Slashdot Mirror

← Back to Stories (view on slashdot.org)

The FBI Has a Trojan To Watch You

Posted by CmdrTaco on from the who-watches-the-watchers dept.

G_of_the_J writes "A man who had cut 18 cables affecting Verizon and Comcast was blackmailing them. He had demanded bank accounts be set up and information be provided on web sites that he specified. Although he used anonymous access to get to the web sites, the FBI had planted a trojan which was downloaded to his computer. The trojan then sent his IP address and other information to the FBI."

29 of 372 comments (clear)

  1. CIPAV by Psymin · · Score: 5, Informative

    http://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier

    1. Re:CIPAV by ausekilis · · Score: 5, Informative

      Some more info and other applications can be found here. Linked in that article are 150 pages of documents involving CIPAV, just take a look here. Kinda makes you wonder exactly how some of these things happen, perhaps some cross-site scripting with the company requesting FBI help. It's worth noting that in order to use CIPAV, the FBI has to get court approval after explaining how the software can help stop a crime.

    2. Re:CIPAV by DittoBox · · Score: 5, Informative

      I know you're just whoring for karma but I thought I'd point out that it was the NSA that was doing the wiretapping. In addition, we should be applauding the fact that this needs court approval and that they seek that out prior to use.

      I know it's fashionable to hate on Federal law enforcement-and believe me I have plenty of grievances with the way things are done too-but I think you and lot of other folks have the same reactionary emotional response to the Feds that those who think they can do no wrong do, just in reverse.

      --
      Good. Cheap. Fast. Pick Two.
    3. Re:CIPAV by Binty · · Score: 5, Insightful

      Flamebait, seriously? We had a whole debate about this last summer, and some members of Congress actually argued that the President has a Constitutional prerogative to use whatever intelligence gathering methods he wants as long as he has a plausible argument that we're "at war."

      Note, that it doesn't particularly matter that the President argued he had Constitutional prerogative, presidents always assert that they have more power than they actually have. But Congress is supposed to be a branch of government competing with the President for power, they have incentives to check him instead of enable him.

      So it isn't flamebait at all to note that warrants are questionable protection when it comes to surveillance activities.

    4. Re:CIPAV by datapharmer · · Score: 5, Informative

      I mentioned this in another post, but the court approval is often for pen-registers which is not the same as a warrant. See here: http://www4.law.cornell.edu/uscode/uscode50/usc_sup_01_50_10_36_20_III.html Essentially it is ok to do without seeking a warrant because they are just recording the passage of information, not the contents. To use a house analogy - they are allowed to sit outside and record every person that comes and goes without a warrant, but if they want to know what was said by those people when they are inside they need a warrant.

      --
      Get a web developer
    5. Re:CIPAV by dcollins117 · · Score: 5, Insightful

      We had a whole debate about this last summer, and some members of Congress actually argued that the President has a Constitutional prerogative to use whatever intelligence gathering methods he wants as long as he has a plausible argument that we're "at war."

      The problem is that as far as the government is concerned, they are always at "war". Presently you can count the wars in Iraq and Afghanistan, as well as all the wars against US citizens, including, but not limited to, the global war on terror, and the war on drugs, and apparently, the war on privacy.

  2. no wonder he was unemployed.... by Shakrai · · Score: 5, Insightful

    ... if he was stupid enough to visit the "private" website they created for him with such a lax security setup that his computer willingly installed the FBI's trojan.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
    1. Re:no wonder he was unemployed.... by SpaceCadetTrav · · Score: 5, Interesting

      It doesn't have to be that stupid. My PC is constantly asking me to auto-update components from:

      • Windows Update
      • Adobe Flash
      • Firefox
      • Misc firefox plugins
      • Antivirus
      • etc....

      If the FBI has cooperation from any one of these organizations, it would be trivial to get someone to slip a piece of data into an auto-update for a specific customer.

      --
      Life in Orange County
    2. Re:no wonder he was unemployed.... by Shakrai · · Score: 5, Insightful

      it would be trivial to get someone to slip a piece of data into an auto-update for a specific customer.

      How would that help them in a case like this where they didn't know who that specific customer was?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:no wonder he was unemployed.... by Opportunist · · Score: 5, Insightful

      Hey, you gotta see it from a statistician's point of view. Catching 90% of the criminals takes 10% effort. Catching the other 10% takes 90% effort.

      Now tell me which ones you catch when every single one counts as "one" in your "how many did you catch this year" statistics.

      Bottom line: You only catch the dumb criminals.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Missing from summary by Loadmaster · · Score: 5, Informative

    There is one important aspect missing from the summary. The FBI got a warrant first. It's not an extension of illegal wiretapping.

  4. Your dog wants zone alarm by Anonymous Coward · · Score: 5, Insightful

    He can spoof ips yet he can't install software to detect unwanted outbound traffic?

    Idiot.

    1. Re:Your dog wants zone alarm by Shakrai · · Score: 5, Informative

      He can spoof ips yet he can't install software to detect unwanted outbound traffic?

      Detecting it would seem to be a phyrric victory. What good is knowing ahead of time that the FBI has discovered who you are and will be along to arrest you within hours, depending on how bad traffic is?

      A wiser course of action would have been to run off a live-cd with firewall rules configured that only allowed outbound traffic to his anonymizer/tor/botnet/whatever he was using. Combine that with a security policy that wouldn't allow software to be installed and you could probably negate threats like these. "Borrowing" someone's unsecured wi-fi network and making sure that you used a throwaway wireless card (or at least changed the MAC) would also be advised. Preferably from a location really far away from where you live.

      Of course an even wiser course of action would be to not engage in criminal activity to begin with, but apparently this guy decided that wasn't right for him ;)

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Your dog wants zone alarm by QuantumRiff · · Score: 5, Insightful

      Your own computer can not be trusted anymore. Look at some of the new stuff being included by default in many computers. You can get a computrace chip installed on the motherboard, you can also have an Intel vPro chipset, that can work outside the OS, without the OS knowing what it is doing. Or, any kind of Hyper visor that is installed, or Rootkit. You can not trust any tool on your computer to tell you if your computer is compromised. You need something like a monitoring tool on your router, or in another machine.

      --

      What are we going to do tonight Brain?
  5. Re:Just another... by immakiku · · Score: 5, Funny

    I don't know... Seems to me like another reason not to cut 18 cables and not know how to hide your identity.

  6. Thanks For The Tip: +1, Helpful by Anonymous Coward · · Score: 5, Informative

    About the party responsible for infiltrating government and military computers.

    In case you've been living in Richard B. Cheney's spider-hole, this F.B.I. system is called Ghostnet.

    Yours Seditiously,
    Kilgore Trout

  7. Re:Just another... by Shakrai · · Score: 5, Interesting

    ... reason to not use Microsoft products.

    What makes you think they don't have a variant for Linux? User stupidity (i.e: bad/no security) isn't unique to Windows. Off the top of my head, if they are relying on the web as an infection vector combined with user stupidity, why not write it into a Firefox extension?

    Yeah, it wouldn't get your typical /. geek, but most criminals aren't known for their foresight or intelligence. "Oh, the private website with the bank account information needs me to install this software! Ok, what could possibly go wrong?"

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  8. FBI master hackers by noundi · · Score: 5, Funny

    "This website requires additional ActiveX components to be installed."

    Hmm...

    *click*

    ...

    Oops.

    --
    I am the lawn!
  9. Re:So We can Assume... by Shakrai · · Score: 5, Funny

    So we can assume that the right to keep and bear arms can include the use of trojans for personal reasons. Perhaps the Fed would like to tax and license the use of trojans. Only after an approved trojan safety course has been passed, of course. Other permits would be required to use a trojan outside of ones home and some public venues could ban the use of trojans in their facilities.

    Requiring a permit to use trojans outside of the home wouldn't seem consistent with the Democrats position on sex education ;)

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  10. Re:Just another... by qoncept · · Score: 5, Funny

    What incredible insight.

    Greta: He knocked over another ATM. This time at knife point. He needs your legal advice.
    Fletcher: [picking up phone and shouting] Stop breaking the law, asshole!

    --
    Whale
  11. Re:Just another... by Anonymous Coward · · Score: 5, Funny

    If you get a call from someone who refuses to identify themselves asking you if you'd be willing to edit a couple hidden configuration files and restart your system, then you have the Linux version.

  12. Sign of the times by iYk6 · · Score: 5, Insightful

    Something is seriously wrong when you have to explicitly state, "The FBI did not commit any crimes in this story." When I read the summary, I felt that the warrant was implied, but with everything that has happened, I also feel that you are completely justified to think that that info was missing.

  13. re: But who said it was about "outrage"? by King_TJ · · Score: 5, Insightful

    I think it's an interesting story, but sure ... if a warrant was obtained first, the FBI actually did this the RIGHT way, and that makes me happy.

    That's how law enforcement is supposed to work. Sometimes it seems like we completely forget that, these days, with all the stories of "the law" just doing whatever they please, secretly.

  14. Re:Cops Catch Criminal. Film at Eleven. by SirGarlon · · Score: 5, Insightful

    Actually, the FBI can't tell the difference between a criminal and a suspected criminal. In the U.S., it takes a jury (or a guilty plea) to do that.

    I think your point though is that it's not a violation of someone's rights if the FBI has reasonable evidence *before* they install the Trojan, and it appears they did in this case (because they had a warrant).

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  15. KISS by iYk6 · · Score: 5, Funny

    Nice ideas. Here is all I had: Demand that the info be in ASCII text, and download it with wget.

  16. Re:Just another... by CompMD · · Score: 5, Informative

    "What makes you think they don't have a variant for Linux? User stupidity (i.e: bad/no security) isn't unique to Windows."

    This is an excellent statement. Stupidity knows no bounds. Its also dangerous to assume that the FBI doesn't know what it is doing. When I worked in law enforcement, the FBI computer crimes agents I knew were well versed in operating systems other than Windows. The two I worked with most often had a solid knowledge of Linux and Cisco IOS.

  17. Re:silly muppet by Anonymous Coward · · Score: 5, Funny

    Or am i just a European speaking to an American ; ).

    No, just an asshole acting smugly superior.

  18. Re:Linux, lynx, and an anonymizer by Professor_UNIX · · Score: 5, Funny

    Don't you watch the movies? They would've backtraced his IP address through their firewall with a Visual Basic program within seconds. You need to bounce around the world through at LEAST 15 anonymizing proxies for that to work and give you a minute or two of time to taunt them before you disconnect at the last minute just as the blue blipping blob on their VB.Net trace program is about to pinpoint your location in North America as the program starts zooming in on your location with Google Maps.

    Click! All they know is you're in the northeast, but you told them that already right before you disconnected when you said you were calling them from a payphone across the street. When they rush out of their building all they find is an empty payphone with an acoustic coupler attached to the handset and interfaced to some kind of prepaid cell phone. You put down your binoculars that you've been using to watch the situation from the 5th floor of your hotel down the street and press a button on your computer which detonates the C4 conveniently hidden behind the payphone. Did they really think a silly god damn Windows spyware program was going to take you down so easily?

  19. Re:Linux, lynx, and an anonymizer by eam · · Score: 5, Funny

    > Reason for requested leave: Starting an evil empire

    Trust me, it's not as great as it sounds. The overhead is a lot more than you expect. Everyone figures they'll just steal a couple nuclear warheads and they're in business, but they never think about the essentials. Do you know how much toilet paper your evil lair will go through in a week? Even though you have the contribution jar next to the coffee maker, no one ever pitches in unless you happen to be standing there. With the downturn in the economy, you don't have the same staffing issues as you normally do, but finding decent henchmen is always a chore. The ones you do find are all, "We want dental!", "We need flex time!", "Respect me as an equal!", and "Oh God, no, save me, IT BURNS!!!" I mean, come on, what am I your mommy?

    You go through all that, then in the middle of one of your best speeches, some moron running around in a tuxedo blows it all up with a can of hairspray and a laser beam built into a wristwatch.

    Seriously.