FBI Used Spyware for Online Search

juct writes "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security, a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."

Are the editors boycotting reading /. again?

Yet another dupe! (From yesterday!)

Re:Are the editors boycotting reading /. again?

[_Sprocket_]

Ummm... maybe it's a "Slashvertisement" for antivirus software? Subtle.

Re:Are the editors boycotting reading /. again?

[RuBLed]

Ha! The quote displayed as of the time I'm writing this is:

If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde

Re:Are the editors boycotting reading /. again?

[Gentlewhisper]

And that is why the Mossad uses Macs...

Oh... oh! And the good guys in 24 too!

Re:Are the editors boycotting reading /. again?

[poetmatt]

shit someone used CIPAV to post a dupe!!!!oneoneone!!!11

Please tell me why I should run Windows?

[whoever57]

Of course, the "if you have nothing to hide..." crowd are likely to be out, but what about rogue agents? What about investigations that target the wrong people by accident?

I suspect that getting such a tool installed on my Linux box would be much harder.

Re:Please tell me why I should run Windows?

[Spy+der+Mann]

What about investigations that target the wrong people by accident?

With the government, there are NO "accidents".

Re:Please tell me why I should run Windows?

[pkvon]

> I suspect that getting such a tool installed on my Linux box would be much harder. Do you verify everything you download? Did you get the certificates from a trusted store? How do you know your ISP (cooperating with the gov) or the certificate authority (verisign? trust them?) did not mess with whatever you are downloading. It might just come attached to your latest firefox binaries :/

Re:Please tell me why I should run Windows?

[lessermilton]

It's called collateral damage ;)

Good !

[sonamchauhan]

From the story:
which Google and MySpace supplied to the FBI therefore referred to the Italian computers. In order to trace the perpetrator, the FBI sent the CIPAV via Google Mail or MySpace after receiving a search warrant from the authorities so that the spyware could install itself as more threats were sent. Use of the CIPAV was granted by the judge with the stipulation that the software was only to transmit its IP data between 6:00 and 22:00. However, it was permitted to log IP addresses round the clock.

Re:Good !

[compro01]

glad to hear they've caught on with this whole thing with warrants and due process.

see? you don't need NSLs to catch bad guys!

Re:Good !

[sumdumass]

The problem is, even with a warrant, how do you know the software they install isn't installed to make you look guilty? The software can do anything they tell it to do, would you be able to have the source code examined at your trial?

Re:Good !

[sakasune]

Your comment is one that actually made me say "hmmm..."
Could the defendant actually request the source code for the program? Though, they probably would just label him a terrorist and throw him and the source code in Gitmo...there he could review it all he wants, because in Guantanamo Bay no one can hear you scream

Re:Good !

[sumdumass]

There sure is a lot of fus over the treatment of the people at club gitmo. I think a lot of people would hear you scream, it just wouldn't be too many that cared.

But yea, your probably right. You would be shove off to the side where they could control how much you can do about the program. It just seems to me that if you could sneak it into the computer, you could almost sneak anything into it, even if you needed evidence to go further into the computer.

How long will it be before...

[bconway]

the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Re:How long will it be before...

[normuser]

How long will it be before... the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Hmmm, where have I heard that before? Maybee in this post by "140Mandak262Jamuna"
Really, what was the point of ripping off his post?

Re:How long will it be before...

[bconway]

I figured if the editors weren't going to take the time to post new content, there wasn't much reason for us to, either.

Re:How long will it be before...

[Actually,+I+do+RTFA]

Do we have to guess the right negative number to win the prize, or is knowing the sign enough?

Re:How long will it be before...

[Bearhouse]

Yeah, but that would probably work just as well as the Clipper chip...remember that? Exactly...

Re:How long will it be before...

[vbjay]

Of course with Windows, it wouldn't be a backdoor. It would just be a window! :D Hence the name.

Re:How long will it be before...

[chriddy]

From the search warrant request:

Because the FBI cannot predict whether any particular formulation of a CIPAV to be used will cause a person(s) controlling the activating computer to activate a CIPAV, I request [...] to continue using additional CIPAVs [...] until a CIPAV has been activated.

Read "activate"="double-click on attachment". So much for the FBI exploting secret security holes that are otherwise unknown or actually paying OS vendors to install backdoors and security software vendors to not detect their spyware. Looks very much as if it's just a plain old trojan...

Re:How long will it be before...

[Captain_BakaNeko]

if the FBI demand that, then what happens if hackers find that back door, and start stealing personal info and Identity theft increases? will it be worth it then?

More Firefighters Needed!

[garcia]

It would seem that there's a kink in the Firehose again .

Re:More Firefighters Needed!

[jsse]

Now I can see the purpose of Firehose now...

It's now our fault in voting up a dupe, not /. editors, definitely not...

Now /. needs to develop another system to penalize those who repeatedly vote a dupe, namely "List of idiotic dupers"

Re:More Firefighters Needed!

[garcia]

Well, it's both of our faults. We just don't get paid for continuously fucking up.

Re:More Firefighters Needed!

[elrous0]

Maybe they're going for the all-time dupe record.

Interesting speculation

[bconway]

The Feds would have the $$$ and be able to hire the skilled labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.

The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.

Re:Interesting speculation

[i_b_don]

MS built lots of back doors into windows... oh, you mean intentionally?

d

Re:Interesting speculation

[bit01]

The problem with either of those options is if they get out in the wild.

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

---

Commercial software bigots - a dying breed.

Re:Interesting speculation

[jimicus]

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server. It's easier and more subtle to attack the weak link in the chain - the human being who's sat at the computer.

It's a bit like how most sysadmins these days know that open ports on the firewall are a risk, so they minimise those - and instead the hackers go for the next easiest target, the website which was coded on the cheap over a few weeks by some kid fresh out of college and is full of SQL injection-type holes.

Re:Interesting speculation

[bit01]

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server.

That's true but my point is that an intelligence agency backdoor could have exactly the same digital signature protections etc. In other words unlike what bconway said official backdoors would would be no more a compromisable hole than Update. Keeping in mind that the NSA has two missions; to protect US intelligence (SELinix etc.) and to compromise enemy intelligence (ECHELON etc.). They wouldn't deliberately put in back doors unless the cost-benefit is good. Unfortunately the cost-benefit is very good.

At a minimum I suspect they have a sophisticated software spy package ready to be downloaded via M$ Update as needed. They'd probably stay very low profile on most PC's to avoid detection but selective "heavy" targeting would be almost undetectable. Lightweight keyword checking in the disk index process on every PC, perhaps only in certain countries/languages, is also very possible and fairly low risk; all the viruses around give them plausible deniability.

---

Windows and closed source software. The US intelligence agencies back door to every network connected country and business on earth.

concerned

[steelbr2]

what if the goverment installs and controls/spys your computer? bad or good. what can become of this?

black security

[whtmarker]

The article refers to a company heise security. The name heise is actually romanized mandarin for the word black. If you have a proper font the characters are [] [] or here

The Problem

[bconway]

I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?

The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?

But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?

The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we can't trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?

Re:The Problem

[Lisandro]

The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

Fuck that. Sorry, but you guys (US citizens) should start to become really concerned about your government violating personal, constitutional-granted rights in order to further the fight against "terrorism". This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control. Who cares about future artificial limbs when these people decide it's ok to install malware in your PC so they can eavesdrop private, personal files and communications, today?

Re:The Problem

[garcia]

This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control.

I guess that pond is smooth as glass and all you are seeing is your own reflection as you gaze across. How quickly you forget about those traffic congestion cameras the police now have real-time access to.

Re:The Problem

[Lisandro]

Heh, wrong expresion (i'm Argentinian, down in South America)... guess it should've been "from the other side of the pond and Mexico" :). But yes, nasty stuff in England aswell. I wish that the 1984 comparison one is so bound to make in this case wasn't so close to reality.

Re:The Problem

[pipingguy]

"The Pond" usually refers to the Atlantic Ocean, at least for native English-speakers. Do you guys consider Chileans to be west coasters?

Maybe 1984 was a roadmap, not a cautionary tale. Or maybe Orwell was actually a historian from the future.

Re:The Problem

[zoogies]

Well, you see, the guy who originally retorted with "The Pond" incorrectly assumed that the guy who retorted, "You Americans..." was from England, so the latter guy responded to the "The Pond" guy by correcting him. Which makes *your* retort baseless....I think.

Re:The Problem

[jimicus]

There's not much functional difference between that and a telephone tap.

Be grateful that there is a due process which was followed. I'd be more concerned when such due process is considered a hindrance to the "war on terror" and done away with.

Re:The Problem

[mutterc]

They had a search warrant for the instance the article reports about. So this particular story isn't about an abuse of power (for once!). There's nothing (yet, sigh) to indicate they're going on warrantless fishing expeditions with their spyware, or trying to get it pervasively installed so they can data-mine "in the interest of national security". I agree that either of those cases would be cause for outrage.

Heck, if the FBI wasn't allowed to use spyware, with a warrant, they could just install a hidden camera recording the computer's monitor (see the movie "Antitrust" for a neat example of that kind of spying.)

Re:The Problem

[Lisandro]

A search warrant makes it legal, it doesn't make it right. If they really had a probable cause (or cause :) and a search warrant you could seize and inspect the PC directly.

Re:The Problem

[fltsimbuff]

"Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?"

Man, they gave you the full package didn't they?

Trivial to defeat?

[illegibledotorg]

With a little bit of technical ability, this seems like it would be trivial to defeat.

If the kid was already hopping over three computers (maybe using Tor), he probably had the technical ability to:
1. Put his machine on a private NAT'd network so that 'ipconfig' would show an unroutable address.
2. Use a firewall that alerted him when software was trying to make an outbound connection. Better, drop it using that gateway he's sitting behind.

Granted, if he had just been using something besides Windows (which I presume he was using), the FBI's software would not have likely worked anyways.

In other words, don't let their new toy scare you.

Re:Trivial to defeat?

[jimicus]

99 times out of 100, people with that kind of technical ability don't waste their time emailing bomb threats to a school every few days saying "it rly will go off nxt tim, prmse!! LOL ROFL OMGWTFBBQ".

Security through obscurity

[EmbeddedJanitor]

Well if you have nothing to hide and don't do anything that attracts attention, the security through obscurity principle kicks in.

Sure some poor sap will be done over, but hopefully it won't be you.

Re:Security through obscurity

[sumdumass]

If you have one thing that you don't want someone else to know about, you have something to hide. And this one thing doesn't have to be illegal or unethical either. as long as we have freedom, we are free to hide things.

Something to hide != guilty of a crime.

Re:Security through obscurity

[PopeRatzo]

Sure, there are lots of reasons to hide things that are perfectly legal. When I travel in less-safe countries, I sometimes hide money in an interior pocket or even my shoe. I hide a key in a certain place outside my house in case I lock myself out. When I buy a pint of haagen-daz, I hide it in the back of the freezer so my wife doesn't eat it.

I'm not trying to be clever here. There's not a soul that has "nothing to hide". If someone says their life is an open book, ask to see their wallet and start looking through it. Watch their reaction.

Re:Security through obscurity

[Domo-Sun]

Also, everyone has something to fear, such as, false imprisonment for crimes you didn't commit and evidence planting. Or how about imprisonment and execution for things that are trivial, like being a Jew.

okay...

[javaman235]

The FBI has used PC spyware for the first time

Oh! It was there first time? They've lost their spyware virginity? Why do they write bullshit like this? Is it so that one guy won't go "Drat! I had no idea the FBI ever installed keystroke loggers" that articles like this lie to everybody? C'mon.

Not sure what to think

[houghi]

On the one side it is good that they go after people like this and use the tools available. On the other side with how things are going in the US, this might have been a proof of concept.
Also I see it just a s a tool and just like anything it can be used and it can be abused.

Re:Not sure what to think

[drumsetdrummer]

Notice the first time it's *publicized* that CIPAV was used is in a case like this where a school bomb threat is foiled. I wonder how many other times CIPAV has been used that have *not* been publicized.

This is an international issue.

[Futurepower(R)]

This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.

It is possible that this particular case has been picked for its public relations value. The U.S. government's spy agencies have for many years been using ANY tool at their disposal to spy ANYWHERE. It is possible that this case is designed to try to get approval from U.S. citizens for this kind of spying, when much of the spying they do is not to prevent crime, but to help a company like Cheney's Halliburton make more profit.

CIA

[AnyThingButWindows]

Running a comp repair shop I removed a Trojan that possibly came from the CIA. Breaking it down in HEX revealed that. It snooped IE cache, and was as easy to remove as running toolbarcop, then hijack this, then removing the binary manually. Dumped IE cache, then put the user on a cacheless firefox configuration. That fixed the problem.

over the pond?

[waspleg]

would that include London the most heavily surveillance oriented city in the western world? the city wehre they are working on launching UAV's for spying on regular citizens in addition to a billion and 9 cameras on every corner? Don't get me wrong, the US sucks it hard for spying, hell they even asked teh postal service to read your mail for "suspicious" activity but afiak there are no bastions of personal freedom in Europe short of the Dutch

Re:Linux spyware

[Shakrai]

But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.

But with Linux the kernel is presumably trustworthy and you can firewall off any means of access for remote exploits. Can you say the same with Windows?

Course if big brother really wants you all they have to do is a sneak and peek and rootkit your PC. Really doesn't matter what OS you are using.....

Given that the NSA knows how to crack Windows

[Master+of+Transhuman]

and hasn't told Microsoft about it, this merely indicates that the FBI is either being inefficient again (unless of course they used the methods developed by the NSA) or is once again on the tail end of an intra-agency dispute - meaning that the NSA deliberately didn't tell them how to crack Windows because the NSA is using that method to crack the FBI's computers...:-)

In this current posting, however, the issue is /.'s inability to remember what's on the front page for 24 hours...

Or maybe the FBI just cracked /. and reposted the article themselves to let us know in order to make us FEEL THE FEAR...:-)

Or maybe the moron who reposted the article secretly works for the FBI, monitoring the rest of the morons on Slashdot....:-) And now, being a moron, he has blown his cover...:-)