How Does The FBI's Spyware Get Around Security Software?

from the cloak-and-dagger-or-point-and-click dept

A teenager in Washington state got sentenced to 90 days in juvenile detention this week, after he plead guilty to making some bomb threats via e-mail to a high school. It turns out that the FBI nabbed him with a piece of spyware called the Computer and Internet Protocol Address Verifier, or CIPAV. The FBI used the spyware after it had obtained server logs from Google and MySpace, which gave them an IP address that led to an infected computer in Italy. This isn't too surprising, really, but what makes it a little more intriguing is that it's not clear how the FBI slipped the program onto the kid's computer, nor how it evaded detection by anti-virus software. The most likely possibility is that they took advantage of some unpatched vulnerability on the kid's PC, with a browser or plug-in hole exploited by a MySpace web message. The question of evading security software looms larger, though, with CNet's Declan McCullagh wondering if the government persuaded security software vendors to whitelist CIPAV. He said that some vendors said they'd comply with court orders to ignore government or police spyware, and that McAfee and Microsoft wouldn't say if that's what had, in fact, happened here. Meanwhile, Kevin Poulsen over at Wired says that a more likely (and less controversial) explanation is that without ever seeing CIPAV, security software vendors can't make a signature for it, so their systems can detect it.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: government, law enforcement, spyware
Companies: fbi, mcafee, microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Brian Harris, 18 Jul 2007 @ 3:45pm

    Am i missing something?

    Once they found an IP in Italy, how did they manage to find him in Washington State?? it was understanding that cooperation with foreign governments around IP's would take months of red tape to cut through, at least that is what i was told at a computer forensics meeting a couple years back which was hosted by Yale.

    Isn't this why most hackers use proxy's outside of the target country?

    link to this | view in thread ]

  2. identicon
    The Truth Beacon, 18 Jul 2007 @ 4:37pm

    Re: Am i missing something?

    QUOTE: "Isn't this why most hackers use proxy's outside of the target country?"

    If one hacker can hide his steps, what stops another from un-hiding them?

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 18 Jul 2007 @ 4:40pm

    Remember the thing about cell phones the FBI claimed. They claimed they could listen to any cell phone through its Mic wheather or not the phone is even on. Now they can install spyware on any computer around the world?

    Any one else getting the feeling the FBI is claiming to do things they can't to either cover up their real(and much more sinister or evasive) methods or just to scare potential terrorists and the american public in general.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 18 Jul 2007 @ 5:07pm

    Re: #3 and snooping government

    I'm not bothered if they claim abilities they do not have; but they certainly were able to do this little trick.

    I am bothered by en masse snooping on ordinary citizens, without probable cause to believe they commited a crime, and/or with no warrant, then sifting through to find some alleged misdead. (I do not refer to the subject of this column, though. He made bomb threats.)

    I don't want the government to have a peep hole into our private lives with the help of Microsoft, McAfee, Intel or anyone else I make a legitimate purchase from.

    In fact, where the hell do these companies get off providing such a back door!

    I thought we lived in a free country - not under a government microscope.

    (they hate us for our freedom?)

    link to this | view in thread ]

  5. identicon
    Thomas, 18 Jul 2007 @ 5:20pm

    My Solution

    Open Source Software.
    Get something like Linux, that way you know what is running on it.
    Not only that, but you could go a step further and make it run your own private whitelisted programs. If so, the only way the FBI could touch you would be for you to let them, or install Wendoze.

    link to this | view in thread ]

  6. identicon
    Overcast, 18 Jul 2007 @ 5:29pm

    I'm sure there are plenty of openings for the Government/Corporate Unholy alliance to sneak through.

    They don't even need a warrant!

    link to this | view in thread ]

  7. identicon
    Bah who needs one, 18 Jul 2007 @ 5:53pm

    This FBI act looks like a blatantly illegal search under the 4th amendment. Even assuming they had a wiretap warrant, hacking a suspect's computer (as opposed to simply tapping their phone line or cable and sniffing the traffic on it) appears to violate the Computer Fraud and Abuse Act as well as the suspect's property rights in their machine. In effect, they seized the computer without notice. It's as illegal as if they broke in and removed the computer in the dead of night without all the niceties of showing up in uniform and presenting the owner with a warrant first, or even leaving a note afterward saying they'd served a warrant in the owner's absence or something.

    I think there's scope here for a savvy defense attorney to not only have the "evidence" obtained thrown out of court but to publicly give the FBI a black eye. This type of behavior cannot be tolerated from law enforcement in a free and just society.

    link to this | view in thread ]

  8. identicon
    1812lsd, 18 Jul 2007 @ 6:01pm

    Here Here!

    link to this | view in thread ]

  9. identicon
    Economist, 18 Jul 2007 @ 6:10pm

    FBI Surveillance

    In order to reduce traffic that the FBI has to examine manually, and improve their efficiency, we should probably eliminate much of common English usage.

    For example, it is probably a bad idea to refer to a bad movie as "a real xxxx" where what I have omitted has four letters, beginning and ending with "b".

    Discussion of many Vincent Price movie titles would likely also be unwise.

    The Waltham Massachusetts Debutantes should probably change their initials.

    And we better start referring to it as a "heart event" rather than using words like "axxack" and "sxxzure".

    link to this | view in thread ]

  10. identicon
    Charles Griswold, 18 Jul 2007 @ 6:42pm

    Re: FBI Surveillance

    In order to reduce traffic that the FBI has to examine manually, and improve their efficiency, we should probably eliminate much of common English usage.
    So, we shouldn't refer to a bad movie marathon as a "bomb attack"? OK, noted for future reference.

    link to this | view in thread ]

  11. identicon
    Shalkar, 18 Jul 2007 @ 7:29pm

    My Opinion is:

    Well, they scarred the kid in to not taking it to court. In fact, he probably took a plea bargain. After all, he plead "Guilty". So yeah, maybe if he took it to court a good lawyer would have been able to fight it. The thing is though, you think an appointed attorney would be a good one? I doubt he and/or his family even had money for a lawyer. Period.

    Not that he should be let go, but he should have been caught in another way. A more legal and ethical way...

    link to this | view in thread ]

  12. identicon
    Just Me, 18 Jul 2007 @ 8:21pm

    Hmmm.

    While I agree that the methods the FBI employed are a bit shady and perhaps even unconstitutional, you have to at some point weigh the good and the bad. Again, don't misunderstand me; It really pisses me off that they can serruptitiously install spyware on my PC to find out what I'm doing, but in the same vein, they only do that when there is something blatantly illegal going on that they want visibility into. Before 9/11 I'd have been totally opposed to this behavior, but given the good that it can do AND since I don't engage in bomb threats/life threats/kiddie porn/terrorist activities, I'm not worried about what they will find if they happened to spy on my conversations. In fact, it can only exonerate me.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 18 Jul 2007 @ 8:24pm

    Re: My Opinion is:

    A skilled attorney would have likely taken a case like this pro bono because of the like hood of setting a legal precedent.

    There really isn't much case law (that I'm aware of) on the books related to this kind of invasive evidence gathering. It too bad the kid didn't take it to trial. It could have been a supreme court case.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 18 Jul 2007 @ 8:54pm

    Re: Hmmm.

    I disagree.

    In (something like) the words of Benjamin Franklin: "A society that would give up a liberty to gain security deserves neither and loses both."

    The most important thing we can do in post-9/11 America is to maintain the liberties that have caused us to be the envy of the world... not give them up so that we can be secure.

    link to this | view in thread ]

  15. identicon
    meh, 18 Jul 2007 @ 9:04pm

    Re: Hmmm.

    Are you honestly that short sighted or just retarded. How many years will have to pass before the idiot masses will stop justify government abuse of power in the name of supposed safety. It's not about whether or not I'm doing something illegal it's about not wanting people snooping into my business unless they follow the rules we're all supposed to live by. What right does the government have to pick and choose which laws they are going to inforce, and which they will ignore in the name of the greater good. For those of you wanting to change the privacy laws, read your history fools, I would laugh if you manage to push a change through only to have it used to persecute beliefs you hold that harms no one but doesn't follow the status quo.

    link to this | view in thread ]

  16. identicon
    reed, 18 Jul 2007 @ 9:12pm

    We all know the real story...

    Behind closed doors the US government and MS struck a deal not to break up the company. I wonder what the specifics of that deal was? You scratch my back, I scratch your back. We don't break you up, you build those back doors in for us. Doesn't take a rocket scientist to figure out Bill Gates sold out over 90 % of all computer users.

    Giving up our freedom, especially in concerns to computers which control just about every aspect of our lives was the beginning of the end. Welcome to a world where big brother has complete access to all your stuff at the flick of a button.

    link to this | view in thread ]

  17. identicon
    linuxamp, 18 Jul 2007 @ 9:20pm

    Doesn't this sound a lot like the old Magic Lantern program from 2001?

    link to this | view in thread ]

  18. identicon
    Retired Hacker, 18 Jul 2007 @ 11:10pm

    Wireless is untrackable

    Today's punks aren't computer wizards by a long shot.
    I would worry more about those who leech off random wifi networks from which to commit their crimes.

    link to this | view in thread ]

  19. identicon
    Enrico Suarve, 19 Jul 2007 @ 1:37am

    Re: Am i missing something?

    I've got the same problem here - we traced it to an infected PC in Italy then to his machine

    My 2 cents - FBI ring owner of PC in Italy....

    FBI: "Did you know that some kid has infected your machine, turned it into a proxy and is using it to send bomb threats?"

    Pissed off Italian: "No"

    FBI: "We are as annoyed as you are - do you mind if we email you a file to put on your machine which will help identify who it is so we can arrest him? It'll just grab his real IP, OS etc and where the redirected traffic is going to from HTTP headers"

    Pissed off Italian "No"

    FBI: "Thanks"

    (sorry for the bad acting and poor Italian)

    link to this | view in thread ]

  20. identicon
    Sean, 19 Jul 2007 @ 1:49am

    Sneak and Peak

    I think this sort of search would fall under the sneak and peak provisions of Patriot or whatever act is relevant.
    I think too much faith has been given to this teen's "hacker proclivities" (what a phrase!).
    It seems that this program merely reported on the IP address, MAC address etc. All this is public information surely(?) so the expectation to privacy is limited (like dumping private letters in the trash). The article specifically says that the feds didn't record any content.

    link to this | view in thread ]

  21. identicon
    Max, 19 Jul 2007 @ 2:27am

    tracking emails

    You don't need the FBI to track people.

    There is a company which offer this Service for everybody!

    http://www.readnotify.com/

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 19 Jul 2007 @ 6:03am

    Re: FBI Surveillance

    "Waltham Massachusetts Debutantes"

    I'm from Waltham, Massachusetts. Believe me when I tell you, there are NO debutantes there. Some working class princesses and some ethnic hotties, yes; but you'd need to go to some neighboring towns (Belmont, Lexington, Weston, Lincoln) to find any real debutantes.

    link to this | view in thread ]

  23. identicon
    wthompson, 19 Jul 2007 @ 6:06am

    The point

    Not sure what the point of this is...
    Within one paragraph reported AT LEAST second hand, all readers have convicted this kid.
    The FBI crap is icing on this cake folks; it only formalizes the disregard for reason.

    You mean to say that in no one's past are there any actions or angry threats which were NOT REALLY intended for action.

    link to this | view in thread ]

  24. identicon
    BTR1701, 19 Jul 2007 @ 6:34am

    Re: Bah who needs one

    > without all the niceties of
    > showing up in uniform and presenting
    > the owner with a warrant

    FYI: The FBI does not wear uniforms.

    link to this | view in thread ]

  25. identicon
    Hieronymus, 19 Jul 2007 @ 6:35am

    If you don't own it, you don't who does or where i

    The problem with email and anonymous proxy servers is that unless you own it yourself, you don't know who has control of it or where it's located (despite what the seller says).

    The thing with encrypted emails is that they will probably attract unwanted attention which defeats the original purpose.

    link to this | view in thread ]

  26. identicon
    Unknowledgeable Geek, 19 Jul 2007 @ 6:44am

    Re: Re: Am i missing something?

    I think you have it right. This is almost funny that everyone is slamming the FBI because they stopped bomb threats. What if that kid called a bomb threat into your place of business, would you not want the FBI to stop them? You all are looking at the small picture. What about my rights? What about my rights to be able to go to work and not worry about bomb threats!!

    link to this | view in thread ]

  27. identicon
    Raydr, 19 Jul 2007 @ 6:57am

    How they did it?

    I made a post here explaining how I think they did it:

    http://www.dslreports.com/forum/r18703177-How-they-did-it

    link to this | view in thread ]

  28. identicon
    Ryan, 19 Jul 2007 @ 9:24am

    Re: Hmmm.

    A quote you've probably heard comes to mind.....

    "A person willing to give up freedom for security, neither deserves freedom, or security" .... Benjamin Franklin.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 19 Jul 2007 @ 9:55am

    Facts... oh why bother?

    Actually, the FBI did have a warrant. Here's the application for that warrant: http://www.politechbot.com/docs/fbi.cipav.sanders.affidavit.071607.pdf

    So, now you can be pissed off at the courts as well as the FBI. Oh, and congress for the Patriot Act. All three branches!

    link to this | view in thread ]

  30. identicon
    Robert, 19 Jul 2007 @ 11:15am

    Unclear?

    It seems that in addtion to loosing our civil liberties we are loosing our imagination too.

    The FBI or any other big brother goverment agency doesn't need to make a 'virus' or to take any advantage of 'vulnerabilities' in PCs to invade our already lost privacy.

    I can think of many ways spyware... or evidence can be planted in computers.

    1. Via any software updates. Microsoft, symantec, itunes, you name it. They know your ISP, IP address and computer profile (MAC addr, registry, hardware list etc)

    2. By using unregistered protocols to connec to PCs. Ethereal, wireshark et all only undersand public protocols. Under the un-patriot act I'm sure all new routers let pass some unknown protocols. The only way to really monitor the traffic is to tap into the physical layer (the wires) and see what flows trough.

    3. Probably relatively new OSes (Vista, OSX, some or all Linux flavors?) already have built in spy functionality.

    The questions are:

    1. To what extent is this spying activity going on?
    2. Are we going to stop looking for terrorists like AQ? or pedophiles, unfaithful husbands/wives, drug dealers, tax chaeaters, Democrats, Catholics and Muslims are next?
    3. Who decides who gets prosecuted like border patrol agents Ramos and Campeon or pardoned like Scooter Liby?
    4. Will the 'spies' misuse the information for their own advantage? Like getting tips on particular stocks or fed interest descicions?

    I can go on and on.

    link to this | view in thread ]

  31. identicon
    Deli Laama, 19 Jul 2007 @ 11:28am

    Re: Re: #3 and snooping government

    No, they hate you because you're retarded.

    link to this | view in thread ]

  32. identicon
    Deli Laama, 19 Jul 2007 @ 11:33am

    Re: Facts... oh why bother?

    Shhh...! If you start posting facts no one will be able to wrap themselves in righteousness indignation.

    link to this | view in thread ]

  33. identicon
    Reed, 19 Jul 2007 @ 11:52am

    Re: Unclear?

    3. Probably relatively new OSes (Vista, OSX, some or all Linux flavors?) already have built in spy functionality.

    We know MS made a deal with the government in order to keep operating the way they do. MS also created and developed spyware as a marketing tool (Through 3rd party developers).

    OSX? I don't know about that, but because they are a single company it would be easy to put pressure on them.

    Linux? I doubt considering how many different versions there are and the fact that people all over the world code and check code that our government could force a back door in. On a side note there are always ways into a system if you know what your doing.

    Handing over that info or creating a back door for the government in the name of security is extremely flawed reasoning.

    link to this | view in thread ]

  34. identicon
    SailorRipley, 19 Jul 2007 @ 12:04pm

    Re: Re: Facts... oh why bother?

    "Shhh...! If you start posting facts no one will be able to wrap themselves in righteousness indignation."

    oh please, the Patriot in and by itself is more than enough for any intelligent, good citizen to wrap him-/herself in righteous indignation.

    link to this | view in thread ]

  35. identicon
    Chipwhisperer, 20 Jul 2007 @ 4:13pm

    I don't think this is any big mystery at all. They tracked the incoming IP on the Myspace page, and it was an infected computer in Italy. The infected computer in Italy OBVIOUSLY had lots of ports open with various programs "listening", so the Feds just sent a trojan down the appropriate port after scanning the ports on that machine. Once settled in, they then sat back and occasionally perused the logs that their trojan in Italy sent regularly to Virginia. And of the incoming IPs shown in the log, an obvious one stuck out: a residential IP in the state of Washington. Wow, what a coincidence.

    Now, legally they are covered. The federal trojan did no damage to the target computer, and one can legally make the case that when you are "on the internet" you are on a public medium and cannot have any expectation of privacy, and the federal trojan only monitored for criminal activity and all other log entries are disregarded.

    Pretty much basic stuff, yawn.

    link to this | view in thread ]

  36. identicon
    facing backwards, 17 Aug 2007 @ 1:30pm

    Re: Re: Hmmm.

    Since 911 we can now observe, the terrorists won. Politicians use terror to win votes. Companies use terror to gain contracts. We have given up many liberties in the name of security and gained neither liberty or security. We have to remove shoes and belts at the airport along with discarding watter bottles! THE TERRORISTS HAVE WON!

    link to this | view in thread ]

  37. identicon
    Carol Stein, 25 Oct 2007 @ 2:52pm

    "hacking" NON-connected PCs

    If you search for me online, you may discover that I wrote a paper a few years back for AI-Depot. In this I advised that anyone who has critical information on a PC that isn't just stored Web pages (etc.) should use both an online PC and an offline PC. Since I am a writer, I have been doing this for sometime. A very cheap used PC works just fine as the offline machine (unless you play processor-intensive online games, I suppose).

    Well, first my online PC was hacked, to the point I could no longer connect to the Web (via cable modem). Then, more recently, my OFFLINE pc (a one-year-old Cisnet running Win XP) became unable even to boot up. Previously it had been gradually deteriorating, so that (for example) no devices at all were listed under System/Devices).

    After a 2-month hiatus, I am now back online as of today. I'm using a $70 second-hand PC (from Goodwill), plus a free MEPIS 6.5 CD that allows one to try the system before installing it, plus an expensive high-speed cable connection. I have also placed lead sheeting (on cardboard panels) around the business end of the PC, as an added precaution. I had done this with the XP system, but too late, I think, though I suspect the last killing infection occurred during "breaking and entering" of my apartment.

    My system is running from the CD drive, and I'm not even going to try to format the HD -- I'm literally afraid the feds or whichever hacker this is will pack it with something like child porn if I do! They already tried to frame me once, I think with drugs in a plastic bag.

    Be afraid. I am absolutely positive the FBI will break and enter illegally, since it's been happening to me. They have even incited other residents of my building to keep track of me if I leave my apartment, so I don't leave unless a friend is "house-sitting" now. Btw, I'm disabled, getting $623/month through SSI, and this has been going on for 9 months now!!!

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 25 Oct 2007 @ 2:57pm

    Oops, I meant to say the cheap used PC can be the online PC, not offline PC.

    link to this | view in thread ]

  39. identicon
    Murat, 31 Oct 2007 @ 2:21am

    Any one else getting the feeling the FBI is claiming to do things they can't to either cover up their real(and much more sinister or evasive) methods or just to scare potential terrorists and the american public in general.

    link to this | view in thread ]

  40. identicon
    Carol Stein, 12 Mar 2008 @ 12:41pm

    update

    It turns out the problem is much worse than I suspected. The FBI is able to (1) enter 'dangerous' "foreign destination" IP addresses into my PC as shown by netstat lanap listings, even when router and cable modem are both unpowered, (2) at one point they were messing up IPTABLES, again from another PC (located within 10-15' of mine, in another apartment), (3) when I shutdown my MEPIS 6.5 system (still running from CD-ROM, with NO storage available) -- even if I've only booted up and then shutdown immediately after logging on -- I get a message that OpenBDS Shell Server is shutting down. Hmmmmm.

    They still won't go away, are still illegally messing with my PC from upstairs, and I can't get them to negotiate or even tell me what they want. The ONLY way I can be rid of them, apparently, is to tell everyone everything I know about what they're doing. Okay, then.

    link to this | view in thread ]

  41. identicon
    Mithell, 20 Jan 2010 @ 8:53am

    Have you never seen an episode of 24? Those government super spies can do anything, and do it quickly! There must be some deal with the security software companies or some exploit they hacked into with their collective brainpower, because as mentioned, this should not be so easy to do...

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.