The FBI Has a Trojan To Watch You 372
G_of_the_J writes "A man who had cut 18 cables affecting Verizon and Comcast was blackmailing them. He had demanded bank accounts be set up and information be provided on web sites that he specified. Although he used anonymous access to get to the web sites, the FBI had planted a trojan which was downloaded to his computer. The trojan then sent his IP address and other information to the FBI."
Magic Lantern (Score:2, Interesting)
Is this Magic Lantern, or something new?
CIPAV (Score:5, Informative)
Re:CIPAV (Score:5, Informative)
Re: (Score:3, Insightful)
It's worth noting that in order to use CIPAV, the FBI has to get court approval after explaining how the software can help stop a crime.
Like that stopped them from wiretapping without a warrant.
Re:CIPAV (Score:5, Informative)
I know you're just whoring for karma but I thought I'd point out that it was the NSA that was doing the wiretapping. In addition, we should be applauding the fact that this needs court approval and that they seek that out prior to use.
I know it's fashionable to hate on Federal law enforcement-and believe me I have plenty of grievances with the way things are done too-but I think you and lot of other folks have the same reactionary emotional response to the Feds that those who think they can do no wrong do, just in reverse.
Re:CIPAV (Score:5, Informative)
Re:CIPAV (Score:4, Funny)
Re: (Score:3, Insightful)
Re:CIPAV (Score:5, Insightful)
Flamebait, seriously? We had a whole debate about this last summer, and some members of Congress actually argued that the President has a Constitutional prerogative to use whatever intelligence gathering methods he wants as long as he has a plausible argument that we're "at war."
Note, that it doesn't particularly matter that the President argued he had Constitutional prerogative, presidents always assert that they have more power than they actually have. But Congress is supposed to be a branch of government competing with the President for power, they have incentives to check him instead of enable him.
So it isn't flamebait at all to note that warrants are questionable protection when it comes to surveillance activities.
Re:CIPAV (Score:5, Insightful)
We had a whole debate about this last summer, and some members of Congress actually argued that the President has a Constitutional prerogative to use whatever intelligence gathering methods he wants as long as he has a plausible argument that we're "at war."
The problem is that as far as the government is concerned, they are always at "war". Presently you can count the wars in Iraq and Afghanistan, as well as all the wars against US citizens, including, but not limited to, the global war on terror, and the war on drugs, and apparently, the war on privacy.
Re:CIPAV (Score:5, Insightful)
Okay, so if the government wages "the war on privacy" by using invasive techniques, and is justified in doing so by saying "we're at war," then there's obviously no privacy, right?
So can we say they've won the war on privacy, declare the war over, and thereby rescind the powers it used to wage such a war?
Whoa. Headspins. Gotta sit down.
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
Don't forget the war on poverty....
That was my favorite. Especially the part where it ended quickly, as poor people all over the US started asking where they could go to surrender.
Now if we could figure out an equally clever response to all the other bogus "wars" on abstract concepts.
Re:CIPAV (Score:4, Funny)
It's worth noting that in order to use CIPAV, the FBI has to get court approval after explaining how the software can help stop a crime.
+1 funny
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:3, Funny)
Hey my computer is acting FUNNY since I checked that wiki site about CIPAV.
Zippy ? Is that you ?
Internet privacy simply do not exist (Score:3, Insightful)
This doesn't concern me in the slightest as long as they continue to follow the law and request a warrant to plant this trojan. If your a law abiding citizen, then you should never show up on their radar and I see this as no different than a blackmail case
Re:Internet privacy simply do not exist (Score:5, Insightful)
Well, there are ways to be about 99.99% anonymous on the internet. One way is to set up a nym [iusmentis.com] account, that bounces through serveral remailers like Mixmaster [wikipedia.org]...and basically have the final hop on those to be one of the anon groups on USENET. That way, they don't know who it is reading one of thousands of pgp encrypted emails out there.
However, when it comes time for the internet to intersect 'meatspace', like when you want to get money. Well, now that part is gonna be a little tougher to do...much easier to track the money.
Re: (Score:3, Insightful)
It would be easier to connect to the site form an free wireless connection. Where I live, some McDonalds, coffee shops, Duncan Donuts, and other places offer free wifi. Just goto one of those, connect with a VM of whatever you like and do your business. When done, revert to your snapshot of how it looked before and whatever virus or trojan they pushed on you should be eradicated.
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
How many more agencies have software like this?
Anyone have any info on how to detect/remove software like this?
I doubt you will get an accurate count. The more successful it is and the longer it remains out of the hands of researchers will determine how many actually adopt its use.
Detecting it with a scanner will be problematic as it is not something that would be released widely like "traditional" commercial/criminal Spyware. Targeted distribution over short periods of time makes discovery and analysis even harder.
The first peice of advice here would be to strongly recommend avoiding activities that put you at
Re:CIPAV (Score:5, Insightful)
Maybe also when attempting a criminal act, don't use your own machine, and don't use the same machine twice.
Re:CIPAV (Score:4, Insightful)
And don't use windows at all.
Re: (Score:3, Funny)
Yeah, that was my first thought too.
I wonder if they have a Linux variant? That would be likely hard to do though, wouldn't it? I mean, unless you were stupid enough to execute a strange file you received from the FBI....
Re: (Score:3, Funny)
Wait. Are you telling me those emails I received from FBI with an attached program I had to run were actually real?
Re: (Score:3, Funny)
It might just because I've been skimming, but I haven't been able to find much by way of technical detail on how CIPAV works, namely what vector it uses to infect target machines, and what operating system(s) it "supports."
This website would like to install an Active-X control. Click yes to allow or no to cancel.
Have you ever meta dupe? (Score:4, Funny)
Someone once said "I never meta dupe I didn't like."
That someone was not me.
Re: (Score:2, Funny)
You talked about me saying that before.
top rank on google (Score:4, Funny)
Crap. Too bad that website was the top rank on a google search for comcast verizon cut cable blackmail.
I suppose posting anonymously won't help now.
Comment removed (Score:5, Insightful)
Re: (Score:2, Offtopic)
Where are the bodies buried? [xkcd.com] :)
Re:no wonder he was unemployed.... (Score:5, Interesting)
Exactly. It amazes me the number of buffoons that get caught by the FBI's lame attempt at tracking with their software.
you have to be a wannabe ankle-biter to download and run anything you don't know exactly what it is.
Re:no wonder he was unemployed.... (Score:5, Interesting)
It doesn't have to be that stupid. My PC is constantly asking me to auto-update components from:
If the FBI has cooperation from any one of these organizations, it would be trivial to get someone to slip a piece of data into an auto-update for a specific customer.
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:no wonder he was unemployed.... (Score:4, Funny)
Okay this is what you need to do. First take off the tinfoil hat. Next is go outside, you really need to get some sunlight.
Re:no wonder he was unemployed.... (Score:4, Funny)
Nice. See if you can figure out my identity from my IP address, ignoring of course that it's right there in my email address. Here's my IP:
192.168.1.42
Good luck!
Comment removed (Score:5, Funny)
Re:no wonder he was unemployed.... (Score:4, Insightful)
Re:no wonder he was unemployed.... (Score:4, Informative)
> Also consider that no OS would be immune from that. With cooperation a trojan could be slipped into Linux, OS X, Solaris, OpenBSD, Trusted. Anything where you're getting software from somewhere else.
He'd probably be pretty safe if he accessed the ransom website from a computer booted from a Live-CD of a less popular distro. We're talking about a guy committing some serious crimes... it would be worth his time to compile Minix or something totally obscure and use telnet to grab the webpage from the ransom site.
Hell, I just saw a kid browsing a webpage on his DS the other day. There are a lot of ways this guy could have avoided getting caught. I'm glad he got caught of course. But he could have at least tried a little harder :-).
The real weak link would be whenever and whereever he physically took possession of the money. That's where his real identity must interact with the "chain" the money has followed.
PS IAACFI (I am a computer forensics investigator).
Re:no wonder he was unemployed.... (Score:5, Insightful)
Hey, you gotta see it from a statistician's point of view. Catching 90% of the criminals takes 10% effort. Catching the other 10% takes 90% effort.
Now tell me which ones you catch when every single one counts as "one" in your "how many did you catch this year" statistics.
Bottom line: You only catch the dumb criminals.
Missing from summary (Score:5, Informative)
There is one important aspect missing from the summary. The FBI got a warrant first. It's not an extension of illegal wiretapping.
Re:Missing from summary (Score:5, Informative)
Indeed. As long as a warrant was lawfully obtained, and as long as only the suspect was being targeted, I don't see a problem. From the article, it looks as if the software was passed to him through the private site that he demanded be set up, so it's extremely unlikely, possibly impossible if it was password-protected, that any random person could have stumbled upon it.
Re:Missing from summary (Score:5, Funny)
Mental note for future reference...
when requesting a private website to extort money, post the credentials here or /b/ on 4chan.
Let them deal with all that was posted AND handle the bandwidth consumption. /b/)
then report the site to another agency for kiddie pics ( or kittie pics, knowing
Re: (Score:2)
Re: (Score:2)
I'm slightly surprised a warrant was required for this.
Well, IANAL, but since I'm sure this is leading to a criminal prosecution, I can't imagine otherwise. Arguably, the GWOT has encouraged procedural end-runs on Constitutional protections, but such plays have apparently always foreclosed any legal pursuit after the fact. Unless you imagine the cable-cutting 'tards winding up in whatever replaces Gitmo, the warrant would be a dead-on necessity. Even the most feeble and overtaxed public defender would be
Sign of the times (Score:5, Insightful)
Something is seriously wrong when you have to explicitly state, "The FBI did not commit any crimes in this story." When I read the summary, I felt that the warrant was implied, but with everything that has happened, I also feel that you are completely justified to think that that info was missing.
Re: (Score:2)
Actually, almost anything can be abused. You seem to be implying that therefore we should never do anything. Obviously, this is a silly conclusion. Often even when something is abused, and no corrective measures are taken, you are better off than if that thing were never used. Sometimes you are not; in those cases, a feedback loop to control the abuse is a good solution. Only when the thing isn't useful, or the feedback loop can't be made to work and consequently the thing does more harm than good
Your dog wants zone alarm (Score:5, Insightful)
He can spoof ips yet he can't install software to detect unwanted outbound traffic?
Idiot.
Comment removed (Score:5, Informative)
KISS (Score:5, Funny)
Nice ideas. Here is all I had: Demand that the info be in ASCII text, and download it with wget.
MS certified career criminal .. :) (Score:3, Funny)
Re:Your dog wants zone alarm (Score:5, Insightful)
Your own computer can not be trusted anymore. Look at some of the new stuff being included by default in many computers. You can get a computrace chip installed on the motherboard, you can also have an Intel vPro chipset, that can work outside the OS, without the OS knowing what it is doing. Or, any kind of Hyper visor that is installed, or Rootkit. You can not trust any tool on your computer to tell you if your computer is compromised. You need something like a monitoring tool on your router, or in another machine.
Linux, lynx, and an anonymizer (Score:2)
All he had to do was be more careful, and possibly boot from CD.
Re:Linux, lynx, and an anonymizer (Score:5, Funny)
Don't you watch the movies? They would've backtraced his IP address through their firewall with a Visual Basic program within seconds. You need to bounce around the world through at LEAST 15 anonymizing proxies for that to work and give you a minute or two of time to taunt them before you disconnect at the last minute just as the blue blipping blob on their VB.Net trace program is about to pinpoint your location in North America as the program starts zooming in on your location with Google Maps.
Click! All they know is you're in the northeast, but you told them that already right before you disconnected when you said you were calling them from a payphone across the street. When they rush out of their building all they find is an empty payphone with an acoustic coupler attached to the handset and interfaced to some kind of prepaid cell phone. You put down your binoculars that you've been using to watch the situation from the 5th floor of your hotel down the street and press a button on your computer which detonates the C4 conveniently hidden behind the payphone. Did they really think a silly god damn Windows spyware program was going to take you down so easily?
Re: (Score:3, Funny)
Don't you watch the movies? They would've backtraced his IP address through their firewall with a Visual Basic program within seconds. You need to bounce around the world through at LEAST 15 anonymizing proxies for that to work and give you a minute or two of time to taunt them before you disconnect at the last minute just as the blue blipping blob on their VB.Net trace program is about to pinpoint your location in North America as the program starts zooming in on your location with Google Maps.
Click! All they know is you're in the northeast, but you told them that already right before you disconnected when you said you were calling them from a payphone across the street. When they rush out of their building all they find is an empty payphone with an acoustic coupler attached to the handset and interfaced to some kind of prepaid cell phone. You put down your binoculars that you've been using to watch the situation from the 5th floor of your hotel down the street and press a button on your computer which detonates the C4 conveniently hidden behind the payphone. Did they really think a silly god damn Windows spyware program was going to take you down so easily?
And you were getting a blowjob from Halle Berry the whole time! Add in some more titty and I think we have a blockbuster.
Re:Linux, lynx, and an anonymizer (Score:5, Funny)
> Reason for requested leave: Starting an evil empire
Trust me, it's not as great as it sounds. The overhead is a lot more than you expect. Everyone figures they'll just steal a couple nuclear warheads and they're in business, but they never think about the essentials. Do you know how much toilet paper your evil lair will go through in a week? Even though you have the contribution jar next to the coffee maker, no one ever pitches in unless you happen to be standing there. With the downturn in the economy, you don't have the same staffing issues as you normally do, but finding decent henchmen is always a chore. The ones you do find are all, "We want dental!", "We need flex time!", "Respect me as an equal!", and "Oh God, no, save me, IT BURNS!!!" I mean, come on, what am I your mommy?
You go through all that, then in the middle of one of your best speeches, some moron running around in a tuxedo blows it all up with a can of hairspray and a laser beam built into a wristwatch.
Seriously.
Thanks For The Tip: +1, Helpful (Score:5, Informative)
About the party responsible for infiltrating government and military computers.
In case you've been living in Richard B. Cheney's spider-hole, this F.B.I. system is called Ghostnet [slashdot.org].
Yours Seditiously,
Kilgore Trout
the party responsible for Ghostnet (Score:2)
"About the party responsible for infiltrating government and military computers. In case you've been living in Richard B. Cheney's spider-hole, this F.B.I. system is called Ghostnet"
I guess the FBI will have to start investigating itself then :)
Not to watch you* (Score:2, Insightful)
FBI master hackers (Score:5, Funny)
Hmm...
*click*
...
Oops.
All future cable cutters ... (Score:4, Funny)
Re: (Score:2, Interesting)
or you could just submit a Ask Slashdot and get all the answers to your future crime.
He deserved to get caught. (Score:5, Funny)
Note to self... (Score:5, Funny)
Always use noscript when doing nefarious shit....
Re: (Score:2)
Good (Score:5, Insightful)
Re: (Score:3, Insightful)
I agree that when the good guys act like good guys, I want them to win.
Your computer never knows who the good guys are, though. And even if everyone signed their attacks (e.g. this spyware is signed by the FBI), it would never know when there's a warrant and when there isn't. (Just as a DRM scheme never knows whether you're trying to violate copyright vs do something innocent.)
When you receive a
Cops Catch Criminal. Film at Eleven. (Score:5, Insightful)
Dude was a bad guy. FBI's job is to catch bad guys. FBI uses technology to catch bad guy. I'm not feeling the outrage here...
In a related story, local law enforcement shot a criminal who tried to hold up a 7-11 when he resisted arrest and brandished a knife. Reports say police used their "gun" technology to do this.
Point being, we know the FBI has the tech to do this stuff. It's only really a rights issue when they use it against non-criminals, or suspected criminals.
re: But who said it was about "outrage"? (Score:5, Insightful)
I think it's an interesting story, but sure ... if a warrant was obtained first, the FBI actually did this the RIGHT way, and that makes me happy.
That's how law enforcement is supposed to work. Sometimes it seems like we completely forget that, these days, with all the stories of "the law" just doing whatever they please, secretly.
Re: But who said it was about "outrage"? (Score:5, Insightful)
Yeah, it's sad that law enforcement actually doing their job the RIGHT way is news.
Re:Cops Catch Criminal. Film at Eleven. (Score:5, Insightful)
Actually, the FBI can't tell the difference between a criminal and a suspected criminal. In the U.S., it takes a jury (or a guilty plea) to do that.
I think your point though is that it's not a violation of someone's rights if the FBI has reasonable evidence *before* they install the Trojan, and it appears they did in this case (because they had a warrant).
Re: (Score:3, Funny)
Actually, the FBI can't tell the difference between a criminal and a suspected criminal. In the U.S., it takes a jury (or a guilty plea) to do that.
I was watching some show that had a car chase filmed from a helicopter. Guy had a semi and was wreaking havoc, driving through roadblocks, ramming police cars, going so far as to use his truck to push other cars out of the way when he hit some stopped traffic on the freeway. Finally he's off the road, surrounded by police cars, gets out of his truck, starts figh
OMG: 192.168.0.2 (Score:5, Funny)
That's MY IP address too! Is the FBI hacking my computer as well?
Remember kids, only criminals use proxies. And only criminals use "an alternate operating system, with a black screen and white characters".
Re: (Score:2)
They could do it without a trojan... (Score:5, Interesting)
They could do it without a trojan, if they had the right signing key. I forget which worm it was, but a few years back there was a major vulnerability that Microsoft patched, which triggered the automatic reboot. The issue was the patch went ahead and updated the machine even if you had the system set to "download, but notify" rather than automagically patch. Similar deal here [zdnet.com] where an update did something it should not have.
Were I the FBI, I'd make Microsoft 'digitally sign' such a beasty, and then send it via an unannounced update.
Always helps to have stupid criminals, however.
FBI ? come on, don't mock us (Score:4, Interesting)
Is it just me, or does it seem rather contrived that the FBI would (successfully) use a trojan to catch a criminal who is at least someone technically proficient ? Presumably the con would be surfing through a proxy at the very least, and is probably not the kind of user who runs unsolicited downloads from public web sites.
Call me crazy, but I'd say this smells like a piece of theatre. Now I'm not saying the FBI hired the con, but sometimes I wonder... In an increasingly complex tech world, maybe they feel the need to put on a show, to make people believe the FBI still has things under control.
Comodo anyone? (Score:3, Informative)
http://personalfirewall.comodo.com/ [comodo.com]
On one hand, in Proactive security mode, it will tell you anytime a process it doesn't know does anything. Accessess a registry key, tries to open a socket, tries to piggyback outbound placing a HTTP connection via the IE object, what
On the other hand, if CIPAV has an exception deep in the executable, then it's pointless.
I wish Comodo was distributed open source and you could compile it yourself using Visual Studio.
As long as (Score:3, Insightful)
#1 There was a warrant for the wiretapping.
#2 The guy really did something wrong and against the law.
#3 He was stupid enough to click on whatever installed the trojan.
#4 He was stupid enough to cut Internet cables and demand blackmail and ransom from the ISPS.
We'll just call it an Own Goal for this guy whomever he is.
As long as the majority of the population who don't do these things aren't domestically spied on, it should be alright.
If the FBI wants to see what my Traveller RPG group is doing, we could use another Game Master and a few more players as our Game Master is working a job that requires him to travel and cannot GM any more and a few players had quit. No need to plant a trojan on our computers and read our email.
Re:Just another... (Score:5, Funny)
I don't know... Seems to me like another reason not to cut 18 cables and not know how to hide your identity.
Comment removed (Score:5, Interesting)
Re:Just another... (Score:5, Funny)
If you get a call from someone who refuses to identify themselves asking you if you'd be willing to edit a couple hidden configuration files and restart your system, then you have the Linux version.
Re:Just another... (Score:5, Informative)
"What makes you think they don't have a variant for Linux? User stupidity (i.e: bad/no security) isn't unique to Windows."
This is an excellent statement. Stupidity knows no bounds. Its also dangerous to assume that the FBI doesn't know what it is doing. When I worked in law enforcement, the FBI computer crimes agents I knew were well versed in operating systems other than Windows. The two I worked with most often had a solid knowledge of Linux and Cisco IOS.
Re: (Score:3, Informative)
Fine, then play the Intelligence game and feed them disinformation.
Set your user agent to IE while running Linux, and disable JavaScript/Java and any other extensions so they think you're running one OS, and have no way of pulling info to request more information.
For extra points run on a VM that you can strip down to the bare essentials, configure once, and then wipe after each "communication".
If the only ports its allowed to get to is the anonymizer'
Re:Just another... (Score:5, Funny)
Greta: He knocked over another ATM. This time at knife point. He needs your legal advice.
Fletcher: [picking up phone and shouting] Stop breaking the law, asshole!
Re: (Score:2, Insightful)
According to the complaint filed against Kelly, he believed that "companies like Comcast and Verizon were indirectly responsible for his unemployment and dire financial situation because they worked with companies that favored foreign engineers over their counterparts and because they had indirectly stolen his intellectual property."
As part of his sentence in late 2005, Kelly was also ordered to enter a mental health program.
No parole? He might be a silly muppet, possibly crazy, but treatment sounds more re
Re:silly muppet (Score:5, Funny)
No, just an asshole acting smugly superior.
Re: (Score:2)
No jail time... we're not all that different.
From TFA:
Later that year, Kelly pleaded guilty to extortion, was sentenced to five years probation and ordered to pay Verizon $378,000 for the damage he did.
In the USA, you only go to jail for drugs :)
Re: (Score:2, Insightful)
I would assume he was found not guilty due to mental defect. If not I would be very afraid as his sentence reaks of the thought police. Sadly there is instances now of people's sentences being sent to "fix" their way of thinking.
Re: (Score:2)
Re: (Score:2)
Sure they did. If all it had to do was phone home with some standard info, then they could use the same software any time they needed to. All they'd need to do is insert it into the Web site they wanted him to download it from.
Re: (Score:3, Insightful)
Doesn't seem like it was too complex. Sounds like they simply used some sort of drive-by download to install it on his system, and the program simply phoned home with the infected computer's IP address, MAC address, and a few other identifying pieces of info.
Re: (Score:3, Interesting)
No, for the same reason you do not have a right to keep and bear nuclear devices or chemical and/or biological weapons.
Re: (Score:2)
Comment removed (Score:5, Funny)
Re:So We can Assume... (Score:4, Funny)
No Jail Here (Score:2)
This case resulted in a sentence of 5-years probation, restitution, and mental health counseling.
Re:Duh? (Score:5, Interesting)
here are some facts...
1 - criminals are typically dumb as hell.
2 - smart criminals are still dumb.
3 - it is incredibly RARE to have a very smart criminal, when you find one and they do a lot of criminal acts and get away with it, they get cocky and then become a dumb criminal. Example? Kevin Mitnick. he got cocky, then did some really REALLY dumb things to get caught.
Real professional computer criminals DO exist. and you will never hear about them because they dont get caught. Computer Crime forensics pros are not as good as they all want you to think they are, they may be WIZZES at computers but they are not Wizzes at encryption, obfuscation and stenography, let alone secret squirrel stuff. It is really easy for a 13 year old punk to get and use the same technology that the biggest nations are using for their spies. If a kid is talented enough and has enough self control he can easily elude the entire FBI and NSA together online. it's not technically or technologically hard, it's simply being able to NEVER EVER get sloppy. because the second you get sloppy, you're nailed. The longer you go the harder it is not to get sloppy or accidentally give them a pattern. to the FBI, it's a matter of time... you will screw up, they will get you.