Slashdot Mirror

← Back to Stories (view on slashdot.org)

The FBI Has a Trojan To Watch You

Posted by CmdrTaco on from the who-watches-the-watchers dept.

G_of_the_J writes "A man who had cut 18 cables affecting Verizon and Comcast was blackmailing them. He had demanded bank accounts be set up and information be provided on web sites that he specified. Although he used anonymous access to get to the web sites, the FBI had planted a trojan which was downloaded to his computer. The trojan then sent his IP address and other information to the FBI."

16 of 372 comments (clear)

  1. CIPAV by Psymin · · Score: 5, Informative

    http://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier

    1. Re:CIPAV by ausekilis · · Score: 5, Informative

      Some more info and other applications can be found here. Linked in that article are 150 pages of documents involving CIPAV, just take a look here. Kinda makes you wonder exactly how some of these things happen, perhaps some cross-site scripting with the company requesting FBI help. It's worth noting that in order to use CIPAV, the FBI has to get court approval after explaining how the software can help stop a crime.

    2. Re:CIPAV by DittoBox · · Score: 5, Informative

      I know you're just whoring for karma but I thought I'd point out that it was the NSA that was doing the wiretapping. In addition, we should be applauding the fact that this needs court approval and that they seek that out prior to use.

      I know it's fashionable to hate on Federal law enforcement-and believe me I have plenty of grievances with the way things are done too-but I think you and lot of other folks have the same reactionary emotional response to the Feds that those who think they can do no wrong do, just in reverse.

      --
      Good. Cheap. Fast. Pick Two.
    3. Re:CIPAV by datapharmer · · Score: 2, Informative

      The "court approval" isn't a warrant though... pen-registers are "court approved" and this has been used in circumstances where that is all what they needed (they weren't tapping information they were just recording coming and going... or in this case the IP address of the person they were after)

      --
      Get a web developer
    4. Re:CIPAV by datapharmer · · Score: 5, Informative

      I mentioned this in another post, but the court approval is often for pen-registers which is not the same as a warrant. See here: http://www4.law.cornell.edu/uscode/uscode50/usc_sup_01_50_10_36_20_III.html Essentially it is ok to do without seeking a warrant because they are just recording the passage of information, not the contents. To use a house analogy - they are allowed to sit outside and record every person that comes and goes without a warrant, but if they want to know what was said by those people when they are inside they need a warrant.

      --
      Get a web developer
    5. Re:CIPAV by DrLov3 · · Score: 0, Informative

      And ffs, don't use your own internet connection.

      I would suggest war driving around for a non-secure wireless access point, never use the same one twice.

      And when you do it, boot from knoppix live CD or any other downloaded from the web CD/DVD boot OS.

      Also, if possible, change your MAC adress by any means necessary.

      For bonus points : Do use a web proxy service located in russia or something

      Bonus Bonus FBI in WTF land points : Use SkyOS. :)

  2. Missing from summary by Loadmaster · · Score: 5, Informative

    There is one important aspect missing from the summary. The FBI got a warrant first. It's not an extension of illegal wiretapping.

    1. Re:Missing from summary by ISurfTooMuch · · Score: 4, Informative

      Indeed. As long as a warrant was lawfully obtained, and as long as only the suspect was being targeted, I don't see a problem. From the article, it looks as if the software was passed to him through the private site that he demanded be set up, so it's extremely unlikely, possibly impossible if it was password-protected, that any random person could have stumbled upon it.

  3. Thanks For The Tip: +1, Helpful by Anonymous Coward · · Score: 5, Informative

    About the party responsible for infiltrating government and military computers.

    In case you've been living in Richard B. Cheney's spider-hole, this F.B.I. system is called Ghostnet.

    Yours Seditiously,
    Kilgore Trout

  4. Re:Magic Lantern by Anonymous Coward · · Score: 1, Informative

    It's neither Magic Lantern nor new.

    http://it.slashdot.org/article.pl?sid=09/04/17/0534232

    Fortunately, this isn't quite a dupe. The Computerworld article in today's story is about the Wired article in the previous story.

    Granted, that's actually worse than a dupe, but one finds comfort where one can.

  5. Re:Your dog wants zone alarm by Shakrai · · Score: 5, Informative

    He can spoof ips yet he can't install software to detect unwanted outbound traffic?

    Detecting it would seem to be a phyrric victory. What good is knowing ahead of time that the FBI has discovered who you are and will be along to arrest you within hours, depending on how bad traffic is?

    A wiser course of action would have been to run off a live-cd with firewall rules configured that only allowed outbound traffic to his anonymizer/tor/botnet/whatever he was using. Combine that with a security policy that wouldn't allow software to be installed and you could probably negate threats like these. "Borrowing" someone's unsecured wi-fi network and making sure that you used a throwaway wireless card (or at least changed the MAC) would also be advised. Preferably from a location really far away from where you live.

    Of course an even wiser course of action would be to not engage in criminal activity to begin with, but apparently this guy decided that wasn't right for him ;)

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  6. Re:Just another... by CompMD · · Score: 5, Informative

    "What makes you think they don't have a variant for Linux? User stupidity (i.e: bad/no security) isn't unique to Windows."

    This is an excellent statement. Stupidity knows no bounds. Its also dangerous to assume that the FBI doesn't know what it is doing. When I worked in law enforcement, the FBI computer crimes agents I knew were well versed in operating systems other than Windows. The two I worked with most often had a solid knowledge of Linux and Cisco IOS.

  7. Comodo anyone? by GPLDAN · · Score: 2, Informative

    I have mixed feelings about Comodo:

    http://personalfirewall.comodo.com/

    On one hand, in Proactive security mode, it will tell you anytime a process it doesn't know does anything. Accessess a registry key, tries to open a socket, tries to piggyback outbound placing a HTTP connection via the IE object, what .dll is getting linked for anything it doesn't know. It's miles ahead of Zonealarm, and it's free.

    On the other hand, if CIPAV has an exception deep in the executable, then it's pointless.

    I wish Comodo was distributed open source and you could compile it yourself using Visual Studio.

  8. Re:no wonder he was unemployed.... by hoggoth · · Score: 3, Informative

    > Also consider that no OS would be immune from that. With cooperation a trojan could be slipped into Linux, OS X, Solaris, OpenBSD, Trusted. Anything where you're getting software from somewhere else.

    He'd probably be pretty safe if he accessed the ransom website from a computer booted from a Live-CD of a less popular distro. We're talking about a guy committing some serious crimes... it would be worth his time to compile Minix or something totally obscure and use telnet to grab the webpage from the ransom site.

    Hell, I just saw a kid browsing a webpage on his DS the other day. There are a lot of ways this guy could have avoided getting caught. I'm glad he got caught of course. But he could have at least tried a little harder :-).

    The real weak link would be whenever and whereever he physically took possession of the money. That's where his real identity must interact with the "chain" the money has followed.

    PS IAACFI (I am a computer forensics investigator).

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  9. Re:Just another... by powerlord · · Score: 2, Informative

    The OS type suggests there could be non-windows versions

    Fine, then play the Intelligence game and feed them disinformation.

    Set your user agent to IE while running Linux, and disable JavaScript/Java and any other extensions so they think you're running one OS, and have no way of pulling info to request more information.

    For extra points run on a VM that you can strip down to the bare essentials, configure once, and then wipe after each "communication".

    If the only ports its allowed to get to is the anonymizer's website/port, and its feeding wrong information about what it is, and not letting anything run, then its about as secure as you can make it ... and still let it connect to the internet.

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  10. Re:Internet privacy simply do not exist by tpwch · · Score: 2, Informative

    That's a relatively well-known term among computer geeks who also likes reading fiction. It's used in multiple books/novels in the genre 'cyberpunk'.

    --
    Posted by a Debian GNU/Linux user