The Secret History of the FBI's Classified Spyware

← Back to Stories (view on slashdot.org)

The Secret History of the FBI's Classified Spyware

Posted by timothy on Friday April 17, 2009 @12:12AM from the but-we-just-want-to-peek dept.

An anonymous reader writes "A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, according to newly declassified documents obtained by Wired.com. The so-called 'computer and internet protocol address verifier,' or CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia. Among other cases, the FBI used it to track a Swedish hacker responsible for cracking thousands of computers at national labs and NASA's JPL in 2005."

133 comments

The Ends Don't Justify The Means by QuantumG · 2009-04-17 00:15 · Score: 4, Insightful

How is this not breaking the law?
Breaking the law to enforce the law.. way to piss on justice.

--
How we know is more important than what we know.
1. Re:The Ends Don't Justify The Means by Jrabbit05 · 2009-04-17 00:18 · Score: 1
  
  It appears it was highly targeted and only used on a warrant. But I don't see how they can't discolose more to save face...
2. Re:The Ends Don't Justify The Means by tygerstripes · 2009-04-17 00:18 · Score: 3, Insightful
  
  In the same way that police regularly assault, kidnap or otherwise harass citizens?
  Look, I'm not saying I disagree with you, but you need to refine the ethics of your argument a bit if you want to make a useful point. Unless you were just hoping to bash out something that sounded relevant in order to FP...
  
  --
  Meta will eat itself
3. Re:The Ends Don't Justify The Means by WCMI92 · 2009-04-17 00:25 · Score: 3, Insightful
  
  "How is this not breaking the law?
  Breaking the law to enforce the law.. way to piss on justice."
  I've always been skeptical about this and other tricks used by the FBI and other law enforcement. The Constitution is QUITE clear that a search of private property requires a warrant.
  Another thing that has always bothered me is that law enforcement lying to citizens is routine and legal, but lying to law enforcement is a crime (even if you don't know the person you are talking to is law enforcement).
  Seems to me that if the government wants us to respect the FAR too many laws on the books that it should start following them itself. And that starts with respecting the Constitution.
  
  --
  Corporatism != Free Market
4. Re:The Ends Don't Justify The Means by bconway · 2009-04-17 00:26 · Score: 4, Informative
  
  RTFA.
  But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online.
  
  --
  Interested in open source engine management for your Subaru?
5. Re:The Ends Don't Justify The Means by mysidia · 2009-04-17 00:26 · Score: 1
  
  Law enforcement officers have special rights that other citizens don't have; they're not breaking the law per se, but enforcing the law, and getting a special exception to other laws.
  Officers can shoot people. They can steal^H^H^H^H^Hseize shit. They just have to have the right reasons to do it.
  Under the patriot act they can sneak and search (warrantless covert search). CIPAV is just an extension of that, perhaps.
  It would be disturbing if they do/did drive-by installs in a way that could effect innocent bystanders. However, until that gets met with a legal challenge of some sort, the legal process allows them to basically keep on doing it, until some people can prove that they did go outside the bounds of the law (fairly unlikely)
  And now they've deemed they can make and deploy spyware for their searches; the law allows them to do these sorts of things, for the purpose of protecting national security (and finding suspects to put in jail).
  These are just side effects of the Patriot Act.
  What, you thought the patriot act was about finding terrorists??
  Well it is, but it does so much more -- law enforcement get new rights that it would be foolhardy to ignore.
  Of course they're going to use new law enforcement rights of the act against non-terrorists.
  They may use the term 'suspected terrorist', for now to confuse matters, but make no mistake -- in 10 years or so, the enforcers will be openly using their new rights anywhere they want.
6. Re:The Ends Don't Justify The Means by QuantumG · 2009-04-17 00:31 · Score: 0, Flamebait
  
  So if they obtained court authorization to deploy Sarin gas that'd be ok too right?
  Are you saying that when the president does it then it's not a crime?
  
  --
  How we know is more important than what we know.
7. Re:The Ends Don't Justify The Means by Shakrai · 2009-04-17 00:34 · Score: 4, Insightful
  
  So if they obtained court authorization to deploy Sarin gas that'd be ok too right?
  Wow, hyperbole much? How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
8. Re:The Ends Don't Justify The Means by WCMI92 · 2009-04-17 00:38 · Score: 1
  
  "So if they obtained court authorization to deploy Sarin gas that'd be ok too right?
  Are you saying that when the president does it then it's not a crime?"
  Precisely. What is it about the courts that make their actions always sacrosanct even when they are clearly against the letter of the Constitution? By and large we don't get to elect the courts, making it the LEAST democratic institution in government. At the Federal level we don't get to elect ANY of them, and they serve for LIFE and it's practically impossible to remove them from office (few judges are ever impeached, even the really egregious ones who get overturned on appeal all the time).
  Frankly right is right and wrong is wrong, and the courts have just as little respect for the law and our Constitutionally guaranteed freedoms as the elected branches of government. Probably even less so, since they don't even have the pretense of fear of the people throwing them out of office for their actions.
  
  --
  Corporatism != Free Market
9. Re:The Ends Don't Justify The Means by qwerty360 · 2009-04-17 00:40 · Score: 1
  
  The problem is that it is being used internationally. Why should the FBI, even with a court order in America be able to search a PC outside of America. It also sets a nasty precedent as other countries could argue that if the FBI, etc, claims this is legal then their local law enforcement could perform searches of property in America without involving American police etc.
10. Re:The Ends Don't Justify The Means by rackserverdeals · 2009-04-17 00:46 · Score: 4, Funny
  
  Wow. You totally sidestepped the Sarin gas question.
  You must think it's ok to eat babies too.
  
  --
  Dual Opteron < $600
11. Re:The Ends Don't Justify The Means by Shakrai · 2009-04-17 00:47 · Score: 5, Funny
  
  Only if you season them right :)
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
12. Re:The Ends Don't Justify The Means by QuantumG · 2009-04-17 00:49 · Score: 1
  
  Wiretaps are just as unconstitutional too.. but that battle has been fought and lost already.
  Of course, lately they've decided that rubber stamp court authorization isn't even needed.. and that they should just record everything as they might need it later.
  Who says the slippery slope is a logical fallacy.
  
  --
  How we know is more important than what we know.
13. Re:The Ends Don't Justify The Means by Anonymous Coward · 2009-04-17 01:05 · Score: 0
  
  This is of course the most important point in this debate. Not that I expect USA to see it that way, that country has a long history of one-way diplomacy.
14. Re:The Ends Don't Justify The Means by WCMI92 · 2009-04-17 01:07 · Score: 1
  
  Wiretaps are just as unconstitutional too.. but that battle has been fought and lost already.
  
  There are actually limits on wiretaps. They can't just monitor and record ALL phone conversations, for example, they have to break it off when it's not related to what they were authorized to investigate. I seriously doubt that this FBI spyware is as discreet, it probably monitors and records EVERYTHING. This definitely puts this into a legal gray area.
  
  Of course, lately they've decided that rubber stamp court authorization isn't even needed.. and that they should just record everything as they might need it later.
  
  Which is what the Bush administration was doing and clearly there is no "hope" that the Obamessiah is going to "change" in that area.
  
  Who says the slippery slope is a logical fallacy.
  
  Exactly. With Obama's homeland security department deciding to define political opponents as "extremists" and "potential terrorists" we are about to see everything we feared about the potential misuse of the patriot act come to fruition.
  Like all laws passed in a panic, the patriot act IS bad law and is FAR too broad in scope. Had it's power been limited to FOREIGN non US Citizens, it would have been able to do the intended job (give the FBI, et all the ability to investigate plots by known purveyors of terrorism) without granting the government powers that it should NEVER have, the ability to secretly investigate with little to no supervision, oversight, or accountability US citizens with little to no evidence.
  Ironic that the people who I supported at the time despite being of the other party when they objected quite correctly to the patriot act are determined to hang onto that weapon now that they wield it.
  
  --
  Corporatism != Free Market
15. Re:The Ends Don't Justify The Means by Lumpy · 2009-04-17 01:08 · Score: 2, Funny
  
  Rotisserie style!!!!
  Mmmm Baby.... GET IN MY BELLY!
  
  --
  Do not look at laser with remaining good eye.
16. Re:The Ends Don't Justify The Means by Aram+Fingal · 2009-04-17 01:23 · Score: 1
  
  So if they obtained court authorization to deploy Sarin gas that'd be ok too right?
  I'm guessing that you are referring to Operation Tailwind which has largely been debunked. It hasn't been completely proven that the gas wasn't sarin but it seems improbable that it was.
17. Re:The Ends Don't Justify The Means by conureman · 2009-04-17 01:48 · Score: 2, Insightful
  
  It seems that the vast majority of citizens don't understand the concept of Constitutional law, or that by adherence to the supremacy of The Constitution, The People should be protected by the law, from their government. too bad, so sad.
  
  --
  The cost of that cleanup, of course, will be borne by taxpayers, not industry.
18. Re:The Ends Don't Justify The Means by Hatta · 2009-04-17 01:56 · Score: 1
  
  How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?
  If the court authorization specifically lists the data to be siezed, it's not. If the court issues blanket authorization "in a wide variety of cases", it's a fishing expedition.
  
  --
  Give me Classic Slashdot or give me death!
19. Re:The Ends Don't Justify The Means by Vu1turEMaN · 2009-04-17 01:58 · Score: 2, Insightful
  
  Indeed, but they did not obtain court authorization to use it against members of video hosting sites outside of the US 5 years ago. They just used it.
20. Re:The Ends Don't Justify The Means by pentalive · 2009-04-17 02:06 · Score: 1
  
  Sarin Gas is indiscriminate. The FBI tool is specific.
21. Re:The Ends Don't Justify The Means by Muad'Dave · 2009-04-17 02:35 · Score: 1
  
  This must be your license plate.
  
  --
  Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
22. Re:The Ends Don't Justify The Means by Actually,+I+do+RTFA · 2009-04-17 02:43 · Score: 2, Insightful
  
  Well, the Constitution doesn't protect people who are not US citizens and in different countries...
  
  --
  Your ad here. Ask me how!
23. Re:The Ends Don't Justify The Means by divisionbyzero · 2009-04-17 02:51 · Score: 2, Insightful
  
  Read the article. They went through the courts. However the fourth amendment not only requires a court order it requires that the search be limited in scope in duration. That's why AT&Ts indiscriminate monitoring of all users traffic is a violation of the fourth amendment even though it was court ordered.
24. Re:The Ends Don't Justify The Means by hairyfeet · 2009-04-17 02:55 · Score: 1
  
  Is it a REAL court, or a "rubber stamp" court like FISA? Because there is a BIG difference between an actual court with an actual judge that weighs the evidence VS a court that says "sure, whatever you want is fine."
  It seems to me the fed has been getting WAY too much power lately and it really wouldn't surprise me if they had a nice rubber stamp court that would let them deploy this on just about anyone (except against someone else working for the fed, of course) with the flimsiest of excuses. Power unchecked is power abused.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
25. Re:The Ends Don't Justify The Means by vertinox · 2009-04-17 03:02 · Score: 3, Insightful
  
  How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?
  I think the problem is that they posted the monitoring tool to a website where anyone could come across and get infected and get monitored.
  In those instances, there was no prior suspicions that is needed for a warrant. You cannot randomly search 100 people's houses hoping to find a criminal the same way you can't put software out there to find out whether or not these people are the criminal.
  In fact... TFA says the FBI agent was disappointed when the person they hope to infect was not infected so I'm assuming others were who were not the target of the warrant.
  
  --
  "I am the king of the Romans, and am superior to rules of grammar!"
  -Sigismund, Holy Roman Emperor (1368-1437)
26. Re:The Ends Don't Justify The Means by Anonymous Coward · 2009-04-17 03:07 · Score: 0
  
  I only eat straw men.
27. Re:The Ends Don't Justify The Means by cyberchondriac · 2009-04-17 03:48 · Score: 2, Insightful
  
  "How is this not breaking the law?
  Breaking the law to enforce the law.. way to piss on justice."
  Actually, when you think about it, the police regularly break the law to uphold it. Look at how they catch speeders: They usually have to speed themselves to catch up to the speeder in order to pull him over, or they even might just tail behind a speeder for a while and clock him with their own speedometer - thus breaking the law themselves by speeding themselves.
  To a degree, in general, law enforcement has to operate a little outside the law, at times, to do the job. At times. I'm not saying give them carte blanche or anything stupid like that, but they require some slack, here and there, or the goal would likely be impossible to achieve.
  
  Is the furor over this system they deployed, or over the matter of obtaining warrants to use it? Without such a system, they'd be relatively crippled in their ability to catch real net criminals and cyber-terrorists, and if they failed in that endeavor, everyone would just bitch about how useless they are, why aren't they doing something about crime, etc.
  It seems lose-lose no matter what "they" do - either they're going to be accused of being ineffective at stopping crime/terrorism, or accused of stomping on everyone's rights, even when they follow the protocols and procedure.
  If there are better alternatives, what are they?
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
28. Re:The Ends Don't Justify The Means by WCMI92 · 2009-04-17 04:30 · Score: 1
  
  If the court authorization specifically lists the data to be siezed, it's not. If the court issues blanket authorization "in a wide variety of cases", it's a fishing expedition.
  
  That is correct. Warrants are supposed to only be issued for a specific person, a specific place, and for specific things, based on enough EVIDENCE to show to a judge "probable cause" that the search specified would provide further evidence. They are not supposed to be "carte blanche" permits to conduct fishing expeditions, which sounds to me what this spyware actually does.
  
  --
  Corporatism != Free Market
29. Re:The Ends Don't Justify The Means by kpainter · 2009-04-17 04:50 · Score: 1
  
  So if they obtained court authorization to deploy Sarin gas that'd be ok too right? Are you saying that when the president does it then it's not a crime?
  Press [OK] now to install the "Awesome Toolbar" from fbi.gov
30. Re:The Ends Don't Justify The Means by Mister+Whirly · 2009-04-17 05:07 · Score: 1
  
  "So if they obtained court authorization to deploy Sarin gas that'd be ok too right?"
  
  Yep, it is called the gas chamber and it was last used in 1999 in Arizona. Capital punishment IS still legal in some states. Is it right? Hard question to answer, but it is still legal and that is what matters the most to governments.
  
  "Are you saying that when the president does it then it's not a crime?"
  
  Well, according to "Tricky" Dick Nixon, no when the president does it, it isn't a crime. Look how well that worked out for him! Bush claimed it was also true, and now Obama's group is making the same claim.
  
  --
  "But this one goes to 11!"
31. Re:The Ends Don't Justify The Means by mccrew · 2009-04-17 05:21 · Score: 1
  
  So far, all the evidence presented indicates that the FBI obtained court authorization as required by law.
  So what is your point, exactly?
  
  --
  Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
32. Re:The Ends Don't Justify The Means by Anonymous Coward · 2009-04-17 05:36 · Score: 1, Informative
  
  Actually, when you think about it, the police regularly break the law to uphold it. Look at how they catch speeders: They usually have to speed themselves to catch up to the speeder in order to pull him over, or they even might just tail behind a speeder for a while and clock him with their own speedometer - thus breaking the law themselves by speeding themselves.
  Not to be pedantic, but this isn't a good analogy since many laws are written with specific exemptions for law enforcement during the performance of their official duty.
33. Re:The Ends Don't Justify The Means by DM9290 · 2009-04-17 05:42 · Score: 1
  
  Another thing that has always bothered me is that law enforcement lying to citizens is routine and legal, but lying to law enforcement is a crime (even if you don't know the person you are talking to is law enforcement).
  (emphasis added)
  I don't think you've got it right. It would violate a fundamental principle of justice to turn a completely innocent act into a criminal offense on the basis of facts that a person could not possibly know.
  This has a chilling effect on the innocent act and specifically on the 1st amendment right to tell a lie.
  the only reason lying to cops is illegal is because when they ask you something, they aren't asking for your opinions or your creativity, but rather they are trying to solve a crime and intentionally lying in that situation is tantamount to aiding and abetting. If you don't know the question pertains to an investigation (because you don't know its a cop) then whatever you say has nothing to do with your motivations towards trying to help criminals get away.
  I am doubtful such a statute exists, or that it could hold up to scrutiny. By any chance do you have the relevant statute for us to see?
  This is not an analogous situation to the law that typically converts murdering a cop into first degree murder whether or not you knew they are a cop. Murdering anyone whatsoever is always illegal.
  
  --
  No one has a right to their *own* opinion. They have a right to the TRUTH.
34. Re:The Ends Don't Justify The Means by der+wachter · 2009-04-17 06:27 · Score: 1
  
  The truth is what everybody agrees upon. The law is what a few people agree upon.
35. Re:The Ends Don't Justify The Means by Teufelsmuhle · 2009-04-17 07:15 · Score: 1
  
  "Stop throwing the Constitution in my face. It's just a goddamned piece of paper!"
36. Re:The Ends Don't Justify The Means by Vu1turEMaN · 2009-04-17 09:40 · Score: 1
  
  Who said that all of the mods and administrators were in the UK?
37. Re:The Ends Don't Justify The Means by AceofSpades19 · 2009-04-17 13:43 · Score: 1
  
  Is the furor over this system they deployed, or over the matter of obtaining warrants to use it? Without such a system, they'd be relatively crippled in their ability to catch real net criminals and cyber-terrorists, and if they failed in that endeavor, everyone would just bitch about how useless they are, why aren't they doing something about crime, etc.
  OH NOES teh cyber-terrorists are going to get me, what are they going to do?, blow up my computer? Anyone that uses the term cyber-terrorists seriously loses a lot of credibility
38. Re:The Ends Don't Justify The Means by zoloto · 2009-04-17 14:38 · Score: 1
  
  Well, only if you're female. If so I'd be happy to oblige you.
39. Re:The Ends Don't Justify The Means by rastoboy29 · 2009-04-17 18:29 · Score: 1
  
  To be fair, do we not allow police to speed and run red lights when they're doing their jobs?
  
  --
  expandfairuse.org
40. Re:The Ends Don't Justify The Means by James+Skarzinskas · 2009-04-18 09:33 · Score: 0
  
  I bet the FBI is responsible for Smiley Central, too.
  Say somethin'!
Linux version? by MrKaos · 2009-04-17 00:22 · Score: 4, Funny

I wonder if they have a Linux version?

--
My ism, it's full of beliefs.
1. Re:Linux version? by srollyson · 2009-04-17 01:12 · Score: 4, Insightful
  
  This paragraph from TFA is telling:
  
  In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."
  Seems like the FBI exploits browser vulnerabilities a la the Pwn2Own contest in order to deliver CIPAV, but CIPAV itself might not run in linux. I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident. Probably a bash or perl script so they don't have to worry about different architectures.
  On a side note, there was probably some good porn on that page for the hacker to load it 30 times.
2. Re:Linux version? by v1 · 2009-04-17 01:23 · Score: 1
  
  Reminds me of a certain recent xkdc but I know there was one that hit closer to home. Something along the lines of, "Drat! He's running linux! foiled again!"
  
  --
  I work for the Department of Redundancy Department.
3. Re:Linux version? by MrKaos · 2009-04-17 03:43 · Score: 1
  
  I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident.
  Recently I read 'The Uncensored History of the 9/11 Investigation' which noted that 9/11 investigators were shocked how behind the FBI was in terms of technological capabilities when compared to the NSA or the CIA. I was surprised to read that in many FBI offices there was only a single computer per floor!!!. However the next paragraph...
  
  The agent phoned the FBI's Special Technologies Operations Unit for "urgent" help, expressing "the valid concern that the Unsub hackers would be 'spooked.'" But two days later the hacker, or a different one, visited the site again and "the system was able to deliver a CIPAV and the CIPAV returned data."
  Perhaps the *ahem* cracker discovered the FBI's attempts to infect his machine and potentially, to put them at ease after discovering the FBI's attempt, re-visited with a machine they were capable of infecting. What data did it deliver? www.recipies.com? I know if I visited a website that failed to infect my machine I might be so inclined to gather data on what was trying to do it, especially if I was conducting nefarious activities. Seems a bit clumsy for law enforcement, but hey you're right, they probably learned, so lets move on.
  Reason I bring it up is that internally the 9/11 commission came very close to recommending the FBI be disbanded but for serious smoozing from the FBI director Robert Mueller who was 'determined to save the FBI'. Instead the recommendations were for an American domestic intelligence service, like the British MI5, be set up and what resulted was The Department of Homeland Security.
  Now I'm not criticising the FBI here, but, for an organisation that treated it's counter-terrorism operatives like personal assistants and clearly didn't take counter-terrorism seriously before 9/11 because it wouldn't result in the type of arrests that would get an agent promoted - this looks a lot like counter-terrorism. Also telling for what it implies...
  
  The records also indicate that the FBI obtained court orders from the Foreign Intelligence Surveillance Court, which covers foreign espionage and terrorism investigations, but the details are redacted.
  I was being sarcastic with the 'I wonder if they have a Linux version' remark I was just surprised that the FBI now happens to be using spyware, like technology now means something to the FBI, so I did a quick search and sure enough Director Mueller spells it out for us with this paragraph...
  
  Today, our mission has changed dramatically and our budget reflects this change. For FY 2005 the FBI is requesting a total of $5.1 billion, an increase of about $525 million over the FY 2004 enacted level. This includes net increases totaling $324.6 million and 948 new positions, 307 of which are agents. Approximately 44 percent of the funding is allocated to counterterrorism and counterintelligence-or about $2.2 billion and 12,466 positions. Compared to FY 2001, this represents more than double the amount of funding and equates to an 80 percent increase in the number of people devoted to the counterterrorism and counterintelligence missions.
  Seems to me the Director Mueller (to his credit) has instigated a seismic shift in the way the FBI operates internally. But "foreign espionage and terrorism investigations" isn't that the DOHS responsibility? "terrorism investigations" that doesn't imply the FBI's priority is necessarily arrests. So I'm wondering perhaps we are looking at a turf war between the DOHS and the FBI? I bet those missing 632 pages are an interesting read, especially since the article focuses on 'law enforcement' activities of the FBI spyware.
  I doubt there is just one type of government spyware out there, if i
  
  --
  My ism, it's full of beliefs.
4. Re:Linux version? by srollyson · 2009-04-17 03:56 · Score: 1
  
  Apologies about the "hacker" faux pas.
  Anyway, you might be right about the cracker coming back with a honeypot. I wish I was a fly on the cracker's wall so I could see how this played out.
  As far as gov't grey-hats go, there is definitely a turf war between agencies. Hell, even the Air Force wants a piece of the pie. God help us all!
5. Re:Linux version? by MrKaos · 2009-04-17 04:05 · Score: 1
  
  Apologies about the "hacker" faux pas.
  Oh, it wasn't directed at you. I mean Wired, you'd think they would know their audience a bit better.
  
  God help us all!
  Indeed. Life, liberty and the pursuit of happiness, in carefully monitored and regulated doses. -- Thanks for the link
  
  --
  My ism, it's full of beliefs.
6. Re:Linux version? by HexaByte · 2009-04-17 05:14 · Score: 1
  
  Well, they can get a Linux version if they want to, I keep a copy of BeOS around do do all my illegal hacking with! ;)
  
  --
  HexaByte - he's a square and a half!
7. Re:Linux version? by Anonymous Coward · 2009-04-17 06:09 · Score: 0
  
  "I wonder if they have a Linux version?"
  They don't need a Linux version. If you're using Linux they already know you're guilty of something.
8. Re:Linux version? by Anonymous Coward · 2009-04-17 08:47 · Score: 0
  
  If you're using Linux they already know you're guilty of something.
  Yes, Darl McBride clearly showed this Linux users are "anti-American" and thieves in various press releases. Too bad he only stepped on his own feet during the court trial dances he performed.
9. Re:Linux version? by Old+Sparky · 2009-04-17 10:35 · Score: 0
  
  Hell yes there's a Linux version - spread by /.
10. Re:Linux version? by AHuxley · 2009-04-17 19:24 · Score: 1
  
  Go for a hardware logger.
  Linux might come with a Tripwire like software, ie too many unknown, unlike windows, the Feds best friend.
  
  --
  Domestic spying is now "Benign Information Gathering"
RIAA software by snfnstm · 2009-04-17 00:23 · Score: 1

FTA :

"After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "
Let's hope the RIAA doesn't get it's hands on this.
1. Re:RIAA software by WCMI92 · 2009-04-17 00:32 · Score: 5, Insightful
  
  "FTA :
  "After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "
  Let's hope the RIAA doesn't get it's hands on this."
  What I'd like to see is an open source antivirus/antispyware suite that WILL detect this. I own my computer, not the government, therefore I have a right to know what is running on it and to decide what is and isn't going to run on it.
  I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.
  Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.
  That's why I opposed and still oppose the patriot act... Not because I am against going after the actual JIHADI terrorists who have and are attacking our country, but because government abuse of it and turning it on law abiding citizens was inevitable.
  Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.
  
  --
  Corporatism != Free Market
2. Re:RIAA software by Binestar · 2009-04-17 00:34 · Score: 1
  
  I think that if it were reported to the antispyware venders that it would be included. The problem is that it's a targeted install, so the infection rate is very low, as such it has probably never been seen by the antispyware venders at all, let alone examined well enough to detect.
  
  --
  Do you Gentoo!?
3. Re:RIAA software by Shakrai · 2009-04-17 00:38 · Score: 2, Insightful
  
  What I'd like to see is an open source antivirus/antispyware suite that WILL detect this.
  Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......
  
  I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.
  It is if you are under a court approved investigation for something.
  
  Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.
  That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?
  
  Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.
  Of course he isn't. Every President since Washington has tried to expand Executive power. Anybody who seriously thought Obama would be any different drank too much of the change kool-aid. Hell, I wasn't even delusional enough to think he would change this trend even back when I supported him.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
4. Re:RIAA software by WCMI92 · 2009-04-17 00:54 · Score: 1
  
  That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?
  
  You are assuming the Obama administration will respect the law OR be held to account to it to any greater degree than previous administrations.
  The patriot act is extremely powerful. They can, under this act, by simply declaring the target a "terrorist" (and I believe the homeland security report on "right wing extremists" was no accident, that it was done to set that pretext) act first and get court approval later. They can wiretap, they can install stuff like this, they can force libraries to divulge what books you have read (and it's a crime if you are interviewed to divulge that you were), and other Orwellian actions.
  All legal to do, if they eventually get court approval, or never actually USE the information acquired directly.
  When I see an administration calling people who protest peacefully and lawfully in favor of limited government and their Constitutional rights "extremists" and "potential terrorists" while at the same time intervening into the private economy to an unprecedented degree and acquiring more control over it than ever, I think that concern about them abusing such things as the patriot act and this spyware isn't paranoia.
  
  --
  Corporatism != Free Market
5. Re:RIAA software by Shakrai · 2009-04-17 01:05 · Score: 1
  
  I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?
  The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
6. Re:RIAA software by Shakrai · 2009-04-17 01:10 · Score: 1
  
  Shoot, I hit reply too soon. Here's the best part of that document for anyone that thinks you are being paranoid: (emphasis mine)
  
  Rightwing extremism in the United States can be broadly divided into those groups, movements, and adherents that are primarily hate-oriented (based on hatred of particular religious, racial or ethnic groups), and those that are mainly antigovernment, rejecting federal authority in favor of state or local authority, or rejecting government authority entirely. It may include groups and individuals that are dedicated to a single issue, such as opposition to abortion or immigration.
  So I guess if you are a Libertarian you warrant inclusion with the likes of David Duke and the KKK. What the fuck is wrong with this picture? Why aren't more people talking about this?
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
7. Re:RIAA software by WCMI92 · 2009-04-17 01:26 · Score: 3, Interesting
  
  I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?
  
  I'm not saying they shouldn't have it and that it shouldn't be used WHEN proper authorization is obtained in accordance with the Constitution, WITH proper supervision, and LIMITED, as the 4th Amendment requires, to "particularly describing the place to be searched, and the persons or things to be seized". It sounds to me from the article that the FBI is capturing ALL activity with this, even that which is unrelated to their authorized investigation. There is no way that is within the letter or spirit of the 4th Amendment.
  
  The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?
  
  Well, the current administration has grabbed more power in 3 months than the government has in 30 years. Clearly, they are afraid that opposition to that (and future planned power grabs) is going to do nothing but grow, and that it's naturally going to come from the people who would be classified as being "from the right" and the people they will naturally have to FEAR (and government fear of the people as an incentive to obey the Constitution's restrictions on their power IS the actual purpose of the 2nd Amendment) are people who own firearms.
  I know it sounds crazy, and hopefully is, but when you combine the "perfect storm" of a major economic crisis, single party control of government, and a desire to impose more central control (healthcare, industry, etc) with the patriot act which gives that single party the actual AUTHORITY to investigate and even arrest their opposition on a whim we very well might be the closest we've ever been to a Hugo Chavez type authoritarian coup.
  And watching the major media drool over "Dear Leader" to the extent that they do is disgusting. What happened to the skepticism and criticism of the government? Is there not just as much a need for journalists to investigate Obama as they did Bush, especially when he's asking for unprecedented power and control? Or does it matter only when the agenda doesn't suit the personal beliefs of the media?
  
  --
  Corporatism != Free Market
8. Re:RIAA software by Thelasko · 2009-04-17 02:25 · Score: 1
  
  the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists"
  You wouldn't happen to have a citation for this information, do you?
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
9. Re:RIAA software by couchslug · 2009-04-17 02:26 · Score: 1
  
  "What I'd like to see is an open source antivirus/antispyware suite that WILL detect this."
  Prevent it being installed in the first place.
  If you boot a physical live CD, it cannot write to the disc, nor can any other nasties. Use writable media for storage.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
10. Re:RIAA software by Shark · 2009-04-17 02:59 · Score: 1
  
  Actually, all you have to do is respect the constitution if the part you highlighted is right. Libertarian, Republican, Democrat or any other... So long as you agree with what the constituion calls for (limited federal authority in favor of stare or local), you are a mean nasty terrorist.
  
  --
  Mind the frickin' laser...
11. Re:RIAA software by Shakrai · 2009-04-17 02:59 · Score: 1
  
  There is no way that is within the letter or spirit of the 4th Amendment.
  FWIW I agree with you. I've also talked to members of law enforcement who have worked wiretaps and was told by them that they are required to stop listening even when they have an approved wiretap when it becomes apparent that the conversation isn't material to the matter at hand. I.e: If they have a wiretap on a suspected drug dealer they aren't supposed to keep listening when he starts having phone sex with his girlfriend. That seems to be the way it should work if you take the 4th amendment seriously.
  
  I know it sounds crazy, and hopefully is, but when you combine the "perfect storm" of a major economic crisis, single party control of government
  Well, there's always the Judicial Branch, but your point is well taken.
  
  And watching the major media drool over "Dear Leader" to the extent that they do is disgusting. What happened to the skepticism and criticism of the government? Is there not just as much a need for journalists to investigate Obama as they did Bush, especially when he's asking for unprecedented power and control?
  I don't know how much the "major media" even bothered to investigate Bush. How many serious questions were asked about the Patriot Act before it passed? How many were asked about Iraq before we went to war? The Fourth Estate is a sad joke and has been for sometime. What's worse is that the politicians in both parties have figured out how to game the system and the reporters who cover them are entirely too friendly with the people they are supposedly monitoring on our behalf.
  And yes, the drooling over Obama is absolutely sickening. So is the new push coming from the mainstream media (catch 20/20 by any chance?) for gun control. It's pretty sad when I have to go to Faux News of all places to find an alternative point of view on a major political issue because every other media source isn't even pretending to cover both sides of the issue.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
12. Re:RIAA software by Shark · 2009-04-17 03:00 · Score: 1
  
  http://it.slashdot.org/comments.pl?sid=1202103&cid=27610881 provided a citation...
  
  --
  Mind the frickin' laser...
13. Re:RIAA software by PhxBlue · 2009-04-17 03:16 · Score: 1
  
  Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.
  Oh, bullshit. This report is talking about people like Eric Robert Rudolph, like Timothy McVeigh and like Eric Nichols. It defines the term "rightwing extremist" on the second page:
  
  Rightwing extremism in the United States can be broadly divided into those groups, movements, and adherents that are primarily hate-oriented (based on hatred of particular religious, racial or ethnic groups), and those that are mainly antigovernment, rejecting federal authority in favor of state or local authority, or rejecting government authority entirely. It may include groups and individuals that are dedicated to a single issue, such as opposition to abortion or immigration. (Emphasis mine)
  
  Unless you're planning or threatening to shoot people or blow up a federal building, I don't think you have to worry about this. Call me back when the Obama administration starts labeling everyone who disagrees with them on foreign policy as potential terrorists and raising the alert level anytime politically inconvenient news hit the mainstream media, the way our previous administration was so fond of doing.
  
  --
  !#@%*)anks for hanging up the phone, dear.
14. Re:RIAA software by Thelasko · 2009-04-17 03:24 · Score: 1
  
  Here's the best part of that document for anyone that thinks you are being paranoid:
  I ran a search on the text of that "document." All I found were a bunch of right wing political blogs. Do you have a verifiable source?
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
15. Re:RIAA software by Shakrai · 2009-04-17 03:31 · Score: 1
  
  I can't seem to find it on DHS (probably because it's marked for official use only) but both Michele Malkin and Huffington Post have the document online. I highly doubt those two agreed to jointly release a faked version. Incidentally, here's a gem from some dude on Redstate in response to the bit about rejecting Federal authority in favor of state or local control:
  Liberals, please note: that includes people who argue that individual states have the right to decriminalize marijuana, permit the sale of raw milk, allow assisted suicide, or recognize same-sex marriages. If you're one of those people, welcome to the Vast Right-Wing Conspiracy: here's your accordion.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
16. Re:RIAA software by Thelasko · 2009-04-17 03:42 · Score: 1
  
  Better aricles:
  US News and World Report.
  Washington Post
  Associated Press
  It took me a while to find as some of the spelling is different than above. No offense, but I need to hear something that inflammatory from a source other than a blog.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
17. Re:RIAA software by OctaviusIII · 2009-04-17 04:02 · Score: 1
  
  To me, that's more along the lines of the nullification doctrine: declaring that states and local government have a right to ignore anything the federal government mandates. Hence the "rejection of federal authority" rather than "preference against federal authority". Coincidentally, anarchists get labeled right-wing extremists in this passage - provided there isn't clarifying context, of course.
  
  --
  What's this? Another weblog? On transit?
18. Re:RIAA software by Shakrai · 2009-04-17 04:11 · Score: 1
  
  Fair enough. That US News link is pretty good. Put it in my journal entry about the subject. Now that you've confirmed it, what are your thoughts?
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
19. Re:RIAA software by Anonymous Coward · 2009-04-17 04:20 · Score: 0
  
  Where were you when left wing groups were being labeled terrorist organizations?
20. Re:RIAA software by Thelasko · 2009-04-17 04:27 · Score: 1
  
  Now that you've confirmed it, what are your thoughts?
  I think she was trying to say that there are people out there like Timothy McVeigh and David Koresh, that we should worry about. This has always been the case. Unfortunately, her description was so broad it ended up describing everyone in the USA.
  
  I also think that when the right wing is in control, there tends to be more left wing extremism, and vise versa. If she explained it that way, more people would understand.
  
  I agree that the document should be redacted. It really serves no purpose, as everyone knows those kinds of people exist. Her poor choice of words only made things worse.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
21. Re:RIAA software by Sylver+Dragon · 2009-04-17 04:50 · Score: 1
  
  required to stop listening even when they have an approved wiretap when it becomes apparent that the conversation isn't material to the matter at hand.
  
  While I agree with the premise, I'm not sure this is as workable in a program which is collecting IP addresses and URLs as it is for a human being listening in. It is quite possible to be visiting an IP address which is hosting both normal and illicit sites at the same time. And URLs can be very deceiving; remember what whitehouse.com was for the longest time? What logical algorithm do you use to say, "this is involved, this is not". Unfortunately, the technology isn't really there. While the premise of limited scope is good, I think we have to let the warrant be for all URL's and IP addresses visited within a certain time frame, by a particular person.
  
  Well, there's always the Judicial Branch, but your point is well taken.
  
  The scary thing about this is that the same people who are now being labeled extremists, are the very same people who were attacking the Judicial Branch a couple years ago. I swear if I hear someone mutter, "judicial activism" or "legislating from the bench" one more time, I'm going to beat them with a wet, rolled up copy of the Federalist Papers. While the idea of Judicial Review is still somewhat controversial, they really are the last legal bulwark against unconstitutional laws.
  
  The Fourth Estate is a sad joke and has been for sometime.
  
  Amen, our news organizations have abandoned journalism for sensationalism. And the reason is simple, it makes more money. There is a small piece of me that holds out the hope that the internet and the ease of publishing information will help this a bit; but, the rest of me realizes that the cost, both in money and time, of doing good investigative journalism is way to high for the average person. I'm afraid that we're caught between the horns of the bull. One one hand people aren't willing to pay for good journalism, and aren't really willing to spend the time reading and digesting it either; on the other hand, no one is watching the government and it is growing into an even larger monster.
  
  --
  Necessity is the mother of invention.
  Laziness is the father.
22. Re:RIAA software by moeinvt · 2009-04-17 05:03 · Score: 1
  
  "It defines the term "rightwing extremist" on the second page . . ."
  Including the section:
  "those that are mainly antigovernment, rejecting federal authority in favor of state or local authority . . . and individuals that are dedicated to a single issue, such as opposition to abortion or immigration."
  The idea of rejecting Federal authority in favor of state authority is enshrined in the U.S. Constitution, which is supposed to be the highest law of the land. The Right to Keep and Bear Arms is also explicitly included in The Constitution. How can people who advocate this viewpoint be "right wing extremists"? It's interesting that they've gone to this much trouble to figure out which particular political beliefs might be associated with terrorism. Notice that nobody in the government will ever suggest that terrorists could be motivated by our unconditional support of Israel or any other aspect of U.S. foreign policy. Those people just "hate our freedom".
  The definition of "terrorism" and "terrorists" is a CRITICAL distinction because under the Bush doctrine, and facilitated by acts of Congress, anyone that the great emperor accuses of being a "Terrorist" can be incarcerated indefinitely without access to legal counsel, with no ability to challenge his/her detention in a court of law, and without any sort of due process.
  "Unless you're planning or threatening to shoot people or blow up a federal building, I don't think you have to worry about this."
  Oh, bullshit. I'm not planning to do any of the above, and this Orwellian report that associates violent extremism and acts of terrorism with political beliefs chills me to the bone. It seems like the Federal government is developing this adversarial relationship with the People, and that anyone who dares to oppose them in any way is a "terrorist". I'm a vocal advocate of shrinking the Federal government and getting them back within their Constitutional constraints. Obviously that would mean that they have fewer personnel, less funding, and less power. I guess that makes me a "threat" to them, even if my methods are entirely peaceful.
23. Re:RIAA software by Jah-Wren+Ryel · 2009-04-17 05:23 · Score: 1
  
  The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?
  Typically anti-terrorism FUD is all. I expect it came out of one of those "regional anti-terrorism centers" like the report out of the one in Louisiana that said Ron Paul supporters were potential terrorists. I wouldn't give obama's administration credit for anything coming out of those places, it is just a symptom of them having waaaay too much money and not enough real terrorists to spend it on, so they make up bogeymen instead. I've been hoping the economic crisis would reign in all that waste, maybe it still will.
  
  --
  When information is power, privacy is freedom.
24. Re:RIAA software by PhxBlue · 2009-04-17 08:30 · Score: 1
  
  Oh, bullshit. I'm not planning to do any of the above, and this Orwellian report that associates violent extremism and acts of terrorism with political beliefs chills me to the bone.
  Really? It took this report to do that? Where the fuck have you been the last eight years? And why weren't Limbaugh, et al, complaining about the draconian measures when it was the Bush team in control? As much as I understand where you're coming from, I have absolutely no sympathy, because this is what the rest of the country had to put up with under the Bush administration.
  You also missed the "AND" conjunction immediately before the section you quoted. That word, to me, means they're defining right-wing extremists as people who meet both groups of conditions. That's what AND means, isn't it?
  
  --
  !#@%*)anks for hanging up the phone, dear.
25. Re:RIAA software by BJ_Covert_Action · 2009-04-17 08:41 · Score: 1
  
  I have a right.....
  Famous last words. Now in the eyes of the government/media you are an extremist, paranoid, potential terrorist, and you have something to hide. Funny how those last words used to be a rallying cry for freedom.
  
  --
  Motorcycles, Robots, Space Gossip and More!
26. Re:RIAA software by Anonymous Coward · 2009-04-17 12:16 · Score: 0
  
  http://www.clamwin.com
  Someone send them a sample
27. Re:RIAA software by moeinvt · 2009-04-22 03:32 · Score: 1
  
  I wasn't talking about the last 8 years, I was talking about the recent report from the DOHS. Don't throw me into the same bucket as Limbaugh, Hannity and any of the other mainstream media arse-wipes. They're complete hypocrites, and the "concerns" that they have about this are obviously disingenuous. My principles are genuine and unwavering. I've been vehemently opposed to The Patriot Act, warrantless surveillance, telecom immunity, military commissions, secret prisons, torture, use of violence against protestors at the RN convention, and all of the other abuses that occurred during the Bush administration.
  I know that in the Bush years, law enforcement and various moles infiltrated peace activist and environmental groups, and that they used "terrorism" legislation to go after at least one of the ELF guys. However, I don't recall any official document equating politcal beliefs (e.g. peace, environmentalism,animal rights) with domestic terrorism. If there was such a document, I'd be disturbed by that too.
  Sorry, I don't see your conjunction logic at all. I think you're misreading it. Here's the full excerpt for reference
  ---------------
  Rightwing extremism in the United States can be broadly divided into those groups, movements, and adherents that are primarily hate-oriented (based on hatred of particular religious, racial or ethnic groups), AND those that are mainly antigovernment, rejecting federal authority in favor of state or local authority, or rejecting government authority entirely. It may include groups and individuals that are dedicated to a single issue, such as opposition to abortion or immigration.
  --------------
  The report is definitely not claiming that those who have "belief system A" AND "belief system B" (i.e. an individual or group that subscribes to both sets of beliefs) are the potential domestic terrorists. It's stating that Group A (so-called hate groups) AND Group B (advocates of limited government) are both domestic terrorist threats.
  Glad that you see where I'm coming from. Don't mistake the legitimate concerns of your fellow citizens for partisan politics . . . and just IGNORE the mainstream media who have a vested interest in keeping the people divided.
  Cheers
Re:Apple Tax by alen · 2009-04-17 00:38 · Score: 1

did you miss the story about the ibotnet full of macs yesterday?
Does it work with dumb browsers? by davidwr · 2009-04-17 00:46 · Score: 2, Interesting

Does it work with browsers that are too dumb to run scripts or active content?
Does it work with browsers that have scripting and active content disabled?
What useful information does it provide if someone is using a proxy-router-boot-cd environment, besides other web sites visited during that session and perhaps traceroute-type information?
What useful information does it provide if someone is using a boot-cd environment behind a router that connects to the proxy? Traceroute-type information won't be helpful there.
Using dumb/old browsers, disabling active content, using proxy boot cds, and using boot cds behind routers are all things an unsophisticated user can do using turnkey solutions. The only skill required is "download and install software" for the first two, "download and burn a CD image and boot with it" for the third, assuming of course your computer BIOS boots to CD by default as most do. For the 4th, add the step of "go buy a computer and have them install a second network card, and download and burn 2 CDs, one for each computer." Not hard. I don't know if there is a turnkey set of CDs for #4 out yet but I wouldn't be surprised if there is. If there is not today, there may be one tomorrow.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
exactly what I thought... by Aut0mated · 2009-04-17 00:47 · Score: 1

having read the story and seeing that one target hit the site 29 times without it dropping its payload due to a 'compatibility issue'.
Consider yourself lucky guys... by Noxneo · 2009-04-17 00:52 · Score: 2, Informative

Here in France, we're close to having to install a spyware on our computer NOT to go in jail and pay a huge amount of money after 3 unproven accusations.
1. Re:Consider yourself lucky guys... by Anonymous Coward · 2009-04-17 00:55 · Score: 0
  
  Here in France, we're close to having to install a spyware on our computer NOT to go in jail and pay a huge amount of money after 3 unproven accusations.
  That's nothing. In Soviet Russia, spyware installs you!
All sounds very Windows like by AHuxley · 2009-04-17 01:08 · Score: 2, Interesting

But as you read down, some interesting details.
"The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks."
The feds note your interests as you type, not your proxy for the day 1/2 around the world.
What was once a hardware logger install is now your clicking on a link.
"alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website."
Seems like someone was using a Mac or Linux/other OS?
What do people think? A deep dark federal/MS approved/AV hidden effort?
Or in house/turned/tame spyware author ?
Would Tripwire save you :) ???
The MAC address part reminds me of hints about the anti p2p software called "Operation Fairplay"
http://news.cnet.com/8301-10784_3-9920665-7.html

--
Domestic spying is now "Benign Information Gathering"
1. Re:All sounds very Windows like by Lehk228 · 2009-04-17 09:47 · Score: 1
  
  firefox+noscript should protect you, unless you are running untrusted active content i doubt there is anything that they could hook to.
  
  --
  Snowden and Manning are heroes.
2. Re:All sounds very Windows like by dextermanas · 2009-04-17 14:45 · Score: 1
  
  Firefox+NoScript is no good if the OS itself has bugs. I'd recommend Opera instead. Case in point: The Animated Cursor vulnerability a couple of years ago. Firefox allowed the exploit while Opera didn't.
3. Re:All sounds very Windows like by Lehk228 · 2009-04-27 14:39 · Score: 1
  
  if i was going to do something that would attract personal attention from an FBI agent it would be on a browser like off-by-one or something else nobody uses, and it would be running inside a VM so every time i connect it's a fresh load and there wouldn't be anything interesting to see if someone did manage to drop a remote control on me. well nothing interesting except the windows 95 OS I would be running.
  
  --
  Snowden and Manning are heroes.
But if it works based on clicking links... by dyingtolive · 2009-04-17 01:13 · Score: 2, Insightful

CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia.
But if it works based on clicking links that presumably take you to the installer, how on earth can you guarantee that your target is going to click on it at all? You'd either have to direct it specifically to the Mark, and hope that he responds, or you'd have to put it someplace so completely mainstream that hundreds of other people click on... oh, shit. I think I'm having an OS reinstall party this weekend.

--
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
1. Re:But if it works based on clicking links... by Anonymous Coward · 2009-04-17 01:21 · Score: 0
  
  You create a fake myspace profile, with pictures of a hot but believable chick, of course.
  I was in the FBI for a few years back in college.
2. Re:But if it works based on clicking links... by work90usdfjsldf9 · 2009-04-17 03:02 · Score: 3, Informative
  
  *Sigh* Please RTA.
  
  One person was sent the URL in a private myspace chat. Another was trying to extort the cable companies and had given them a private URL (presumably something like www.comcast.com/skldflksdf/freemoney4me.html) to post their response to. The FBI then set up that page to use a browser exploit to install the logger.
  
  All instances were done under court order with almost the same restrictions and provisions a normal wiretap would have.
3. Re:But if it works based on clicking links... by dyingtolive · 2009-04-17 04:14 · Score: 1
  
  Okay, I skimmed TFA. I still don't understand how this has even a 10% margin of success. Speaking in regards to myself, if I was doing anything that warranted the FBI singling me out that I was aware of, I would be much more paranoid than I currently am about going to strange links. Especially ones sent to me from people I don't know. Especially when I use one service and the reply is trying to bait me into going to somewhere I've never heard of. Most of the time I see stuff like that on blogs that is just rampant spam. The whole thing just feels too flimsy to actually be useful. I don't see how they're giving the real story.
  
  --
  Support the EFF and Creative Commons. The war is coming, and they're supporting you...
4. Re:But if it works based on clicking links... by HexaByte · 2009-04-17 05:23 · Score: 1
  
  *Sigh* Please RTA.
  
  Uhm, did you forget you're posting on Slashdot?
  
  --
  HexaByte - he's a square and a half!
5. Re:But if it works based on clicking links... by BigGar' · 2009-04-17 06:29 · Score: 1
  
  People typically assume they're much smarter than they really are. You, reflecting the FBI's technique realize there are several issues that could limit its success. However, that they do it, obviously it has worked, & given the propagation vectors of a typical internet worm, the successes seen by various phishing scams indicates to me that they'd likely have some success even if they sent out an email with the program as an attachment for the person being surveiled to run even if it indicated in the From address that it was from surveillance_program@fbi.gov
  
  --
  
  Shop smart, Shop S-Mart.
Nothing essentially wrong here... by rabbitthought · 2009-04-17 01:14 · Score: 3, Informative

As previously stated, it's not really different from bugging the home or car of a suspected Mafia boss/drug dealer/etc... As long as it's backed up by a court order, of course. It obviously interferes with the right for privacy, but that's why there are mechanisms which should take into account all factors before allowing such interference (i.e. courts and judges). If the system is malfunctioning, it should be fixed - but this doesn't mean that it isn't right. BTW, this CIPAV isn't really news - it's wikipedia page is 2 years old...
I eat baby... by Anonymous Coward · 2009-04-17 01:15 · Score: 0

...carrots.
from TFA: by GregNorc · 2009-04-17 01:21 · Score: 1

In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."
My guess is that the "system incompatibility" was Linux and/or Firefox.
1. Re:from TFA: by DrVomact · 2009-04-17 06:26 · Score: 1
  
  He returned to the site 29 times? Must have been really...interesting. I wonder, how can I get the FBI to email me that link? For testing purposes, of course. Yeah, that's it...
  
  --
  Great men are almost always bad men--Lord Acton's Corollary
Inslaw & PROMIS by Anonymous Coward · 2009-04-17 01:21 · Score: 0

I'm surprised no one has mentioned Inslaw or PROMIS.
Predecessors to this FBI spyware.
http://en.wikipedia.org/wiki/INSLAW
1. Re:Inslaw & PROMIS by AHuxley · 2009-04-17 12:15 · Score: 1
  
  PROMIS sounded like sci fi back in the day.
  Now it just sounds like a really good windows tool kit.
  The problem I always had with PROMIS is all the 'different' networked systems it would encounter.
  Unless international finance was a 'direct' and 'known' sub system?
  
  --
  Domestic spying is now "Benign Information Gathering"
There are a lot of "idiots" out there by davidwr · 2009-04-17 01:22 · Score: 1

Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......

The right term is "if you aren't ignorant or stupid", not "if you aren't an idiot."
The vast majority of computer users haven't been told or refuse to believe that their OS and web browser are not only insecure, but in practical terms, inherently insecure. Ignorance can be cured.
Maybe, after enough people know someone who has been ripped off by bank or other fraud or had porn dropped on their PC, people will start demanding and using hardened web browsers.
Unfortunately, I have little doubt the US-based commercial web-browser and security-software vendor(s) have or will leave a "back door" for the feds.
I wonder how many Americans have been snooped on by totalitarian governments using similar tools? You'll know you've been targeted if, the next time you are on vacation in such a country, you don't come back.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Where are DOCS? by Anonymous Coward · 2009-04-17 01:37 · Score: 0

Are these documents available?
Tried to search but no luck.
catch it in the wild by cenc · 2009-04-17 01:52 · Score: 2, Interesting

It seems strange that no one has managed to catch this in the wild yet, if it has been in use for that long. Would indicate they are using it in a fairly limited scope (perhaps), if for no other reason to keep from defeating their own tool.

--
Living in Chile
1. Re:catch it in the wild by anotherslashfan · 2009-04-17 02:43 · Score: 1
  
  Interesting thought. One step further. If the bad guys were able to understand/decompile the code and tweak it, they could actually use it _against_ big brother: Imagine if bad guys tweaked the code and essentially gave it the functionality to "spread"(Think "worm". Spreading to millions of users...and millions of "infected PC's phoning home to Virginia). It would more than likely trash their survellance program with a multitude of false positives.
2. Re:catch it in the wild by cenc · 2009-04-17 02:53 · Score: 1
  
  or at least then be able to send them on a wild good chase.
  
  --
  Living in Chile
3. Re:catch it in the wild by blhack · 2009-04-17 09:59 · Score: 1
  
  I don't think you're understanding how this works.
  Becoming infected with this worm does give you the ability to control of the computers that are infected with it.
  Think of it like VNC, or Dameware, it lets THEM control YOU, not the other way around.
  
  --
  NewslilySocial News. No lolcats allowed.
4. Re:catch it in the wild by Jaazaniah · 2009-04-17 20:33 · Score: 1
  
  Indeed, if the 'compatibility' issue was the signal sent when the hacker refused to run the content, what's to stop him from sacrificing a spare box to catching (DL and physically disconnect) the thing and prodding it? As amusing as that may be, it aught to be interesting to watch virus wars from a distance.
Re:Apple Tax by orangesquid · 2009-04-17 01:53 · Score: 1

Hmm.... "Yes, but does it run on Linux?"
"Imagine a Beowulf cluster infected by this!"
"Of course it runs on NetBSD!"
"OpenBSD: only two vulnerabilities (that the FBI lets us talk about) in the default install since the beginning of the project!"
"CIPAV: a security hole bigger than the goatse.cz guy can even comprehend!"
"In Soviet Russia, CIPAV doesn't know it's running YOU!"
" ' "CIPAV Considered Harmful" Considered Harmful' Considered Harmful"
"FBI Spaghetti Monster: Touched by his stealthy appendage"
"I can has CIPAVburger?"
"Chuck Norris can wipe all CIPAV installations in a 100-mile radius just by flexing his biceps."
"[cipav not needed]"
"CIPAV? The FBI can suck my big hairy@*!~Q^NO CARRIER"
"Any sufficiently advanced spying is indistinguishable from CIPAV."
"Natalie Portman, naked and petrified, covered in hot CIPAVs"
"i herd a rumor on the internet... that u liek CIPAV?"
"oh hai i uninstalled ur CIPAV"
"Every time you install CIPAV, God kills a kitten. Please, think of the kittens."
" 'Click here for a guide to uninstalling CIPAV" dammit i got rickrolled... i just LOL'd"
"mmmm... nothing like the taste of fr0sty cipav in the morning"
" 'and it silently copies your pr0n to a government server in Virginia.' There. Fixed that for you."
"I, for one, welcome our new CIPAV-wielding overlords."
"The poll options all sucked, so I just voted for CIPAVboyNeal."
"1) Deploy CIPAV. 2) ??? 3) Profit!"
"Your ideas intrigues me, and I wish to subscribe to your CIPAV service."
"CIPAV could be used as a tool for the War on Terror. This idea was developed by Shampoo."
"No need for a CIPAV-proof tinfoil hat? You must be new here."
"You are in a twisty little maze of law enforcement strategies, all alike."
"I *prefer* CIPAV over the competition, you insensitive clod!"
"In my day we didn't have drive-by downloads. Al Gore hadn't invented the intarwebz yet, and we had to push our snail mail through the tubes uphill both ways! We had to install CIPAV by hand, and REAL men did it by DEPOSITing the binary word by word --- Get off my damn lawn!"
"If I had modpoints, I'd mod you -5, CIPAV fanboi"
"There are four boxes to use in the prevention of CIPAV: OS X, Linux, OpenBSD, VMS. In that order. Starting now."
"Quiet court approval? I don't believe in Imaginary Warrants."
"I'm probably going to get modded down for this, but here are my thoughts on why CIPAV could be a Good Thing (TM) ..."
"I'm not worried about CIPAV. Only idiots use M$ Windoze. Just my 02c."
"Does anyone want to post the IP address of that server? I wonder if the FBI has heard of slashdotting..."
"The CIPAV drive-by download pages aren't even valid HTML!"
"Just because the computers reporting data back to the CIPAV server are usually the same computers that have visited the CIPAV drive-by download sites doesn't necessarily mean the former is a result of the latter. Correlation is not causation."
"CIPAV, CIPAV, egg, sausage, and CIPAV---that's not got much CIPAV in it"
" 'I didn't RTFA or RTFS, what's CIPAV?' www.justfuckinggoogleit.com"
" ' "This sounds really useful. I should install this on my computer so that I can help protect myself and my fellow citizens." dunno if you're just a troll, but do you even understand what cipav does?' *whoosh*" ... i could go on and on, but then... tl;dr

--
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
Probably. by wiredog · 2009-04-17 01:56 · Score: 1

And a Mac version too.
The really interesting question is, are there OpenBSD versions?

--

Best Slashdot Co
The Comments Don't Match the Article. by Eevee · 2009-04-17 02:18 · Score: 5, Informative

The Constitution is QUITE clear that a search of private property requires a warrant.
From the fine article, emphasis added by me: "But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online."
And from further down in the article: "The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful."
1. Re:The Comments Don't Match the Article. by FiloEleven · 2009-04-17 03:32 · Score: 1
  
  This guy is in trouble.
  
  --
  Your brain is not a computer.
The so-called by Anonymous Coward · 2009-04-17 02:24 · Score: 0

The so-called 'computer and internet protocol address verifier,' or CIPAV AKA Bonzi Buddy, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia
Re:Apple Tax by Anonymous Coward · 2009-04-17 02:40 · Score: 0

I am SO writing a script to generate comments automatically using this one as a template.
Good reason for browsing from VMs. by Phizzle · 2009-04-17 02:48 · Score: 1

Or at least doing the more discreet browsing from a VM.

--
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
1. Re:Good reason for browsing from VMs. by jimbob666 · 2009-04-17 04:06 · Score: 1
  
  Agree with that. If you have a machine that is known to be clean then snapshot it, do your browsing/downloading and revert back to snapshot when you are finished.
  For the paranoid you could have a machine that has never been attached to the internet and snapshot it at that point in time *then* do your browsing/downloading and revert back when you have finished. Although the problem I see here is (assuming Windows) getting snagged for security updates everytime you bring this snapshot back to life and hook it up to the internet. Maybe that is a little too much.
2. Re:Good reason for browsing from VMs. by Anonymous Coward · 2009-04-17 05:29 · Score: 0
  
  afaik some windows updates (e.g., service packs) can be slipstreamed into an install...
Release to the underground? by lskovlund · 2009-04-17 03:00 · Score: 1

If CIPAV has been so widely deployed, one might wonder if it has not been released to black hats already and analysed to death...
FBI aligning with high-traffic sites? by Anonymous Coward · 2009-04-17 03:53 · Score: 0

How would the FBI get the spyware loaded on major sites? Well, here's a likely sceanrio. Say you're the head of a major US bank. The FBI approaches you and says they'll load this tiny app on your site.... all in the name of security. Some might just go for it.
1. Re:FBI aligning with high-traffic sites? by AHuxley · 2009-04-17 12:04 · Score: 1
  
  Or your local computer repair shop?
  Get your PC back with a little something extra after staff "fixed" your computer and phoned you in.
  The problem is scale. East Germany needed staff to follow up on all the info flowing in.
  Many people must just be noted and flagged "of interest".
  The USA has the hardware funding, but it still needs the human touch for now.
  
  --
  Domestic spying is now "Benign Information Gathering"
Laws Can Work Against Innocents by b4upoo · 2009-04-17 04:16 · Score: 1

Electronic rebellion is a bad thing when the other guy does it.
But in all seriousness the ability of any government to fight electronic crime and rebellion sound fine at first but think about it. Perhaps there will come a day when our government is not in control of the situation. Other powers may infiltrate and seize control. This happens frequently all over the world. At that time the very same tools that aid us in catching thieves online or other negative personalities such as terrorists can be used to track down loyal Americans who are doing nothing more than trying to maintain liberty and our form of government. We need to have a really hard think about allowing governments to possess such spying tools.
I also wonder if the browser creators are in on creating the vulnerabilities that the FBI uses for their exploits.
1. Re: Laws Can Work Against Innocents by HexaByte · 2009-04-17 06:07 · Score: 1
  
  Any government powerful enough to seize control of ours would have the technological capabilities to create and deploy such software already, and presumably already deployed against their own people.
  
  --
  HexaByte - he's a square and a half!
Forgot to tell you guys...... by Anonymous Coward · 2009-04-17 05:02 · Score: 0

Anyone that clicks the article link automatically gets the spyware installed.
FBI Spyware, I thought that was Windows XP ? by Latinhypercube · 2009-04-17 05:17 · Score: 0

FBI Spyware ? I thought that was Windows XP ?
"System incompatibility" by Anonymous Coward · 2009-04-17 06:45 · Score: 0

An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."
Is that FBI-speak for antivirus? Or for Linux?
All Your Base Are Belong To Us by Anonymous Coward · 2009-04-17 07:27 · Score: 0

"The Secret History of the FBI's Classified Spyware" This reinforces the meaning behind.. All Your Base Are Belong To Us bitches. Apparently, welcome to NWO. http://www.youtube.com/watch?v=qItugh-fFgg
Firewall it? by Anonymous Coward · 2009-04-17 07:58 · Score: 0

Couldn't this be easily circumvented by using a decent open source firewall that blocks outgoing connections?
Moral of the story? by dave562 · 2009-04-17 08:50 · Score: 1

It's time to use Lynx for all nefarious web browsing. On another note, it would be interesting to see some packet captures of CIPAV installing itself. I wonder if you could develop signatures for Snort or other IDS/IPS systems to recognize CIVAP installs.
CIPAV more bluster than bite by jwkckid1 · 2009-04-18 09:46 · Score: 1

Several problems with CIPAV that are not well known. 1.) is that some spyware dectors can detect and remove CIPAV immediately upon detecting. 2.) CIPAV doesn't work well with pooled or shared IP addresses, 3.) CIPAV doesn't works at all with IPv6, IPv8, or the Chinese IPv9, and 4.) Any evidance CIPAV collects does not assume that the IP it is tracking could have been hijacked to begin with and inserting web page addresses, MAC addresses, ect., ect. But of course the FBI will never tell anyone this nor will they easily admit same if challanged. Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

--
Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" -