Slashdot Mirror
FBI Used Spyware for Online Search
juct writes "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security, a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."
Yet another dupe! (From yesterday!)
Of course, the "if you have nothing to hide..." crowd are likely to be out, but what about rogue agents? What about investigations that target the wrong people by accident?
I suspect that getting such a tool installed on my Linux box would be much harder.
The real "Libtards" are the Libertarians!
They nailed that little terrorist bitch.
http://yro.slashdot.org/article.pl?sid=07/07/18/14 34229
DUPE DUPE DUPE
From the story:
which Google and MySpace supplied to the FBI therefore referred to the Italian computers. In order to trace the perpetrator, the FBI sent the CIPAV via Google Mail or MySpace after receiving a search warrant from the authorities so that the spyware could install itself as more threats were sent. Use of the CIPAV was granted by the judge with the stipulation that the software was only to transmit its IP data between 6:00 and 22:00. However, it was permitted to log IP addresses round the clock.
the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?
Interested in open source engine management for your Subaru?
Where have I seen this before?
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
It would seem that there's a kink in the Firehose again .
The Feds would have the $$$ and be able to hire the skilled labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.
The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.
Interested in open source engine management for your Subaru?
I PROMIS you
what if the goverment installs and controls/spys your computer? bad or good. what can become of this?
If you aren't OUTRAGED you're part of the problem.
The article refers to a company heise security. The name heise is actually romanized mandarin for the word black. If you have a proper font the characters are [] [] or here
I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?
The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.
So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?
But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?
The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we can't trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?
Interested in open source engine management for your Subaru?
With a little bit of technical ability, this seems like it would be trivial to defeat.
If the kid was already hopping over three computers (maybe using Tor), he probably had the technical ability to:
1. Put his machine on a private NAT'd network so that 'ipconfig' would show an unroutable address.
2. Use a firewall that alerted him when software was trying to make an outbound connection. Better, drop it using that gateway he's sitting behind.
Granted, if he had just been using something besides Windows (which I presume he was using), the FBI's software would not have likely worked anyways.
In other words, don't let their new toy scare you.
Sure some poor sap will be done over, but hopefully it won't be you.
Engineering is the art of compromise.
I think it's funny that my story has been on Slashdot twice now, and I haven't gotten credit either time.
The FBI has used PC spyware for the first time
Oh! It was there first time? They've lost their spyware virginity? Why do they write bullshit like this? Is it so that one guy won't go "Drat! I had no idea the FBI ever installed keystroke loggers" that articles like this lie to everybody? C'mon.
-The art of programming is the pursuit of absolute simplicity.
On the one side it is good that they go after people like this and use the tools available. On the other side with how things are going in the US, this might have been a proof of concept.
Also I see it just a s a tool and just like anything it can be used and it can be abused.
Don't fight for your country, if your country does not fight for you.
Something that worries me is that on Windows, if Big Brother installs spyware, I have at least a small chance that my anti-spyware software will detect it (depending on whether my anti-spyware vendor sleeps with Big Brother). But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.
This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.
It is possible that this particular case has been picked for its public relations value. The U.S. government's spy agencies have for many years been using ANY tool at their disposal to spy ANYWHERE. It is possible that this case is designed to try to get approval from U.S. citizens for this kind of spying, when much of the spying they do is not to prevent crime, but to help a company like Cheney's Halliburton make more profit.
Running a comp repair shop I removed a Trojan that possibly came from the CIA. Breaking it down in HEX revealed that. It snooped IE cache, and was as easy to remove as running toolbarcop, then hijack this, then removing the binary manually. Dumped IE cache, then put the user on a cacheless firefox configuration. That fixed the problem.
When government fears the people, there is liberty. When the people fear the government, there is tyranny. - Jefferson
it should say "is using"...
www.myspace.com/timberlinebobminfo and bobmermails.hyperphp.com
A warning to all - FBI program is only one of MANY various major programs and efforts by the US gov to infiltrate home computers using unrevealed remote exploits and unpatched exploits.
There are no less than THREE independent new offices of the US gov tasked with creating remote exploits for injecting arbitray data into or out of compromised systems. They have relatively small teams of hackers wholly unrelated to military or NRO or NSA efforts.
The Legislative Branch has a program!
The Excutive Branch has a program initially staffed at 16 million per year for salaries pre-9/11 and soaring much higher since.
The Judicial branch of the government has of course a larger program for creating these keyloggers and such.
Some craftier ones communicate data outward merely by creating detectable radio emissions outside of the room or dwelling by accessing non cached ram pages in unique encoding patterns (timing). This is merely a NSA TEMPEST derived method but effective if it is feared the people being keylogged or studied are using external routers that detect or log outgoing traffic. Little can be done to thwart this vector as the encoding is robust enough and ahs enough error correction and redundancy to shine through, especially with such a primitive and small payload (all keypresses, all unique new IP addresses being acceessed and times, SMTP and POP activity and custom payloads.
The best defense against sneak-and-peak USB tampered keyboard swaps or usb dongle sniffers being installed when you leave a premises is only using a laptop and keeping it in a custom locked briefcase, though anything can be picked. counter surveillance of the briefcase is needed. Hiding password entry fingerstrokes from possibly installed spycams is also prudent if you use encrypted volumes.
The goal is to prevent your passphrase from ever being captured and used. Once arrested, if the passphrase is NOT recorded on paper, and only in your mind, the us constitution and case law protects you from incriminating yourself.... if you are sent to a real federal jail with actual rights and not sent to a CIA torture-prison in another country for brutal interrogation and doping.
Using the ATA standard to encrypt a drive is not secure, you need a software block encryptor.
OSX has a fairly good one (AES), but does not cover the boot partition.
The Mac OS (not OSX) Mac OS 9 ironically is the only os in history never ever to be remotely exploited in history. Check BugTraq immense database if you do not believe me. Using it, or in an emulator, with a much older Netscape or iCab is a good solution for sandboxing and avoiding all possible FBI magic lantern activity.
By the way Cryptome.org hosted actual stolen copies of client and server binaries for FBI Magic Lantern back in 2001 ! They used a excel spreadsheet and outlook express flaw and not a MSIE flaw I seem to recall hazily. I could dig up the binaries again if motivated, though the files seemed genuine.
This revelation in todays news is 6 years behind the times.
I tried top post this to slashdot a couple days ago as #19902095 but, as expected a us government account downmodded my 100% factual and informative post.
Nothing in this post is speculation or incorrect.
would that include London the most heavily surveillance oriented city in the western world? the city wehre they are working on launching UAV's for spying on regular citizens in addition to a billion and 9 cameras on every corner? Don't get me wrong, the US sucks it hard for spying, hell they even asked teh postal service to read your mail for "suspicious" activity but afiak there are no bastions of personal freedom in Europe short of the Dutch
and hasn't told Microsoft about it, this merely indicates that the FBI is either being inefficient again (unless of course they used the methods developed by the NSA) or is once again on the tail end of an intra-agency dispute - meaning that the NSA deliberately didn't tell them how to crack Windows because the NSA is using that method to crack the FBI's computers...:-)
/.'s inability to remember what's on the front page for 24 hours...
/. and reposted the article themselves to let us know in order to make us FEEL THE FEAR...:-)
In this current posting, however, the issue is
Or maybe the FBI just cracked
Or maybe the moron who reposted the article secretly works for the FBI, monitoring the rest of the morons on Slashdot....:-) And now, being a moron, he has blown his cover...:-)
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!