Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Remotely Installs Spyware to Trace Bomb Threat

Posted by CmdrTaco on from the hey-wait-a-minute dept.

cnet-declan writes "There have been rumors for years about the FBI remotely installing spyware via e-mail or by exploiting an operating system vulnerability from afar — and now there's confirmation. Last month, the FBI obtained a federal court order to remotely install spyware called CIPAV (Computer and Internet Protocol Address Verifier) to find out who was behind a MySpace account linked to bomb threats sent to a high school near Olympia, Wash. News.com has posted a PDF of the FBI affidavit, which makes for interesting reading, and a summary of the CIPAV results that the FBI submitted to a magistrate judge. It seems as though CIPAV was installed via e-mail, as an article back in 2004 hinted was the case. In addition to reporting the computer's IP address, MAC address, and registry information, it also gave the FBI updates on which IP addresses the user(s) visited. But how did the FBI get the spyware activated and past anti-virus defenses? Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors..."

10 of 325 comments (clear)

  1. Heuristics and spyware by ergo98 · · Score: 5, Insightful

    Two obvious ways are for the Feds to find and exploit their own operating system backdoors, or to compromise security vendors...

    Would it even be necessary to compromise security vendors? While heuristics and malware detection has been something long promised, it is my understanding that the vast majority of security software works purely by comparing against their dictionary of known attacks. If the police have highly specialized, very limited deployment spyware, it seems that most security software wouldn't have any inkling that it's malware in the first place.

    I have no doubt that organized crime and government agencies are aware of and abusing exploits. Given that they don't blast it to the world like a giddy teenager looking for attention, no one knows what to look for.
  2. Click here for free movies! by Spudtrooper · · Score: 5, Funny

    From: spyware@fbi.gov
    Subject: Click here for free movies!
    Attachment: not_spyware.exe

    Hello! You have been selected to receive free movies at no cost to you! All you have to do is install the attached program to start downloading all the latest Hollywood hits free of charge!

  3. Getting past defenses? by ShaunC · · Score: 5, Insightful

    But how did the FBI get the spyware activated and past anti-virus defenses?
    Easy, they sent it to some kid on MySpace. It's a rather large assumption that he had any anti-virus defenses at all, much less that AV vendors are being complicit with the FBI trojan.

    Something seems fishy about the whole story, though. This guy was apparently savvy enough to use a proxy in Italy to send his Gmail bomb threat emails, so he was at least trying to cover his tracks... But he was dumb enough to open a random email attachment? It strikes me as more likely that the CIPAV is deployed through a browser exploit (or perhaps even "legitimately" as an ActiveX control or BHO, people will install anything).
    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  4. Re:Open letter reply to that kind of law by hpa · · Score: 5, Funny

    Think the feds are THAT stupid?
    Yes.
  5. Read the real version of the story by Anonymous Coward · · Score: 5, Informative

    Declan not only ripped this story off from Wired without attribution, he got it wrong. There's no way the police could have emailed the tracking software to the kid as an attachment. Myspace doesn't allow attachments. Want to see the real story with real reporting: try the original story here: http://www.wired.com/politics/law/news/2007/07/fbi _spyware

  6. The warrant isn't really the point. by camperdave · · Score: 5, Insightful

    The warrant isn't really the point. The point is that they have the tech to get past firewalls and antivirus software, and can plant spyware on your machine. This time it was legal, because the FBI got the warrant. But what about the CIA/NSA/RIAA using the same tech to spy on you? Some government agencies don't need warrants.

    --
    When our name is on the back of your car, we're behind you all the way!
    1. Re:The warrant isn't really the point. by erroneus · · Score: 5, Insightful

      The bigger problem isn't only Government bodies or even the RIAA (who would have to disclose their methods of evidence collection as a means of validating the evidence). If they can do it, ultimately anyone can do it.

      There is no magic at play here. If it's a secret, someone can learn it. If it's a method, someone can learn it. If it can be done by one, it can be done by all and whether or not you trust your government or your legal system is almost irrelevant to the larger point. If there exists that serious of a chink in your armor, SOMEONE will exploit it and it may not always be for the right reasons or by the right people.

  7. Re:Open letter reply to that kind of law by vertinox · · Score: 5, Interesting

    The Germans already proposed something like that. It was retracted when they realized that it pretty much opens the door to any kind of espionage, and that this could quickly turn AGAINST them. Its already happened to Greece's wiretapping software. Someone broke into the main cell phone company and hacked the software installed for legal wire taps to listen in on government official's cell phone. They didn't notice it until they tried to upgrade the software and realized someone had been using it.

    http://www.spectrum.ieee.org/jul07/5280/1
    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  8. I'm kind of new here by SIIHP · · Score: 5, Insightful

    But posts like this really irk me.

    What exactly do you want?They got a warrant. Isn't that kind of oversight what we want? I don't understand why you think making a comparison to the Gestapo (and did they really have warrants?) adds a single thing to the conversation.

    Please tell me what your solution is, so I can put your comment in some kind of context. I've seen it and its like from several other posters, but not a single one of them goes on to make a coherent argument after making it, and neither did you.

    The FBI has a job, in this case it seems a job that we'd all like them to be proficient at, that of preventing bombings. They pursued evidence through the correct channels, got a warrant, set up an operation, and did their jobs. In light of that, doesn't the "Gestapo" comment seem a bit reactionary and irrational?

    So what the hell is with the specious Gestapo comparison? Do you think someone's rights were violated somehow, or the FBI overstepped their authority, or what exactly? Or is it vogue here to toss out inflammatory comments for no reason other than to provoke a reaction? I thought that's what the "troll" mod was for?

    Lastly, the Gestapo also pandered to the fears and insecurities of the populace, so I'd be careful throwing around such comparisons if I were you.

    --
    I only go to buffets for the unlimited soft serve.
  9. Re:the answer is simple by ozric99 · · Score: 5, Funny

    Even then, the Acrobat process would need write-access to system files. On a decently managed system, it hasn't.
    From the summary:
    A MySpace account linked to bomb threats sent to a high school.

    Chances of this system being secure, updated, well-managed? 0
    Chances of this system being a Gateway laptop that takes 10 minutes to boot, loads 5 IM apps on startup, has 4 different IE toolbars, and constantly warns that the Norton Antivirus subscription lapsed 16 months ago? Our survey says yes!