Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Secret History of the FBI's Classified Spyware

Posted by timothy on from the but-we-just-want-to-peek dept.

An anonymous reader writes "A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, according to newly declassified documents obtained by Wired.com. The so-called 'computer and internet protocol address verifier,' or CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia. Among other cases, the FBI used it to track a Swedish hacker responsible for cracking thousands of computers at national labs and NASA's JPL in 2005."

27 of 133 comments (clear)

  1. The Ends Don't Justify The Means by QuantumG · · Score: 4, Insightful

    How is this not breaking the law?

    Breaking the law to enforce the law.. way to piss on justice.

    --
    How we know is more important than what we know.
    1. Re:The Ends Don't Justify The Means by tygerstripes · · Score: 3, Insightful

      In the same way that police regularly assault, kidnap or otherwise harass citizens?

      Look, I'm not saying I disagree with you, but you need to refine the ethics of your argument a bit if you want to make a useful point. Unless you were just hoping to bash out something that sounded relevant in order to FP...

      --
      Meta will eat itself
    2. Re:The Ends Don't Justify The Means by WCMI92 · · Score: 3, Insightful

      "How is this not breaking the law?

      Breaking the law to enforce the law.. way to piss on justice."

      I've always been skeptical about this and other tricks used by the FBI and other law enforcement. The Constitution is QUITE clear that a search of private property requires a warrant.

      Another thing that has always bothered me is that law enforcement lying to citizens is routine and legal, but lying to law enforcement is a crime (even if you don't know the person you are talking to is law enforcement).

      Seems to me that if the government wants us to respect the FAR too many laws on the books that it should start following them itself. And that starts with respecting the Constitution.

      --
      Corporatism != Free Market
    3. Re:The Ends Don't Justify The Means by bconway · · Score: 4, Informative

      RTFA.

      But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online.

      --
      Interested in open source engine management for your Subaru?
    4. Re:The Ends Don't Justify The Means by Shakrai · · Score: 4, Insightful

      So if they obtained court authorization to deploy Sarin gas that'd be ok too right?

      Wow, hyperbole much? How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    5. Re:The Ends Don't Justify The Means by rackserverdeals · · Score: 4, Funny

      Wow. You totally sidestepped the Sarin gas question.

      You must think it's ok to eat babies too.

      --
      Dual Opteron < $600
    6. Re:The Ends Don't Justify The Means by Shakrai · · Score: 5, Funny

      Only if you season them right :)

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    7. Re:The Ends Don't Justify The Means by Lumpy · · Score: 2, Funny

      Rotisserie style!!!!

      Mmmm Baby.... GET IN MY BELLY!

      --
      Do not look at laser with remaining good eye.
    8. Re:The Ends Don't Justify The Means by conureman · · Score: 2, Insightful

      It seems that the vast majority of citizens don't understand the concept of Constitutional law, or that by adherence to the supremacy of The Constitution, The People should be protected by the law, from their government. too bad, so sad.

      --
      The cost of that cleanup, of course, will be borne by taxpayers, not industry.
    9. Re:The Ends Don't Justify The Means by Vu1turEMaN · · Score: 2, Insightful

      Indeed, but they did not obtain court authorization to use it against members of video hosting sites outside of the US 5 years ago. They just used it.

    10. Re:The Ends Don't Justify The Means by Actually,+I+do+RTFA · · Score: 2, Insightful

      Well, the Constitution doesn't protect people who are not US citizens and in different countries...

      --
      Your ad here. Ask me how!
    11. Re:The Ends Don't Justify The Means by divisionbyzero · · Score: 2, Insightful

      Read the article. They went through the courts. However the fourth amendment not only requires a court order it requires that the search be limited in scope in duration. That's why AT&Ts indiscriminate monitoring of all users traffic is a violation of the fourth amendment even though it was court ordered.

    12. Re:The Ends Don't Justify The Means by vertinox · · Score: 3, Insightful

      How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?

      I think the problem is that they posted the monitoring tool to a website where anyone could come across and get infected and get monitored.

      In those instances, there was no prior suspicions that is needed for a warrant. You cannot randomly search 100 people's houses hoping to find a criminal the same way you can't put software out there to find out whether or not these people are the criminal.

      In fact... TFA says the FBI agent was disappointed when the person they hope to infect was not infected so I'm assuming others were who were not the target of the warrant.

      --
      "I am the king of the Romans, and am superior to rules of grammar!"
      -Sigismund, Holy Roman Emperor (1368-1437)
    13. Re:The Ends Don't Justify The Means by cyberchondriac · · Score: 2, Insightful

      "How is this not breaking the law?

      Breaking the law to enforce the law.. way to piss on justice."

      Actually, when you think about it, the police regularly break the law to uphold it. Look at how they catch speeders: They usually have to speed themselves to catch up to the speeder in order to pull him over, or they even might just tail behind a speeder for a while and clock him with their own speedometer - thus breaking the law themselves by speeding themselves.
      To a degree, in general, law enforcement has to operate a little outside the law, at times, to do the job. At times. I'm not saying give them carte blanche or anything stupid like that, but they require some slack, here and there, or the goal would likely be impossible to achieve.

      Is the furor over this system they deployed, or over the matter of obtaining warrants to use it? Without such a system, they'd be relatively crippled in their ability to catch real net criminals and cyber-terrorists, and if they failed in that endeavor, everyone would just bitch about how useless they are, why aren't they doing something about crime, etc.
      It seems lose-lose no matter what "they" do - either they're going to be accused of being ineffective at stopping crime/terrorism, or accused of stomping on everyone's rights, even when they follow the protocols and procedure.
      If there are better alternatives, what are they?

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  2. Linux version? by MrKaos · · Score: 4, Funny

    I wonder if they have a Linux version?

    --
    My ism, it's full of beliefs.
    1. Re:Linux version? by srollyson · · Score: 4, Insightful
      This paragraph from TFA is telling:

      In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."

      Seems like the FBI exploits browser vulnerabilities a la the Pwn2Own contest in order to deliver CIPAV, but CIPAV itself might not run in linux. I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident. Probably a bash or perl script so they don't have to worry about different architectures.

      On a side note, there was probably some good porn on that page for the hacker to load it 30 times.

  3. Re:RIAA software by WCMI92 · · Score: 5, Insightful

    "FTA :

    "After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "

    Let's hope the RIAA doesn't get it's hands on this."

    What I'd like to see is an open source antivirus/antispyware suite that WILL detect this. I own my computer, not the government, therefore I have a right to know what is running on it and to decide what is and isn't going to run on it.

    I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.

    Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

    That's why I opposed and still oppose the patriot act... Not because I am against going after the actual JIHADI terrorists who have and are attacking our country, but because government abuse of it and turning it on law abiding citizens was inevitable.

    Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.

    --
    Corporatism != Free Market
  4. Re:RIAA software by Shakrai · · Score: 2, Insightful

    What I'd like to see is an open source antivirus/antispyware suite that WILL detect this.

    Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......

    I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.

    It is if you are under a court approved investigation for something.

    Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

    That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?

    Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.

    Of course he isn't. Every President since Washington has tried to expand Executive power. Anybody who seriously thought Obama would be any different drank too much of the change kool-aid. Hell, I wasn't even delusional enough to think he would change this trend even back when I supported him.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  5. Does it work with dumb browsers? by davidwr · · Score: 2, Interesting

    Does it work with browsers that are too dumb to run scripts or active content?
    Does it work with browsers that have scripting and active content disabled?

    What useful information does it provide if someone is using a proxy-router-boot-cd environment, besides other web sites visited during that session and perhaps traceroute-type information?

    What useful information does it provide if someone is using a boot-cd environment behind a router that connects to the proxy? Traceroute-type information won't be helpful there.

    Using dumb/old browsers, disabling active content, using proxy boot cds, and using boot cds behind routers are all things an unsophisticated user can do using turnkey solutions. The only skill required is "download and install software" for the first two, "download and burn a CD image and boot with it" for the third, assuming of course your computer BIOS boots to CD by default as most do. For the 4th, add the step of "go buy a computer and have them install a second network card, and download and burn 2 CDs, one for each computer." Not hard. I don't know if there is a turnkey set of CDs for #4 out yet but I wouldn't be surprised if there is. If there is not today, there may be one tomorrow.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  6. Consider yourself lucky guys... by Noxneo · · Score: 2, Informative

    Here in France, we're close to having to install a spyware on our computer NOT to go in jail and pay a huge amount of money after 3 unproven accusations.

  7. All sounds very Windows like by AHuxley · · Score: 2, Interesting

    But as you read down, some interesting details.
    "The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks."
    The feds note your interests as you type, not your proxy for the day 1/2 around the world.
    What was once a hardware logger install is now your clicking on a link.
    "alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website."
    Seems like someone was using a Mac or Linux/other OS?
    What do people think? A deep dark federal/MS approved/AV hidden effort?
    Or in house/turned/tame spyware author ?
    Would Tripwire save you :) ???
    The MAC address part reminds me of hints about the anti p2p software called "Operation Fairplay"
    http://news.cnet.com/8301-10784_3-9920665-7.html

    --
    Domestic spying is now "Benign Information Gathering"
  8. But if it works based on clicking links... by dyingtolive · · Score: 2, Insightful

    CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia.

    But if it works based on clicking links that presumably take you to the installer, how on earth can you guarantee that your target is going to click on it at all? You'd either have to direct it specifically to the Mark, and hope that he responds, or you'd have to put it someplace so completely mainstream that hundreds of other people click on... oh, shit. I think I'm having an OS reinstall party this weekend.

    --
    Support the EFF and Creative Commons. The war is coming, and they're supporting you...
    1. Re:But if it works based on clicking links... by work90usdfjsldf9 · · Score: 3, Informative

      *Sigh* Please RTA.

      One person was sent the URL in a private myspace chat. Another was trying to extort the cable companies and had given them a private URL (presumably something like www.comcast.com/skldflksdf/freemoney4me.html) to post their response to. The FBI then set up that page to use a browser exploit to install the logger.

      All instances were done under court order with almost the same restrictions and provisions a normal wiretap would have.

  9. Nothing essentially wrong here... by rabbitthought · · Score: 3, Informative

    As previously stated, it's not really different from bugging the home or car of a suspected Mafia boss/drug dealer/etc... As long as it's backed up by a court order, of course. It obviously interferes with the right for privacy, but that's why there are mechanisms which should take into account all factors before allowing such interference (i.e. courts and judges). If the system is malfunctioning, it should be fixed - but this doesn't mean that it isn't right. BTW, this CIPAV isn't really news - it's wikipedia page is 2 years old...

  10. Re:RIAA software by WCMI92 · · Score: 3, Interesting

    I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?

    I'm not saying they shouldn't have it and that it shouldn't be used WHEN proper authorization is obtained in accordance with the Constitution, WITH proper supervision, and LIMITED, as the 4th Amendment requires, to "particularly describing the place to be searched, and the persons or things to be seized". It sounds to me from the article that the FBI is capturing ALL activity with this, even that which is unrelated to their authorized investigation. There is no way that is within the letter or spirit of the 4th Amendment.

    The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?

    Well, the current administration has grabbed more power in 3 months than the government has in 30 years. Clearly, they are afraid that opposition to that (and future planned power grabs) is going to do nothing but grow, and that it's naturally going to come from the people who would be classified as being "from the right" and the people they will naturally have to FEAR (and government fear of the people as an incentive to obey the Constitution's restrictions on their power IS the actual purpose of the 2nd Amendment) are people who own firearms.

    I know it sounds crazy, and hopefully is, but when you combine the "perfect storm" of a major economic crisis, single party control of government, and a desire to impose more central control (healthcare, industry, etc) with the patriot act which gives that single party the actual AUTHORITY to investigate and even arrest their opposition on a whim we very well might be the closest we've ever been to a Hugo Chavez type authoritarian coup.

    And watching the major media drool over "Dear Leader" to the extent that they do is disgusting. What happened to the skepticism and criticism of the government? Is there not just as much a need for journalists to investigate Obama as they did Bush, especially when he's asking for unprecedented power and control? Or does it matter only when the agenda doesn't suit the personal beliefs of the media?

    --
    Corporatism != Free Market
  11. catch it in the wild by cenc · · Score: 2, Interesting

    It seems strange that no one has managed to catch this in the wild yet, if it has been in use for that long. Would indicate they are using it in a fairly limited scope (perhaps), if for no other reason to keep from defeating their own tool.

    --
    Living in Chile
  12. The Comments Don't Match the Article. by Eevee · · Score: 5, Informative

    The Constitution is QUITE clear that a search of private property requires a warrant.

    From the fine article, emphasis added by me: "But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online."

    And from further down in the article: "The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful."