy of BeOS around do do all my illegal hacking with! ;)
    • And a Mac version too.

      The really interesting question is, are there OpenBSD versions?

  • FTA :

    "After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "

    Let's hope the RIAA doesn't get it's hands on this.

    • Re:RIAA software (Score:5, Insightful)

      by WCMI92 (592436) on Friday April 17, 2009 @08:32AM (#27610235) Homepage

      "FTA :

      "After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "

      Let's hope the RIAA doesn't get it's hands on this."

      What I'd like to see is an open source antivirus/antispyware suite that WILL detect this. I own my computer, not the government, therefore I have a right to know what is running on it and to decide what is and isn't going to run on it.

      I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.

      Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

      That's why I opposed and still oppose the patriot act... Not because I am against going after the actual JIHADI terrorists who have and are attacking our country, but because government abuse of it and turning it on law abiding citizens was inevitable.

      Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.

      • by Binestar (28861)

        I think that if it were reported to the antispyware venders that it would be included. The problem is that it's a targeted install, so the infection rate is very low, as such it has probably never been seen by the antispyware venders at all, let alone examined well enough to detect.

      • Re: (Score:3, Insightful)

        by Shakrai (717556)

        What I'd like to see is an open source antivirus/antispyware suite that WILL detect this.

        Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......

        I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.

        It is if you are under a court approved investigation for something.

        Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

        That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?

        Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.

        Of course he isn't. Every President since Was

        • by WCMI92 (592436)

          That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?

          You are assuming the Obama administration will respect the law OR be held to account to it to any greater degree than previous administrations.

          The patriot act is extremely powerful. They can, under this act, by simply declaring the target a "terrorist" (and I believe the homeland security report on "right wing extremists" was no accident, that it was done to set that pretext) act first and get court approval later. They can wiretap, they can install stuff like this, they can force libraries to divulge wha

          • by Shakrai (717556)

            I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?

            The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firear

            • Re:RIAA software (Score:4, Interesting)

              by WCMI92 (592436) on Friday April 17, 2009 @09:26AM (#27611173) Homepage

              I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?

              I'm not saying they shouldn't have it and that it shouldn't be used WHEN proper authorization is obtained in accordance with the Constitution, WITH proper supervision, and LIMITED, as the 4th Amendment requires, to "particularly describing the place to be searched, and the persons or things to be seized". It sounds to me from the article that the FBI is capturing ALL activity with this, even that which is unrelated to their authorized investigation. There is no way that is within the letter or spirit of the 4th Amendment.

              The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?

              Well, the current administration has grabbed more power in 3 months than the government has in 30 years. Clearly, they are afraid that opposition to that (and future planned power grabs) is going to do nothing but grow, and that it's naturally going to come from the people who would be classified as being "from the right" and the people they will naturally have to FEAR (and government fear of the people as an incentive to obey the Constitution's restrictions on their power IS the actual purpose of the 2nd Amendment) are people who own firearms.

              I know it sounds crazy, and hopefully is, but when you combine the "perfect storm" of a major economic crisis, single party control of government, and a desire to impose more central control (healthcare, industry, etc) with the patriot act which gives that single party the actual AUTHORITY to investigate and even arrest their opposition on a whim we very well might be the closest we've ever been to a Hugo Chavez type authoritarian coup.

              And watching the major media drool over "Dear Leader" to the extent that they do is disgusting. What happened to the skepticism and criticism of the government? Is there not just as much a need for journalists to investigate Obama as they did Bush, especially when he's asking for unprecedented power and control? Or does it matter only when the agenda doesn't suit the personal beliefs of the media?

              • by Shakrai (717556)

                There is no way that is within the letter or spirit of the 4th Amendment.

                FWIW I agree with you. I've also talked to members of law enforcement who have worked wiretaps and was told by them that they are required to stop listening even when they have an approved wiretap when it becomes apparent that the conversation isn't material to the matter at hand. I.e: If they have a wiretap on a suspected drug dealer they aren't supposed to keep listening when he starts having phone sex with his girlfriend. That seems to be the way it should work if you take the 4th amendment seriously.

                • required to stop listening even when they have an approved wiretap when it becomes apparent that the conversation isn't material to the matter at hand.

                  While I agree with the premise, I'm not sure this is as workable in a program which is collecting IP addresses and URLs as it is for a human being listening in. It is quite possible to be visiting an IP address which is hosting both normal and illicit sites at the same time. And URLs can be very deceiving; remember what whitehouse.com was for the longest
            • The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?

              Typically anti-terrorism FUD is all. I expect it came out of one of those "regional anti-terrorism centers" like the report out of the one in Louisiana that said Ron Paul supporters were potential terrorists. I wouldn't give obama's administration credit for anything coming out of those places, it is just a symptom of them having waaaay too much money and not enough real terrorists to spend it on, so they make up bogeymen instead. I've been hoping the economic crisis would reign in all that waste, maybe

          • by Shakrai (717556)

            Shoot, I hit reply too soon. Here's the best part of that document for anyone that thinks you are being paranoid: (emphasis mine)

            Rightwing extremism in the United States can be broadly divided into those groups, movements, and adherents that are primarily hate-oriented (based on hatred of particular religious, racial or ethnic groups), and those that are mainly antigovernment, rejecting federal authority in favor of state or local authority, or rejecting government authority entirely. It may include groups and individuals that are dedicated to a single issue, such as opposition to abortion or immigration.

            So I guess if you are a Libertarian you warrant inclusion with the likes of David Duke and the KKK. What the fuck is wrong with this picture? Why aren't more people talking about this?

            • by Shark (78448)

              Actually, all you have to do is respect the constitution if the part you highlighted is right. Libertarian, Republican, Democrat or any other... So long as you agree with what the constituion calls for (limited federal authority in favor of stare or local), you are a mean nasty terrorist.

            • by Thelasko (1196535)

              Here's the best part of that document for anyone that thinks you are being paranoid:

              I ran a search on the text of that "document." All I found were a bunch of right wing political blogs. Do you have a verifiable source?

              • by Shakrai (717556)

                I can't seem to find it on DHS (probably because it's marked for official use only) but both Michele Malkin [michellemalkin.com] and Huffington Post [huffingtonpost.com] have the document online. I highly doubt those two agreed to jointly release a faked version. Incidentally, here's [redstate.com] a gem from some dude on Redstate in response to the bit about rejecting Federal authority in favor of state or local control:

                Liberals, please note: that includes people who argue that individual states have the right to decriminalize marijuana, permit the sale of r

                • by Thelasko (1196535)
                  Better aricles:
                  US News and World Report. [usnews.com]
                  Washington Post [washingtonpost.com]
                  Associated Press [google.com]
                  It took me a while to find as some of the spelling is different than above. No offense, but I need to hear something that inflammatory from a source other than a blog.
                  • by Shakrai (717556)

                    Fair enough. That US News link is pretty good. Put it in my journal entry [slashdot.org] about the subject. Now that you've confirmed it, what are your thoughts?

                    • by Thelasko (1196535)

                      Now that you've confirmed it, what are your thoughts?

                      I think she was trying to say that there are people out there like Timothy McVeigh [wikipedia.org] and David Koresh, [wikipedia.org] that we should worry about. This has always been the case. Unfortunately, her description was so broad it ended up describing everyone in the USA.

                      I also think that when the right wing is in control, there tends to be more left wing extremism, and vise versa. If she explained it that way, more people would understand.

                      I agree that the document should be redacted. It really serves no purpose, as everyone

            • To me, that's more along the lines of the nullification doctrine [wikipedia.org]: declaring that states and local government have a right to ignore anything the federal government mandates. Hence the "rejection of federal authority" rather than "preference against federal authority". Coincidentally, anarchists get labeled right-wing extremists in this passage - provided there isn't clarifying context, of course.
        • Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......

          The right term is "if you aren't ignorant or stupid", not "if you aren't an idiot."

          The vast majority of computer users haven't been told or refuse to believe that their OS and web browser are not only insecure, but in practical terms, inherently insecure. Ignorance can be cured.

          Maybe, after enough people know someone who has been ripped off by bank or other fraud or had porn dropped on their PC, people will start demanding and using hardened web browsers.

          Unfortunately, I have little doubt the US-based comm

      • by Thelasko (1196535)

        the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists"

        You wouldn't happen to have a citation for this information, do you?

      • by couchslug (175151)

        "What I'd like to see is an open source antivirus/antispyware suite that WILL detect this."

        Prevent it being installed in the first place.

        If you boot a physical live CD, it cannot write to the disc, nor can any other nasties. Use writable media for storage.

      • by PhxBlue (562201)

        Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

        Oh, bullshit. This report is talking about people like Eric Robert Rudolph, like Timothy McVeigh and like Eric Nichols. It def

        • by moeinvt (851793)

          "It defines the term "rightwing extremist" on the second page . . ."

          Including the section:

          "those that are mainly antigovernment, rejecting federal authority in favor of state or local authority . . . and individuals that are dedicated to a single issue, such as opposition to abortion or immigration."

          The idea of rejecting Federal authority in favor of state authority is enshrined in the U.S. Constitution, which is supposed to be the highest law of the land. The Right to Keep and Bear Arms is also explicitly

          • by PhxBlue (562201)

            Oh, bullshit. I'm not planning to do any of the above, and this Orwellian report that associates violent extremism and acts of terrorism with political beliefs chills me to the bone.

            Really? It took this report to do that? Where the fuck have you been the last eight years? And why weren't Limbaugh, et al, complaining about the draconian measures when it was the Bush team in control? As much as I understand where you're coming from, I have absolutely no sympathy, because this is what the rest of the count

            • by moeinvt (851793)

              I wasn't talking about the last 8 years, I was talking about the recent report from the DOHS. Don't throw me into the same bucket as Limbaugh, Hannity and any of the other mainstream media arse-wipes. They're complete hypocrites, and the "concerns" that they have about this are obviously disingenuous. My principles are genuine and unwavering. I've been vehemently opposed to The Patriot Act, warrantless surveillance, telecom immunity, military commissions, secret prisons, torture, use of violence against

  • Does it work with browsers that are too dumb to run scripts or active content?
    Does it work with browsers that have scripting and active content disabled?

    What useful information does it provide if someone is using a proxy-router-boot-cd environment, besides other web sites visited during that session and perhaps traceroute-type information?

    What useful information does it provide if someone is using a boot-cd environment behind a router that connects to the proxy? Traceroute-type information won't be helpful

  • having read the story and seeing that one target hit the site 29 times without it dropping its payload due to a 'compatibility issue'.
  • Here in France, we're close to having to install a spyware on our computer NOT to go in jail and pay a huge amount of money after 3 unproven accusations.
  • by AHuxley (892839) on Friday April 17, 2009 @09:08AM (#27610855) Homepage Journal
    But as you read down, some interesting details.
    "The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks."
    The feds note your interests as you type, not your proxy for the day 1/2 around the world.
    What was once a hardware logger install is now your clicking on a link.
    "alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website."
    Seems like someone was using a Mac or Linux/other OS?
    What do people think? A deep dark federal/MS approved/AV hidden effort?
    Or in house/turned/tame spyware author ?
    Would Tripwire save you :) ???
    The MAC address part reminds me of hints about the anti p2p software called "Operation Fairplay"
    http://news.cnet.com/8301-10784_3-9920665-7.html [cnet.com]
    • by Lehk228 (705449)
      firefox+noscript should protect you, unless you are running untrusted active content i doubt there is anything that they could hook to.
  • CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia.

    But if it works based on clicking links that presumably take you to the installer, how on earth can you guarantee that your target is going to click on it at all? You'd either have to direct it specifically to the Mark, and hope that he responds, or you'd have to put it someplace so completely mainstream that hundreds of other people click on... oh, shit. I think I'm having an OS reinstall party this weekend.

    • Re: (Score:3, Informative)

      *Sigh* Please RTA.

      One person was sent the URL in a private myspace chat. Another was trying to extort the cable companies and had given them a private URL (presumably something like www.comcast.com/skldflksdf/freemoney4me.html) to post their response to. The FBI then set up that page to use a browser exploit to install the logger.

      All instances were done under court order with almost the same restrictions and provisions a normal wiretap would have.
      • Okay, I skimmed TFA. I still don't understand how this has even a 10% margin of success. Speaking in regards to myself, if I was doing anything that warranted the FBI singling me out that I was aware of, I would be much more paranoid than I currently am about going to strange links. Especially ones sent to me from people I don't know. Especially when I use one service and the reply is trying to bait me into going to somewhere I've never heard of. Most of the time I see stuff like that on blogs that is
        • by BigGar' (411008)

          People typically assume they're much smarter than they really are. You, reflecting the FBI's technique realize there are several issues that could limit its success. However, that they do it, obviously it has worked, & given the propagation vectors of a typical internet worm, the successes seen by various phishing scams indicates to me that they'd likely have some success even if they sent out an email with the program as an attachment for the person being surveiled to run even if it indicated in the

      • by HexaByte (817350)

        *Sigh* Please RTA.

        Uhm, did you forget you're posting on Slashdot?

  • by rabbitthought (929863) on Friday April 17, 2009 @09:14AM (#27610951)
    As previously stated, it's not really different from bugging the home or car of a suspected Mafia boss/drug dealer/etc... As long as it's backed up by a court order, of course. It obviously interferes with the right for privacy, but that's why there are mechanisms which should take into account all factors before allowing such interference (i.e. courts and judges). If the system is malfunctioning, it should be fixed - but this doesn't mean that it isn't right. BTW, this CIPAV isn't really news - it's wikipedia page is 2 years old...
  • In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibil

    • by DrVomact (726065)

      He returned to the site 29 times? Must have been really...interesting. I wonder, how can I get the FBI to email me that link? For testing purposes, of course. Yeah, that's it...

  • catch it in the wild (Score:3, Interesting)

    by cenc (1310167) on Friday April 17, 2009 @09:52AM (#27611633) Homepage

    It seems strange that no one has managed to catch this in the wild yet, if it has been in use for that long. Would indicate they are using it in a fairly limited scope (perhaps), if for no other reason to keep from defeating their own tool.

    • Interesting thought. One step further. If the bad guys were able to understand/decompile the code and tweak it, they could actually use it _against_ big brother: Imagine if bad guys tweaked the code and essentially gave it the functionality to "spread"(Think "worm". Spreading to millions of users...and millions of "infected PC's phoning home to Virginia). It would more than likely trash their survellance program with a multitude of false positives.
      • by cenc (1310167)

        or at least then be able to send them on a wild good chase.

      • by blhack (921171)

        I don't think you're understanding how this works.

        Becoming infected with this worm does give you the ability to control of the computers that are infected with it.
        Think of it like VNC, or Dameware, it lets THEM control YOU, not the other way around.

  • Or at least doing the more discreet browsing from a VM.
    • Agree with that. If you have a machine that is known to be clean then snapshot it, do your browsing/downloading and revert back to snapshot when you are finished.

      For the paranoid you could have a machine that has never been attached to the internet and snapshot it at that point in time *then* do your browsing/downloading and revert back when you have finished. Although the problem I see here is (assuming Windows) getting snagged for security updates everytime you bring this snapshot back to life and hook it

  • If CIPAV has been so widely deployed, one might wonder if it has not been released to black hats already and analysed to death...

  • Electronic rebellion is a bad thing when the other guy does it.
    But in all seriousness the ability of any government to fight electronic crime and rebellion sound fine at first but think about it. Perhaps there will come a day when our government is not in control of the situation. Other powers may infiltrate and seize control. This happens frequently all over the world. At that time the very same tools that aid us in catching thieves online or other negative

    • by HexaByte (817350)
      Any government powerful enough to seize control of ours would have the technological capabilities to create and deploy such software already, and presumably already deployed against their own people.
  • It's time to use Lynx for all nefarious web browsing. On another note, it would be interesting to see some packet captures of CIPAV installing itself. I wonder if you could develop signatures for Snort or other IDS/IPS systems to recognize CIVAP installs.

"For the man who has everything... Penicillin." -- F. Borquin

Working...