Slashdot Mirror
What We Know About the FBI's CIPAV Spyware
StonyandCher writes "What is CIPAV? CIPAV stands for 'Computer and Internet Protocol Address Verifier'; a lengthy term for powerful spyware the Federal Bureau of Investigation can bring to bear on web-based crime. It was used last month in a case where someone was emailing bomb threats regularly to a Washington high school. An affidavit by an FBI agent revealed some of the workings of CIPAV. 'According to the court filing, this is [some of] what the CIPAV collects from the infected computer: IP address, Media Access Control address for the network card, List of open TCP and UDP ports, List of running programs ... Last visited URL. Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.' In a Computerworld article, the author attempts to dissect CIPAV's purpose and raises a number of questions such as: What happens to the data the CIPAV collects? Does the CIPAV capture keystrokes? Can the CIPAV spread on its own to other computers, either purposefully or by accident? Does it erase itself after its job is done?"
Does it run on Linux?
sorry, couldn't help myself.... but seriously..... does it?
The core problem is, surprisingly, its correlation with antivirus tools.
Either the feds don't give AV vendors a heads-up when they plan to use a trojan, i.e. they risk being found. Now, this would double as the "hey stoopid, the feds are onto you" warning.
So it's likely they do require AV vendors to avoid finding them. This, in turn, would mean, though, that all a potential virus writer has to do is to get his program to match the fed trojan in behaviour and shape, possibly in signature.
I needn't write more, I guess? Why bother coming up with a rootkit if there are governmental-assisted ways to create undetectable malware?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think the obvious question would be "How does it get installed?"
Do they get a warrant, sneak into your home in the dead of night, and install software on your computer?
Do they mail it to you as a virus, perhaps cleverly disguised as a Nigerian spam scam?
Do they use the back door that Microsoft agreed to put in all their software in return for being granted Most-Favored Monopoly status by the government?
Or something else? "You are a suspected pedophile. To clear your name, please click here to install the FBI's internet spyware on your computer"?
Anyone know?
/* "Specialization is for insects." -Heinlein */
$sudo apt-get remove cipav
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package cipav
Whew, safe!
The television will not be revolutionized.
Some more speculation on installation methods of CIPAV can be found here:
http://blog.misec.net/2007/07/31/3/
Specifically, it looks like the FBI may have several ready-made exploits, each targeting a different OS/web browser combination. An interesting question, then, is what they would do if they encountered a system that is fully patched and running a more secure browser such as Firefox. Does the FBI have access to their own zero-day exploits that they can whip out to install this trojan? If so, is it possible they have their own team of hackers set out to find such exploits?