FBI Used Spyware for Online Search

juct writes "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security, a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."

Are the editors boycotting reading /. again?

[Anonymous Coward]

Yet another dupe [slashdot.org]! (From yesterday!)

Re:

[_Sprocket_]

Ummm... maybe it's a "Slashvertisement" for antivirus software? Subtle.

Re:Are the editors boycotting reading /. again?

[RuBLed]

Ha! The quote displayed as of the time I'm writing this is:

If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde

Re:

[Gentlewhisper]

And that is why the Mossad uses Macs...

Oh... oh! And the good guys in 24 too!

Re:

[Shakrai]

But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.

But with Linux the kernel is presumably trustworthy and you can firewall off any means of access for remote exploits. Can you say the same with Windows?

Course if big brother really wants you all they have to do is a sneak and peek and rootkit your PC. Really doesn't matter what OS you are using.....

Re:

[poetmatt]

shit someone used CIPAV to post a dupe!!!!oneoneone!!!11

Please tell me why I should run Windows?

[whoever57]

Of course, the "if you have nothing to hide..." crowd are likely to be out, but what about rogue agents? What about investigations that target the wrong people by accident?

I suspect that getting such a tool installed on my Linux box would be much harder.

Re:

[Spy der Mann]

What about investigations that target the wrong people by accident?

With the government, there are NO "accidents".

Re:

[lessermilton]

It's called collateral damage ;)

Security through obscurity

[EmbeddedJanitor]

Well if you have nothing to hide and don't do anything that attracts attention, the security through obscurity principle kicks in.

Sure some poor sap will be done over, but hopefully it won't be you.

Re:

[sumdumass]

If you have one thing that you don't want someone else to know about, you have something to hide. And this one thing doesn't have to be illegal or unethical either. as long as we have freedom, we are free to hide things.

Something to hide != guilty of a crime.

Re:

[PopeRatzo]

Sure, there are lots of reasons to hide things that are perfectly legal. When I travel in less-safe countries, I sometimes hide money in an interior pocket or even my shoe. I hide a key in a certain place outside my house in case I lock myself out. When I buy a pint of haagen-daz, I hide it in the back of the freezer so my wife doesn't eat it.

I'm not trying to be clever here. There's not a soul that has "nothing to hide". If someone says their life is an open book, ask to see their wallet and start loo

Re:

[Domo-Sun]

Also, everyone has something to fear, such as, false imprisonment for crimes you didn't commit and evidence planting. Or how about imprisonment and execution for things that are trivial, like being a Jew.

Re:

[pkvon]

> I suspect that getting such a tool installed on my Linux box would be much harder. Do you verify everything you download? Did you get the certificates from a trusted store? How do you know your ISP (cooperating with the gov) or the certificate authority (verisign? trust them?) did not mess with whatever you are downloading. It might just come attached to your latest firefox binaries :/

Good !

[sonamchauhan]

From the story:
which Google and MySpace supplied to the FBI therefore referred to the Italian computers. In order to trace the perpetrator, the FBI sent the CIPAV via Google Mail or MySpace after receiving a search warrant from the authorities so that the spyware could install itself as more threats were sent. Use of the CIPAV was granted by the judge with the stipulation that the software was only to transmit its IP data between 6:00 and 22:00. However, it was permitted to log IP addresses round the clock.

Re:

[compro01]

glad to hear they've caught on with this whole thing with warrants and due process.

see? you don't need NSLs to catch bad guys!

Re:

[sumdumass]

The problem is, even with a warrant, how do you know the software they install isn't installed to make you look guilty? The software can do anything they tell it to do, would you be able to have the source code examined at your trial?

Re:

[sakasune]

Your comment is one that actually made me say "hmmm..."
Could the defendant actually request the source code for the program? Though, they probably would just label him a terrorist and throw him and the source code in Gitmo...there he could review it all he wants, because in Guantanamo Bay no one can hear you scream

Re:

[sumdumass]

There sure is a lot of fus over the treatment of the people at club gitmo. I think a lot of people would hear you scream, it just wouldn't be too many that cared.

But yea, your probably right. You would be shove off to the side where they could control how much you can do about the program. It just seems to me that if you could sneak it into the computer, you could almost sneak anything into it, even if you needed evidence to go further into the computer.

How long will it be before...

[bconway]

the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Re:

[normuser]

How long will it be before... the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Hmmm, where have I heard that before? Maybee in this post by "140Mandak262Jamuna" [slashdot.org]
Really, what was the point of ripping off his post?

Re:

[bconway]

I figured if the editors weren't going to take the time to post new content, there wasn't much reason for us to, either.

Re:

[Actually, I do RTFA]

Do we have to guess the right negative number to win the prize, or is knowing the sign enough?

Re:

[Bearhouse]

Yeah, but that would probably work just as well as the Clipper chip...remember that? Exactly...

Re:

[vbjay]

Of course with Windows, it wouldn't be a backdoor. It would just be a window! :D Hence the name.

Re:

[chriddy]

From the search warrant request:

Because the FBI cannot predict whether any particular formulation of a CIPAV to be used will cause a person(s) controlling the activating computer to activate a CIPAV, I request [...] to continue using additional CIPAVs [...] until a CIPAV has been activated.

Read "activate"="double-click on attachment". So much for the FBI exploting secret security holes that are otherwise unknown or actually paying OS vendors to install backdoors and security software vendors to not detect

Re:

[Captain_BakaNeko]

if the FBI demand that, then what happens if hackers find that back door, and start stealing personal info and Identity theft increases? will it be worth it then?

Gosh this looks familiar...

[frdmfghtr]

Where have I seen this before? [slashdot.org]

More Firefighters Needed!

[garcia]

It would seem that there's a kink [slashdot.org] in the Firehose [slashdot.org] again [slashdot.org].

Re:More Firefighters Needed!

[jsse]

Now I can see the purpose of Firehose now...

It's now our fault in voting up a dupe, not /. editors, definitely not...

Now /. needs to develop another system to penalize those who repeatedly vote a dupe, namely "List of idiotic dupers"

Re:

[garcia]

Well, it's both of our faults. We just don't get paid for continuously fucking up.

Re:

[elrous0]

Maybe they're going for the all-time dupe record.

Interesting speculation

[bconway]

The Feds would have the $$$ and be able to hire the skilled labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.

The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.

Re:

[i_b_don]

MS built lots of back doors into windows... oh, you mean intentionally?

d

Re:

[bit01]

The problem with either of those options is if they get out in the wild.

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

---

Commercial software bigots - a dying breed.

Re:

[jimicus]

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server. It's easier and more subtle to attack the weak link in the chain - the human being who's sat at the computer.

It's a bit like how most sysadmins these days know that open por

Re:

[bit01]

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server.

That's true but my point is that an intelligence agency backdoor could have exactly the same digital signature protections etc. In other words unlike what bconway said [slashdot.org] official backdoors would would be no more a compromisable hole than Update. Keeping in mind that the NSA has two missions

concerned

[steelbr2]

what if the goverment installs and controls/spys your computer? bad or good. what can become of this?

black security

[whtmarker]

The article refers to a company heise security. The name heise is actually romanized mandarin for the word black. If you have a proper font the characters are [] [] or here [tigernt.com]

The Problem

[bconway]

I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?

The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narr

Re:The Problem

[Lisandro]

The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

Fuck that. Sorry, but you guys (US citizens) should start to become really concerned about your government violating personal, constitutional-granted rights in order to further the fight against "terrorism". This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control. Who cares about future artificial limbs when these people decide it's ok to install malware in your PC so they can eavesdrop private, personal files and communications, today?

Re:

[garcia]

This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control.

I guess that pond is smooth as glass and all you are seeing is your own reflection as you gaze across. How quickly you forget about those traffic congestion cameras [slashdot.org] the police now have real-time access to.

Re:

[Lisandro]

Heh, wrong expresion (i'm Argentinian, down in South America)... guess it should've been "from the other side of the pond and Mexico" :). But yes, nasty stuff in England aswell. I wish that the 1984 comparison one is so bound to make in this case wasn't so close to reality.

Re:

[pipingguy]

"The Pond" usually refers to the Atlantic Ocean, at least for native English-speakers. Do you guys consider Chileans to be west coasters?

Maybe 1984 was a roadmap, not a cautionary tale. Or maybe Orwell was actually a historian from the future.

Re:

[zoogies]

Well, you see, the guy who originally retorted with "The Pond" incorrectly assumed that the guy who retorted, "You Americans..." was from England, so the latter guy responded to the "The Pond" guy by correcting him. Which makes *your* retort baseless....I think.

Re:

[jimicus]

There's not much functional difference between that and a telephone tap.

Be grateful that there is a due process which was followed. I'd be more concerned when such due process is considered a hindrance to the "war on terror" and done away with.

Re:

[mutterc]

They had a search warrant for the instance the article reports about. So this particular story isn't about an abuse of power (for once!). There's nothing (yet, sigh) to indicate they're going on warrantless fishing expeditions with their spyware, or trying to get it pervasively installed so they can data-mine "in the interest of national security". I agree that either of those cases would be cause for outrage.

Heck, if the FBI wasn't allowed to use spyware, with a warrant, they could just install a hidden

Re:

[Lisandro]

A search warrant makes it legal, it doesn't make it right. If they really had a probable cause (or cause :) and a search warrant you could seize and inspect the PC directly.

over the pond?

[waspleg]

would that include London the most heavily surveillance oriented city in the western world? the city wehre they are working on launching UAV's for spying on regular citizens in addition to a billion and 9 cameras on every corner? Don't get me wrong, the US sucks it hard for spying, hell they even asked teh postal service to read your mail for "suspicious" activity but afiak there are no bastions of personal freedom in Europe short of the Dutch

Re:

[fltsimbuff]

"Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?"

Man, they gave you the full package didn't they?

Trivial to defeat?

[illegibledotorg]

With a little bit of technical ability, this seems like it would be trivial to defeat.

If the kid was already hopping over three computers (maybe using Tor), he probably had the technical ability to:
1. Put his machine on a private NAT'd network so that 'ipconfig' would show an unroutable address.
2. Use a firewall that alerted him when software was trying to make an outbound connection. Better, drop it using that gateway he's sitting behind.

Granted, if he had just been using something besides Windows (which I

Re:

[jimicus]

99 times out of 100, people with that kind of technical ability don't waste their time emailing bomb threats to a school every few days saying "it rly will go off nxt tim, prmse!! LOL ROFL OMGWTFBBQ".

okay...

[javaman235]

The FBI has used PC spyware for the first time

Oh! It was there first time? They've lost their spyware virginity? Why do they write bullshit like this? Is it so that one guy won't go "Drat! I had no idea the FBI ever installed keystroke loggers" that articles like this lie to everybody? C'mon.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drumsetdrummer]

Notice the first time it's *publicized* that CIPAV was used is in a case like this where a school bomb threat is foiled. I wonder how many other times CIPAV has been used that have *not* been publicized.

This is an international issue.

[Futurepower(R)]

This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.

It is possible that this particular case has been picked for its public relations value. The U.S. government's spy agencies have for many years been using ANY tool at their disposal to spy ANYWHERE. It is possible that this case is designed to try to get approval from U.S. citizens for this kind of spying, when much of the spying they do is not to prevent

CIA

[AnyThingButWindows]

Running a comp repair shop I removed a Trojan that possibly came from the CIA. Breaking it down in HEX revealed that. It snooped IE cache, and was as easy to remove as running toolbarcop, then hijack this, then removing the binary manually. Dumped IE cache, then put the user on a cacheless firefox configuration. That fixed the problem.

Given that the NSA knows how to crack Windows

[Master of Transhuman]

and hasn't told Microsoft about it, this merely indicates that the FBI is either being inefficient again (unless of course they used the methods developed by the NSA) or is once again on the tail end of an intra-agency dispute - meaning that the NSA deliberately didn't tell them how to crack Windows because the NSA is using that method to crack the FBI's computers...:-)

In this current posting, however, the issue is /.'s inability to remember what's on the front page for 24 hours...

Or maybe the FBI just crac