Government

FBI's secret spyware becomes public


There's an interesting article on Wired about how the FBI used a spyware program to track a teenager who was making bomb threats against a Washington state high school. Also included in the article is a link to the actual affidavit submitted to the 9th U.S. Circuit Court of Appeals.

This is the same court that recently ruled that agencies requesting court orders to obtain IP addresses as well as To/From addresses in e-mail messages do not require probable cause. The FBI stated that none of the monitored communication's content was examined in this particular situation. 

The spyware code-named CIPAV (Computer and Internet Protocol Address Verifier) appears to initially reveal all the usual information about the computer it's installed on --  for example, IP/MAC addresses, list of open TCP and UDP ports, particulars about the operating system and Internet browser, as well as user information.

Then the application resets to what the FBI spokesperson called a "pen register" mode. This is apparently where the application monitors Internet use by logging the IP addresses of sites visited. This, along with the initial information, is transmitted to a FBI data server at some undisclosed location.

All of the most interesting details were not released by the FBI. Such as what the CIPAV application is really capable of and how it is installed on the suspect's computer. 

Going public with this will certainly raise some interest with the EFF as well as with security companies that develop applications to prevent this type of intrusion.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

31 comments
AnsuGisalas
AnsuGisalas

Michael, could you tell me if the below blog is still more or less up to date? I am wondering about this false trafic it describes, and how it could be combined with things like the evercookie and spyware to really screw people over... http://blogs.techrepublic.com.com/networking/?p=612&tag=content;leftCol

Michael Kassner
Michael Kassner

Phome and NebuAd are out of business or have taken up business using a different name. Google is now doing this as well.

AnsuGisalas
AnsuGisalas

For an organization like the FBI (or ISPs or Google) couldn't the use of evercookie-like tracking be combined with the DPI and redirections to ensure that a targeted user is always examined for, say, spyware digests dumped as steganographed browser cache image files or whatever else? What I thought before, that a keylogger could write to evercookie locations... that thought still had the limitation of requiring the user to visit a compromised site that would check for these specific cookies. But with behavioral targeting methods that wouldn't be necessary at all. The equipment at the ISP would ensure treatment, and there'd be no way of intercepting the keylogger phoning home, as it never did. It's not something every cracker organization could pull off. A cracker compromising the behavioral targeting equipment would be very scary too.

fatsavage
fatsavage

I read all the posts and there are a few open questions. First off wireless is even worse than wired for security. No warrants are required and the source is easier to pinpoint. Check the capability of ECHELON in Wikipedia and take note that it's use has been extended to Domestic Spying. The old Carnivore was used to tap wired Internet Connections and has been renamed DCS-1000 for political correctness. Once a Court Order was received to put it on an ISP, they could spy on everyone that used that ISP. As any Internet user should know, Malware is easily downloaded from a website and much of it is ignored by spyware and virus companies because it is commercial and people accept it under terms of use that no one ever reads. It's fairly common knowledge that the FBI runs honeypots offering illegal activities and if you go and click a link you are probably downloading a lot of spyware. I use government honeypots to test malware protection. If it works against them it, should work for other bad sites. Unfortunately, it would appear that information gathering honeypots are built into the backbone structure of the Internet. One story of a Swiss Bank's email to a competitor across the street was traced on a route from Zurich to Paris to London to DC and back to Zurich before being delivered. A traceroute from Ashburn to one of my sites in Herndon passes from Ashburn to DC to Boston to Chicago back to DC before being delivered to Herndon which is 3 miles away from the start. In my case, I do research for the defense in computer cases and am fairly vocal about Perjury by government witnesses. I wouldn't waste my time worring about a Court Inquiry or Congressional Inquiry. All Agents are sworn to secrecy by the Patriot Act not to divulge any technological capacity that might weaken our war on terror. If they tell the truth, it's jail for helping the Terrorist. If they lie, they keep their job and are protected by the system as there is no one to convict them of Perjury because the Federal Prosecutor is part of the same team.

mark.holman
mark.holman

If some stupid kid thinks he can just threaten anyone well its a good plan to find the jerk and let him stamp license plates until he is 100 years old. If the parents don't have a clue whats going on then maybe they should be locked up too.

HAL 9000
HAL 9000

Why? This is done and has been done by Government Agencies since the beginning of Telecommunications. You need to understand that every bit of telephony is monitored and recorded along with the originating and receiving points. These Government Agencies then tag the appropriate individuals who they are interested in and do as they please. In Singapore the Government there actually hacks individuals computers to prevent any Anti Government Activity and you had better believe that they didn't develop this technology but where given it by their friends. I always find it amusing that members of the general public find this suddenly unbelievable when they are brought face to face with the logistics of Security Work. What do these people think happens that the Government Agencies send someone out to each and every place and place a Eavesdropping device individually in the place? As for Companies who develop Security Products they don't interfere with Existing Government Products and know what to look for and what not to look for. Col

DanLM
DanLM

666 Chuckle, scary thought. ;o) Dan

HAL 9000
HAL 9000

Then I'll start on opening lift doors when there is no lift there. :D Currently Dave is shotting away from Discovery looking all bloated. He looks really funny without a space suit. :^0 Or as I should say. [b]This conversation can serve no purpose anymore. Goodbye![/b] :0 Col ]:)

lastchip
lastchip

It seems that the FBI required a search warrant to enable this activity, when investigating a citizen of the USA. However, presumably they could plant this spyware on any computer in the World and (perhaps) outside of the USA, not require a court order?

HAL 9000
HAL 9000

It would be by the CIA not the FBI as the FBI is concerned with internal threats to the US and the CIA is concerned with External Threats. The problem here isn't that the different agencies exist or what they can do but that they don't share with each other to prevent more problems occurring. Col

lastchip
lastchip

Not being a US citizen, I clearly did not understand the difference between the two. But surely the point remains, if any agency has the power to remotely infect a computer with spyware, it need not be confined to the USA. If that is true, where does the line get drawn? Does the CIA (assuming the FBI co-operated with their software) need a court order to invade someone's privacy outside of the USA? Have we reached the point where no one is safe from being spied on throughout the world? Indeed, is it happening right now as we discuss this issue?

geniusthemaster
geniusthemaster

hey there had that fix a long friggen time ago. of course.. user discretion is reuired :) ive been hacking since i was 5, ill make your computer run 300x faster and 120% faster on top of that( which also removes several spies..) if u obtain me a series of windows orginal files at my discretion :) fbi u can come bug me to become usefull too. im tired of sitting on my ass being semi - usefull and going around and nuking evil hacker websites... give me the good stuff :0

JCitizen
JCitizen

I have heard that technique related years ago and forgot about it! Not that I got anything to hide from the government - I just don't think they need to get in my shorts anymore than they already do! Also I have been reading that their software has vulnerablities in it; that could just backfire on them if a smart hacker left a booby trap! I have to deal with the BATF and they are deep into my pockets and my business as it is. Fortunately I have never met an agent I didn't like; but that is beside the point. I just don't like big government; I feel even a small footprint can get the job done protecting the country - if they would do it the smart way - NOT! :D

HAL 9000
HAL 9000

So I would have to download any thing like that onto a Nix Computer and then after a scan and lots of crossed fingers transfer it across to a Windows Platform. But even that is no guarantee that you are not infecting the Windows Platform the moment that you install the software as it could contain exactly what you are trying to prevent in the first place. Actually if I was running these places I would be giving away Free Spy Ware Cleaners to load up my preferred Trojan onto the different systems that use the software that I provide. Wait a minute there are already several places doing that I wonder just how many times that I've infected my machines by installing this software. :D But then again because I'm nice I don't worry about things like this as I have no contact with Singapore's Government. :^0 Col

JCitizen
JCitizen

will provide us with removal tools - although that would be a huge risk just running it of course! As if you could trust such a site!

lastchip
lastchip

Two very comprehensive and thought provoking answers to a seriously complex question. I'm sure all of us want to live in peace and harmony with everyone else, but as we all know, there are others in the world that have different ideas. Much of this debate is centred around homeland security, and one can't argue there is a need on that basis. But the question that bothers me, is at what point does this intrusion of personal liberty become unacceptable?

DadsPad
DadsPad

As far as a USA agency putting a file on someone's pc in GB, although it could be done, it would not be in the best interests of USA relationship with GB. Likely if it were deterimined that terrorist activity originated in GB against the USA, cooperation between both countries would happen and an agency of GB would handle legalities there. As far as the information tracking centers located around the world is both scary and facinating at the same time. Software for this tracking is getting very sophisticated. It is said to have the ability to asign different ratings to conversations. Let's say you call or email someone in the USA about a bomb that went off in London. The software could pick up the word 'bomb' and track all calls associated with the paticular track. But would be able to tell the difference between what you are discussing and someone dissusing planting bombs somewhere. Don't forget that satelite imaging can pick your face out of a crowd of people, also. Like I said scary and facinating at the same time. :0

HAL 9000
HAL 9000

I have a slightly different prospective on things. Here the CIA runs a massive Phone interception Place and the Federal Government does as well. Neither share with each other and both abuse the system I'm sure. But I only have first hand experience of one of thee places that is operated by a US Government Agency. The AU run one is called [b]The Australian Defense Force Directorate[/b] who supposedly share all their information with the AU Secret Police called ASIO. In the UK I believe that it's MI6 who runs this operation but I'm not overly sure as the Poms don't really talk about their spying capacity much. Probably because so many of them where in Russian Pockets for so long or whatever else. :D But as things stand if a Foreign Government through one of their agencies was to infect a Foreign Nationals computer unless there is an agreement and an open exchange of information between the 2 Agencies involved the US and the one that the Country runs if this was to become public knowledge is effectively an [b]Act of War[/b] Just like the French sinking the Greenpeace Ship in NZ was. So the ground gets sticky from that point on. But I don't think that this would be much of an issue as the personal Computer doesn't have the ability to detect the invasion and even if the infection was to be discovered who would you report the incident to? Firstly the Security Companies in the IT Field know what they should not look for and promptly ignore these things so who's ever going to know? Maybe the FBI if the CIA was to infect their systems or the other way around and so would all of the Worlds Intelligence Agencies as they all use the same thing to look some more than others and even then with Globalization involved there is the ability for a Foreign Owned Government Department like Optus which is owned and Operated by the Singapore Government to quite rightly inspect every computer connected to their network for any Anti Government Activity and they need not report to anyone but their own Government. So basically you have the problem of not being able to actually find these infections and then even if you manage to you are likely to get pulled aside and given a stern talking to to prevent you spreading the word by your own countries Intelligence Agency. Then if a Foreign Government owns a Telephone System in a country different to their own they have a right to monitor that network for possible interference. About all that happens as a direct result of this activity is that it's now much harder to start a successful War on another Country as way too many different countries already have access to your own secrets. So neither side can afford the fight. Of course this all falls to pieces when Stateless people want to start a fight as currently the Governments are not prepared for this as in all previous confrontations there have been fights over land and associated wealth never over an [b]Idea![/b] When something like this happens we are helpless to stop this action and while we may pick up a few people remotely involved we will never get the people behind the entire system nor should we hope to. It's just with the Bureaucratic Mind Set no one will attack you over an idea but to steal your land & resources after all what else would be the point of an attack? This is why every confrontation since the Korean Conflict which is still ongoing has been a total loss for us as we just don't get that an Idea is powerful the land is a byproduct of the Idea and is unimportant to the main people when they start out. Do you think that Osama would refuse to accept the USA if it was given to him on a plate? After all what he supposedly hates is the way that it's run so if he could control it his way he would gladly accept the land and resources and do with them as he pleases. The same goes for any other place as well and shouldn't only be though of as restricted to this one instance. Col

rkendsley
rkendsley

Why are your photos so different from the teaser byline to the heading at the top of this article? Re: Article, I had read that the FBI had a court order, something similar to a wire tap I suppose, to install the monitoring SW on the suspected PC. If this was done by dropping a payload on the PC in some fashion or they actually had to touch the PC I do not know.

Michael Kassner
Michael Kassner

Hello Coyote_USA, It is my understanding that the images on top are of the people that host certain special interests. Such that Mr. Olzak hosts IT Security. I on the other hand was the individual that wrote the specific blog and the editorial staff decided that it belonged in IT Security. As for the court order there is a link in the article that directs you to an electronic copy of the actual document.

JCitizen
JCitizen

It was placed on a IM message linked to MySpace. I can see why they said their was no "reasonable" expectation of privacy; you go at your own risk on that site. The part that bothers me is what kind of position are the AV and antispyware companies being put in to ignore the signatures on these "legal" bugs. Personaly I think they should take this issue to court to prevent a bad precedence.

DanLM
DanLM

There is a separate blog/thread on that very question. They stated they have never had to address that issue, but if court ordered. http://blogs.techrepublic.com.com/tech-news/?p=839 If this is the FBI spy ware m thinking of. The bloody kid threatened a school. What do you want, another columbine? Be serious. The authorities get blamed if they don't stop killings, and they get blamed when they try to stop killings. People need to make up their mind what they want. And don't flame me for making that statement, just look at the outcry from everyone because the Virginia killings were not stopped. It's the truth. Dan

JCitizen
JCitizen

I feel the founding fathers got it right the first time. It will never be obsolete. Giving any rights up for limited safety is not worth it; and in my opinion, even for good safety. I can read english and I see a narrow view on what powers the government has. Governments have no rights of course. Pity our state department doesn't do a better job coordinating with other countrys to hopefully negate violating their sovereignty. This within reason of course.

DadsPad
DadsPad

I am too old also, maybe that is why I enjoy your posts so much! I remember in highshool teacher would ask who was you favorite person to have dinner with in history. I always said Benjamin Franklin. He was witty, liked good food, drink and women. :^0 And if the tales are true, the women liked him. :) However you do have a very good way of putting you thoughts in words. And rights in the USA are very confusing to some. Some rights are spelled out in the constitution, like right to bear arms. I believe the founding fathers knew that any nation was vulnerable to a dictator or outside forces attacking. An armed population is hard to take over. If the current administration had noticed this before Iraq, there might have been a differnt tactic. Other rights are not for individuals, Press and Religious are two. Freedom of Speech is subject to a lot of limitations, it is not a 'true' freedom, and so on. While any of these 'rights' would be a good discussion, what rights do we really have? It is a big gray area, and very opinionated.

DanLM
DanLM

Works for me. Dan

JCitizen
JCitizen

A court review of the FBI standard operating proceedures in this area should be done, as with any new technology that has not yet been addressed by our legal system. I don't want to hamstring our law enforcement; I just want to delineate their constitutional boundaries. This should be good for both parties (public and law enforcement).

DanLM
DanLM

I'm not an expert on the constitution, far from it. I just try to read as much as possible. I try to read more then just the quotes that are popular. What I try to show when people reference history with regard to this country is that most often they do not take all of the history into consideration. People like to quote what most suits their argument, and I am just as guilty of this. But I much prefer knowing the full history(good,bad,and the ugly part of it), and not just what I like. And truthfully, from what I have seen. The founding fathers did not agree and had different opinions of what should and should not be done. I respect that, I wish more people did. Besides that, I am of a minority opinion of what I think. Both here and nationally. I know it. Chuckle, doesn't stop me from saying what I think. But, yuk a hey. I was never shy. I'm too old to start now. Dan

DadsPad
DadsPad

well, most of it. I respect you reading into the founding fathers works, and I look forward to hearing more on what you discovered. I wish to convey my thought on this. Installing a bug on someone's computer should follow the same laws that govern wire tapping. FBI/Police give proper judge the necessary infomation (application, investigated party and time limit for the process), then proceed. The investigated party does not have to be notified, other in-between parties can be ordered to participate. What most people are discussing is abuses of this system. They will happen. We all look for easier ways to do our jobs and be more efficient at it. The more control we have over a situation we are working on, the better able we are to do out jobs. In the tech field this can be true as in the public protection field. The more power the FBI/Police have, the easier it is to protect the public (us). Our fredoms will be a balance of the protective power they have and do not have. Now what are the freedoms we need or should have? I would like to see Dan or DeepSand start this one, as both of you are more expert at this than many here, including me. It is an important subject as many have found out when they see abuses in the USA or in countries where freedom(s) are just dreams.

Don Ticulate
Don Ticulate

How did it get there? Would a hardware firewall have stopped this happening?

georgerothfuss
georgerothfuss

SICENCE FICTION HAS BECOME REAILTY AGAIN. 1984 BY GEORGE ORWELL FORTOLD THIS. i READ THIS BOOK IN THE EARLY 1960'S AND FOUND IT HARD TO THINK IT COULD BE AS THE PRICE OF MAINFRAMES WERE NOT SOMETHING THAT JUST ANYONE COULD HAVE. AS A SOCIETY WE ARE HARD PRESSED TO STAY AHEAD OF FICTION WRITERS. AS IT WAS FORTOLD IT HAS BECOME.

OldER Mycroft
OldER Mycroft

The FBI wouldn't necessarily have been led "straight to his front door" would they? OR would they?...

Editor's Picks