Slashdot Mirror
The FBI Has a Trojan To Watch You
G_of_the_J writes "A man who had cut 18 cables affecting Verizon and Comcast was blackmailing them. He had demanded bank accounts be set up and information be provided on web sites that he specified. Although he used anonymous access to get to the web sites, the FBI had planted a trojan which was downloaded to his computer. The trojan then sent his IP address and other information to the FBI."
Crap. Too bad that website was the top rank on a google search for comcast verizon cut cable blackmail.
I suppose posting anonymously won't help now.
http://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier
... if he was stupid enough to visit the "private" website they created for him with such a lax security setup that his computer willingly installed the FBI's trojan.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
There is one important aspect missing from the summary. The FBI got a warrant first. It's not an extension of illegal wiretapping.
He can spoof ips yet he can't install software to detect unwanted outbound traffic?
Idiot.
I don't know... Seems to me like another reason not to cut 18 cables and not know how to hide your identity.
According to the complaint filed against Kelly, he believed that "companies like Comcast and Verizon were indirectly responsible for his unemployment and dire financial situation because they worked with companies that favored foreign engineers over their counterparts and because they had indirectly stolen his intellectual property."
As part of his sentence in late 2005, Kelly was also ordered to enter a mental health program.
No parole? He might be a silly muppet, possibly crazy, but treatment sounds more reasonable than prison. Or am i just a European speaking to an American ; ).
"Kill 'em all and let Root sort 'em out"
About the party responsible for infiltrating government and military computers.
In case you've been living in Richard B. Cheney's spider-hole, this F.B.I. system is called Ghostnet.
Yours Seditiously,
Kilgore Trout
*unless you tried to blackmail someone over the internet and they call in the FBI, who then - with the authority of a warrant - use a Trojan to find out where you are. Seriously, how stupid is this guy?
... reason to not use Microsoft products.
What makes you think they don't have a variant for Linux? User stupidity (i.e: bad/no security) isn't unique to Windows. Off the top of my head, if they are relying on the web as an infection vector combined with user stupidity, why not write it into a Firefox extension?
Yeah, it wouldn't get your typical /. geek, but most criminals aren't known for their foresight or intelligence. "Oh, the private website with the bank account information needs me to install this software! Ok, what could possibly go wrong?"
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
"This website requires additional ActiveX components to be installed."
Hmm...
*click*
...
Oops.
I am the lawn!
First read Slashdot and understand all the technical details needed to hide your identity. Then go ahead cut the cable and demand ransom.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If this guy had had half a brain, he would have wiped the computer's hard drive clean by overwriting it with zeroes, and then done everything by using a Linux distribution on a bootable CD that could run entirely in RAM. Instead, he ran Windows and got nailed by a Trojan. Somewhere in the afterlife, J. Edgar Hoover is laughing his panty-clad ass off.
I write sci-fi for metalheads
Always use noscript when doing nefarious shit....
TFA says the FBI had a warrant. When that is the case, I *want* them to be able to own a suspect's machine.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Doesn't seem like it was too complex. Sounds like they simply used some sort of drive-by download to install it on his system, and the program simply phoned home with the infected computer's IP address, MAC address, and a few other identifying pieces of info.
No, for the same reason you do not have a right to keep and bear nuclear devices or chemical and/or biological weapons.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Dude was a bad guy. FBI's job is to catch bad guys. FBI uses technology to catch bad guy. I'm not feeling the outrage here...
In a related story, local law enforcement shot a criminal who tried to hold up a 7-11 when he resisted arrest and brandished a knife. Reports say police used their "gun" technology to do this.
Point being, we know the FBI has the tech to do this stuff. It's only really a rights issue when they use it against non-criminals, or suspected criminals.
So we can assume that the right to keep and bear arms can include the use of trojans for personal reasons. Perhaps the Fed would like to tax and license the use of trojans. Only after an approved trojan safety course has been passed, of course. Other permits would be required to use a trojan outside of ones home and some public venues could ban the use of trojans in their facilities.
Requiring a permit to use trojans outside of the home wouldn't seem consistent with the Democrats position on sex education ;)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
What incredible insight.
Greta: He knocked over another ATM. This time at knife point. He needs your legal advice.
Fletcher: [picking up phone and shouting] Stop breaking the law, asshole!
Whale
If you get a call from someone who refuses to identify themselves asking you if you'd be willing to edit a couple hidden configuration files and restart your system, then you have the Linux version.
Bear arms are fine if the bear in question is still attached to them, and in a fit state to fight and clued in enough to the cause to fight FOR you. If not, then the right to bear arms is pointless, you may as well have the right to shit on the moon.
Something is seriously wrong when you have to explicitly state, "The FBI did not commit any crimes in this story." When I read the summary, I felt that the warrant was implied, but with everything that has happened, I also feel that you are completely justified to think that that info was missing.
Someone once said "I never meta dupe I didn't like."
That someone was not me.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I think it's an interesting story, but sure ... if a warrant was obtained first, the FBI actually did this the RIGHT way, and that makes me happy.
That's how law enforcement is supposed to work. Sometimes it seems like we completely forget that, these days, with all the stories of "the law" just doing whatever they please, secretly.
Actually, the FBI can't tell the difference between a criminal and a suspected criminal. In the U.S., it takes a jury (or a guilty plea) to do that.
I think your point though is that it's not a violation of someone's rights if the FBI has reasonable evidence *before* they install the Trojan, and it appears they did in this case (because they had a warrant).
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Nice ideas. Here is all I had: Demand that the info be in ASCII text, and download it with wget.
"What makes you think they don't have a variant for Linux? User stupidity (i.e: bad/no security) isn't unique to Windows."
This is an excellent statement. Stupidity knows no bounds. Its also dangerous to assume that the FBI doesn't know what it is doing. When I worked in law enforcement, the FBI computer crimes agents I knew were well versed in operating systems other than Windows. The two I worked with most often had a solid knowledge of Linux and Cisco IOS.
Or am i just a European speaking to an American ; ).
No, just an asshole acting smugly superior.
That's MY IP address too! Is the FBI hacking my computer as well?
Remember kids, only criminals use proxies. And only criminals use "an alternate operating system, with a black screen and white characters".
I want to delete my account but Slashdot doesn't allow it.
Don't you watch the movies? They would've backtraced his IP address through their firewall with a Visual Basic program within seconds. You need to bounce around the world through at LEAST 15 anonymizing proxies for that to work and give you a minute or two of time to taunt them before you disconnect at the last minute just as the blue blipping blob on their VB.Net trace program is about to pinpoint your location in North America as the program starts zooming in on your location with Google Maps.
Click! All they know is you're in the northeast, but you told them that already right before you disconnected when you said you were calling them from a payphone across the street. When they rush out of their building all they find is an empty payphone with an acoustic coupler attached to the handset and interfaced to some kind of prepaid cell phone. You put down your binoculars that you've been using to watch the situation from the 5th floor of your hotel down the street and press a button on your computer which detonates the C4 conveniently hidden behind the payphone. Did they really think a silly god damn Windows spyware program was going to take you down so easily?
They could do it without a trojan, if they had the right signing key. I forget which worm it was, but a few years back there was a major vulnerability that Microsoft patched, which triggered the automatic reboot. The issue was the patch went ahead and updated the machine even if you had the system set to "download, but notify" rather than automagically patch. Similar deal here where an update did something it should not have.
Were I the FBI, I'd make Microsoft 'digitally sign' such a beasty, and then send it via an unannounced update.
Always helps to have stupid criminals, however.
+++ UGUCAUCGUAUUUCU
I would assume he was found not guilty due to mental defect. If not I would be very afraid as his sentence reaks of the thought police. Sadly there is instances now of people's sentences being sent to "fix" their way of thinking.
Just goes to show that you shouldn't try your hand at being a career criminal, armed with nothing more than a MSP credential.
davecb5620@gmail.com
Yeah, it's sad that law enforcement actually doing their job the RIGHT way is news.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
here are some facts...
1 - criminals are typically dumb as hell.
2 - smart criminals are still dumb.
3 - it is incredibly RARE to have a very smart criminal, when you find one and they do a lot of criminal acts and get away with it, they get cocky and then become a dumb criminal. Example? Kevin Mitnick. he got cocky, then did some really REALLY dumb things to get caught.
Real professional computer criminals DO exist. and you will never hear about them because they dont get caught. Computer Crime forensics pros are not as good as they all want you to think they are, they may be WIZZES at computers but they are not Wizzes at encryption, obfuscation and stenography, let alone secret squirrel stuff. It is really easy for a 13 year old punk to get and use the same technology that the biggest nations are using for their spies. If a kid is talented enough and has enough self control he can easily elude the entire FBI and NSA together online. it's not technically or technologically hard, it's simply being able to NEVER EVER get sloppy. because the second you get sloppy, you're nailed. The longer you go the harder it is not to get sloppy or accidentally give them a pattern. to the FBI, it's a matter of time... you will screw up, they will get you.
Do not look at laser with remaining good eye.
Is it just me, or does it seem rather contrived that the FBI would (successfully) use a trojan to catch a criminal who is at least someone technically proficient ? Presumably the con would be surfing through a proxy at the very least, and is probably not the kind of user who runs unsolicited downloads from public web sites.
Call me crazy, but I'd say this smells like a piece of theatre. Now I'm not saying the FBI hired the con, but sometimes I wonder... In an increasingly complex tech world, maybe they feel the need to put on a show, to make people believe the FBI still has things under control.
-Billco, Fnarg.com
> Reason for requested leave: Starting an evil empire
Trust me, it's not as great as it sounds. The overhead is a lot more than you expect. Everyone figures they'll just steal a couple nuclear warheads and they're in business, but they never think about the essentials. Do you know how much toilet paper your evil lair will go through in a week? Even though you have the contribution jar next to the coffee maker, no one ever pitches in unless you happen to be standing there. With the downturn in the economy, you don't have the same staffing issues as you normally do, but finding decent henchmen is always a chore. The ones you do find are all, "We want dental!", "We need flex time!", "Respect me as an equal!", and "Oh God, no, save me, IT BURNS!!!" I mean, come on, what am I your mommy?
You go through all that, then in the middle of one of your best speeches, some moron running around in a tuxedo blows it all up with a can of hairspray and a laser beam built into a wristwatch.
Seriously.
The article indicates that warrants were requested and issued each time they used this. It would be rather useless for the trojan to inject other malware onto a system that the FBI was likely to seize said equipment shortly after the trojan was planted.
This doesn't concern me in the slightest as long as they continue to follow the law and request a warrant to plant this trojan. If your a law abiding citizen, then you should never show up on their radar and I see this as no different than a blackmail case where they bugged someone's phone with a warrant or put them under 24/7 observation. I would imagine they injected the trojan via the web site that the guy demanded Verizon set up for him via some known (or unknown) exploit.
The two known instances of the FBI using this were both done via warrant (this one in 2005 and the latest in 2007).
That's not to say they don't use this elsewhere, but any person on the internet should consider their activities traceable no matter what hoops they go through. Especially when the telecoms willingly rolled over when requested by the government and most folks get their internet access via said telcoms.
I have mixed feelings about Comodo:
.dll is getting linked for anything it doesn't know. It's miles ahead of Zonealarm, and it's free.
http://personalfirewall.comodo.com/
On one hand, in Proactive security mode, it will tell you anytime a process it doesn't know does anything. Accessess a registry key, tries to open a socket, tries to piggyback outbound placing a HTTP connection via the IE object, what
On the other hand, if CIPAV has an exception deep in the executable, then it's pointless.
I wish Comodo was distributed open source and you could compile it yourself using Visual Studio.
Don't you watch the movies? They would've backtraced his IP address through their firewall with a Visual Basic program within seconds. You need to bounce around the world through at LEAST 15 anonymizing proxies for that to work and give you a minute or two of time to taunt them before you disconnect at the last minute just as the blue blipping blob on their VB.Net trace program is about to pinpoint your location in North America as the program starts zooming in on your location with Google Maps.
Click! All they know is you're in the northeast, but you told them that already right before you disconnected when you said you were calling them from a payphone across the street. When they rush out of their building all they find is an empty payphone with an acoustic coupler attached to the handset and interfaced to some kind of prepaid cell phone. You put down your binoculars that you've been using to watch the situation from the 5th floor of your hotel down the street and press a button on your computer which detonates the C4 conveniently hidden behind the payphone. Did they really think a silly god damn Windows spyware program was going to take you down so easily?
And you were getting a blowjob from Halle Berry the whole time! Add in some more titty and I think we have a blockbuster.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Actually, the FBI can't tell the difference between a criminal and a suspected criminal. In the U.S., it takes a jury (or a guilty plea) to do that.
I was watching some show that had a car chase filmed from a helicopter. Guy had a semi and was wreaking havoc, driving through roadblocks, ramming police cars, going so far as to use his truck to push other cars out of the way when he hit some stopped traffic on the freeway. Finally he's off the road, surrounded by police cars, gets out of his truck, starts fighting, the police eventually get him into the back of a cruiser, the whole thing has been filmed, and the reporter comes on the mic and says "the police are now taking the SUSPECT into custody"... it always floors me when I see something like this and hear the word "suspect." I know, I know: legal terminology, due process, reporter CYAing so he doesn't get sued for slander or libel (I always forget--whichever one doesn't need to be printed) but still, it just makes me laugh out loud every time.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Fine, then play the Intelligence game and feed them disinformation.
Set your user agent to IE while running Linux, and disable JavaScript/Java and any other extensions so they think you're running one OS, and have no way of pulling info to request more information.
For extra points run on a VM that you can strip down to the bare essentials, configure once, and then wipe after each "communication".
If the only ports its allowed to get to is the anonymizer's website/port, and its feeding wrong information about what it is, and not letting anything run, then its about as secure as you can make it ... and still let it connect to the internet.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
#1 There was a warrant for the wiretapping.
#2 The guy really did something wrong and against the law.
#3 He was stupid enough to click on whatever installed the trojan.
#4 He was stupid enough to cut Internet cables and demand blackmail and ransom from the ISPS.
We'll just call it an Own Goal for this guy whomever he is.
As long as the majority of the population who don't do these things aren't domestically spied on, it should be alright.
If the FBI wants to see what my Traveller RPG group is doing, we could use another Game Master and a few more players as our Game Master is working a job that requires him to travel and cannot GM any more and a few players had quit. No need to plant a trojan on our computers and read our email.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.