Slashdot Mirror
FBI Remotely Installs Spyware to Trace Bomb Threat
cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."
...where does it say that the guy even had any kind of AV software on his computer?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I keep re-reading my Constitution, and I don't see where it allows for a police power for the Federal government to go after bomb threats or any similar crime.
Is a bomb threat considered piracy?
Is a bomb threat considered treason?
Is a bomb threat considered counterfeiting?
If it isn't, there is NO Federal allocation of power to go after bomb threats, period. What the FBI is doing is not just unconstitutional, but any political leader who took an oath to uphold the Constitution is violating the only oath they took.
It is time that the residents and citizens of the United States of America ask where the government has gotten these powers from. I know that many of the previous generation is afraid of terrorist attacks, but we are all being attacked already in having our natural rights taken away from the very government that has one major purpose: to protect us from the State who wants to take those rights away.
It is fairly simple. The FBI has no provision in the Constitution, nor in any Amendments to said Constitution, and should just go away. Let the local State police force worry about bomb threats. If it happens from across State lines, let both State police forces work together.
Or, rather, you only hear about the stupid ones.
The smart ones do not get caught.
Peace sells, but who's buying?
I thought it was already public knowledge that there is a backdoor in Windows that the security services can use? At least, the NSA - as I recall an NSA key that was discovered when some windows code was leaked some years ago.
Then they came for net access records, you did not care because you don't need privacy there
Someday they will come for you, and there will be no one left to care They did have a warrant.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
Its not just FBI Magic Lantern program...
There are no less than THREE independent new offices of the US gov tasked with creating remote exploits for injecting arbitray data into or out of compromised systems. They have relatively small teams of hackers wholly unrelated to military or NRO or NSA efforts.
The Legislative Branch has a program!
The Excutive Branch has a program initially staffed at 16 million per year for salaries pre-9/11 and soaring much higher since.
The Judicial branch of the government has of course a larger program for creating these keyloggers and such.
Some craftier ones communicate data outward merely by creating detectable radio emissions outside of the room or dwelling by accessing non cached ram in unique encoding patterns. This is merely a NSA TEMPEST derived method but effective if it is feared the people being keylogged or studied are using external routers that detect or log outgoing traffic. Little can be done to thwart this vector as the encoding is robust enough and ahs enough error correction and redundancy to shine through, especially with such a primitive and small payload (all keypresses, all unique new IP addresses being acceessed and times, SMTP and POP activity and custom payloads.
The best defense against sneak-and-peak USB tampered keyboard swaps or usb dongle sniffers being installed when you leave a premises is only using a laptop and keeping it in a custom locked briefcase, though anything can be picked. counter surveillance of the briefcase is needed. Hiding password entry fingerstrokes from possibly installed spycams is also prudent if you use encrypted volumes.
The goal is to prevent your passphrase from ever being captured and used. Once arrested, if the passphrase is NOT recorded on paper, and only in your mind, the us constitution and case law protects you from incriminating yourself.... if you are sent to a real federal jail with actual rights and not sent to a CIA torture-prison in another country for brutal interrogation and doping.
Using the ATA standard to encrypt a drive is not secure, you need a software block encryptor.
OSX has a fairly good one (AES), but does not cover the boot partition.
The Mac OS (not OSX) Mac OS 9 ironically is the only os in history never ever to be remotely exploited in history. Check BugTraq immense database if you do not believe me. Using it, or in an emulator, with a much older Netscape or iCab is a good solution for sandboxing and avoiding all possible FBI magic lantern activity.
By the way Cryptome.org hosted actual stolen copies of client and server binaries for FBI Magic Lantern back in 2001 ! They used a excel spreadsheet and outlook express flaw and not a MSIE flaw I seem to recall hazily.
This revelation in todays news is 6 years behind the times.
I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?
The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.
So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?
But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?
The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we cannot trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?
Stop-Prism.org: Opt Out of Surveillance
Yes, to both! The lobbyists aren't exactly rocket scientists themselves.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
> Would you NOT open an attachment from an authentic fbi.gov
> address? Criminal activity or not, ignoring that attachment
> would be a ballsy decision.
You really don't deserve be on the Internet. Really, you are
a liability to others.
Never, ever, ever open an attachment which you did not request.
It's that easy.
Too much info has been released and I can explain what is occurring right now. This is not speculation.
- E-mail account made at a foreign e-mail hosting site that has an extremely terse address so as not to be hit by spambots (i.e. 4433dakjikk83726jj@somewhere.org)
- E-mails are sent from a stolen laptop through a public wireless access point that are copycats of this crime to illicit the same FBI response.
- E-mails are then checked each day from different public access points each day using a different MAC address at each access point. [The only e-mail that should be coming into this account would be the one from the FBI. Probably easy to verify by checking DNS records of the e-mails originating IP or IP block.]
- E-mail is received and copied to disk.
- Laptop is destroyed.
- CD with e-mail is then analyzed on a Linux/Unix machine that has no internet connection.
- Backdoor/exploit vector is discovered and used for "other" purposes.
http://www.spectrum.ieee.org/jul07/5280/1
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
And now, they don't even want to bother with that formality.
You are being MICROattacked, from various angles, in a SOFT manner.
The answer is right in front of you. Governments and spy shops pay for exploits before they're made public, so they can use them to enter your machine as they need to. In this case, we don't know how CIPAV was delivered, but it might be as simple as an undiscovered exploit in Outlook or a browser-based email system. While none of us trust government, I equally don't trust my fellow citizens, so the "ethics" of this point are moot.
technical writing / development
...but will it run on Linux?
How Does the CIPAV Work?
^..^
Sure, there are a lot of APIs used that are unknown to the public, there are lots of things reverse engineered, but even the most reverse engineered features have stuff in them that are unknown.
For instance, the NTLMv2 response in NT authentication.
NTLMv2 Specs
Scroll down and you'll see:
0x00000000 (unknown, but zero will work)
This is simply the best place to put a password bypass, a flag in the authentication packet itself. If it's the right value, then just don't check the password and let the person in.
Nobody has ever figured out what this does. All features are implemented in the NT authentication, but there are gaps that don't negatively impact anything.
Ever heard of a rootkit? Those are installed every day without a single peep from an up-to-date AV scanner. Hell, I've got a book on creating them right now that has an example that has managed to bypass Avira and AVG. And that's just example code.
0x09F911029D74E35BD84156C5635688C0