Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Remotely Installs Spyware to Trace Bomb Threat

Posted by CmdrTaco on from the hey-wait-a-minute dept.

cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."

14 of 325 comments (clear)

  1. Hold it, hold it... by Opportunist · · Score: 3, Interesting

    ...where does it say that the guy even had any kind of AV software on his computer?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Where's the provision for any federal police squad by dada21 · · Score: 2, Interesting

    I keep re-reading my Constitution, and I don't see where it allows for a police power for the Federal government to go after bomb threats or any similar crime.

    Is a bomb threat considered piracy?

    Is a bomb threat considered treason?

    Is a bomb threat considered counterfeiting?

    If it isn't, there is NO Federal allocation of power to go after bomb threats, period. What the FBI is doing is not just unconstitutional, but any political leader who took an oath to uphold the Constitution is violating the only oath they took.

    It is time that the residents and citizens of the United States of America ask where the government has gotten these powers from. I know that many of the previous generation is afraid of terrorist attacks, but we are all being attacked already in having our natural rights taken away from the very government that has one major purpose: to protect us from the State who wants to take those rights away.

    It is fairly simple. The FBI has no provision in the Constitution, nor in any Amendments to said Constitution, and should just go away. Let the local State police force worry about bomb threats. If it happens from across State lines, let both State police forces work together.

  3. Re:Why are people so stupid anyway? by deftcoder · · Score: 2, Interesting

    Or, rather, you only hear about the stupid ones.

    The smart ones do not get caught.

    --
    Peace sells, but who's buying?
  4. Re:How long will it be before ... by ArcherB · · Score: 4, Interesting

    First they came for the library records, you did not care because you cant read

    Then they came for net access records, you did not care because you don't need privacy there ...

    Someday they will come for you, and there will be no one left to care They did have a warrant.

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
  5. The Problem by Bob9113 · · Score: 4, Interesting

    I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?

    The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

    So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?

    But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?

    The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we cannot trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?

    --
    Stop-Prism.org: Opt Out of Surveillance
  6. Re:Open letter reply to that kind of law by Cro+Magnon · · Score: 2, Interesting

    Think the feds are THAT stupid? Even if, do you think their lobbyists will allow them to?


    Yes, to both! The lobbyists aren't exactly rocket scientists themselves.
    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  7. Re:Getting past defenses? by Anonymous Coward · · Score: 2, Interesting

    > Would you NOT open an attachment from an authentic fbi.gov
    > address? Criminal activity or not, ignoring that attachment
    > would be a ballsy decision.

    You really don't deserve be on the Internet. Really, you are
    a liability to others.

    Never, ever, ever open an attachment which you did not request.
    It's that easy.

  8. Happening right now. by Anonymous Coward · · Score: 3, Interesting

    Too much info has been released and I can explain what is occurring right now. This is not speculation.

    - E-mail account made at a foreign e-mail hosting site that has an extremely terse address so as not to be hit by spambots (i.e. 4433dakjikk83726jj@somewhere.org)
    - E-mails are sent from a stolen laptop through a public wireless access point that are copycats of this crime to illicit the same FBI response.
    - E-mails are then checked each day from different public access points each day using a different MAC address at each access point. [The only e-mail that should be coming into this account would be the one from the FBI. Probably easy to verify by checking DNS records of the e-mails originating IP or IP block.]
    - E-mail is received and copied to disk.
    - Laptop is destroyed.
    - CD with e-mail is then analyzed on a Linux/Unix machine that has no internet connection.
    - Backdoor/exploit vector is discovered and used for "other" purposes.

  9. Re:Open letter reply to that kind of law by vertinox · · Score: 5, Interesting

    The Germans already proposed something like that. It was retracted when they realized that it pretty much opens the door to any kind of espionage, and that this could quickly turn AGAINST them. Its already happened to Greece's wiretapping software. Someone broke into the main cell phone company and hacked the software installed for legal wire taps to listen in on government official's cell phone. They didn't notice it until they tried to upgrade the software and realized someone had been using it.

    http://www.spectrum.ieee.org/jul07/5280/1
    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  10. Re:How long will it be before ... by SpaceLifeForm · · Score: 3, Interesting

    And now, they don't even want to bother with that formality.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  11. Grey-market exploits by athloi · · Score: 2, Interesting

    The answer is right in front of you. Governments and spy shops pay for exploits before they're made public, so they can use them to enter your machine as they need to. In this case, we don't know how CIPAV was delivered, but it might be as simple as an undiscovered exploit in Outlook or a browser-based email system. While none of us trust government, I equally don't trust my fellow citizens, so the "ethics" of this point are moot.

    --
    technical writing / development
  12. Updated by PooseCat · · Score: 2, Interesting

    How Does the CIPAV Work?

    --
    ^..^
  13. Re:Occam's razor at work by Aeiri · · Score: 2, Interesting

    Sure, there are a lot of APIs used that are unknown to the public, there are lots of things reverse engineered, but even the most reverse engineered features have stuff in them that are unknown.

    For instance, the NTLMv2 response in NT authentication.

    NTLMv2 Specs

    Scroll down and you'll see:

    0x00000000 (unknown, but zero will work)

    This is simply the best place to put a password bypass, a flag in the authentication packet itself. If it's the right value, then just don't check the password and let the person in.

    Nobody has ever figured out what this does. All features are implemented in the NT authentication, but there are gaps that don't negatively impact anything.

  14. Re:the answer is simple by ehrichweiss · · Score: 2, Interesting

    Ever heard of a rootkit? Those are installed every day without a single peep from an up-to-date AV scanner. Hell, I've got a book on creating them right now that has an example that has managed to bypass Avira and AVG. And that's just example code.

    --
    0x09F911029D74E35BD84156C5635688C0