Slashdot Mirror


FBI Remotely Installs Spyware to Trace Bomb Threat

cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."

3 of 325 comments (clear)

  1. Click here for free movies! by Spudtrooper · · Score: 5, Funny

    From: spyware@fbi.gov
    Subject: Click here for free movies!
    Attachment: not_spyware.exe

    Hello! You have been selected to receive free movies at no cost to you! All you have to do is install the attached program to start downloading all the latest Hollywood hits free of charge!

  2. Re:Open letter reply to that kind of law by hpa · · Score: 5, Funny

    Think the feds are THAT stupid?
    Yes.
  3. Re:the answer is simple by ozric99 · · Score: 5, Funny

    Even then, the Acrobat process would need write-access to system files. On a decently managed system, it hasn't.
    From the summary:
    A MySpace account linked to bomb threats sent to a high school.

    Chances of this system being secure, updated, well-managed? 0
    Chances of this system being a Gateway laptop that takes 10 minutes to boot, loads 5 IM apps on startup, has 4 different IE toolbars, and constantly warns that the Norton Antivirus subscription lapsed 16 months ago? Our survey says yes!