How Does The FBI's Spyware Get Around Security Software?
from the cloak-and-dagger-or-point-and-click dept
A teenager in Washington state got sentenced to 90 days in juvenile detention this week, after he plead guilty to making some bomb threats via e-mail to a high school. It turns out that the FBI nabbed him with a piece of spyware called the Computer and Internet Protocol Address Verifier, or CIPAV. The FBI used the spyware after it had obtained server logs from Google and MySpace, which gave them an IP address that led to an infected computer in Italy. This isn't too surprising, really, but what makes it a little more intriguing is that it's not clear how the FBI slipped the program onto the kid's computer, nor how it evaded detection by anti-virus software. The most likely possibility is that they took advantage of some unpatched vulnerability on the kid's PC, with a browser or plug-in hole exploited by a MySpace web message. The question of evading security software looms larger, though, with CNet's Declan McCullagh wondering if the government persuaded security software vendors to whitelist CIPAV. He said that some vendors said they'd comply with court orders to ignore government or police spyware, and that McAfee and Microsoft wouldn't say if that's what had, in fact, happened here. Meanwhile, Kevin Poulsen over at Wired says that a more likely (and less controversial) explanation is that without ever seeing CIPAV, security software vendors can't make a signature for it, so their systems can detect it.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: government, law enforcement, spyware
Companies: fbi, mcafee, microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
Am i missing something?
Isn't this why most hackers use proxy's outside of the target country?
[ link to this | view in chronology ]
Re: Am i missing something?
If one hacker can hide his steps, what stops another from un-hiding them?
[ link to this | view in chronology ]
Re: Am i missing something?
My 2 cents - FBI ring owner of PC in Italy....
FBI: "Did you know that some kid has infected your machine, turned it into a proxy and is using it to send bomb threats?"
Pissed off Italian: "No"
FBI: "We are as annoyed as you are - do you mind if we email you a file to put on your machine which will help identify who it is so we can arrest him? It'll just grab his real IP, OS etc and where the redirected traffic is going to from HTTP headers"
Pissed off Italian "No"
FBI: "Thanks"
(sorry for the bad acting and poor Italian)
[ link to this | view in chronology ]
Re: Re: Am i missing something?
[ link to this | view in chronology ]
Any one else getting the feeling the FBI is claiming to do things they can't to either cover up their real(and much more sinister or evasive) methods or just to scare potential terrorists and the american public in general.
[ link to this | view in chronology ]
Re: #3 and snooping government
I am bothered by en masse snooping on ordinary citizens, without probable cause to believe they commited a crime, and/or with no warrant, then sifting through to find some alleged misdead. (I do not refer to the subject of this column, though. He made bomb threats.)
I don't want the government to have a peep hole into our private lives with the help of Microsoft, McAfee, Intel or anyone else I make a legitimate purchase from.
In fact, where the hell do these companies get off providing such a back door!
I thought we lived in a free country - not under a government microscope.
(they hate us for our freedom?)
[ link to this | view in chronology ]
Re: Re: #3 and snooping government
[ link to this | view in chronology ]
My Solution
Get something like Linux, that way you know what is running on it.
Not only that, but you could go a step further and make it run your own private whitelisted programs. If so, the only way the FBI could touch you would be for you to let them, or install Wendoze.
[ link to this | view in chronology ]
They don't even need a warrant!
[ link to this | view in chronology ]
I think there's scope here for a savvy defense attorney to not only have the "evidence" obtained thrown out of court but to publicly give the FBI a black eye. This type of behavior cannot be tolerated from law enforcement in a free and just society.
[ link to this | view in chronology ]
Re: Bah who needs one
> showing up in uniform and presenting
> the owner with a warrant
FYI: The FBI does not wear uniforms.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
FBI Surveillance
For example, it is probably a bad idea to refer to a bad movie as "a real xxxx" where what I have omitted has four letters, beginning and ending with "b".
Discussion of many Vincent Price movie titles would likely also be unwise.
The Waltham Massachusetts Debutantes should probably change their initials.
And we better start referring to it as a "heart event" rather than using words like "axxack" and "sxxzure".
[ link to this | view in chronology ]
Re: FBI Surveillance
[ link to this | view in chronology ]
Re: FBI Surveillance
I'm from Waltham, Massachusetts. Believe me when I tell you, there are NO debutantes there. Some working class princesses and some ethnic hotties, yes; but you'd need to go to some neighboring towns (Belmont, Lexington, Weston, Lincoln) to find any real debutantes.
[ link to this | view in chronology ]
My Opinion is:
Not that he should be let go, but he should have been caught in another way. A more legal and ethical way...
[ link to this | view in chronology ]
Re: My Opinion is:
There really isn't much case law (that I'm aware of) on the books related to this kind of invasive evidence gathering. It too bad the kid didn't take it to trial. It could have been a supreme court case.
[ link to this | view in chronology ]
Hmmm.
[ link to this | view in chronology ]
Re: Hmmm.
In (something like) the words of Benjamin Franklin: "A society that would give up a liberty to gain security deserves neither and loses both."
The most important thing we can do in post-9/11 America is to maintain the liberties that have caused us to be the envy of the world... not give them up so that we can be secure.
[ link to this | view in chronology ]
Re: Re: Hmmm.
[ link to this | view in chronology ]
Re: Hmmm.
[ link to this | view in chronology ]
Re: Hmmm.
"A person willing to give up freedom for security, neither deserves freedom, or security" .... Benjamin Franklin.
[ link to this | view in chronology ]
We all know the real story...
Giving up our freedom, especially in concerns to computers which control just about every aspect of our lives was the beginning of the end. Welcome to a world where big brother has complete access to all your stuff at the flick of a button.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wireless is untrackable
I would worry more about those who leech off random wifi networks from which to commit their crimes.
[ link to this | view in chronology ]
Sneak and Peak
I think too much faith has been given to this teen's "hacker proclivities" (what a phrase!).
It seems that this program merely reported on the IP address, MAC address etc. All this is public information surely(?) so the expectation to privacy is limited (like dumping private letters in the trash). The article specifically says that the feds didn't record any content.
[ link to this | view in chronology ]
tracking emails
There is a company which offer this Service for everybody!
http://www.readnotify.com/
[ link to this | view in chronology ]
The point
Within one paragraph reported AT LEAST second hand, all readers have convicted this kid.
The FBI crap is icing on this cake folks; it only formalizes the disregard for reason.
You mean to say that in no one's past are there any actions or angry threats which were NOT REALLY intended for action.
[ link to this | view in chronology ]
If you don't own it, you don't who does or where i
The thing with encrypted emails is that they will probably attract unwanted attention which defeats the original purpose.
[ link to this | view in chronology ]
How they did it?
http://www.dslreports.com/forum/r18703177-How-they-did-it
[ link to this | view in chronology ]
Facts... oh why bother?
So, now you can be pissed off at the courts as well as the FBI. Oh, and congress for the Patriot Act. All three branches!
[ link to this | view in chronology ]
Re: Facts... oh why bother?
[ link to this | view in chronology ]
Re: Re: Facts... oh why bother?
oh please, the Patriot in and by itself is more than enough for any intelligent, good citizen to wrap him-/herself in righteous indignation.
[ link to this | view in chronology ]
Unclear?
The FBI or any other big brother goverment agency doesn't need to make a 'virus' or to take any advantage of 'vulnerabilities' in PCs to invade our already lost privacy.
I can think of many ways spyware... or evidence can be planted in computers.
1. Via any software updates. Microsoft, symantec, itunes, you name it. They know your ISP, IP address and computer profile (MAC addr, registry, hardware list etc)
2. By using unregistered protocols to connec to PCs. Ethereal, wireshark et all only undersand public protocols. Under the un-patriot act I'm sure all new routers let pass some unknown protocols. The only way to really monitor the traffic is to tap into the physical layer (the wires) and see what flows trough.
3. Probably relatively new OSes (Vista, OSX, some or all Linux flavors?) already have built in spy functionality.
The questions are:
1. To what extent is this spying activity going on?
2. Are we going to stop looking for terrorists like AQ? or pedophiles, unfaithful husbands/wives, drug dealers, tax chaeaters, Democrats, Catholics and Muslims are next?
3. Who decides who gets prosecuted like border patrol agents Ramos and Campeon or pardoned like Scooter Liby?
4. Will the 'spies' misuse the information for their own advantage? Like getting tips on particular stocks or fed interest descicions?
I can go on and on.
[ link to this | view in chronology ]
Re: Unclear?
We know MS made a deal with the government in order to keep operating the way they do. MS also created and developed spyware as a marketing tool (Through 3rd party developers).
OSX? I don't know about that, but because they are a single company it would be easy to put pressure on them.
Linux? I doubt considering how many different versions there are and the fact that people all over the world code and check code that our government could force a back door in. On a side note there are always ways into a system if you know what your doing.
Handing over that info or creating a back door for the government in the name of security is extremely flawed reasoning.
[ link to this | view in chronology ]
Now, legally they are covered. The federal trojan did no damage to the target computer, and one can legally make the case that when you are "on the internet" you are on a public medium and cannot have any expectation of privacy, and the federal trojan only monitored for criminal activity and all other log entries are disregarded.
Pretty much basic stuff, yawn.
[ link to this | view in chronology ]
"hacking" NON-connected PCs
Well, first my online PC was hacked, to the point I could no longer connect to the Web (via cable modem). Then, more recently, my OFFLINE pc (a one-year-old Cisnet running Win XP) became unable even to boot up. Previously it had been gradually deteriorating, so that (for example) no devices at all were listed under System/Devices).
After a 2-month hiatus, I am now back online as of today. I'm using a $70 second-hand PC (from Goodwill), plus a free MEPIS 6.5 CD that allows one to try the system before installing it, plus an expensive high-speed cable connection. I have also placed lead sheeting (on cardboard panels) around the business end of the PC, as an added precaution. I had done this with the XP system, but too late, I think, though I suspect the last killing infection occurred during "breaking and entering" of my apartment.
My system is running from the CD drive, and I'm not even going to try to format the HD -- I'm literally afraid the feds or whichever hacker this is will pack it with something like child porn if I do! They already tried to frame me once, I think with drugs in a plastic bag.
Be afraid. I am absolutely positive the FBI will break and enter illegally, since it's been happening to me. They have even incited other residents of my building to keep track of me if I leave my apartment, so I don't leave unless a friend is "house-sitting" now. Btw, I'm disabled, getting $623/month through SSI, and this has been going on for 9 months now!!!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
update
They still won't go away, are still illegally messing with my PC from upstairs, and I can't get them to negotiate or even tell me what they want. The ONLY way I can be rid of them, apparently, is to tell everyone everything I know about what they're doing. Okay, then.
[ link to this | view in chronology ]
[ link to this | view in chronology ]