Slashdot Log In
FBI Remotely Installs Spyware to Trace Bomb Threat
Posted by
CmdrTaco
on Wed Jul 18, 2007 10:22 AM
from the hey-wait-a-minute dept.
from the hey-wait-a-minute dept.
cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."
Related Stories
[+]
IT: Enhanced Carnivore To Crack Encryption Via Virus 522 comments
suqur writes: "MSNBC has a story about a new Carnivore feature, dubbed 'Magic Lantern,' which arrives on a victim's computer in the form of a virus through email or well-known vulnerabilities. Magic Lantern uses keylogging to extract keys typed in, and sends them off to the FBI. This is similar to a story reported on previously, but taken one step further, allowing computers to be compromised remotely."
[+]
Will Security Firms Detect Police Spyware? 269 comments
cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."
[+]
IT: What We Know About the FBI's CIPAV Spyware 207 comments
StonyandCher writes "What is CIPAV? CIPAV stands for 'Computer and Internet Protocol Address Verifier'; a lengthy term for powerful spyware the Federal Bureau of Investigation can bring to bear on web-based crime. It was used last month in a case where someone was emailing bomb threats regularly to a Washington high school. An affidavit by an FBI agent revealed some of the workings of CIPAV. 'According to the court filing, this is [some of] what the CIPAV collects from the infected computer: IP address, Media Access Control address for the network card, List of open TCP and UDP ports, List of running programs ... Last visited URL. Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.' In a Computerworld article, the author attempts to dissect CIPAV's purpose and raises a number of questions such as: What happens to the data the CIPAV collects? Does the CIPAV capture keystrokes? Can the CIPAV spread on its own to other computers, either purposefully or by accident? Does it erase itself after its job is done?"
This discussion has been archived.
No new comments can be posted.
FBI Remotely Installs Spyware to Trace Bomb Threat
|
Log In/Create an Account
| Top
| 325 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
the answer is simple (Score:1)
(Last Journal: Tuesday May 20 2003, @01:02PM)
Re:the answer is simple (Score:5, Insightful)
(http://www.sigsegv.cx/)
Re:the answer is simple (Score:5, Insightful)
Re:the answer is simple (Score:5, Funny)
(Last Journal: Friday November 28 2003, @02:48AM)
From the summary:
A MySpace account linked to bomb threats sent to a high school.
Chances of this system being secure, updated, well-managed? 0
Chances of this system being a Gateway laptop that takes 10 minutes to boot, loads 5 IM apps on startup, has 4 different IE toolbars, and constantly warns that the Norton Antivirus subscription lapsed 16 months ago? Our survey says yes!
How long will it be before ... (Score:5, Insightful)
(Last Journal: Wednesday October 31, @08:33AM)
Re:How long will it be before ... (Score:5, Interesting)
(Last Journal: Monday April 30 2007, @10:21PM)
Then they came for net access records, you did not care because you don't need privacy there
Someday they will come for you, and there will be no one left to care
The warrant isn't really the point. (Score:5, Insightful)
(Last Journal: Tuesday January 16 2007, @10:33AM)
Re:The warrant isn't really the point. (Score:5, Insightful)
(http://slashdot.org/)
There is no magic at play here. If it's a secret, someone can learn it. If it's a method, someone can learn it. If it can be done by one, it can be done by all and whether or not you trust your government or your legal system is almost irrelevant to the larger point. If there exists that serious of a chink in your armor, SOMEONE will exploit it and it may not always be for the right reasons or by the right people.
Re:How long will it be before ... (Score:4, Interesting)
I'm kind of new here (Score:5, Insightful)
(Last Journal: Friday October 05, @02:20PM)
What exactly do you want?They got a warrant. Isn't that kind of oversight what we want? I don't understand why you think making a comparison to the Gestapo (and did they really have warrants?) adds a single thing to the conversation.
Please tell me what your solution is, so I can put your comment in some kind of context. I've seen it and its like from several other posters, but not a single one of them goes on to make a coherent argument after making it, and neither did you.
The FBI has a job, in this case it seems a job that we'd all like them to be proficient at, that of preventing bombings. They pursued evidence through the correct channels, got a warrant, set up an operation, and did their jobs. In light of that, doesn't the "Gestapo" comment seem a bit reactionary and irrational?
So what the hell is with the specious Gestapo comparison? Do you think someone's rights were violated somehow, or the FBI overstepped their authority, or what exactly? Or is it vogue here to toss out inflammatory comments for no reason other than to provoke a reaction? I thought that's what the "troll" mod was for?
Lastly, the Gestapo also pandered to the fears and insecurities of the populace, so I'd be careful throwing around such comparisons if I were you.
Re:How long will it be before ... (Score:5, Funny)
(Last Journal: Friday November 10 2006, @02:16PM)
[2] Then they came for the end-of-sentence punctuation Nazis, and I did not care because I punctuate my sentences.
[3] Then they came for tense agreement Nazis, and I did not care because I know that 'do not need privacy' (even abbreviated as don't) is present tense while 'did not care' is past tense.
Then I realized that it matters not, because if someone can't read, they aren't going to care about net access records regardless of the privacy issues.
Re:How long will it be before ... (Score:5, Insightful)
I only use my credit card to pay for my phone bill. So why should I be against complete surveillance of CC payments? Hey, it doesn't affect me, ya know?
I only...
Open letter reply to that kind of law (Score:5, Insightful)
The Germans already proposed something like that. It was retracted when they realized that it pretty much opens the door to any kind of espionage, and that this could quickly turn AGAINST them.
No backdoor is secure. Word will get out and it will be abused. Worse yet, if you force AV and firewall manufacturers to keep that hole unplugged, you open yourself and all the businesses in your country to industrial sabotage and espionage.
Think the feds are THAT stupid? Even if, do you think their lobbyists will allow them to?
Re:Open letter reply to that kind of law (Score:5, Funny)
(http://www.zytor.com/~hpa/)
Re:Open letter reply to that kind of law (Score:5, Interesting)
(http://mp3bat.com/)
http://www.spectrum.ieee.org/jul07/5280/1 [ieee.org]
NSAKEY (Score:5, Informative)
(http://kadin.sdf-us.org/ | Last Journal: Tuesday October 16, @01:46PM)
http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org] is a good primer.
It was covered extensively at the time by the likes of Bruce Schneier and others, his comments [schneier.com] said:I think the jury is still out on exactly what was really going on; if it was an NSA backdoor, it was a pretty boneheaded one. Alternately, if it was just Microsoft being redundant, then it shows that they didn't plan very well and don't seem to understand security very well. Given the choice between the two, I think boneheadedness on MS's part is more likely.
NSAKEY (Score:4, Informative)
(http://blog.bfccomputing.com/ | Last Journal: Tuesday August 07, @06:50PM)
Where have you been [wikipedia.org]?
User (Score:3, Insightful)
(http://pyscrabble.sf.net/)
My guess is that nothing quite so sophisticated was necessary since the user downloaded and ran an unknown attachment from an email message
Occam's razor at work (Score:4, Insightful)
Assumption 1: He doesn't know jack about computer security like 99% of the users out there and simply clicks everything sent to him.
Assumption 2: The FBI keeps a hole open in Windows that only they know about.
Assumption 3: AV vendors are forced to keep holes open, as well as firewall vendors and everyone else who could technically find it.
Assumption 2 and 3 bear a heavy load. Assumption 2 implies that EVERY Windows OS can be remotely exploited. Now, it IS possible to reverse Windows. And since there are Windows emulators out there that can handle calls to functions most people don't even know exists, it's safe to assume that quite a few people already reversed some parts of Windows. A hole would have been found by now. More important, such a hole could easily be used against US companies when, say, China finds them and uses it to eavesdrop on confidential data. If such a hole existed, the first thing the FBI would do is make sure that no US company dealing with critical or sensitive information (nuclear, biological, you name it) uses Windows as their main operating system.
Thus I consider it rather unlikely.
Assumption 3 includes that every AV vendor on this planet knows about the hole/malware and keeps his mouth shut. Now, a good deal of such AV vendors sit in countries that are not the US, worse, some of those countries are economical competitors to the US. Think they'll keep silent? Or that they would include it into their software? Hardly likely.
I'd stay with assumption 1: He was careless, clicking on everything and running no AV kit.
Re:Occam's razor at work (Score:4, Insightful)
Hold it, hold it... (Score:4, Interesting)
Heuristics and spyware (Score:5, Insightful)
(http://www.yafla.com/dforbes/ | Last Journal: Tuesday September 27 2005, @10:43AM)
Would it even be necessary to compromise security vendors? While heuristics and malware detection has been something long promised, it is my understanding that the vast majority of security software works purely by comparing against their dictionary of known attacks. If the police have highly specialized, very limited deployment spyware, it seems that most security software wouldn't have any inkling that it's malware in the first place.
I have no doubt that organized crime and government agencies are aware of and abusing exploits. Given that they don't blast it to the world like a giddy teenager looking for attention, no one knows what to look for.
Why are people so stupid anyway? (Score:1)
(http://stylus-toolbox.sf.net/ | Last Journal: Tuesday May 15, @11:50AM)
Criminals are dumb.
Click here for free movies! (Score:5, Funny)
Subject: Click here for free movies!
Attachment: not_spyware.exe
Hello! You have been selected to receive free movies at no cost to you! All you have to do is install the attached program to start downloading all the latest Hollywood hits free of charge!
Hello World (Score:2)
-Social engineering (either against the person, or his mother)
-Breaking into the basement^W house and installing the damn thing
-Hiding it in porn
Getting past defenses? (Score:5, Insightful)
(http://www.shaunc.com/)
Something seems fishy about the whole story, though. This guy was apparently savvy enough to use a proxy in Italy to send his Gmail bomb threat emails, so he was at least trying to cover his tracks... But he was dumb enough to open a random email attachment? It strikes me as more likely that the CIPAV is deployed through a browser exploit (or perhaps even "legitimately" as an ActiveX control or BHO, people will install anything).
Re:Getting past defenses? (Score:5, Insightful)
Just because someone does something the "average Joe" cannot or does not do, doesn't mean that he knows more than said Joe. He might just have gotten some clue from a pal, without said pal telling him the whole story.
It's simple script-kid style. Yes, some of the malware that circulates is pretty well written, but the people using it are sometimes so dumb that you wonder if they ain't better off serving fries. They're bound to be caught.
Not the guys only issue (Score:2)
Where's the provision for any federal police squad (Score:2, Interesting)
(http://www.unanimocracy.com/about.html | Last Journal: Tuesday April 04 2006, @12:04PM)
Is a bomb threat considered piracy?
Is a bomb threat considered treason?
Is a bomb threat considered counterfeiting?
If it isn't, there is NO Federal allocation of power to go after bomb threats, period. What the FBI is doing is not just unconstitutional, but any political leader who took an oath to uphold the Constitution is violating the only oath they took.
It is time that the residents and citizens of the United States of America ask where the government has gotten these powers from. I know that many of the previous generation is afraid of terrorist attacks, but we are all being attacked already in having our natural rights taken away from the very government that has one major purpose: to protect us from the State who wants to take those rights away.
It is fairly simple. The FBI has no provision in the Constitution, nor in any Amendments to said Constitution, and should just go away. Let the local State police force worry about bomb threats. If it happens from across State lines, let both State police forces work together.
Interesting speculation (Score:2)
(http://www.dangercollie.com/music/)
The Feds would have the $$$ and be able to hire the skill labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.
The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.
Thank Goodness (Score:1)
(http://www.ianmcintosh.org/)
Woot! (Score:3, Funny)
(http://www.dragonweezel.com/ | Last Journal: Monday January 29 2007, @01:47PM)
livecd (Score:1)
A far more likely way (Score:2)
Linux... (Score:1)
smileys.exe (Score:1)
Sorry FBI, I'd like to help, but it seems your wiles only affect chimps.
Use MySpace? (Score:1)
(Last Journal: Sunday September 02, @04:01AM)
Of course there is still the chance that a firewall or piece of security software would pick up the offending malware. Chances are the kid didn't have a very secure setup as others have suggested. The FBI probably thought they'd give the spyware thing a try and it worked out - I doubt they need to make use of OS exploits. They probably had enough data about the kid to create a highly targeted piece of spam or advertising that he was simply not able to resist.
Why is this even on /.? (Score:3, Insightful)
(http://www.friendwich.com/ | Last Journal: Thursday November 09 2006, @12:05PM)
Law enforcement is very deep into every aspect of computer activity. It's been this way for more than a decade.
The
The Problem (Score:5, Interesting)
(http://www.traxel.com/)
The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.
So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?
But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?
The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we cannot trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?
Thee title !!! (Score:1)
(http://www.ee.iitb.ac.in/uma/~spalit)
Read the real version of the story (Score:5, Informative)
Where is the 'Duh' tag? (Score:2)
Privacy vs. security (Score:2, Flamebait)
(http://cafepress.com/phototravel?pid=5934485)
I'd be rather upset, if an American government agency were unable to find a way to find a (legal) way to penetrate an American-made operating system with or without cooperation of American computer-security firms to investigate bombs threats against an American school...
Yes, privacy is very important — unless you are dead, that is...
To protect a few hundreds of innocents from McCarthy-like harassment, America shackled its intelligence services in the past, which appears to have contributed substantially to the deaths of several thousands (and billions of dollars worth of destruction) in 2001 alone.
The pendulum is now swinging into the other direction and already there are dimwits, who break Godwin's Law [slashdot.org] and still get moderated to heavens by fellow dimwits... Something tells me, I will not be :-)
Warrant and Receipt (Score:2)
(http://slashdot.org/)
From the search warrant:
I wonder how they did that. Surely just dropping a PDF in with the CIPAV software would be considered contempt (about as legal as burying a physical search warrant in the backyard). Waiting for the 60 day gathering period to expire seems too long, but sending notice and receipt for each day's take would make the whole thing a waste of time.sounds familiar (Score:1)
(http://www.algorithman.de/)
interestingly the head of our DHS, Wolfgang Schäuble, is trying to pass pretty much the same laws, that hitler did - and using the same "this is neccessary against terror" propaganda that hitler did....... and appallingly 60% of our stupid citizens are with him... I think one "successfull" act of terrorism in our country would be enough to start the fourth reich... (and remember that hitler staged the terrorist attacks back then)
Happening right now. (Score:3, Interesting)
- E-mail account made at a foreign e-mail hosting site that has an extremely terse address so as not to be hit by spambots (i.e. 4433dakjikk83726jj@somewhere.org)
- E-mails are sent from a stolen laptop through a public wireless access point that are copycats of this crime to illicit the same FBI response.
- E-mails are then checked each day from different public access points each day using a different MAC address at each access point. [The only e-mail that should be coming into this account would be the one from the FBI. Probably easy to verify by checking DNS records of the e-mails originating IP or IP block.]
- E-mail is received and copied to disk.
- Laptop is destroyed.
- CD with e-mail is then analyzed on a Linux/Unix machine that has no internet connection.
- Backdoor/exploit vector is discovered and used for "other" purposes.
Grey-market exploits (Score:3, Interesting)
(http://technical-writing.dionysius.com/ | Last Journal: Monday November 05, @03:35PM)
try this: (Score:2)
(http://www.sbyrne.org/)
Sorry, had to ask... (Score:1, Interesting)
Updated (Score:2, Interesting)
Three words... (Score:2)
Two of the largest, most successful companies in the world with respect to computer security and they've not responded to said questions. Hmm...
(BTW, I refuse to argue whether MS is "successful" under any circumstances; they own what, 80% market share in the PC server and workstation OS world, that's success regardless how they attained it.)
no special software needed to find an IP (Score:1)
(http://www.peterboos.tk/ | Last Journal: Friday November 24 2006, @03:28PM)
As a basic firewall (and some CMD commands) show you who is connecting to you remotely. Next thing is look for the ISP owner and give them a call.
Or perhaps the FBI doesnt work with ISP's wich is a bit strange if it was like that probaply some have double pay rolls overthere... i just gues or they have some signed agreement to help them out. Most likely google yahoo hotmail etc etc all havce similair commitmends (oh whack is that why they are all american??).
Well any way there is no real hidding at the internet.
In otherwords please please use the internet for stupid actions as it is more easy to find 'terrrible' people. .
Government Ethics (Score:2)
(Last Journal: Friday April 11 2003, @09:14AM)
The internet is like a highway, on the internet how can anyone have any reasonable expectation of privacy?
Did the police (FBI in this case) overstep their bounds? Apparently a judge did not think so, he authorized the warrant.
Frankly, I am glad that they took this criminal off of the streets at least for now.
A bigger question really is being asked: "Should the FBI and police be allowed to use tools that would be illegal if used by civilians?" That question is a bit harder to answer but ultimately, we have a long history of giving our law enforcement officers tools that the general public is not allowed to use or, can only use in very limited ways. Examples of this would include machine guns, Tasers, two-way police radios, and mobile display terminals connected to restricted databases. The government has a right to employ some tools that in other hands may be illegal or unethical.
Did they use a known hole or did some one in a company somewhere create a hole for them? I don't know. Frankly, I would feel more comfortable ethically if they had discovered the hole on their own or used an accidental one. If they are using one that is custom designed, then I think that they are helping create a security vulnerability that could be exploited by someone else and that, I would think is wrong.
Re:If it weren't for spyware... (Score:2)
Though what's better, freedom or the golden cage? We ain't far from the ability of total surveillance, to make sure that everyone complies with the law (whatever it may say). It's far from impossible. We do have the technology to create the world of 1984.
Personally, I'd prefer freedom to controlled safety.
Re:Oh no ev1l! (Score:2)
So, now excuse me, I gotta go buy more tinfoil.
Re:If it weren't for spyware... (Score:2)
Funny thing about might, it don't always equal will.
I might also be sitting here right now in a perfectly normal neighborhood, without any craters beyond the ones my dogs are digging. I might win the lottery . . . one day.
I might live in a country that stops to consider the "why" of bad behavior, instead of just the "how to" of punishment. The leadership of this country might think something like, "You know, people seem to be generally angry, and a large part of the anger seems to be directed at those in positions of power. I wonder if a little self analysis might be in order."
Then again, they might not think any such thing.
Re:Its not just FBI Magic Lantern program! FACTS. (Score:1)
Re:Its not just FBI Magic Lantern program! FACTS. (Score:2)
I'm pretty sure that MSDOS 5.0 has also never been remotely exploited too.