The FBI Has a Trojan To Watch You 372
G_of_the_J writes "A man who had cut 18 cables affecting Verizon and Comcast was blackmailing them. He had demanded bank accounts be set up and information be provided on web sites that he specified. Although he used anonymous access to get to the web sites, the FBI had planted a trojan which was downloaded to his computer. The trojan then sent his IP address and other information to the FBI."
no wonder he was unemployed.... (Score:5, Insightful)
... if he was stupid enough to visit the "private" website they created for him with such a lax security setup that his computer willingly installed the FBI's trojan.
Your dog wants zone alarm (Score:5, Insightful)
He can spoof ips yet he can't install software to detect unwanted outbound traffic?
Idiot.
Re:silly muppet (Score:2, Insightful)
According to the complaint filed against Kelly, he believed that "companies like Comcast and Verizon were indirectly responsible for his unemployment and dire financial situation because they worked with companies that favored foreign engineers over their counterparts and because they had indirectly stolen his intellectual property."
As part of his sentence in late 2005, Kelly was also ordered to enter a mental health program.
No parole? He might be a silly muppet, possibly crazy, but treatment sounds more reasonable than prison. Or am i just a European speaking to an American ; ).
Not to watch you* (Score:2, Insightful)
Good (Score:5, Insightful)
Re:Fine...any details? (Score:3, Insightful)
Doesn't seem like it was too complex. Sounds like they simply used some sort of drive-by download to install it on his system, and the program simply phoned home with the infected computer's IP address, MAC address, and a few other identifying pieces of info.
Cops Catch Criminal. Film at Eleven. (Score:5, Insightful)
Dude was a bad guy. FBI's job is to catch bad guys. FBI uses technology to catch bad guy. I'm not feeling the outrage here...
In a related story, local law enforcement shot a criminal who tried to hold up a 7-11 when he resisted arrest and brandished a knife. Reports say police used their "gun" technology to do this.
Point being, we know the FBI has the tech to do this stuff. It's only really a rights issue when they use it against non-criminals, or suspected criminals.
Sign of the times (Score:5, Insightful)
Something is seriously wrong when you have to explicitly state, "The FBI did not commit any crimes in this story." When I read the summary, I felt that the warrant was implied, but with everything that has happened, I also feel that you are completely justified to think that that info was missing.
re: But who said it was about "outrage"? (Score:5, Insightful)
I think it's an interesting story, but sure ... if a warrant was obtained first, the FBI actually did this the RIGHT way, and that makes me happy.
That's how law enforcement is supposed to work. Sometimes it seems like we completely forget that, these days, with all the stories of "the law" just doing whatever they please, secretly.
Re:Cops Catch Criminal. Film at Eleven. (Score:5, Insightful)
Actually, the FBI can't tell the difference between a criminal and a suspected criminal. In the U.S., it takes a jury (or a guilty plea) to do that.
I think your point though is that it's not a violation of someone's rights if the FBI has reasonable evidence *before* they install the Trojan, and it appears they did in this case (because they had a warrant).
Re:silly muppet (Score:2, Insightful)
I would assume he was found not guilty due to mental defect. If not I would be very afraid as his sentence reaks of the thought police. Sadly there is instances now of people's sentences being sent to "fix" their way of thinking.
Re:CIPAV (Score:3, Insightful)
It's worth noting that in order to use CIPAV, the FBI has to get court approval after explaining how the software can help stop a crime.
Like that stopped them from wiretapping without a warrant.
Re:Your dog wants zone alarm (Score:5, Insightful)
Your own computer can not be trusted anymore. Look at some of the new stuff being included by default in many computers. You can get a computrace chip installed on the motherboard, you can also have an Intel vPro chipset, that can work outside the OS, without the OS knowing what it is doing. Or, any kind of Hyper visor that is installed, or Rootkit. You can not trust any tool on your computer to tell you if your computer is compromised. You need something like a monitoring tool on your router, or in another machine.
Re:no wonder he was unemployed.... (Score:5, Insightful)
it would be trivial to get someone to slip a piece of data into an auto-update for a specific customer.
How would that help them in a case like this where they didn't know who that specific customer was?
Re:no wonder he was unemployed.... (Score:5, Insightful)
Hey, you gotta see it from a statistician's point of view. Catching 90% of the criminals takes 10% effort. Catching the other 10% takes 90% effort.
Now tell me which ones you catch when every single one counts as "one" in your "how many did you catch this year" statistics.
Bottom line: You only catch the dumb criminals.
Re:no wonder he was unemployed.... (Score:4, Insightful)
Re:CIPAV (Score:5, Insightful)
Flamebait, seriously? We had a whole debate about this last summer, and some members of Congress actually argued that the President has a Constitutional prerogative to use whatever intelligence gathering methods he wants as long as he has a plausible argument that we're "at war."
Note, that it doesn't particularly matter that the President argued he had Constitutional prerogative, presidents always assert that they have more power than they actually have. But Congress is supposed to be a branch of government competing with the President for power, they have incentives to check him instead of enable him.
So it isn't flamebait at all to note that warrants are questionable protection when it comes to surveillance activities.
Re:no wonder he was unemployed.... (Score:3, Insightful)
Re:CIPAV (Score:3, Insightful)
Re: But who said it was about "outrage"? (Score:5, Insightful)
Yeah, it's sad that law enforcement actually doing their job the RIGHT way is news.
Re:CIPAV (Score:5, Insightful)
We had a whole debate about this last summer, and some members of Congress actually argued that the President has a Constitutional prerogative to use whatever intelligence gathering methods he wants as long as he has a plausible argument that we're "at war."
The problem is that as far as the government is concerned, they are always at "war". Presently you can count the wars in Iraq and Afghanistan, as well as all the wars against US citizens, including, but not limited to, the global war on terror, and the war on drugs, and apparently, the war on privacy.
Re:CIPAV (Score:5, Insightful)
Maybe also when attempting a criminal act, don't use your own machine, and don't use the same machine twice.
Internet privacy simply do not exist (Score:3, Insightful)
This doesn't concern me in the slightest as long as they continue to follow the law and request a warrant to plant this trojan. If your a law abiding citizen, then you should never show up on their radar and I see this as no different than a blackmail case where they bugged someone's phone with a warrant or put them under 24/7 observation. I would imagine they injected the trojan via the web site that the guy demanded Verizon set up for him via some known (or unknown) exploit.
The two known instances of the FBI using this were both done via warrant (this one in 2005 and the latest in 2007).
That's not to say they don't use this elsewhere, but any person on the internet should consider their activities traceable no matter what hoops they go through. Especially when the telecoms willingly rolled over when requested by the government and most folks get their internet access via said telcoms.
Re:CIPAV (Score:5, Insightful)
Okay, so if the government wages "the war on privacy" by using invasive techniques, and is justified in doing so by saying "we're at war," then there's obviously no privacy, right?
So can we say they've won the war on privacy, declare the war over, and thereby rescind the powers it used to wage such a war?
Whoa. Headspins. Gotta sit down.
Re:CIPAV (Score:4, Insightful)
And don't use windows at all.
Re:Internet privacy simply do not exist (Score:5, Insightful)
Well, there are ways to be about 99.99% anonymous on the internet. One way is to set up a nym [iusmentis.com] account, that bounces through serveral remailers like Mixmaster [wikipedia.org]...and basically have the final hop on those to be one of the anon groups on USENET. That way, they don't know who it is reading one of thousands of pgp encrypted emails out there.
However, when it comes time for the internet to intersect 'meatspace', like when you want to get money. Well, now that part is gonna be a little tougher to do...much easier to track the money.
Re:Good (Score:3, Insightful)
I agree that when the good guys act like good guys, I want them to win.
Your computer never knows who the good guys are, though. And even if everyone signed their attacks (e.g. this spyware is signed by the FBI), it would never know when there's a warrant and when there isn't. (Just as a DRM scheme never knows whether you're trying to violate copyright vs do something innocent.)
When you receive a trojan, it might be a lawful attack by the FBI, or it might be Russian spammers wanting to add you to their botnet. You don't know which. So what's the right thing to do: run it? Or don't run it?
Alas, whatever you do to deal with the bad guys, is also going to work against the good guys.
So .. do I want the FBI, when working within the law, to be able to own a suspect's machine? Sure, in an idealistic fantasy kind of way. But in real life, I know that question can be rephrased, without losing any meaning, as "Do I want Russian spammers to be able to own anyone's machine?"
As long as (Score:3, Insightful)
#1 There was a warrant for the wiretapping.
#2 The guy really did something wrong and against the law.
#3 He was stupid enough to click on whatever installed the trojan.
#4 He was stupid enough to cut Internet cables and demand blackmail and ransom from the ISPS.
We'll just call it an Own Goal for this guy whomever he is.
As long as the majority of the population who don't do these things aren't domestically spied on, it should be alright.
If the FBI wants to see what my Traveller RPG group is doing, we could use another Game Master and a few more players as our Game Master is working a job that requires him to travel and cannot GM any more and a few players had quit. No need to plant a trojan on our computers and read our email.
Re:Internet privacy simply do not exist (Score:3, Insightful)
It would be easier to connect to the site form an free wireless connection. Where I live, some McDonalds, coffee shops, Duncan Donuts, and other places offer free wifi. Just goto one of those, connect with a VM of whatever you like and do your business. When done, revert to your snapshot of how it looked before and whatever virus or trojan they pushed on you should be eradicated.