Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Secret History of the FBI's Classified Spyware

timothy posted more than 5 years ago | from the but-we-just-want-to-peek dept.

Security 133

An anonymous reader writes "A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, according to newly declassified documents obtained by Wired.com. The so-called 'computer and internet protocol address verifier,' or CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia. Among other cases, the FBI used it to track a Swedish hacker responsible for cracking thousands of computers at national labs and NASA's JPL in 2005."

cancel ×

133 comments

Sorry! There are no comments related to the filter you selected.

The Ends Don't Justify The Means (4, Insightful)

QuantumG (50515) | more than 5 years ago | (#27609959)

How is this not breaking the law?

Breaking the law to enforce the law.. way to piss on justice.

Re:The Ends Don't Justify The Means (1)

Jrabbit05 (943335) | more than 5 years ago | (#27610015)

It appears it was highly targeted and only used on a warrant. But I don't see how they can't discolose more to save face...

Re:The Ends Don't Justify The Means (3, Insightful)

tygerstripes (832644) | more than 5 years ago | (#27610017)

In the same way that police regularly assault, kidnap or otherwise harass citizens?

Look, I'm not saying I disagree with you, but you need to refine the ethics of your argument a bit if you want to make a useful point. Unless you were just hoping to bash out something that sounded relevant in order to FP...

Re:The Ends Don't Justify The Means (3, Insightful)

WCMI92 (592436) | more than 5 years ago | (#27610127)

"How is this not breaking the law?

Breaking the law to enforce the law.. way to piss on justice."

I've always been skeptical about this and other tricks used by the FBI and other law enforcement. The Constitution is QUITE clear that a search of private property requires a warrant.

Another thing that has always bothered me is that law enforcement lying to citizens is routine and legal, but lying to law enforcement is a crime (even if you don't know the person you are talking to is law enforcement).

Seems to me that if the government wants us to respect the FAR too many laws on the books that it should start following them itself. And that starts with respecting the Constitution.

Re:The Ends Don't Justify The Means (2, Insightful)

conureman (748753) | more than 5 years ago | (#27611545)

It seems that the vast majority of citizens don't understand the concept of Constitutional law, or that by adherence to the supremacy of The Constitution, The People should be protected by the law, from their government. too bad, so sad.

The Comments Don't Match the Article. (5, Informative)

Eevee (535658) | more than 5 years ago | (#27612225)

The Constitution is QUITE clear that a search of private property requires a warrant.

From the fine article, emphasis added by me: "But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online."

And from further down in the article: "The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful."

Re:The Comments Don't Match the Article. (1)

FiloEleven (602040) | more than 5 years ago | (#27613937)

This guy [bash.org] is in trouble.

Re:The Ends Don't Justify The Means (2, Insightful)

divisionbyzero (300681) | more than 5 years ago | (#27612981)

Read the article. They went through the courts. However the fourth amendment not only requires a court order it requires that the search be limited in scope in duration. That's why AT&Ts indiscriminate monitoring of all users traffic is a violation of the fourth amendment even though it was court ordered.

To quote YARNEK (From Star Trek (original series)) (-1)

Anonymous Coward | more than 5 years ago | (#27613375)

"Breaking the law to enforce the law.. way to piss on justice." - by WCMI92 (592436) on Friday April 17, @08:25AM (#27610127) Homepage

I think the episode of STAR TREK (original series) called "The Savage Curtain" sums it up well, when a race of silicon beings who have NO CONCEPT of "good" or "evil" trap the Starship Enterprise & crew, & put them into a battle vs. the MOST notorious villains in the history of the human race:

----

YARNEK (the silicon being):"Our world is called 'EXCALBIA'... countless who live on that planet, are watching... before this drama unfolds, we give welcome - to the ones called 'KIRK', & 'SPOCK'..."

Capt. Kirk:"We know nothing, of your world... your customs. What do you mean, 'The drama about to 'unfold'...?'"

YARNEK (the silicon being):"You're an intelligent lifeform - I am SURPRISED you do not perceive the honor we do you - have we not created on this planet a stage IDENTICAL to your own world?

Capt. Kirk:"We perceive that we were invited to come down here, and we came in friendship... and you have deprived us of our instruments to examine your world, to defend ourselves, to communicate w/ our vessel..."

YARNEK (the silicon being):"Your objection is WELL taken: We shall communicate with your vessel, so that your fellow beings can enjoy, and profit... from the play... behold!"

(click, click)

    The statement was explicit:

YARNEK (the silicon being):"Capt., Mr. Spock - some of these you MAY know thru history - Genghis Khan, for one, & Colonel Green (who led a genocidal war early in the 21st century on your earth). Zora - who experimented with the body chemistry of subject tribes, on Tiburon. Kalas, the 'unforgettable' (The Klingon, who set the pattern for his planet's tyrannies)... We welcome the vessel, ENTERPRISE, to our solar system (and, to our spectacle): We ask you to observe with us, the confrontation of the 2 opposing philosophies, GOOD, & EVIL - since this is our 1st experiment w/ earthlings, our theme is simple - survival, life & death. YOUR philosophies are ALIEN to us, & we wish to understand them, AND DISCOVER which is the stronger (we learn by watching such spectacles)..."

Capt. Kirk:"What do you mean... survival?"

YARNEK (the silicon being):"The word is explicit - If you & Spock survive? You return to your vessel... if not? YOUR EXISTENCE IS ENDED!

YARNEK (the silicon being):"It seems that evil retreats, when forcibly confronted: However, YOU have failed to demonstrate the difference between your 2 philosophies (good & evil) - Your 'good' and your 'evil' use the SAME methods, & achieve the same results... Do you have an explanation?"

Capt. Kirk:"YOU established the methods, & the goals..."

YARNEK (the silicon being):"For YOU to use, as you chose..."

Capt. Kirk:"What did you offer the others, if they won?"

YARNEK (the silicon being):"What they wanted MOST: Power..."

Capt. Kirk:"You offered me the lives of my crew!"

YARNEK (the silicon being):"I perceive... you have won their lives!"

Capt. Kirk:"HOW MANY OTHERS HAVE YOU DONE THIS TO? WHAT GIVES YOU THE RIGHT TO HAND OUT LIFE... & DEATH?"

YARNEK (the silicon being):"The same right that brought YOU, here - THE NEED TO KNOW, NEW THINGS..."

Capt. Kirk:"We came in pease..."

YARNEK (the silicon being):"And, you may go in peace..."

APK

P.S.=> I'd say the BOLDED portions of the dialog above, especially from "YARNEK", about sums it all up... &, especially THIS line from it:

Your 'good' and your 'evil' use the SAME methods, & achieve the same results..

(I.E.-> There's almost NO WAY to 'play the nice guy' & win - nice guys DO finish last, because THEY OBEY RULES... whereas 'bad guys/scumbags', often don't. So, to "beat them @ their OWN game"? You HAVE to play the game by THEIR RULES (which is, no rules))...

BOTTOM-LINE:

Either one understands this, or, one doesn't, &, until YOU'VE BEEN THERE YOURSELF? It's fairly simple to 'sit back & be an armchair quarterback', & criticize...apk

Re:The Ends Don't Justify The Means (2, Insightful)

cyberchondriac (456626) | more than 5 years ago | (#27614351)

"How is this not breaking the law?

Breaking the law to enforce the law.. way to piss on justice."

Actually, when you think about it, the police regularly break the law to uphold it. Look at how they catch speeders: They usually have to speed themselves to catch up to the speeder in order to pull him over, or they even might just tail behind a speeder for a while and clock him with their own speedometer - thus breaking the law themselves by speeding themselves.
To a degree, in general, law enforcement has to operate a little outside the law, at times, to do the job. At times. I'm not saying give them carte blanche or anything stupid like that, but they require some slack, here and there, or the goal would likely be impossible to achieve.

Is the furor over this system they deployed, or over the matter of obtaining warrants to use it? Without such a system, they'd be relatively crippled in their ability to catch real net criminals and cyber-terrorists, and if they failed in that endeavor, everyone would just bitch about how useless they are, why aren't they doing something about crime, etc.
It seems lose-lose no matter what "they" do - either they're going to be accused of being ineffective at stopping crime/terrorism, or accused of stomping on everyone's rights, even when they follow the protocols and procedure.
If there are better alternatives, what are they?

Re:The Ends Don't Justify The Means (4, Informative)

bconway (63464) | more than 5 years ago | (#27610145)

RTFA.

But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online.

Re:The Ends Don't Justify The Means (0, Flamebait)

QuantumG (50515) | more than 5 years ago | (#27610223)

So if they obtained court authorization to deploy Sarin gas that'd be ok too right?

Are you saying that when the president does it then it's not a crime?

Re:The Ends Don't Justify The Means (4, Insightful)

Shakrai (717556) | more than 5 years ago | (#27610263)

So if they obtained court authorization to deploy Sarin gas that'd be ok too right?

Wow, hyperbole much? How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?

Re:The Ends Don't Justify The Means (4, Funny)

rackserverdeals (1503561) | more than 5 years ago | (#27610481)

Wow. You totally sidestepped the Sarin gas question.

You must think it's ok to eat babies too.

Re:The Ends Don't Justify The Means (5, Funny)

Shakrai (717556) | more than 5 years ago | (#27610505)

Only if you season them right :)

Re:The Ends Don't Justify The Means (2, Funny)

Lumpy (12016) | more than 5 years ago | (#27610853)

Rotisserie style!!!!

Mmmm Baby.... GET IN MY BELLY!

I eat baby... (0)

Anonymous Coward | more than 5 years ago | (#27610979)

...carrots.

Re:The Ends Don't Justify The Means (1)

Muad'Dave (255648) | more than 5 years ago | (#27612615)

This [coolpl8z.com] must be your license plate.

Re:The Ends Don't Justify The Means (0)

Anonymous Coward | more than 5 years ago | (#27613381)

I only eat straw men.

Re:The Ends Don't Justify The Means (1)

QuantumG (50515) | more than 5 years ago | (#27610529)

Wiretaps are just as unconstitutional too.. but that battle has been fought and lost already.

Of course, lately they've decided that rubber stamp court authorization isn't even needed.. and that they should just record everything as they might need it later.

Who says the slippery slope is a logical fallacy.

Re:The Ends Don't Justify The Means (1)

WCMI92 (592436) | more than 5 years ago | (#27610841)

Wiretaps are just as unconstitutional too.. but that battle has been fought and lost already.

There are actually limits on wiretaps. They can't just monitor and record ALL phone conversations, for example, they have to break it off when it's not related to what they were authorized to investigate. I seriously doubt that this FBI spyware is as discreet, it probably monitors and records EVERYTHING. This definitely puts this into a legal gray area.

Of course, lately they've decided that rubber stamp court authorization isn't even needed.. and that they should just record everything as they might need it later.

Which is what the Bush administration was doing and clearly there is no "hope" that the Obamessiah is going to "change" in that area.

Who says the slippery slope is a logical fallacy.

Exactly. With Obama's homeland security department deciding to define political opponents as "extremists" and "potential terrorists" we are about to see everything we feared about the potential misuse of the patriot act come to fruition.

Like all laws passed in a panic, the patriot act IS bad law and is FAR too broad in scope. Had it's power been limited to FOREIGN non US Citizens, it would have been able to do the intended job (give the FBI, et all the ability to investigate plots by known purveyors of terrorism) without granting the government powers that it should NEVER have, the ability to secretly investigate with little to no supervision, oversight, or accountability US citizens with little to no evidence.

Ironic that the people who I supported at the time despite being of the other party when they objected quite correctly to the patriot act are determined to hang onto that weapon now that they wield it.

Re:The Ends Don't Justify The Means (1)

Hatta (162192) | more than 5 years ago | (#27611709)

How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?

If the court authorization specifically lists the data to be siezed, it's not. If the court issues blanket authorization "in a wide variety of cases", it's a fishing expedition.

Re:The Ends Don't Justify The Means (1)

WCMI92 (592436) | more than 5 years ago | (#27615291)

If the court authorization specifically lists the data to be siezed, it's not. If the court issues blanket authorization "in a wide variety of cases", it's a fishing expedition.

That is correct. Warrants are supposed to only be issued for a specific person, a specific place, and for specific things, based on enough EVIDENCE to show to a judge "probable cause" that the search specified would provide further evidence. They are not supposed to be "carte blanche" permits to conduct fishing expeditions, which sounds to me what this spyware actually does.

Re:The Ends Don't Justify The Means (1)

hairyfeet (841228) | more than 5 years ago | (#27613095)

Is it a REAL court, or a "rubber stamp" court like FISA? Because there is a BIG difference between an actual court with an actual judge that weighs the evidence VS a court that says "sure, whatever you want is fine."

It seems to me the fed has been getting WAY too much power lately and it really wouldn't surprise me if they had a nice rubber stamp court that would let them deploy this on just about anyone (except against someone else working for the fed, of course) with the flimsiest of excuses. Power unchecked is power abused.

Re:The Ends Don't Justify The Means (3, Insightful)

vertinox (846076) | more than 5 years ago | (#27613261)

How is installing software on someones computer with court authorization to monitor their behavior any different from using the warrant to obtain a wiretap or using it to search their home and possessions?

I think the problem is that they posted the monitoring tool to a website where anyone could come across and get infected and get monitored.

In those instances, there was no prior suspicions that is needed for a warrant. You cannot randomly search 100 people's houses hoping to find a criminal the same way you can't put software out there to find out whether or not these people are the criminal.

In fact... TFA says the FBI agent was disappointed when the person they hope to infect was not infected so I'm assuming others were who were not the target of the warrant.

Re:The Ends Don't Justify The Means (1)

WCMI92 (592436) | more than 5 years ago | (#27610351)

"So if they obtained court authorization to deploy Sarin gas that'd be ok too right?
Are you saying that when the president does it then it's not a crime?"

Precisely. What is it about the courts that make their actions always sacrosanct even when they are clearly against the letter of the Constitution? By and large we don't get to elect the courts, making it the LEAST democratic institution in government. At the Federal level we don't get to elect ANY of them, and they serve for LIFE and it's practically impossible to remove them from office (few judges are ever impeached, even the really egregious ones who get overturned on appeal all the time).

Frankly right is right and wrong is wrong, and the courts have just as little respect for the law and our Constitutionally guaranteed freedoms as the elected branches of government. Probably even less so, since they don't even have the pretense of fear of the people throwing them out of office for their actions.

Re:The Ends Don't Justify The Means (1)

Aram Fingal (576822) | more than 5 years ago | (#27611113)

So if they obtained court authorization to deploy Sarin gas that'd be ok too right?

I'm guessing that you are referring to Operation Tailwind [geocities.com] which has largely been debunked. It hasn't been completely proven that the gas wasn't sarin but it seems improbable that it was.

Re:The Ends Don't Justify The Means (1)

pentalive (449155) | more than 5 years ago | (#27611951)

Sarin Gas is indiscriminate. The FBI tool is specific.

Re:The Ends Don't Justify The Means (1)

kpainter (901021) | more than 5 years ago | (#27615691)

So if they obtained court authorization to deploy Sarin gas that'd be ok too right? Are you saying that when the president does it then it's not a crime?

Press [OK] now to install the "Awesome Toolbar" from fbi.gov

Re:The Ends Don't Justify The Means (1)

Mister Whirly (964219) | more than 5 years ago | (#27616087)

"So if they obtained court authorization to deploy Sarin gas that'd be ok too right?"

Yep, it is called the gas chamber and it was last used in 1999 in Arizona. Capital punishment IS still legal in some states. Is it right? Hard question to answer, but it is still legal and that is what matters the most to governments.

"Are you saying that when the president does it then it's not a crime?"

Well, according to "Tricky" Dick Nixon, no when the president does it, it isn't a crime. Look how well that worked out for him! Bush claimed it was also true, and now Obama's group is making the same claim.

Re:The Ends Don't Justify The Means (2, Insightful)

Vu1turEMaN (1270774) | more than 5 years ago | (#27611765)

Indeed, but they did not obtain court authorization to use it against members of video hosting sites outside of the US 5 years ago. They just used it.

Re:The Ends Don't Justify The Means (2, Insightful)

Actually, I do RTFA (1058596) | more than 5 years ago | (#27612819)

Well, the Constitution doesn't protect people who are not US citizens and in different countries...

Re:The Ends Don't Justify The Means (1)

mysidia (191772) | more than 5 years ago | (#27610155)

Law enforcement officers have special rights that other citizens don't have; they're not breaking the law per se, but enforcing the law, and getting a special exception to other laws.

Officers can shoot people. They can steal^H^H^H^H^Hseize shit. They just have to have the right reasons to do it.

Under the patriot act they can sneak and search (warrantless covert search). CIPAV is just an extension of that, perhaps.

It would be disturbing if they do/did drive-by installs in a way that could effect innocent bystanders. However, until that gets met with a legal challenge of some sort, the legal process allows them to basically keep on doing it, until some people can prove that they did go outside the bounds of the law (fairly unlikely)

And now they've deemed they can make and deploy spyware for their searches; the law allows them to do these sorts of things, for the purpose of protecting national security (and finding suspects to put in jail).

These are just side effects of the Patriot Act.

What, you thought the patriot act was about finding terrorists??

Well it is, but it does so much more -- law enforcement get new rights that it would be foolhardy to ignore.

Of course they're going to use new law enforcement rights of the act against non-terrorists.

They may use the term 'suspected terrorist', for now to confuse matters, but make no mistake -- in 10 years or so, the enforcers will be openly using their new rights anywhere they want.

Re:The Ends Don't Justify The Means (1)

qwerty360 (1497049) | more than 5 years ago | (#27610389)

The problem is that it is being used internationally. Why should the FBI, even with a court order in America be able to search a PC outside of America. It also sets a nasty precedent as other countries could argue that if the FBI, etc, claims this is legal then their local law enforcement could perform searches of property in America without involving American police etc.

Re:The Ends Don't Justify The Means (0)

Anonymous Coward | more than 5 years ago | (#27610813)

This is of course the most important point in this debate. Not that I expect USA to see it that way, that country has a long history of one-way diplomacy.

Re:The Ends Don't Justify The Means (1)

mccrew (62494) | more than 5 years ago | (#27616415)

So far, all the evidence presented indicates that the FBI obtained court authorization as required by law.

So what is your point, exactly?

weeee second post (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27610013)

Second Post!!!

When I saw this article i was like wtf no posts ?

argh well, then i refreshed and there was one post, and now by the time i write this there will probably be another post

Linux version? (4, Funny)

MrKaos (858439) | more than 5 years ago | (#27610065)

I wonder if they have a Linux version?

Re:Linux version? (4, Insightful)

srollyson (1184197) | more than 5 years ago | (#27610925)

This paragraph from TFA is telling:

In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."

Seems like the FBI exploits browser vulnerabilities a la the Pwn2Own contest in order to deliver CIPAV, but CIPAV itself might not run in linux. I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident. Probably a bash or perl script so they don't have to worry about different architectures.

On a side note, there was probably some good porn on that page for the hacker to load it 30 times.

Re:Linux version? (1)

v1 (525388) | more than 5 years ago | (#27611105)

Reminds me of a certain recent xkdc [xkcd.com] but I know there was one that hit closer to home. Something along the lines of, "Drat! He's running linux! foiled again!"

Re:Linux version? (1)

MrKaos (858439) | more than 5 years ago | (#27614229)

I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident.

Recently I read 'The Uncensored History of the 9/11 Investigation' which noted that 9/11 investigators were shocked how behind the FBI was in terms of technological capabilities when compared to the NSA or the CIA. I was surprised to read that in many FBI offices there was only a single computer per floor!!!. However the next paragraph...

The agent phoned the FBI's Special Technologies Operations Unit for "urgent" help, expressing "the valid concern that the Unsub hackers would be 'spooked.'" But two days later the hacker, or a different one, visited the site again and "the system was able to deliver a CIPAV and the CIPAV returned data."

Perhaps the *ahem* cracker discovered the FBI's attempts to infect his machine and potentially, to put them at ease after discovering the FBI's attempt, re-visited with a machine they were capable of infecting. What data did it deliver? www.recipies.com? I know if I visited a website that failed to infect my machine I might be so inclined to gather data on what was trying to do it, especially if I was conducting nefarious activities. Seems a bit clumsy for law enforcement, but hey you're right, they probably learned, so lets move on.

Reason I bring it up is that internally the 9/11 commission came very close to recommending the FBI be disbanded but for serious smoozing from the FBI director Robert Mueller who was 'determined to save the FBI'. Instead the recommendations were for an American domestic intelligence service, like the British MI5, be set up and what resulted was The Department of Homeland Security.

Now I'm not criticising the FBI here, but, for an organisation that treated it's counter-terrorism operatives like personal assistants and clearly didn't take counter-terrorism seriously before 9/11 because it wouldn't result in the type of arrests that would get an agent promoted - this looks a lot like counter-terrorism. Also telling for what it implies...

The records also indicate that the FBI obtained court orders from the Foreign Intelligence Surveillance Court, which covers foreign espionage and terrorism investigations, but the details are redacted.

I was being sarcastic with the 'I wonder if they have a Linux version' remark I was just surprised that the FBI now happens to be using spyware, like technology now means something to the FBI, so I did a quick search and sure enough Director Mueller spells it out for us [fbi.gov] with this paragraph...

Today, our mission has changed dramatically and our budget reflects this change. For FY 2005 the FBI is requesting a total of $5.1 billion, an increase of about $525 million over the FY 2004 enacted level. This includes net increases totaling $324.6 million and 948 new positions, 307 of which are agents. Approximately 44 percent of the funding is allocated to counterterrorism and counterintelligence-or about $2.2 billion and 12,466 positions. Compared to FY 2001, this represents more than double the amount of funding and equates to an 80 percent increase in the number of people devoted to the counterterrorism and counterintelligence missions.

Seems to me the Director Mueller (to his credit) has instigated a seismic shift in the way the FBI operates internally. But "foreign espionage and terrorism investigations" isn't that the DOHS responsibility? "terrorism investigations" that doesn't imply the FBI's priority is necessarily arrests. So I'm wondering perhaps we are looking at a turf war between the DOHS and the FBI? I bet those missing 632 pages are an interesting read, especially since the article focuses on 'law enforcement' activities of the FBI spyware.

I doubt there is just one type of government spyware out there, if it was the CIA or the NSA I'd have no doubt they had a Linux version. I think the interesting thing is not so much the spyware but that Director Mueller's hand has *radically* changed the way the FBI operates. Intelligence is the new black in the FBI, and America has two domestic Intelligence agencies.

Re:Linux version? (1)

srollyson (1184197) | more than 5 years ago | (#27614553)

Apologies about the "hacker" faux pas.

Anyway, you might be right about the cracker coming back with a honeypot. I wish I was a fly on the cracker's wall so I could see how this played out.

As far as gov't grey-hats go, there is definitely a turf war between agencies. Hell, even the Air Force [af.mil] wants a piece of the pie. God help us all!

Re:Linux version? (1)

MrKaos (858439) | more than 5 years ago | (#27614759)

Apologies about the "hacker" faux pas.

Oh, it wasn't directed at you. I mean Wired, you'd think they would know their audience a bit better.

God help us all!

Indeed. Life, liberty and the pursuit of happiness, in carefully monitored and regulated doses. -- Thanks for the link

Re:Linux version? (1)

HexaByte (817350) | more than 5 years ago | (#27616259)

Well, they can get a Linux version if they want to, I keep a copy of BeOS around do do all my illegal hacking with! ;)

Probably. (1)

wiredog (43288) | more than 5 years ago | (#27611715)

And a Mac version too.

The really interesting question is, are there OpenBSD versions?

RIAA software (1)

snfnstm (1534657) | more than 5 years ago | (#27610099)

FTA :

"After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "

Let's hope the RIAA doesn't get it's hands on this.

Re:RIAA software (5, Insightful)

WCMI92 (592436) | more than 5 years ago | (#27610235)

"FTA :

"After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. "

Let's hope the RIAA doesn't get it's hands on this."

What I'd like to see is an open source antivirus/antispyware suite that WILL detect this. I own my computer, not the government, therefore I have a right to know what is running on it and to decide what is and isn't going to run on it.

I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.

Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

That's why I opposed and still oppose the patriot act... Not because I am against going after the actual JIHADI terrorists who have and are attacking our country, but because government abuse of it and turning it on law abiding citizens was inevitable.

Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.

Re:RIAA software (1)

Binestar (28861) | more than 5 years ago | (#27610267)

I think that if it were reported to the antispyware venders that it would be included. The problem is that it's a targeted install, so the infection rate is very low, as such it has probably never been seen by the antispyware venders at all, let alone examined well enough to detect.

Re:RIAA software (2, Insightful)

Shakrai (717556) | more than 5 years ago | (#27610341)

What I'd like to see is an open source antivirus/antispyware suite that WILL detect this.

Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......

I don't think it is any of the government's business what websites I go to, what blogs I post on, and for that matter, what porn I download.

It is if you are under a court approved investigation for something.

Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?

Note that Obama isn't doing anything to repeal the patriot act (which he used to object to). He wants that power just as much as Bush did.

Of course he isn't. Every President since Washington has tried to expand Executive power. Anybody who seriously thought Obama would be any different drank too much of the change kool-aid. Hell, I wasn't even delusional enough to think he would change this trend even back when I supported him.

Re:RIAA software (1)

WCMI92 (592436) | more than 5 years ago | (#27610621)

That is a legitimate fear -- which is why we have warrants and a judicial system. But to say that this software can't be used at ALL is a bridge too far, IMHO. Would you complain if the FBI installed this spyware on Tony Soprano's computer?

You are assuming the Obama administration will respect the law OR be held to account to it to any greater degree than previous administrations.

The patriot act is extremely powerful. They can, under this act, by simply declaring the target a "terrorist" (and I believe the homeland security report on "right wing extremists" was no accident, that it was done to set that pretext) act first and get court approval later. They can wiretap, they can install stuff like this, they can force libraries to divulge what books you have read (and it's a crime if you are interviewed to divulge that you were), and other Orwellian actions.

All legal to do, if they eventually get court approval, or never actually USE the information acquired directly.

When I see an administration calling people who protest peacefully and lawfully in favor of limited government and their Constitutional rights "extremists" and "potential terrorists" while at the same time intervening into the private economy to an unprecedented degree and acquiring more control over it than ever, I think that concern about them abusing such things as the patriot act and this spyware isn't paranoia.

Re:RIAA software (1)

Shakrai (717556) | more than 5 years ago | (#27610819)

I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?

The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?

Re:RIAA software (3, Interesting)

WCMI92 (592436) | more than 5 years ago | (#27611173)

I don't think you are paranoid and I don't trust them one damn bit not to abuse this neat little toy that the FBI has. My point was meant to respond to all the people who are claiming that the FBI shouldn't even have this toy -- would it really bother if you it was used in conjunction with a warrant to monitor a Tony Soprano?

I'm not saying they shouldn't have it and that it shouldn't be used WHEN proper authorization is obtained in accordance with the Constitution, WITH proper supervision, and LIMITED, as the 4th Amendment requires, to "particularly describing the place to be searched, and the persons or things to be seized". It sounds to me from the article that the FBI is capturing ALL activity with this, even that which is unrelated to their authorized investigation. There is no way that is within the letter or spirit of the 4th Amendment.

The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?

Well, the current administration has grabbed more power in 3 months than the government has in 30 years. Clearly, they are afraid that opposition to that (and future planned power grabs) is going to do nothing but grow, and that it's naturally going to come from the people who would be classified as being "from the right" and the people they will naturally have to FEAR (and government fear of the people as an incentive to obey the Constitution's restrictions on their power IS the actual purpose of the 2nd Amendment) are people who own firearms.

I know it sounds crazy, and hopefully is, but when you combine the "perfect storm" of a major economic crisis, single party control of government, and a desire to impose more central control (healthcare, industry, etc) with the patriot act which gives that single party the actual AUTHORITY to investigate and even arrest their opposition on a whim we very well might be the closest we've ever been to a Hugo Chavez type authoritarian coup.

And watching the major media drool over "Dear Leader" to the extent that they do is disgusting. What happened to the skepticism and criticism of the government? Is there not just as much a need for journalists to investigate Obama as they did Bush, especially when he's asking for unprecedented power and control? Or does it matter only when the agenda doesn't suit the personal beliefs of the media?

Re:RIAA software (1)

Shakrai (717556) | more than 5 years ago | (#27613189)

There is no way that is within the letter or spirit of the 4th Amendment.

FWIW I agree with you. I've also talked to members of law enforcement who have worked wiretaps and was told by them that they are required to stop listening even when they have an approved wiretap when it becomes apparent that the conversation isn't material to the matter at hand. I.e: If they have a wiretap on a suspected drug dealer they aren't supposed to keep listening when he starts having phone sex with his girlfriend. That seems to be the way it should work if you take the 4th amendment seriously.

I know it sounds crazy, and hopefully is, but when you combine the "perfect storm" of a major economic crisis, single party control of government

Well, there's always the Judicial Branch, but your point is well taken.

And watching the major media drool over "Dear Leader" to the extent that they do is disgusting. What happened to the skepticism and criticism of the government? Is there not just as much a need for journalists to investigate Obama as they did Bush, especially when he's asking for unprecedented power and control?

I don't know how much the "major media" even bothered to investigate Bush. How many serious questions were asked about the Patriot Act before it passed? How many were asked about Iraq before we went to war? The Fourth Estate is a sad joke and has been for sometime. What's worse is that the politicians in both parties have figured out how to game the system and the reporters who cover them are entirely too friendly with the people they are supposedly monitoring on our behalf.

And yes, the drooling over Obama is absolutely sickening. So is the new push coming from the mainstream media (catch 20/20 by any chance?) for gun control. It's pretty sad when I have to go to Faux News of all places to find an alternative point of view on a major political issue because every other media source isn't even pretending to cover both sides of the issue.

Re:RIAA software (1)

Sylver Dragon (445237) | more than 5 years ago | (#27615719)

required to stop listening even when they have an approved wiretap when it becomes apparent that the conversation isn't material to the matter at hand.

While I agree with the premise, I'm not sure this is as workable in a program which is collecting IP addresses and URLs as it is for a human being listening in. It is quite possible to be visiting an IP address which is hosting both normal and illicit sites at the same time. And URLs can be very deceiving; remember what whitehouse.com was for the longest time? What logical algorithm do you use to say, "this is involved, this is not". Unfortunately, the technology isn't really there. While the premise of limited scope is good, I think we have to let the warrant be for all URL's and IP addresses visited within a certain time frame, by a particular person.

Well, there's always the Judicial Branch, but your point is well taken.

The scary thing about this is that the same people who are now being labeled extremists, are the very same people who were attacking the Judicial Branch a couple years ago. I swear if I hear someone mutter, "judicial activism" or "legislating from the bench" one more time, I'm going to beat them with a wet, rolled up copy of the Federalist Papers. While the idea of Judicial Review is still somewhat controversial, they really are the last legal bulwark against unconstitutional laws.

The Fourth Estate is a sad joke and has been for sometime.

Amen, our news organizations have abandoned journalism for sensationalism. And the reason is simple, it makes more money. There is a small piece of me that holds out the hope that the internet and the ease of publishing information will help this a bit; but, the rest of me realizes that the cost, both in money and time, of doing good investigative journalism is way to high for the average person. I'm afraid that we're caught between the horns of the bull. One one hand people aren't willing to pay for good journalism, and aren't really willing to spend the time reading and digesting it either; on the other hand, no one is watching the government and it is growing into an even larger monster.

Re:RIAA software (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#27616437)

The "right wing extremists" report was extremely troubling. It was a whole bunch of "coulds" with no specific information and a warning to watch out for returning veterans and firearm owners. WTF?

Typically anti-terrorism FUD is all. I expect it came out of one of those "regional anti-terrorism centers" like the report out of the one in Louisiana that said Ron Paul supporters were potential terrorists. I wouldn't give obama's administration credit for anything coming out of those places, it is just a symptom of them having waaaay too much money and not enough real terrorists to spend it on, so they make up bogeymen instead. I've been hoping the economic crisis would reign in all that waste, maybe it still will.

Re:RIAA software (1)

Shakrai (717556) | more than 5 years ago | (#27610881)

Shoot, I hit reply too soon. Here's the best part of that document for anyone that thinks you are being paranoid: (emphasis mine)

Rightwing extremism in the United States can be broadly divided into those groups, movements, and adherents that are primarily hate-oriented (based on hatred of particular religious, racial or ethnic groups), and those that are mainly antigovernment, rejecting federal authority in favor of state or local authority, or rejecting government authority entirely. It may include groups and individuals that are dedicated to a single issue, such as opposition to abortion or immigration.

So I guess if you are a Libertarian you warrant inclusion with the likes of David Duke and the KKK. What the fuck is wrong with this picture? Why aren't more people talking about this?

Re:RIAA software (1)

Shark (78448) | more than 5 years ago | (#27613185)

Actually, all you have to do is respect the constitution if the part you highlighted is right. Libertarian, Republican, Democrat or any other... So long as you agree with what the constituion calls for (limited federal authority in favor of stare or local), you are a mean nasty terrorist.

Re:RIAA software (1)

Thelasko (1196535) | more than 5 years ago | (#27613751)

Here's the best part of that document for anyone that thinks you are being paranoid:

I ran a search on the text of that "document." All I found were a bunch of right wing political blogs. Do you have a verifiable source?

Re:RIAA software (1)

Shakrai (717556) | more than 5 years ago | (#27613917)

I can't seem to find it on DHS (probably because it's marked for official use only) but both Michele Malkin [michellemalkin.com] and Huffington Post [huffingtonpost.com] have the document online. I highly doubt those two agreed to jointly release a faked version. Incidentally, here's [redstate.com] a gem from some dude on Redstate in response to the bit about rejecting Federal authority in favor of state or local control:

Liberals, please note: that includes people who argue that individual states have the right to decriminalize marijuana, permit the sale of raw milk, allow assisted suicide, or recognize same-sex marriages. If you're one of those people, welcome to the Vast Right-Wing Conspiracy: here's your accordion.

Re:RIAA software (1)

Thelasko (1196535) | more than 5 years ago | (#27614217)

Better aricles:
US News and World Report. [usnews.com]
Washington Post [washingtonpost.com]
Associated Press [google.com]
It took me a while to find as some of the spelling is different than above. No offense, but I need to hear something that inflammatory from a source other than a blog.

Re:RIAA software (1)

Shakrai (717556) | more than 5 years ago | (#27614855)

Fair enough. That US News link is pretty good. Put it in my journal entry [slashdot.org] about the subject. Now that you've confirmed it, what are your thoughts?

Re:RIAA software (1)

Thelasko (1196535) | more than 5 years ago | (#27615223)

Now that you've confirmed it, what are your thoughts?

I think she was trying to say that there are people out there like Timothy McVeigh [wikipedia.org] and David Koresh, [wikipedia.org] that we should worry about. This has always been the case. Unfortunately, her description was so broad it ended up describing everyone in the USA.

I also think that when the right wing is in control, there tends to be more left wing extremism, and vise versa. If she explained it that way, more people would understand.

I agree that the document should be redacted. It really serves no purpose, as everyone knows those kinds of people exist. Her poor choice of words only made things worse.

Re:RIAA software (1)

OctaviusIII (969957) | more than 5 years ago | (#27614697)

To me, that's more along the lines of the nullification doctrine [wikipedia.org] : declaring that states and local government have a right to ignore anything the federal government mandates. Hence the "rejection of federal authority" rather than "preference against federal authority". Coincidentally, anarchists get labeled right-wing extremists in this passage - provided there isn't clarifying context, of course.

Re:RIAA software (0)

Anonymous Coward | more than 5 years ago | (#27615065)

Where were you when left wing groups were being labeled terrorist organizations?

There are a lot of "idiots" out there (1)

davidwr (791652) | more than 5 years ago | (#27611097)

Actually if you aren't an idiot about it and have proper security settings/practice this thing would never have gotten installed in the first place......

The right term is "if you aren't ignorant or stupid", not "if you aren't an idiot."

The vast majority of computer users haven't been told or refuse to believe that their OS and web browser are not only insecure, but in practical terms, inherently insecure. Ignorance can be cured.

Maybe, after enough people know someone who has been ripped off by bank or other fraud or had porn dropped on their PC, people will start demanding and using hardened web browsers.

Unfortunately, I have little doubt the US-based commercial web-browser and security-software vendor(s) have or will leave a "back door" for the feds.

I wonder how many Americans have been snooped on by totalitarian governments using similar tools? You'll know you've been targeted if, the next time you are on vacation in such a country, you don't come back.

Re:RIAA software (1)

Thelasko (1196535) | more than 5 years ago | (#27612393)

the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists"

You wouldn't happen to have a citation for this information, do you?

Re:RIAA software (1)

couchslug (175151) | more than 5 years ago | (#27612419)

"What I'd like to see is an open source antivirus/antispyware suite that WILL detect this."

Prevent it being installed in the first place.

If you boot a physical live CD, it cannot write to the disc, nor can any other nasties. Use writable media for storage.

Re:RIAA software (1)

PhxBlue (562201) | more than 5 years ago | (#27613571)

Given some of the scary things coming out of the "O"ministration lately (such as the recent homeland security advisory painting people who support the right to own firearms and who object to the outrageous spending going on as "rightwing extremists" and "potential terrorists" I think I and others have a legitimate fear that we may be targeted for such spyware for political reasons.

Oh, bullshit. This report is talking about people like Eric Robert Rudolph, like Timothy McVeigh and like Eric Nichols. It defines the term "rightwing extremist" on the second page:

Rightwing extremism in the United States can be broadly divided into those groups, movements, and adherents that are primarily hate-oriented (based on hatred of particular religious, racial or ethnic groups), and those that are mainly antigovernment, rejecting federal authority in favor of state or local authority, or rejecting government authority entirely. It may include groups and individuals that are dedicated to a single issue, such as opposition to abortion or immigration. (Emphasis mine)

Unless you're planning or threatening to shoot people or blow up a federal building, I don't think you have to worry about this. Call me back when the Obama administration starts labeling everyone who disagrees with them on foreign policy as potential terrorists and raising the alert level anytime politically inconvenient news hit the mainstream media, the way our previous administration was so fond of doing.

Re:RIAA software (1)

moeinvt (851793) | more than 5 years ago | (#27615965)

"It defines the term "rightwing extremist" on the second page . . ."

Including the section:

"those that are mainly antigovernment, rejecting federal authority in favor of state or local authority . . . and individuals that are dedicated to a single issue, such as opposition to abortion or immigration."

The idea of rejecting Federal authority in favor of state authority is enshrined in the U.S. Constitution, which is supposed to be the highest law of the land. The Right to Keep and Bear Arms is also explicitly included in The Constitution. How can people who advocate this viewpoint be "right wing extremists"? It's interesting that they've gone to this much trouble to figure out which particular political beliefs might be associated with terrorism. Notice that nobody in the government will ever suggest that terrorists could be motivated by our unconditional support of Israel or any other aspect of U.S. foreign policy. Those people just "hate our freedom".

The definition of "terrorism" and "terrorists" is a CRITICAL distinction because under the Bush doctrine, and facilitated by acts of Congress, anyone that the great emperor accuses of being a "Terrorist" can be incarcerated indefinitely without access to legal counsel, with no ability to challenge his/her detention in a court of law, and without any sort of due process.

"Unless you're planning or threatening to shoot people or blow up a federal building, I don't think you have to worry about this."

Oh, bullshit. I'm not planning to do any of the above, and this Orwellian report that associates violent extremism and acts of terrorism with political beliefs chills me to the bone. It seems like the Federal government is developing this adversarial relationship with the People, and that anyone who dares to oppose them in any way is a "terrorist". I'm a vocal advocate of shrinking the Federal government and getting them back within their Constitutional constraints. Obviously that would mean that they have fewer personnel, less funding, and less power. I guess that makes me a "threat" to them, even if my methods are entirely peaceful.

Re:RIAA software (-1, Redundant)

Cornwallis (1188489) | more than 5 years ago | (#27610265)

FBI...RIAA...What's the difference anymore?

Apple Tax (-1, Redundant)

qwertphobia (825473) | more than 5 years ago | (#27610289)

This explains a few things!

The Apple tax! The guberment just doesn't want us to use anything but insecure Windows systems.

Suspicious use of Linux (and friends): They can't p0wn every linux or bsd variation, so they are automatically wary.

The NSA They didn't get in on the NSA's backdoor in Windows NT, and they're still pissed.

Re:Apple Tax (1)

alen (225700) | more than 5 years ago | (#27610337)

did you miss the story about the ibotnet full of macs yesterday?

Re:Apple Tax (1)

orangesquid (79734) | more than 5 years ago | (#27611657)

Hmm.... "Yes, but does it run on Linux?"
"Imagine a Beowulf cluster infected by this!"
"Of course it runs on NetBSD!"
"OpenBSD: only two vulnerabilities (that the FBI lets us talk about) in the default install since the beginning of the project!"
"CIPAV: a security hole bigger than the goatse.cz guy can even comprehend!"
"In Soviet Russia, CIPAV doesn't know it's running YOU!"
" ' "CIPAV Considered Harmful" Considered Harmful' Considered Harmful"
"FBI Spaghetti Monster: Touched by his stealthy appendage"
"I can has CIPAVburger?"
"Chuck Norris can wipe all CIPAV installations in a 100-mile radius just by flexing his biceps."
"[cipav not needed]"
"CIPAV? The FBI can suck my big hairy@*!~Q^NO CARRIER"
"Any sufficiently advanced spying is indistinguishable from CIPAV."
"Natalie Portman, naked and petrified, covered in hot CIPAVs"
"i herd a rumor on the internet... that u liek CIPAV?"
"oh hai i uninstalled ur CIPAV"
"Every time you install CIPAV, God kills a kitten. Please, think of the kittens."
" 'Click here for a guide to uninstalling CIPAV" dammit i got rickrolled... i just LOL'd"
"mmmm... nothing like the taste of fr0sty cipav in the morning"
" 'and it silently copies your pr0n to a government server in Virginia.' There. Fixed that for you."
"I, for one, welcome our new CIPAV-wielding overlords."
"The poll options all sucked, so I just voted for CIPAVboyNeal."
"1) Deploy CIPAV. 2) ??? 3) Profit!"
"Your ideas intrigues me, and I wish to subscribe to your CIPAV service."
"CIPAV could be used as a tool for the War on Terror. This idea was developed by Shampoo."
"No need for a CIPAV-proof tinfoil hat? You must be new here."
"You are in a twisty little maze of law enforcement strategies, all alike."
"I *prefer* CIPAV over the competition, you insensitive clod!"
"In my day we didn't have drive-by downloads. Al Gore hadn't invented the intarwebz yet, and we had to push our snail mail through the tubes uphill both ways! We had to install CIPAV by hand, and REAL men did it by DEPOSITing the binary word by word --- Get off my damn lawn!"
"If I had modpoints, I'd mod you -5, CIPAV fanboi"
"There are four boxes to use in the prevention of CIPAV: OS X, Linux, OpenBSD, VMS. In that order. Starting now."
"Quiet court approval? I don't believe in Imaginary Warrants."
"I'm probably going to get modded down for this, but here are my thoughts on why CIPAV could be a Good Thing (TM) ..."
"I'm not worried about CIPAV. Only idiots use M$ Windoze. Just my 02c."
"Does anyone want to post the IP address of that server? I wonder if the FBI has heard of slashdotting..."
"The CIPAV drive-by download pages aren't even valid HTML!"
"Just because the computers reporting data back to the CIPAV server are usually the same computers that have visited the CIPAV drive-by download sites doesn't necessarily mean the former is a result of the latter. Correlation is not causation."
"CIPAV, CIPAV, egg, sausage, and CIPAV---that's not got much CIPAV in it"
" 'I didn't RTFA or RTFS, what's CIPAV?' www.justfuckinggoogleit.com"
" ' "This sounds really useful. I should install this on my computer so that I can help protect myself and my fellow citizens." dunno if you're just a troll, but do you even understand what cipav does?' *whoosh*" ... i could go on and on, but then... tl;dr

Re:Apple Tax (0)

Anonymous Coward | more than 5 years ago | (#27612743)

I am SO writing a script to generate comments automatically using this one as a template.

Does it work with dumb browsers? (2, Interesting)

davidwr (791652) | more than 5 years ago | (#27610485)

Does it work with browsers that are too dumb to run scripts or active content?
Does it work with browsers that have scripting and active content disabled?

What useful information does it provide if someone is using a proxy-router-boot-cd environment, besides other web sites visited during that session and perhaps traceroute-type information?

What useful information does it provide if someone is using a boot-cd environment behind a router that connects to the proxy? Traceroute-type information won't be helpful there.

Using dumb/old browsers, disabling active content, using proxy boot cds, and using boot cds behind routers are all things an unsophisticated user can do using turnkey solutions. The only skill required is "download and install software" for the first two, "download and burn a CD image and boot with it" for the third, assuming of course your computer BIOS boots to CD by default as most do. For the 4th, add the step of "go buy a computer and have them install a second network card, and download and burn 2 CDs, one for each computer." Not hard. I don't know if there is a turnkey set of CDs for #4 out yet but I wouldn't be surprised if there is. If there is not today, there may be one tomorrow.

exactly what I thought... (1)

Aut0mated (885614) | more than 5 years ago | (#27610509)

having read the story and seeing that one target hit the site 29 times without it dropping its payload due to a 'compatibility issue'.

Consider yourself lucky guys... (2, Informative)

Noxneo (1529319) | more than 5 years ago | (#27610583)

Here in France, we're close to having to install a spyware on our computer NOT to go in jail and pay a huge amount of money after 3 unproven accusations.

Re:Consider yourself lucky guys... (0)

Anonymous Coward | more than 5 years ago | (#27610625)

Here in France, we're close to having to install a spyware on our computer NOT to go in jail and pay a huge amount of money after 3 unproven accusations.

That's nothing. In Soviet Russia, spyware installs you!

All sounds very Windows like (2, Interesting)

AHuxley (892839) | more than 5 years ago | (#27610855)

But as you read down, some interesting details.
"The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks."
The feds note your interests as you type, not your proxy for the day 1/2 around the world.
What was once a hardware logger install is now your clicking on a link.
"alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website."
Seems like someone was using a Mac or Linux/other OS?
What do people think? A deep dark federal/MS approved/AV hidden effort?
Or in house/turned/tame spyware author ?
Would Tripwire save you :) ???
The MAC address part reminds me of hints about the anti p2p software called "Operation Fairplay"
http://news.cnet.com/8301-10784_3-9920665-7.html [cnet.com]

But if it works based on clicking links... (2, Insightful)

dyingtolive (1393037) | more than 5 years ago | (#27610937)

CIPAV, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia.

But if it works based on clicking links that presumably take you to the installer, how on earth can you guarantee that your target is going to click on it at all? You'd either have to direct it specifically to the Mark, and hope that he responds, or you'd have to put it someplace so completely mainstream that hundreds of other people click on... oh, shit. I think I'm having an OS reinstall party this weekend.

Re:But if it works based on clicking links... (0)

Anonymous Coward | more than 5 years ago | (#27611079)

You create a fake myspace profile, with pictures of a hot but believable chick, of course.

I was in the FBI for a few years back in college.

Re:But if it works based on clicking links... (3, Informative)

work90usdfjsldf9 (1313323) | more than 5 years ago | (#27613255)

*Sigh* Please RTA.

One person was sent the URL in a private myspace chat. Another was trying to extort the cable companies and had given them a private URL (presumably something like www.comcast.com/skldflksdf/freemoney4me.html) to post their response to. The FBI then set up that page to use a browser exploit to install the logger.

All instances were done under court order with almost the same restrictions and provisions a normal wiretap would have.

Re:But if it works based on clicking links... (1)

dyingtolive (1393037) | more than 5 years ago | (#27614943)

Okay, I skimmed TFA. I still don't understand how this has even a 10% margin of success. Speaking in regards to myself, if I was doing anything that warranted the FBI singling me out that I was aware of, I would be much more paranoid than I currently am about going to strange links. Especially ones sent to me from people I don't know. Especially when I use one service and the reply is trying to bait me into going to somewhere I've never heard of. Most of the time I see stuff like that on blogs that is just rampant spam. The whole thing just feels too flimsy to actually be useful. I don't see how they're giving the real story.

Re:But if it works based on clicking links... (1)

HexaByte (817350) | more than 5 years ago | (#27616445)

*Sigh* Please RTA.

Uhm, did you forget you're posting on Slashdot?

FBI aligning with high-traffic sites? (0)

Anonymous Coward | more than 5 years ago | (#27614495)

How would the FBI get the spyware loaded on major sites? Well, here's a likely sceanrio. Say you're the head of a major US bank. The FBI approaches you and says they'll load this tiny app on your site.... all in the name of security. Some might just go for it.

Nothing essentially wrong here... (3, Informative)

rabbitthought (929863) | more than 5 years ago | (#27610951)

As previously stated, it's not really different from bugging the home or car of a suspected Mafia boss/drug dealer/etc... As long as it's backed up by a court order, of course. It obviously interferes with the right for privacy, but that's why there are mechanisms which should take into account all factors before allowing such interference (i.e. courts and judges). If the system is malfunctioning, it should be fixed - but this doesn't mean that it isn't right. BTW, this CIPAV isn't really news - it's wikipedia page is 2 years old...

from TFA: (1)

GregNorc (801858) | more than 5 years ago | (#27611077)

In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."

My guess is that the "system incompatibility" was Linux and/or Firefox.

Inslaw & PROMIS (0)

Anonymous Coward | more than 5 years ago | (#27611081)

I'm surprised no one has mentioned Inslaw or PROMIS.

Predecessors to this FBI spyware.

http://en.wikipedia.org/wiki/INSLAW

Where are DOCS? (0)

Anonymous Coward | more than 5 years ago | (#27611385)

Are these documents available?
Tried to search but no luck.

catch it in the wild (2, Interesting)

cenc (1310167) | more than 5 years ago | (#27611633)

It seems strange that no one has managed to catch this in the wild yet, if it has been in use for that long. Would indicate they are using it in a fairly limited scope (perhaps), if for no other reason to keep from defeating their own tool.

Re:catch it in the wild (1)

anotherslashfan (1208958) | more than 5 years ago | (#27612813)

Interesting thought. One step further. If the bad guys were able to understand/decompile the code and tweak it, they could actually use it _against_ big brother: Imagine if bad guys tweaked the code and essentially gave it the functionality to "spread"(Think "worm". Spreading to millions of users...and millions of "infected PC's phoning home to Virginia). It would more than likely trash their survellance program with a multitude of false positives.

Re:catch it in the wild (1)

cenc (1310167) | more than 5 years ago | (#27613027)

or at least then be able to send them on a wild good chase.

The so-called (0)

Anonymous Coward | more than 5 years ago | (#27612361)

The so-called 'computer and internet protocol address verifier,' or CIPAV AKA Bonzi Buddy, is delivered through links to websites controlled by the FBI, and it silently reports back to a government server in Virginia

Good reason for browsing from VMs. (1)

Phizzle (1109923) | more than 5 years ago | (#27612921)

Or at least doing the more discreet browsing from a VM.

Re:Good reason for browsing from VMs. (1)

jimbob666 (1050308) | more than 5 years ago | (#27614763)

Agree with that. If you have a machine that is known to be clean then snapshot it, do your browsing/downloading and revert back to snapshot when you are finished.

For the paranoid you could have a machine that has never been attached to the internet and snapshot it at that point in time *then* do your browsing/downloading and revert back when you have finished. Although the problem I see here is (assuming Windows) getting snagged for security updates everytime you bring this snapshot back to life and hook it up to the internet. Maybe that is a little too much.

Release to the underground? (1)

lskovlund (469142) | more than 5 years ago | (#27613219)

If CIPAV has been so widely deployed, one might wonder if it has not been released to black hats already and analysed to death...

Laws Can Work Against Innocents (1)

b4upoo (166390) | more than 5 years ago | (#27614961)

Electronic rebellion is a bad thing when the other guy does it.
            But in all seriousness the ability of any government to fight electronic crime and rebellion sound fine at first but think about it. Perhaps there will come a day when our government is not in control of the situation. Other powers may infiltrate and seize control. This happens frequently all over the world. At that time the very same tools that aid us in catching thieves online or other negative personalities such as terrorists can be used to track down loyal Americans who are doing nothing more than trying to maintain liberty and our form of government. We need to have a really hard think about allowing governments to possess such spying tools.
          I also wonder if the browser creators are in on creating the vulnerabilities that the FBI uses for their exploits.

Forgot to tell you guys...... (0)

Anonymous Coward | more than 5 years ago | (#27615953)

Anyone that clicks the article link automatically gets the spyware installed.

FBI Spyware, I thought that was Windows XP ? (1)

Latinhypercube (935707) | more than 5 years ago | (#27616325)

FBI Spyware ? I thought that was Windows XP ?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>