Slashdot Mirror
FBI Remotely Installs Spyware to Trace Bomb Threat
cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."
They use both.
... FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
My guess is that nothing quite so sophisticated was necessary since the user downloaded and ran an unknown attachment from an email message
...where does it say that the guy even had any kind of AV software on his computer?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Would it even be necessary to compromise security vendors? While heuristics and malware detection has been something long promised, it is my understanding that the vast majority of security software works purely by comparing against their dictionary of known attacks. If the police have highly specialized, very limited deployment spyware, it seems that most security software wouldn't have any inkling that it's malware in the first place.
I have no doubt that organized crime and government agencies are aware of and abusing exploits. Given that they don't blast it to the world like a giddy teenager looking for attention, no one knows what to look for.
WTF would you make bomb threats using your own PC, at home, anyway? For crying out loud, if you're going to commit a felony, go find an open wireless relay, using a borrowed, rented, or stolen notebook.
Criminals are dumb.
My blog
From: spyware@fbi.gov
Subject: Click here for free movies!
Attachment: not_spyware.exe
Hello! You have been selected to receive free movies at no cost to you! All you have to do is install the attached program to start downloading all the latest Hollywood hits free of charge!
-Social engineering (either against the person, or his mother)
-Breaking into the basement^W house and installing the damn thing
-Hiding it in porn
I wonder if I use bold in my signature, people will notice my posts.
"Thank you. You just made hacking a whole lot easier."
The Germans already proposed something like that. It was retracted when they realized that it pretty much opens the door to any kind of espionage, and that this could quickly turn AGAINST them.
No backdoor is secure. Word will get out and it will be abused. Worse yet, if you force AV and firewall manufacturers to keep that hole unplugged, you open yourself and all the businesses in your country to industrial sabotage and espionage.
Think the feds are THAT stupid? Even if, do you think their lobbyists will allow them to?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Something seems fishy about the whole story, though. This guy was apparently savvy enough to use a proxy in Italy to send his Gmail bomb threat emails, so he was at least trying to cover his tracks... But he was dumb enough to open a random email attachment? It strikes me as more likely that the CIPAV is deployed through a browser exploit (or perhaps even "legitimately" as an ActiveX control or BHO, people will install anything).
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
If this guy will open random e-mail attachments, there is a good chance he already has tons of spyware/adware/viruses on his machine anyways. I doubt he would have noticed one more.
Things you think are in the Constitution, but are not.
I keep re-reading my Constitution, and I don't see where it allows for a police power for the Federal government to go after bomb threats or any similar crime.
Is a bomb threat considered piracy?
Is a bomb threat considered treason?
Is a bomb threat considered counterfeiting?
If it isn't, there is NO Federal allocation of power to go after bomb threats, period. What the FBI is doing is not just unconstitutional, but any political leader who took an oath to uphold the Constitution is violating the only oath they took.
It is time that the residents and citizens of the United States of America ask where the government has gotten these powers from. I know that many of the previous generation is afraid of terrorist attacks, but we are all being attacked already in having our natural rights taken away from the very government that has one major purpose: to protect us from the State who wants to take those rights away.
It is fairly simple. The FBI has no provision in the Constitution, nor in any Amendments to said Constitution, and should just go away. Let the local State police force worry about bomb threats. If it happens from across State lines, let both State police forces work together.
The Feds would have the $$$ and be able to hire the skill labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.
The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Your computer is broadcasting your IP address!
They got a court order, seem to be going through all the proper channels, aren't trying to pull any "national security" secrecy bullshit, and just seem to be doing this by the book. It's nice to see representatives of the law obey the law and actually be able to feel good about what the FBI is doing. Am I just jaded?
Once they stopped honoring and enforcing the Constitution of the United States of America, and violate it arbitararily.
"Flyin' in just a sweet place,
Never been known to fail..."
You might not be sitting here right now and your neighborhood might have more of a crater shape. Think about that the next time you boot up Windows.
They think this guy really did it! I fooled 'em good!
How much is your data worth? Back it up now.
We have: A teenager who used his computer to send bomb threats through myspace.
Assumption 1: He doesn't know jack about computer security like 99% of the users out there and simply clicks everything sent to him.
Assumption 2: The FBI keeps a hole open in Windows that only they know about.
Assumption 3: AV vendors are forced to keep holes open, as well as firewall vendors and everyone else who could technically find it.
Assumption 2 and 3 bear a heavy load. Assumption 2 implies that EVERY Windows OS can be remotely exploited. Now, it IS possible to reverse Windows. And since there are Windows emulators out there that can handle calls to functions most people don't even know exists, it's safe to assume that quite a few people already reversed some parts of Windows. A hole would have been found by now. More important, such a hole could easily be used against US companies when, say, China finds them and uses it to eavesdrop on confidential data. If such a hole existed, the first thing the FBI would do is make sure that no US company dealing with critical or sensitive information (nuclear, biological, you name it) uses Windows as their main operating system.
Thus I consider it rather unlikely.
Assumption 3 includes that every AV vendor on this planet knows about the hole/malware and keeps his mouth shut. Now, a good deal of such AV vendors sit in countries that are not the US, worse, some of those countries are economical competitors to the US. Think they'll keep silent? Or that they would include it into their software? Hardly likely.
I'd stay with assumption 1: He was careless, clicking on everything and running no AV kit.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Movin to the country,
Gonna eat a lot of peaches
Movin to the country,
Gonna eat me a lot of peaches
Movin to the country,
Gonna eat a lot of peaches
Movin to the country,
Gonna eat a lot of peaches
Peaches come from a can,
They were put there by a man
In a factory downtown
If I had my little way,
Id eat peaches every day
Sun-soakin bulges in the shade
Take a little naps where the roots all twist
Squished a rotten peach in my fist
And dreamed about you, woman,
I poked my finger down inside
Make a little room for it to hide
Natures candy in my hand or can or a pie
Millions of peaches, peaches for me
Millions of peaches, peaches for free
Look out!
Wouldn't a using a livecd have prevented the software from being installed?
Is that it simply used social engineering to convince the recipient to run the tainted executable, thus infecting himself, rather than relying on being able to exploit a hole that may or may not be present. Male teenager? Offer him free porn, he'll barely be able to double-click the exe fast enough...
It's official. Most of you are morons.
I'm pretty sure car jacking and armed robbery and even hijacking an airplane aren't covered in the constitution either. There are however laws dealing with mass hysteria which said threat could cause. There is nothing in the constitution keeping me from going to the beach and yelling 'SHARK!!!' either, but guess what, its illegal.
http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html
remember the sony root kit fiasco. how did -that- get past the virus vendors?
Please read Title 28 of the USC before spouting such ill-informed drivel.
I'm pretty sure car jacking and armed robbery and even hijacking an airplane aren't covered in the constitution either. There are however laws dealing with mass hysteria which said threat could cause. There is nothing in the constitution keeping me from going to the beach and yelling 'SHARK!!!' either, but guess what, its illegal.
Car jacking is a local crime. There were horse thefts when the Constitution was written -- and those aren't covered. People stole river boats, too, and those weren't covered. A crime against another individual is a local issue, and purposefully covered by the 9th and 10th Amendments. So is hijacking an airline (which wouldn't happen if the 2nd Amendment was not disturbed by the regime).
Yelling SHARK!!! at a public beach is Constitutionally protected speech. Congress shall make no law infringing on that natural right.
Yelling SHARK!!! at a privately owned beach is covered by the rules and regulations set forth by the property owner. Entering that private property may require an agreement or a contract, and violating that agreement or contract could be grounds for your being removed, or for the owner to sue you in civil court for violating a contract.
Such is the beauty of the Constitution. Such is the evil of the regime.
I think that it would be considered a "Threat". ie. "Death Threat", which is illigal. Last time i checked, bombs kill.
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
There's now no reason for criminals not to use Linux. Thanks FBI, you just made us dangerous by default.
I keep getting prompted to run smileys.exe when I connect to MySpace, but Synaptic Package Manager barfs on it sayings it not a valid package file? I did a 'file' on it, and its some sort of executable for a system called "MS DOS" - is that like ProDOS?
Sorry FBI, I'd like to help, but it seems your wiles only affect chimps.
I want to delete my account but Slashdot doesn't allow it.
I have read Title 28 of the USC, including Part II and Part III, and section 533 specifically. This part of the USC is definitively unconstitutional because no Amendment was provided for to allow this form of policing.
The original section (533) specifically gave the Attorney General the power to build a police force to protect the United States, which has no grounds in the Constitution for being a federal power. The 9th and 10th Amendments see to that.
The PATRIOT Act is also drivel, blatantly unconstitutional across the spectrum of the Bill of Rights.
Just because it is law does not mean that the Constitution allows for it.
Congress does a lot of things that are not authorized in the Constitution..Social Security, Department of Education, and on and on. Many of them are "good" things. Personally, I heard a suggestion a couple of years ago that I think would be a great idea: before Congress can consider any Bill, it must contain a clause which states where in the Constitution Congress is given the authority to legislate on this particular topic. This would eliminate a lot of laws from even being considered and make it easier to determine the Constitutionality of a law. If said clause of the Constitution does not actually extend said authority, the judge can readily declare it unconstitutional and if Congress wants to authorize it based on some other clause of the Constitution, they can start over.
The truth is that all men having power ought to be mistrusted. James Madison
You are wrong about constitutionally protected speech when it can cause harm or mass hysteria. That is NOT protected. I'm curious how the 2nd would protect against airline hijacking though.
I think that it would be considered a "Threat". ie. "Death Threat", which is illigal. Last time i checked, bombs kill.
The Federal Government has no power to police threats OR murder, Constitutionally. Murder is defined by the People and the Individual States per the 9th and 10th Amendments. This is why abortion should be the People's or the State's right to define -- the definition of murder can and should vary State to State. Threats, to me, are free speech issues, but I have no problem with an individual State or smaller government body criminalizing threats with intent. Again, the Federal Government has no power to define or criminalize any of these items.
We need some irrelevant, poorly thought-out verbal sewage in here, STAT!!!
Its not just FBI Magic Lantern program...
There are no less than THREE independent new offices of the US gov tasked with creating remote exploits for injecting arbitray data into or out of compromised systems. They have relatively small teams of hackers wholly unrelated to military or NRO or NSA efforts.
The Legislative Branch has a program!
The Excutive Branch has a program initially staffed at 16 million per year for salaries pre-9/11 and soaring much higher since.
The Judicial branch of the government has of course a larger program for creating these keyloggers and such.
Some craftier ones communicate data outward merely by creating detectable radio emissions outside of the room or dwelling by accessing non cached ram in unique encoding patterns. This is merely a NSA TEMPEST derived method but effective if it is feared the people being keylogged or studied are using external routers that detect or log outgoing traffic. Little can be done to thwart this vector as the encoding is robust enough and ahs enough error correction and redundancy to shine through, especially with such a primitive and small payload (all keypresses, all unique new IP addresses being acceessed and times, SMTP and POP activity and custom payloads.
The best defense against sneak-and-peak USB tampered keyboard swaps or usb dongle sniffers being installed when you leave a premises is only using a laptop and keeping it in a custom locked briefcase, though anything can be picked. counter surveillance of the briefcase is needed. Hiding password entry fingerstrokes from possibly installed spycams is also prudent if you use encrypted volumes.
The goal is to prevent your passphrase from ever being captured and used. Once arrested, if the passphrase is NOT recorded on paper, and only in your mind, the us constitution and case law protects you from incriminating yourself.... if you are sent to a real federal jail with actual rights and not sent to a CIA torture-prison in another country for brutal interrogation and doping.
Using the ATA standard to encrypt a drive is not secure, you need a software block encryptor.
OSX has a fairly good one (AES), but does not cover the boot partition.
The Mac OS (not OSX) Mac OS 9 ironically is the only os in history never ever to be remotely exploited in history. Check BugTraq immense database if you do not believe me. Using it, or in an emulator, with a much older Netscape or iCab is a good solution for sandboxing and avoiding all possible FBI magic lantern activity.
By the way Cryptome.org hosted actual stolen copies of client and server binaries for FBI Magic Lantern back in 2001 ! They used a excel spreadsheet and outlook express flaw and not a MSIE flaw I seem to recall hazily.
This revelation in todays news is 6 years behind the times.
You are wrong about constitutionally protected speech when it can cause harm or mass hysteria. That is NOT protected.
At the Federal level it surely is, regardless of what the Supreme Court wrongfully interpreted. Let us read a very simple part of the Constitution, a document written specifically to declare what the Federal Government can do, and what it is restricted from doing:
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
As you can see, no law means no law. Harm, mass hysteria, are issues that have been with man since the dawn of man. They were nothing new to the Founding Fathers who knew that government uses the idea of "mass hysteria" to harm natural rights. They left those issues to the People and the Individual States.
I'm curious how the 2nd would protect against airline hijacking though.
Airplanes are private property. Private owners should be free to allow, or disallow, armed passengers. In fact, the United States airlines DID allow armed passengers until the Federal Government unconstitutionally prevented people from carrying their weapons on-board planes. Show me one terrorist who would dare to threaten hijacking on a plane where half the passengers are armed and trained and protecting themselves. In all the years people armed themselves on airliners, we had no issues with terrorism in the States.
Title 28 is really the wrong title to be pointing to, but...
I believe GP's point is that the Federal government has no Constitutional power to get involved in random criminal law. It doesn't matter what any Federal statute says if the Constitution doesn't grant the power to make that law in the first place.
Federal laws usually point to the Commerce Clause and effects on interstate commerce as their source of Constitutional authority, and I'm sure the courts have and would uphold that for a bomb-threat law... but the GP has a reasonable point in that a normal person wouldn't think of a bomb-threat law as having enough connection to interstate commerce to make it a legitimate federal concern. There are a lot of people who think that most of what the Feds do is in fact outside their proper authority, and mostly because the present interpretation of the Commerce Clause is an unreasonable one. I think those people have a lot of right on their side.
Moral of the story: if you want privacy, don't make bomb threats.
Why not just get MySpace to send an e-mail out to the user containing the spyware? That way it looks fairly legitimate and is (almost) guaranteed to get to the right person.
Of course there is still the chance that a firewall or piece of security software would pick up the offending malware. Chances are the kid didn't have a very secure setup as others have suggested. The FBI probably thought they'd give the spyware thing a try and it worked out - I doubt they need to make use of OS exploits. They probably had enough data about the kid to create a highly targeted piece of spam or advertising that he was simply not able to resist.
I know this site is a big echo chamber but the simple fact of the matter is Federal law enforcement coordinates very closely with every computer vendor that has anything of interest to them. The coordination efforts are expressly for purposes like this. I seem to recall photochop will throw an error if you try to scan U.S. currency. It's like that, only everywhere and no error messages.
/. moral outrage rings very hollow because no one will fight for anything different.
Law enforcement is very deep into every aspect of computer activity. It's been this way for more than a decade.
The
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
See, this is the kind of action the German government plans to officially include into its law. Where's privacy leading to? In the end this doesn't affect any criminals, it's the average user who just doesn't know better how to securely connect to the internet.
Congress does a lot of things that are not authorized in the Constitution..Social Security, Department of Education, and on and on. Many of them are "good" things.
You just named the two of the worst parts of Congress from the beginning of the 20th century. Both of these items are local items per the 9th and 10th Amendments, and since the Federal government got involved, both those items are now much worse for the average citizen today than before those "laws" were enacted.
Personally, I heard a suggestion a couple of years ago that I think would be a great idea: before Congress can consider any Bill, it must contain a clause which states where in the Constitution Congress is given the authority to legislate on this particular topic. This would eliminate a lot of laws from even being considered and make it easier to determine the Constitutionality of a law. If said clause of the Constitution does not actually extend said authority, the judge can readily declare it unconstitutional and if Congress wants to authorize it based on some other clause of the Constitution, they can start over.
Actually, there is one Congressman who reads EVERY bill before he votes on it (along with his staffers). The minute they hit an unconstitutional part of the bill, he immediately decides to vote no. I believe he said he rarely has to get through 2-3 pages of any bill before his decision is made for him.
The judges of this country are criminals, as much as the Representatives and the Executive branch is. It is up to the People to stop voting for criminals who violate their oaths moments after taking office. Then again, many of you learned the Constitution in a Federally-funded public school, so it doesn't surprise me that 95% of Americans have no idea what the document is about: it does not give you rights, it takes rights away from the State who want to take your natural rights away.
Car jacking became a federal crime in 1992 (http://www.criminal-law-lawyer-source.com/terms/c arjacking.html) and murder during the commission of a car jacking carries the federal death penalty (http://www.deathpenaltyinfo.org/article.php?scid= 29&did=192).
A One that isn't cold, is scarcely a One at all.
The Constitution empowers the government to provide for the general welfare. I'll leave it up to you to figure out how a threat could be a threat to the general welfare.
As I've said in other threads, just because it is law does not mean it passes Constitutional muster. The Constitution is VERY specific on the types of crimes the Federal government can police:
1. Treason
2. Counterfeiting (of gold and silver bullion coin, the only type of money the Federal government can legally mint)
3. Piracy (on the high seas or open plains, not software or movies)
Everything else the Feds try to police is illegal and unacceptable for them to do.
Interesting question.
I am not a lawyer, but a plain reading reveals three pretty easy justifications.
Two Article 1. clauses come to mind right away...
To define and punish piracies and felonies committed on the high seas, and offenses against the law of nations;
(bombing could certainly be considered an offense against the law of nations)
To regulate commerce with foreign nations, and among the several states, and with the Indian tribes;
(the commerce clause justifies most federal interventions, including speed limits).
The 14th Amendment, I think, is also frequently cited as justification for Federal involvement. The equal protection clause could certainly apply to anyone threatened by a bomb.
And Article 1. goes on as follows:
To make all laws which shall be necessary and proper for carrying into execution the foregoing powers, and all other powers vested by this Constitution in the government of the United States, or in any department or officer thereof.
So Congress could create the FBI (and Secret Service and Federal Marshals...).
I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?
The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.
So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?
But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?
The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we cannot trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?
Stop-Prism.org: Opt Out of Surveillance
Might be offtopic, but cant resist a comment :)
First glance at the title, and I read "Dont wait for FireFoX III" ...
WE DON'T NEED NO BLOG CONTROL.
It does not do that based on what modern Justices believe that means.
Per the Federalist Papers and the Madisonian debates before the Constitution's finalizing, the definition of general welfare was "for the diversity in the faculties of men, from which the rights of property originate."
The idea of general welfare was for the Federal government to PROTECT, not instill, the rights of property and the rights of man to use his diverse faculties to provide for a better life for himself. It was not for any State or the Federal State to provide for people's welfare.
How politicians get elected without reading and understanding the definitions of the Constitution is beyond me. The Federalist Papers is a great read -- and it openly defines many of the phrases that have been mutilated by the regimes since that time.
I keep re-reading my Constitution
Oh, that old thing?
Welcome to a post-9/11 U.S. where people don't stand up for their constitutional rights because they are too busy buying duct tape and plastic sheeting.
You're right, in a sense, that the FBI probably isn't allowed to do this stuff; but, no one in authority is going to stop them.
Pretty soon, people in this country are going to have to start exercising their 2nd Amendment rights for the reason it exists: armed revolution.
Some people have a way with words, and some people, um, thingy.
I am an attorney, although neither constitutional no criminal law are my areas of expertise. Most federal laws that govern things like this are under the "Commerce Clause". This clause gives the federal government the power to regulate commerce between the states and it has been interpreted to allow federal regulation of almost anything. In this case the crime is making threats over e-mail. Because of the nature of e-mail that threat travels over interstate communications lines. People pay to pass packets over those interstate communications lines - ergo - Interstate commerce! If you think of it this way (and I'm not suggesting this is the correct interpretation of the commerce clause, just the one the supreme court uses) - almost everything is subject to federal control.
So what if a "solution" to a "problem" today causes more problems tomorrow?
That just means there's more need for more legislation tomorrow to fix that problem.
And the cycle never ends.
Declan not only ripped this story off from Wired without attribution, he got it wrong. There's no way the police could have emailed the tracking software to the kid as an attachment. Myspace doesn't allow attachments. Want to see the real story with real reporting: try the original story here: http://www.wired.com/politics/law/news/2007/07/fbi _spyware
Actually, there is one Congressman who reads EVERY bill before he votes on it along with his staffers . The minute they hit an unconstitutional part of the bill, he immediately decides to vote no. I believe he said he rarely has to get through 2-3 pages of any bill before his decision is made for him.
Is this Dr. No?
it does not give you rights, it takes rights away from the State who want to take your natural rights away.
Actually, the State never had those rights to 'take away'. It's a specific limit on powers, should somebody get the idea to setup a quasi-socialist corporatocracy it would prevent them from doing so. Oh, wait...
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
WE DON'T NEED NO BLOG CONTROL.
Why else do you think they call it 'Spyware'. Geez.
What if the Hokey Pokey really is what it's all about?
... FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?
Where have you been?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I'd be rather upset, if an American government agency were unable to find a way to find a (legal) way to penetrate an American-made operating system with or without cooperation of American computer-security firms to investigate bombs threats against an American school...
Yes, privacy is very important — unless you are dead, that is...
To protect a few hundreds of innocents from McCarthy-like harassment, America shackled its intelligence services in the past, which appears to have contributed substantially to the deaths of several thousands (and billions of dollars worth of destruction) in 2001 alone.
The pendulum is now swinging into the other direction and already there are dimwits, who break Godwin's Law and still get moderated to heavens by fellow dimwits... Something tells me, I will not be :-)
In Soviet Washington the swamp drains you.
I'd worry more about the enormous back doors in your constitution before you started worrying about back doors in your OS.
I am TheRaven on Soylent News
The law isn't facially unconstitutional, since there are pretty clearly cases where it can be exercised constitutionally. For example, I don't think anybody would complain about the feds investigating violations of constitutional federal statues. Since the commerce clause (at least under current jurisprudence) gives the feds broad power over things in, or affecting, interstate commerce, this makes the police power pretty wide.
They don't have to be stupid. They can mandate that the backdoors remain open, and claim immunity for themselves and the compliant companies under the aegis of national security. If it worked for warrantless wiretapping and torture, surely it would work for this. It should work for pretty much any type of surveillance or other government activity. Once those two words are allowed to trump all other concerns, and are allowed to even stifle debate about the programs, then the game is effectively over.
You believe that it is constitutionally acceptable to allow people to inflict fear on the populace through bomb threats. Not only are you an idiot, but you really should find yourself a country that cares what you have to say.
You can say a lot of good or bad things about our government, but calling it evil because it enforces a just law is absurd.
Just a note... not all ACs are so proud of their copy n paste skillzorz.
It's inconceivable to me that the Constitution, written as it was at a time when there were no cars, would not provide for federal policing of car jacking . I don't know if you've noticed, but Consitutional Ammendments are fairly difficult to get ratified, and if you think that federal authority should be limited to exactly what the Constitution provides for without consideration for the realities of the system, then I admire the world that you live in.
A One that isn't cold, is scarcely a One at all.
From the search warrant:
I wonder how they did that. Surely just dropping a PDF in with the CIPAV software would be considered contempt (about as legal as burying a physical search warrant in the backyard). Waiting for the 60 day gathering period to expire seems too long, but sending notice and receipt for each day's take would make the whole thing a waste of time.What do you mean they cut the power? How can they cut the power, man? They're animals!
In theory that's a great idea. In practice, Congress would just start writing laws on stationary that had "Enabled by the Commerce Clause" pre-printed at the bottom, since that's their catch-all for everything.
The enemies of Democracy are
The kid hacked a computer in Italy to send his emails. Since his crimes crossed sate lines it becomes a Federal crime making it the province of the FBI.
Morons... They obtained a federal court order... slashdot is a liberal panic room.
"Those who would trade essential freedoms for security, will loose both and deserve neither"
- Ben Franklin
My rights don't need management.
I don't know if you've noticed, but Consitutional Ammendments are fairly difficult to get ratified, and if you think that federal authority should be limited to exactly what the Constitution provides for without consideration for the realities of the system, then I admire the world that you live in.
I'm fairly certain that Cloudcuckooland is a nice place to visit but I don't know that I'd want to live there.
in germany the government did the same thing (they say it was "only" 12 times so far) until a court forbade it... now our equivalent of the DHS tries to legalize it.
interestingly the head of our DHS, Wolfgang Schäuble, is trying to pass pretty much the same laws, that hitler did - and using the same "this is neccessary against terror" propaganda that hitler did....... and appallingly 60% of our stupid citizens are with him... I think one "successfull" act of terrorism in our country would be enough to start the fourth reich... (and remember that hitler staged the terrorist attacks back then)
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Fortunately, the courts have started overturning some things that are "justified" under the Commerce Clause. I think the last one I heard was a federal ban on guns in school zones, the Supreme Court said Congress had no authority to pass such a law...that if the Commerce Clause allowed that it allowed anything. The law was overturned.
The truth is that all men having power ought to be mistrusted. James Madison
and they could not make an arrest! (except a Citizen's arrest)
Thus they had to travel with a US Marshall to make an arrest in those days.
They had an investigative function only.
"Actually, there is one Congressman who reads EVERY bill before he votes on it (along with his staffers). The minute they hit an unconstitutional part of the bill, he immediately decides to vote no. I believe he said he rarely has to get through 2-3 pages of any bill before his decision is made for him."
And who is this guy? I'd like him to move to my district...
The meek may inherit the earth, but the strong shall take the stars.
They have to be smart enough to know how to spend it too.
The Feds would have the $$$ and be able to hire the skill labor to build some pretty sophisticated spyware tools.
The feds had $170 MILLION to spend to modernise their case management system from one based mostly on paper files augmented by a crufty old mainframe that could only manage or search textual data, to a modern, enterprise-class computer system called the "Virtual Case File" system. The contract was awarded in 2001 (just BEFORE 9/11), and to this day the VCF is STILL essentially non-functional!
Instead of examining what off-the-shelf case management/collaboration/etc software had to offer (whether Free software or not) they opted to let the vendor decide how to proceed--giving them very little in terms of restrictions or system requirements. The developers chose--for their supposed ENTERPRISE-CLASS solution in late 2001--to CUSTOM DEVELOP a FOXPRO application...to handle ALL the case files for ALL the FBI! For $170M There was no test plan, and no migration strategy--they intended to just install it and turn it on and use all of it right away for all new and currently active files. Well, at least they managed to get new computers on most agent's desks (theones who had nothing but a 3270 terminal anyways) for the money.
Somehow it wouldn't surprise me if the feds' "sophisticated" spyware tools relied heavily on script-kiddie toolkits, social engineering tricks (Click here for horse porn! Free screen savers!) and so on...an it probably works only with Windows computers (despite having the same unrestricted access to Linux source code as everypne else I'm betting FBI and CIA types haven't clued in to making Linux rootkits yet). Remember we aren't talking about NSA or other scientific-research-oriented departments here--their "intelligence" seems confined by some fairly restrictive bounds.
Exactly. Again, reading the Federalist papers and reviewing the numerous debates of the time, it is evident than the idea of "regulating commerce" only meant that the Federal government's true power here was to PREVENT THE STATES from restricting commerce between each other. Regulate did not mean "to govern, restrict, tax or control" in the sense it does today. It solely meant that the Federal government, a State enacted solely to protect private property and individual natural rights, was also empowered to make sure the individual States did not trample on free trade between the individual States.
Unfortunately, the legal profession is not what it was once. Maybe you're a rare exception.
http://en.wikipedia.org/wiki/NSAKEY is a good primer.
It was covered extensively at the time by the likes of Bruce Schneier and others, his comments said:I think the jury is still out on exactly what was really going on; if it was an NSA backdoor, it was a pretty boneheaded one. Alternately, if it was just Microsoft being redundant, then it shows that they didn't plan very well and don't seem to understand security very well. Given the choice between the two, I think boneheadedness on MS's part is more likely.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Too much info has been released and I can explain what is occurring right now. This is not speculation.
- E-mail account made at a foreign e-mail hosting site that has an extremely terse address so as not to be hit by spambots (i.e. 4433dakjikk83726jj@somewhere.org)
- E-mails are sent from a stolen laptop through a public wireless access point that are copycats of this crime to illicit the same FBI response.
- E-mails are then checked each day from different public access points each day using a different MAC address at each access point. [The only e-mail that should be coming into this account would be the one from the FBI. Probably easy to verify by checking DNS records of the e-mails originating IP or IP block.]
- E-mail is received and copied to disk.
- Laptop is destroyed.
- CD with e-mail is then analyzed on a Linux/Unix machine that has no internet connection.
- Backdoor/exploit vector is discovered and used for "other" purposes.
Ouch - zing!
A One that isn't cold, is scarcely a One at all.
The warrant isn't really the point. The point is that they have the tech to get past firewalls and antivirus software, and can plant spyware on your machine. This time it was legal, because the FBI got the warrant. But what about the CIA/NSA/RIAA using the same tech to spy on you? Some government agencies don't need warrants.
When our name is on the back of your car, we're behind you all the way!
The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed?
Are we looking too hard? What about a simple exploit.. I just read the PDF. Everyting they said they did could be done by a simple email containing a link to a webserver. Opening the email loads the webpage.. The FBI hosts the webpage. Think about the information avaliable to the website.. OS, email, browser, MAC address, IP address... No special software needed and works on any modern email client that will open a HTML email and load a webpage.
The truth shall set you free!
I may be a rare exception - in that I don't really practice law...
Reduce, reuse, cycle
You don't have a clue WTF you are talking about, it seems.
1. Antivirus programs only spot common viruses. They will not catch a virus you just finished writing by yourself, or the one an FBI tech just came up with.
2. Kid is retarded by definition (google define:script-kiddie). Were he even a tiny bit smarter, he would select an object in a different city or a different country, not his own damn school!
3. 'Nothing to hide' usually means nothing to hide from authorities or law enforcement officers on official business. I personally would not mind giving them my credit card number or bills since I do not buy illegal drugs or child porn. They can also come into my house all they want but I sure as hell want a warrant if they decide to collect any evidence.
4. As a consumer you do not need to report your purchases to the IRS unless you are trying to get a credit or a refund for them somehow.
5. No, the gov't is not 'overstepping their boundaries.' They followed the legal procedure including getting a warrant.
Obama likes poor people so much, he wants to make more of them.
I for one am relieve that the US Mint is banned from "minting" paper money. Putting all that cotton rag through the anealing, heat treating and stamping presses is just not safe.
Speaking of safe - I have no doubts that airline passengers would feel much safer with the knowledge that Wyatt Earp and Doc Holliday were armed and ready to take on the Clantons and/or any unsavory looking brown people - guns a blazing at 30,000 ft., all for their safety.
BTW - a constitution is just a piece of paper. It is not the Constitution that guarantees your freedoms, but the shared beliefs and values of the citizens, without which any consitution is meaningless. The Constitution is a snapshot of those shared values from 200+ years ago. People, cultures and values change over time. Through amendments and judicial interpretation the Constitution does as well. Only a fool would believe that to grow a nation out of 13 sparsely populated colonies into a world power over 200 years would not require structural change.
I'm a realist when it comes to government, but he speaks the truth. The Federal government has for the past 75 years overstepped its authority and ignored the original intent of the constitution.
What he is pointing out is that the FBI has powers not granted to it by the constitution nor does congress have the legal authority to have such powers if you were to take a interpretation of the constitution that if the power is not granted then it is not given.
However, the Federal government to an extent has override such things by apathy of most Americans or placated them with ear marked funds for their district (see Bridge to Nowhere).
Pretty much the only real Constitutionalists in government these days is of course Ron Paul who recognizes this fact and wants a government to return to its roots and core values of what the original frame workers intended. In fact its pretty much what the whole Libertarian movement is about and if you really believe the current way government is run is the way it should be then you really need to read Thomas Jefferson's views on government. Even the contemporary Federalists like James Madison never believed in a centralized government this strong.
Yes what the boy has done was highly wrong and illegal, but this is something for local authorities to pursue! There are laws already against such behavior on the books and we don't need a central police force to take care of it.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
To stop voting for these criminals we need another choice. Every possible choice I have seen has been a foul, loathsome, evil twit.
Oh Crap, I'm an optimist.....
"Car jacking is a local crime."
And if it crosses state lines? Hmm, not local anymore...
"There were horse thefts when the Constitution was written -- and those aren't covered."
As if they should have been. It was not the job, nor the desire of the framers to enumerate every specific right and responsibility, they counted on the establishment of judicial bodies to do that as the situation arose.
It seems very clear to me that your problems stem from an inability to accept that a literal reading of the Constitution was neither expected nor intended. Doing so, as you have done, is absurd and unwarranted.
I only go to buffets for the unlimited soft serve.
The answer is right in front of you. Governments and spy shops pay for exploits before they're made public, so they can use them to enter your machine as they need to. In this case, we don't know how CIPAV was delivered, but it might be as simple as an undiscovered exploit in Outlook or a browser-based email system. While none of us trust government, I equally don't trust my fellow citizens, so the "ethics" of this point are moot.
technical writing / development
"At the Federal level it surely is, regardless of what the Supreme Court wrongfully interpreted."
What utter drivel. The Supreme Court is tasked with the job of interpreteing the Constitution, regardless of how you feel about it, in the very same Constitution you are purposely misapplying.
And since they are the supreme voice, and their interpretation is binding, you claim that it is "wrong" is factually impossible. The ONLY interpretation is theirs, none of the others matter one whit, including yours.
How long are we going to have to watch you make an idiot of yourself before you realize that literalism regarding the Constitution was never intended or implied, and doing so like you have is moronic?
You believe that it is constitutionally acceptable to allow people to inflict fear on the populace through bomb threats.
If you think your statement even makes sense, then you're very wrong.
Nothing in the constitution has anything to say about *allowing* people, as in private citizens to do a damn thing. The premise upon which the constitution is based is that it is the right of a person to do damn near anything they so choose. All the constitution is for is to explicitly list the very few things that the *federal* government is allowed to do. The bill of rights was added as an afterthought to specifically mention some major important things that *yes, absolutely, we mean this you can not under any circumstances do anything to regulate any of these things. It's not your business keep the fuck out*. It was largely considered worthless and redundant at the time, but a few "paranoid loons" insisted, and so they were added.
So, making threats to one high school in a small city in Washington state has nothing *at all* to do with the constitution. Using a federal agency to investigate said threats is, on the other hand, not in any way shape or form *permitted* by the constitution.
That's what your state and local governments are for.
Not only are you an idiot, but you really should find yourself a country that cares what you have to say.
You've done nothing to back up your idea that the OP is an idiot, but you've proven beyond any doubt that you're deeply ignorant on the topic yet willing to spout nonsense about it anyhow.
You can say a lot of good or bad things about our government, but calling it evil because it enforces a just law is absurd.
Except the OPs point is that there is no just law involved. I doubt many people would disagree that bomb threats need to be taken seriously, but there are appropriate avenues to address them. The federal government is not, in any way, such an avenue. People, like yourself, who keep insisting that the federal government overstep its bounds because they can't be bothered to learn its appropriate role is the reason we are now running death camps in third world shitholes and spying on our own citizens.
Now, is there any chance you'd care to apologize to the OP for the ad hominems you were throwing around based solely upon your own misunderstanding of the topic at hand?
It's called the necessary and proper clause.
Is yelling bomb on a plane illegal? I'm really unsure, but I can tell you I know of one Marine that did, and I didn't see him for 3 months afterwords.
Is yelling fire in a movie theater illegal? I'm really unsure, but I did see a group of teenagers get arrested for just that.
Free speech is like getting a lap dance from your best friends girl, it's only free if it doesn't offend.This is Slashdot! Give me the latest gadget, bug, or OS project! This ain't english class so don't confuse the two!
FWIW, I understood the point you were trying to make. Evidently I'm the only one.
Proud neuron in the Slashdot hivemind since 2002.
I quit a job because of that. The stress of showing up 2 hours early (after an hour commute to the airport), worrying if I had any banned items - you know the dangerous toothpaste or a 4 ounce bottle, getting randomly removed from line because of that wonderful 'SSSS' on my boarding pass, having the TSA make me miss my flight even after being there 2 hours early, and I just have to wonder, "If they're spending all this time on me, an innocent person, then do they even know who their target is?" The stress got so bad I had to quit. And whenever I go to an interview and I'm asked how do I feel about travel, I answer,"I hate it". Then I'm shown the door.
The TSA and all the other "security" measures by our Government does not make me feel safe. I find it an intrusion of my personal space and insulting. I'd rather not have to put up with it, and if I'm killed by a terrorist, well, as you pointed out, I'll be dead so it won't matter how good security was.
The odds are, I'll be killed by heart disease, traffic accident, or cancer. That really scares me. If I had a choice, I'd rather die quickly from a terror attack than rotting away in a hospital bed watching my family suffer - as happened to my uncle last month.
Yes, if I get cancer, and the doctors can't cure it, I will find a way to commit suicide.
The other folks who were quite insulting towards you are afraid of our wonderful Republic turning into a police state. I have those same concerns. As you well know, there have been a few instances in this country's past alone where security was used as a means for suppression.
I love my freedom as much as you do and I don't want it thrown away because folks are more concerned about the very remote chance of dying or worse, their children dying from a terrorist attack. I don't want generations that come to look back and say, "Wow, look at all of the freedoms America had."
Are my concerns probable? I don't know. Possible? Yes. I admit, I may be as alarmist as the "security over privacy" folks in other other direction - i.e. I'm over reacting. But, that's what you folks are for: pointing out that we don't have a gestapo.
Just an opinion from the other side.
I prefer Flambe as apposed flamebait.
``New Moderator Guidelines:
Bush Bad=Insightful
Bush Good=Troll''
Hmm, I can remember that used to be the other way around.
Oh wait, what was I thinking?! We've always been at war with America!
Please correct me if I got my facts wrong.
Set up a computer in another country. Set up a site to site VPN to your network in the US. Do something to catch the FBI's eye. They think they're installing spyware on a computer in their jurisdiction, and they've got a warrant to do so. But they're actually breaking into a computer on foreign soil. Fun foreign relations.
The masses are the crack whores of religion.
I think people are too concerned about this. Keyloggers and other stealth programs are just another form of wiretapping, constrained by the same laws. While it is good to see in these cases they are obeying said laws, there are others in our culture that dont have these constraints. Think about one of these programs in the hands of a disgruntled spouse. Divorce cases are big business in my line of work, and quite often I have seen clients who have hired private investigators to plant key loggers and other stealthy data capture programs without their spouses knowledge. We have even gone so far as to have tested some of these noted keyloggers especially and there were a few that operate completely unbeknownst to common antivirus programs if configured correctly.
I always thought this song went:
Movin to the peach tree,
Gonna eat a lot of
Oh, nevermind...
I appreciate this reply, but I want to make one thing clear: a Constitutionalist does NOT have to be a Libertarian, in fact, a Constitutionalist position is the BEST position for a Progressive, a Communist, a Green and a Socialist. The only group that would not want to be a Constitutionalist for their Utopia would be a neoconservative, that needs a strong central government to promote their Imperialism.
Look at it this way: with a truly Constitutional Federal State, the average person would only deal with the Federal level when paying a portion of their retail purchases in the form of a tariff (the only really Constitutional form of Federal income). They may also deal with the Federal level when coming into the country, or when dealing with issues where the individual State really tramples on their natural rights.
In a truly Constitutional U.S., each individual State could be run the way the people want it to run. California could have a State single payer healthcare system, Montana may have no healthcare regulations or subsidies at all. You could live where you wanted to live, but still know that your basic natural rights were protected by a small Federal State governing the Individual States' desire to trample liberty.
Texas might have a drinking age, Louisiana may not. New Hampshire may allow gay marriages, Wisconsin may say marriage is only between a man and a woman, Florida may allow polygamy. This is what States' Rights is about -- giving each citizen of each individual State more power to set the laws.
New York may have a strong police force, New Jersey may decide against it. Oregon may allow any and all drugs to be "legal," and Washington may say that even Tylenol has to be by prescription only.
The closer government is to you, the easier it is to tell them what you want and don't want. The more centralized government is, the more every law is "one size fits all" and every law harms everyone, helping only the very rare elite few.
Our Constitutional Republic, if managed the way the Founding Fathers said, the Federalist Papers debated and the LITERAL and UNCHANGING Constitution was written would be the ultimate central government for almost all other forms of politics -- from liberal to conservative to libertarian. Each individual State would be what the citizens wanted.
I'd move to the most free State myself.
...but will it run on Linux?
I admit that I didn't present a good argument in my last post. It really doesn't matter if it is for lack of ability or because I don't want to waste my time. On impulse, I decided to respond to what I think is a ridiculous post, but I seriously have better things to do than to have a prolonged argument about the constitution. I disagree with you strongly, especially on the "death camps in third world shitholes and spying on our own citizens", but I don't expect to sway your point of view. I think you express your opinions at the grace of better people than yourself who spent their blood, sweat and tears in order to provide you the opportunity.
I tried, but I can't click on the "not_spyware.exe" program in your post. Can you help? I would like to get free movies.
Keep your FUD to yourself.
I disagree with you strongly, especially on the "death camps in third world shitholes and spying on our own citizens",
So you think that even without a massively overpowered federal government this would be possible?
How exactly do you see that as being possible? What is the mechanism by which it could have occurred?
I think you express your opinions at the grace of better people than yourself who spent their blood, sweat and tears in order to provide you the opportunity.
Which is relevant how exactly? No shit, this country still has the freedoms it does due to the sacrifices of our forefathers. We are losing them rapidly because so few are willing to even speak up against the current atrocities, abuses and assaults on the constitution.
So, yes, plenty of people died long ago to afford me the ability to stand up for what they sacrificed for and I am doing exactly that.
You seem very confused about many things.
Sign me up.
I don't know which part of basic high school history class most of the other American citizenry slept through, but wouldn't it be nice if more people understood that in this country?
It's going to take a revolution of this country to reorganize it to be the way that it took the last revolution to get it setup that way. Doesn't it suck that http://www.johntitor.com/ is not a true tale? Wouldn't it be scarier if it was?
Here's to the revolution!
2^3 * 31 * 647
How Does the CIPAV Work?
^..^
Subject: Pre-Teen Gang Bang ... click here
I think you express your opinions at the grace of better people than yourself who spent their blood, sweat and tears in order to provide you the opportunity.
If you mean anyone in the military, I think you're wrong. Freedom can not be protected by the Government through force -- that is called anti-freedom, or tyranny.
The soldiers who join the military take one oath -- to uphold the laws of the Constitution. Many of the soldiers I've talked to have violated the Constitution, time and again, as has most leaders from the CiC on down. That is treason. They should be tried and found guilty, and jailed indefinitely at the same level of anyone else they've jailed.
If I wasn't a peaceful pacifist, I'd recommend tribunal legal execution for any soldier who committed treason against the Constitution.
My freedom is protected with my words and my hands and my body, not by a man in a uniform shooting people he never met, and who never harmed him or me.
If a foreign solder came onto my land, I believe most of my neighbors would leave the body in a puddle for me to clean up. That's what is happening in other countries -- and let that be a lesson to those who support a military outside of our borders. More body bags just means more people defending their property abroad.
Just call it "interstate commerce" and you're set to go.
Congress just needs to pass law saying they want to manage/regulate the interstate market for bombs. Whenever someone makes a bomb threat, this gives bad publicity to bomb sellers and buyers. Bombs aren't "cool" anymore, when some wackjob threatens to use them. The bomb-threatener is negatively impacting the interstate bomb market, which is supposed to be micromanaged by Congress. Declare it "necessary and proper" for the feds to take whatever steps are necessary to preserve their constitutionally-granted power to regulate interstate bombing.
Dada21, you may be a patriot, but you're not nearly perverted enough to be a 20th century American, much less a 21st century one. I challenge you to name any conceivable power (use your wildest imagination) that the 10th Amendment actually reserves for the states or the people. It can't be done. Whatever you come up with, I can find a way to take it away from the states (probably using the "interstate commerce" backdoor -- it's awesome!), and SCOTUS will say I'm right.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
After Sept 11. the FBI etc have PR issues trying to convince the world that they are on the ball and protecting Joe Citizen. These sorts of statement are not necessarily true. They could just be "feel good" measures like making you take your shoes off at airports.
Engineering is the art of compromise.
But posts like this really irk me.
What exactly do you want?They got a warrant. Isn't that kind of oversight what we want? I don't understand why you think making a comparison to the Gestapo (and did they really have warrants?) adds a single thing to the conversation.
Please tell me what your solution is, so I can put your comment in some kind of context. I've seen it and its like from several other posters, but not a single one of them goes on to make a coherent argument after making it, and neither did you.
The FBI has a job, in this case it seems a job that we'd all like them to be proficient at, that of preventing bombings. They pursued evidence through the correct channels, got a warrant, set up an operation, and did their jobs. In light of that, doesn't the "Gestapo" comment seem a bit reactionary and irrational?
So what the hell is with the specious Gestapo comparison? Do you think someone's rights were violated somehow, or the FBI overstepped their authority, or what exactly? Or is it vogue here to toss out inflammatory comments for no reason other than to provoke a reaction? I thought that's what the "troll" mod was for?
Lastly, the Gestapo also pandered to the fears and insecurities of the populace, so I'd be careful throwing around such comparisons if I were you.
I only go to buffets for the unlimited soft serve.
They already demand this of VoIP companies: it's called CALEA and the rulings over the last few years enforcing it on VoIP vendors.
National Security Letter.
Two of the largest, most successful companies in the world with respect to computer security and they've not responded to said questions. Hmm...
(BTW, I refuse to argue whether MS is "successful" under any circumstances; they own what, 80% market share in the PC server and workstation OS world, that's success regardless how they attained it.)
was posted by Kevin Poulsen on Wired and then picked up by Declan McCullagh on CNet
> or to compromise security vendors...
Bullshit! There are several dozen security vendors worldwide, including some that are not whores to USA. Leading antivirus vendor Kaspersky Labs is russian, based in Moscow and its founder Eugene Kaspersky worked in an unspecified special research institution before the fall of USSR per wikipedia (some think that was the same institution which gave us Mr. Putin). If you think they give a damn about yankee wishes then better wake up.
Last weekend Mr. Bear sent two Tu-95 giant nuclear bombers very near Scotland, scaring the shit out of the britons (some say it was to protest the expulsion of their four diplomats from London over the Litvinenko polonium murder case, others say they just really wanted to drive the message home to J.K.R. about how bad and poorly written the new Harry Potter they found.)
Next week they will be flying alongside Alaska. Russia just cancelled the conventional armed forces reduction treaty. Relations are not such as russian firms would listen any to FBI wishes. Buy AVP and be safe from Uncle Sam's all-seeing eye!
it's quite simple you dont have to install anything remotly to see who is doing what
As a basic firewall (and some CMD commands) show you who is connecting to you remotely. Next thing is look for the ISP owner and give them a call.
Or perhaps the FBI doesnt work with ISP's wich is a bit strange if it was like that probaply some have double pay rolls overthere... i just gues or they have some signed agreement to help them out. Most likely google yahoo hotmail etc etc all havce similair commitmends (oh whack is that why they are all american??).
Well any way there is no real hidding at the internet.
In otherwords please please use the internet for stupid actions as it is more easy to find 'terrrible' people. .
I know you're out there. I can feel you now. I know that you're afraid. You're afraid of us. You're afraid of change.
> The are 243,023,485 (wikipedia) cars in the United States alone, monitoring all of those with GPS would be beyond a tremendous undertaking.
;) ]
It's being done in the UK already and it's easily possible in Germany. Here in Germany we have this taxation system, "Toll Collect", which is used to track the movement of freight vehicles to tax them for each kilometer Autobahn they pass. There's a bridge every few kilometers, where *all* passing by vehicles are being photographed. A computer then determines if it's a car or a truck and currently allegedly throws away photos of cars. Photos of trucks then are being further analyzed for number plates and the number plates are being OCR'd. German politicians now want that *all* number plates are being OCR'd and saved for further usage, after a number of murders have occured near the Autobahn.
Of course it's not 24/7, every-inch-you-drive monitoring, but it's possible to track movement between various towns, for example.
[Sorry, had HTML formatting activated last time, which made this post quite unreadable - besides the obvious grammar and orthography errors
This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.
It is possible that this particular case has been picked for its public relations value. The U.S. government's spy agencies have for many years been using ANY tool at their disposal to spy ANYWHERE. It is possible that this case is designed to try to get approval from U.S. citizens for this kind of spying, when much of the spying they do is not to prevent crime, but to help a company like Cheney's Halliburton make more profit.
It would be trivial to bait the FBI into sending you a copy of their exploit and payload. How hard is it to pretend to by some dipshit kid who wants to scare his fellow classmates. Anyone with even modest skill can hide their identity online and make this a no risk endeavor. Although it would piss off an agent or two, once the FBI shoots their load, you have their code.
A skilled person could reverse engineer it and submit samples to every IDS and AntiVirus company on the planet within minutes of receiving it.
I am not suggesting this, merely pointing out that any "secret" method used by the FBI can easily be uncovered by someone who cares to do so. Personally I don't care, they are easily a decade behind the underground.
First, any fool who makes bomb threats deserves to be busted, tossed in jail, and treated like a criminal because that is exactly what they are.
The internet is like a highway, on the internet how can anyone have any reasonable expectation of privacy?
Did the police (FBI in this case) overstep their bounds? Apparently a judge did not think so, he authorized the warrant.
Frankly, I am glad that they took this criminal off of the streets at least for now.
A bigger question really is being asked: "Should the FBI and police be allowed to use tools that would be illegal if used by civilians?" That question is a bit harder to answer but ultimately, we have a long history of giving our law enforcement officers tools that the general public is not allowed to use or, can only use in very limited ways. Examples of this would include machine guns, Tasers, two-way police radios, and mobile display terminals connected to restricted databases. The government has a right to employ some tools that in other hands may be illegal or unethical.
Did they use a known hole or did some one in a company somewhere create a hole for them? I don't know. Frankly, I would feel more comfortable ethically if they had discovered the hole on their own or used an accidental one. If they are using one that is custom designed, then I think that they are helping create a security vulnerability that could be exploited by someone else and that, I would think is wrong.