Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Used Spyware for Online Search

CowboyNeal posted more than 7 years ago | from the not-surprised-here dept.

United States 79

juct writes "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security, a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."

cancel ×

79 comments

Sorry! There are no comments related to the filter you selected.

Are the editors boycotting reading /. again? (4, Informative)

Anonymous Coward | more than 7 years ago | (#19922803)

Yet another dupe [slashdot.org] ! (From yesterday!)

Re:Are the editors boycotting reading /. again? (1)

_Sprocket_ (42527) | more than 7 years ago | (#19922823)

Ummm... maybe it's a "Slashvertisement" for antivirus software? Subtle.

Re:Are the editors boycotting reading /. again? (3, Funny)

RuBLed (995686) | more than 7 years ago | (#19923113)

Ha! The quote displayed as of the time I'm writing this is:

If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde


Re:Are the editors boycotting reading /. again? (1)

Gentlewhisper (759800) | more than 7 years ago | (#19923155)

And that is why the Mossad uses Macs...

Oh... oh! And the good guys in 24 too!

Linux spyware (0)

Anonymous Coward | more than 7 years ago | (#19924443)

Something that worries me is that on Windows, if Big Brother installs spyware, I have at least a small chance that my anti-spyware software will detect it (depending on whether my anti-spyware vendor sleeps with Big Brother). But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.

Re:Linux spyware (1)

Shakrai (717556) | more than 7 years ago | (#19928975)

But on Linux, I simply don't run any anti-spyware (because spyware has not been a problem). But if Big Brother manages to hack my ~/.xsession or firefox-bin (for example), it may be a very long time (if ever) before I notice.

But with Linux the kernel is presumably trustworthy and you can firewall off any means of access for remote exploits. Can you say the same with Windows?

Course if big brother really wants you all they have to do is a sneak and peek and rootkit your PC. Really doesn't matter what OS you are using.....

Re:Are the editors boycotting reading /. again? (1)

poetmatt (793785) | more than 7 years ago | (#19925379)

shit someone used CIPAV to post a dupe!!!!oneoneone!!!11

Please tell me why I should run Windows? (4, Interesting)

whoever57 (658626) | more than 7 years ago | (#19922835)

Of course, the "if you have nothing to hide..." crowd are likely to be out, but what about rogue agents? What about investigations that target the wrong people by accident?

I suspect that getting such a tool installed on my Linux box would be much harder.

Re:Please tell me why I should run Windows? (0)

Anonymous Coward | more than 7 years ago | (#19923059)

I suspect that getting such a tool installed on my Linux box would be much harder.


I sincerely doubt it. What on earth do you do to protect yourself from spyware? A false sense of security is hardly protection.

For all you guys know, you are already infected.

Re:Please tell me why I should run Windows? (1)

Spy der Mann (805235) | more than 7 years ago | (#19923089)

What about investigations that target the wrong people by accident?

With the government, there are NO "accidents".

Re:Please tell me why I should run Windows? (1)

lessermilton (863868) | more than 7 years ago | (#19927847)

It's called collateral damage ;)

Security through obscurity (2, Interesting)

EmbeddedJanitor (597831) | more than 7 years ago | (#19923143)

Well if you have nothing to hide and don't do anything that attracts attention, the security through obscurity principle kicks in.

Sure some poor sap will be done over, but hopefully it won't be you.

Re:Security through obscurity (0)

Anonymous Coward | more than 7 years ago | (#19923705)

Sure some poor sap will be done over, but hopefully it won't be you.

Yeah, probably just the Jews [wikipedia.org] again.

Re:Security through obscurity (2, Insightful)

sumdumass (711423) | more than 7 years ago | (#19924485)

If you have one thing that you don't want someone else to know about, you have something to hide. And this one thing doesn't have to be illegal or unethical either. as long as we have freedom, we are free to hide things.

Something to hide != guilty of a crime.

Re:Security through obscurity (1)

PopeRatzo (965947) | more than 7 years ago | (#19924849)

Sure, there are lots of reasons to hide things that are perfectly legal. When I travel in less-safe countries, I sometimes hide money in an interior pocket or even my shoe. I hide a key in a certain place outside my house in case I lock myself out. When I buy a pint of haagen-daz, I hide it in the back of the freezer so my wife doesn't eat it.

I'm not trying to be clever here. There's not a soul that has "nothing to hide". If someone says their life is an open book, ask to see their wallet and start looking through it. Watch their reaction.

Re:Security through obscurity (1)

Domo-Sun (585730) | more than 7 years ago | (#19931837)

Also, everyone has something to fear, such as, false imprisonment for crimes you didn't commit and evidence planting. Or how about imprisonment and execution for things that are trivial, like being a Jew.

Re:Please tell me why I should run Windows? (1)

pkvon (899533) | more than 7 years ago | (#19923909)

> I suspect that getting such a tool installed on my Linux box would be much harder. Do you verify everything you download? Did you get the certificates from a trusted store? How do you know your ISP (cooperating with the gov) or the certificate authority (verisign? trust them?) did not mess with whatever you are downloading. It might just come attached to your latest firefox binaries :/

The actual links from TFA (0)

Anonymous Coward | more than 7 years ago | (#19926443)

www.myspace.com/timberlinebobminfo and bobmermails.hyperphp.com

I'm Glad (0, Flamebait)

mombodog (920359) | more than 7 years ago | (#19922847)

They nailed that little terrorist bitch.

Good ! (1)

sonamchauhan (587356) | more than 7 years ago | (#19922865)

From the story:
which Google and MySpace supplied to the FBI therefore referred to the Italian computers. In order to trace the perpetrator, the FBI sent the CIPAV via Google Mail or MySpace after receiving a search warrant from the authorities so that the spyware could install itself as more threats were sent. Use of the CIPAV was granted by the judge with the stipulation that the software was only to transmit its IP data between 6:00 and 22:00. However, it was permitted to log IP addresses round the clock.

Re:Good ! (1)

compro01 (777531) | more than 7 years ago | (#19923013)

glad to hear they've caught on with this whole thing with warrants and due process.

see? you don't need NSLs to catch bad guys!

Re:Good ! (2, Interesting)

sumdumass (711423) | more than 7 years ago | (#19924509)

The problem is, even with a warrant, how do you know the software they install isn't installed to make you look guilty? The software can do anything they tell it to do, would you be able to have the source code examined at your trial?

Re:Good ! (1)

sakasune (772886) | more than 7 years ago | (#19929155)

Your comment is one that actually made me say "hmmm..."
Could the defendant actually request the source code for the program? Though, they probably would just label him a terrorist and throw him and the source code in Gitmo...there he could review it all he wants, because in Guantanamo Bay no one can hear you scream

Re:Good ! (1)

sumdumass (711423) | more than 7 years ago | (#19935187)

There sure is a lot of fus over the treatment of the people at club gitmo. I think a lot of people would hear you scream, it just wouldn't be too many that cared.

But yea, your probably right. You would be shove off to the side where they could control how much you can do about the program. It just seems to me that if you could sneak it into the computer, you could almost sneak anything into it, even if you needed evidence to go further into the computer.

How long will it be before... (5, Insightful)

bconway (63464) | more than 7 years ago | (#19922867)

the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Re:How long will it be before... (1)

normuser (1079315) | more than 7 years ago | (#19922979)

How long will it be before... the FBI (and some if-it-will-save-one-child-it-is-worth-it legislators) demand all the OS vendors to install backdoors so that it can come in and install whatever spyware it wants to be installed?

Hmmm, where have I heard that before? Maybee in this post by "140Mandak262Jamuna" [slashdot.org]
Really, what was the point of ripping off his post?

Re:How long will it be before... (3, Funny)

bconway (63464) | more than 7 years ago | (#19923047)

I figured if the editors weren't going to take the time to post new content, there wasn't much reason for us to, either.

Re:How long will it be before... (1)

Actually, I do RTFA (1058596) | more than 7 years ago | (#19923605)

Do we have to guess the right negative number to win the prize, or is knowing the sign enough?

Re:How long will it be before... (1)

Bearhouse (1034238) | more than 7 years ago | (#19924019)

Yeah, but that would probably work just as well as the Clipper chip...remember that? Exactly...

Re: How long will it be before... (0)

Anonymous Coward | more than 7 years ago | (#19929135)

How long will it be before everyone realizes that it's bad idea to have an "OS vendor"? OSes are commodities and the ones where it's even possible for a centralized vendor/saboteur to install a backdoor into, keep falling behind in terms of reliability and performance. If government tries to make the situation for proprietary vendors worse, it could be the final nail in the coffin.

Re:How long will it be before... (2, Funny)

vbjay (1006505) | more than 7 years ago | (#19929313)

Of course with Windows, it wouldn't be a backdoor. It would just be a window! :D Hence the name.

Re:How long will it be before... (2, Informative)

chriddy (1130907) | more than 7 years ago | (#19931379)

From the search warrant request:

Because the FBI cannot predict whether any particular formulation of a CIPAV to be used will cause a person(s) controlling the activating computer to activate a CIPAV, I request [...] to continue using additional CIPAVs [...] until a CIPAV has been activated.
Read "activate"="double-click on attachment". So much for the FBI exploting secret security holes that are otherwise unknown or actually paying OS vendors to install backdoors and security software vendors to not detect their spyware. Looks very much as if it's just a plain old trojan...

Re:How long will it be before... (1)

Captain_BakaNeko (1134711) | about 7 years ago | (#20089723)

if the FBI demand that, then what happens if hackers find that back door, and start stealing personal info and Identity theft increases? will it be worth it then?

More Firefighters Needed! (5, Insightful)

garcia (6573) | more than 7 years ago | (#19922881)

It would seem that there's a kink [slashdot.org] in the Firehose [slashdot.org] again [slashdot.org] .

Re:More Firefighters Needed! (4, Interesting)

jsse (254124) | more than 7 years ago | (#19922975)

Now I can see the purpose of Firehose now...

It's now our fault in voting up a dupe, not /. editors, definitely not...

Now /. needs to develop another system to penalize those who repeatedly vote a dupe, namely "List of idiotic dupers"

Re:More Firefighters Needed! (1)

garcia (6573) | more than 7 years ago | (#19923039)

Well, it's both of our faults. We just don't get paid for continuously fucking up.

Re:More Firefighters Needed! (-1, Flamebait)

3waygeek (58990) | more than 7 years ago | (#19924483)

We just don't get paid for continuously fucking up.

That's Dubya's job.

Re:More Firefighters Needed! (0)

Anonymous Coward | more than 7 years ago | (#19925329)

Now /. needs to develop another system to penalize those who repeatedly vote a dupe, namely "List of idiotic dupers"
That name's a little awkward. I propose "Diggheads" instead.

Re:More Firefighters Needed! (1)

elrous0 (869638) | more than 7 years ago | (#19925281)

Maybe they're going for the all-time dupe record.

Interesting speculation (5, Insightful)

bconway (63464) | more than 7 years ago | (#19922893)

The Feds would have the $$$ and be able to hire the skilled labor to build some pretty sophisticated spyware tools. On the other hand, I wouldn't be surprised to find out Microsoft included a back door in Windows. That rumor has surfaced before.

The problem with either of those options is if they get out in the wild. How many people have access to those tools and how is their deployment managed? Who wouldn't be tempted to do a little sideline testing if they had those goodies in their tool chest.

been done (0)

Anonymous Coward | more than 7 years ago | (#19922953)

I PROMIS you

Re:Interesting speculation (1)

i_b_don (1049110) | more than 7 years ago | (#19923789)

MS built lots of back doors into windows... oh, you mean intentionally?

d

Re:Interesting speculation (1)

bit01 (644603) | more than 7 years ago | (#19924089)

The problem with either of those options is if they get out in the wild.

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

---

Commercial software bigots - a dying breed.

Re:Interesting speculation (1)

jimicus (737525) | more than 7 years ago | (#19924447)

M$ update, and the equivalent on other platforms, is a whopper of a back door. Why doesn't that "get out in the wild"?

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server. It's easier and more subtle to attack the weak link in the chain - the human being who's sat at the computer.

It's a bit like how most sysadmins these days know that open ports on the firewall are a risk, so they minimise those - and instead the hackers go for the next easiest target, the website which was coded on the cheap over a few weeks by some kid fresh out of college and is full of SQL injection-type holes.

Re:Interesting speculation (1)

bit01 (644603) | more than 7 years ago | (#19925435)

Because it's the kind of back door that the developers know full well is a risk, and so they design around that risk with things like digital signatures and techniques to confirm you're speaking to an authorised server.

That's true but my point is that an intelligence agency backdoor could have exactly the same digital signature protections etc. In other words unlike what bconway said [slashdot.org] official backdoors would would be no more a compromisable hole than Update. Keeping in mind that the NSA has two missions; to protect US intelligence (SELinix etc.) and to compromise enemy intelligence (ECHELON etc.). They wouldn't deliberately put in back doors unless the cost-benefit is good. Unfortunately the cost-benefit is very good.

At a minimum I suspect they have a sophisticated software spy package ready to be downloaded via M$ Update as needed. They'd probably stay very low profile on most PC's to avoid detection but selective "heavy" targeting would be almost undetectable. Lightweight keyword checking in the disk index process on every PC, perhaps only in certain countries/languages, is also very possible and fairly low risk; all the viruses around give them plausible deniability.

---

Windows and closed source software. The US intelligence [washingtonpost.com] agencies back door [wikipedia.org] to every network connected country and business on earth.

This is a god damned mother fucking dupe! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19922947)

you stupid mother fucking father sucking cock munching shit eating palsy driven faggots. What the hell is your god damned problem?

racist (1)

ezwip (974076) | more than 7 years ago | (#19922999)

I feel discriminated against. They always refer to my adware as backdoors and reference the word "hacking".

concerned (1)

steelbr2 (542916) | more than 7 years ago | (#19923009)

what if the goverment installs and controls/spys your computer? bad or good. what can become of this?

americanos (0)

Anonymous Coward | more than 7 years ago | (#19923019)

If you aren't OUTRAGED you're part of the problem.

black security (1)

whtmarker (1060730) | more than 7 years ago | (#19923023)

The article refers to a company heise security. The name heise is actually romanized mandarin for the word black. If you have a proper font the characters are [] [] or here [tigernt.com]

Re:black security (0)

Anonymous Coward | more than 7 years ago | (#19924977)

Heise actually is a German publishing company. The name stems from the surname of the founder, Heinz Heise.

The Problem (1)

bconway (63464) | more than 7 years ago | (#19923035)

I support surveillance by law enforcement agencies. I also believe in fairly stiff penalties for breaking the law (though I would add that I feel that harsher penalties for real crimes should be balanced with reducing the breadth of behavior that the government restricts). However, I am opposed to the use of spyware on the suspect's property for such surveillance. Why this conundrum?

The problem is that technology is getting closer to us all the time. The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

So what? Well, we have a problem developing if the government assumes that anything that does not have your genome is fair game for them to crack. Today it is the suspect's computer. This already poses a problem if the suspect is, for example, engaged in legitimate contracting for some corporation - should the government have the right to compromise the security of that corporation because one of their employees is breaking the law?

But what of the more tightly coupled technology? Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?

The problem is that we are becoming more closely coupled with technology, and that is a good thing. We are the first species in history to actively engage in our own evolution. But if we can't trust our technology, it creates a barrier to that evolutionary step. I have the right not to self-incriminate. But if a computer is part of me, where does the line get drawn?

Re:The Problem (3, Insightful)

Lisandro (799651) | more than 7 years ago | (#19923105)

The barrier between man and machine is becoming much narrower. And that is a good thing. At the far end of the spectrum people have long been getting artificial hearing enhancers, and now we are starting on intelligent artificial eyes and limbs. People with epilepsy are getting electronics embedded in their brains. At the nearer end of the spectrum, a large percentage of the population now carries a small computer with them everywhere (their cell phone). The man/machine split is disappearing.

Fuck that. Sorry, but you guys (US citizens) should start to become really concerned about your government violating personal, constitutional-granted rights in order to further the fight against "terrorism". This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control. Who cares about future artificial limbs when these people decide it's ok to install malware in your PC so they can eavesdrop private, personal files and communications, today?

Re:The Problem (1)

garcia (6573) | more than 7 years ago | (#19923147)

This issue is real NOW, and, from what we read here on the other side of the pond, it's becoming increasingly out of control.

I guess that pond is smooth as glass and all you are seeing is your own reflection as you gaze across. How quickly you forget about those traffic congestion cameras [slashdot.org] the police now have real-time access to.

Re:The Problem (1)

Lisandro (799651) | more than 7 years ago | (#19923177)

Heh, wrong expresion (i'm Argentinian, down in South America)... guess it should've been "from the other side of the pond and Mexico" :). But yes, nasty stuff in England aswell. I wish that the 1984 comparison one is so bound to make in this case wasn't so close to reality.

Re:The Problem (1)

pipingguy (566974) | more than 7 years ago | (#19923307)

"The Pond" usually refers to the Atlantic Ocean, at least for native English-speakers. Do you guys consider Chileans to be west coasters?

Maybe 1984 was a roadmap, not a cautionary tale. Or maybe Orwell was actually a historian from the future.

Re:The Problem (1)

zoogies (879569) | more than 7 years ago | (#19924213)

Well, you see, the guy who originally retorted with "The Pond" incorrectly assumed that the guy who retorted, "You Americans..." was from England, so the latter guy responded to the "The Pond" guy by correcting him. Which makes *your* retort baseless....I think.

Re:The Problem (1)

jimicus (737525) | more than 7 years ago | (#19924465)

There's not much functional difference between that and a telephone tap.

Be grateful that there is a due process which was followed. I'd be more concerned when such due process is considered a hindrance to the "war on terror" and done away with.

Re:The Problem (1)

mutterc (828335) | more than 7 years ago | (#19926615)

They had a search warrant for the instance the article reports about. So this particular story isn't about an abuse of power (for once!). There's nothing (yet, sigh) to indicate they're going on warrantless fishing expeditions with their spyware, or trying to get it pervasively installed so they can data-mine "in the interest of national security". I agree that either of those cases would be cause for outrage.

Heck, if the FBI wasn't allowed to use spyware, with a warrant, they could just install a hidden camera recording the computer's monitor (see the movie "Antitrust" for a neat example of that kind of spying.)

Re:The Problem (1)

Lisandro (799651) | more than 7 years ago | (#19926879)

A search warrant makes it legal, it doesn't make it right. If they really had a probable cause (or cause :) and a search warrant you could seize and inspect the PC directly.

over the pond? (1)

waspleg (316038) | more than 7 years ago | (#19928839)

would that include London the most heavily surveillance oriented city in the western world? the city wehre they are working on launching UAV's for spying on regular citizens in addition to a billion and 9 cameras on every corner? Don't get me wrong, the US sucks it hard for spying, hell they even asked teh postal service to read your mail for "suspicious" activity but afiak there are no bastions of personal freedom in Europe short of the Dutch

Re:The Problem (1)

fltsimbuff (606866) | more than 7 years ago | (#19952603)

"Should the government be allowed to plant a bug in my hearing aid? Should they be allowed to tap the signals coming from my artificial eyes? Should they be allowed to monitor the same brain activity patterns that my seizure mitigating device monitors?"

Man, they gave you the full package didn't they?

Trivial to defeat? (1)

illegibledotorg (1123239) | more than 7 years ago | (#19923079)

With a little bit of technical ability, this seems like it would be trivial to defeat.

If the kid was already hopping over three computers (maybe using Tor), he probably had the technical ability to:
1. Put his machine on a private NAT'd network so that 'ipconfig' would show an unroutable address.
2. Use a firewall that alerted him when software was trying to make an outbound connection. Better, drop it using that gateway he's sitting behind.

Granted, if he had just been using something besides Windows (which I presume he was using), the FBI's software would not have likely worked anyways.

In other words, don't let their new toy scare you.

Re:Trivial to defeat? (1)

jimicus (737525) | more than 7 years ago | (#19924487)

99 times out of 100, people with that kind of technical ability don't waste their time emailing bomb threats to a school every few days saying "it rly will go off nxt tim, prmse!! LOL ROFL OMGWTFBBQ".

moD down (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19923199)

Third time's the charm? (0, Offtopic)

klp (169904) | more than 7 years ago | (#19923263)

I think it's funny that my story [wired.com] has been on Slashdot twice now, and I haven't gotten credit either time.

Re:Third time's the charm? (0)

Anonymous Coward | more than 7 years ago | (#19923797)

Well at least you credited yourself...

okay... (1)

javaman235 (461502) | more than 7 years ago | (#19923775)

The FBI has used PC spyware for the first time

Oh! It was there first time? They've lost their spyware virginity? Why do they write bullshit like this? Is it so that one guy won't go "Drat! I had no idea the FBI ever installed keystroke loggers" that articles like this lie to everybody? C'mon.

Re:okay... (0)

Anonymous Coward | more than 7 years ago | (#19932761)

the fbi just used spyware for the first time ! hey i also heard the military is going to start using armed UAVs ! wow ! what will come next ! microwave weapons, maybe they till 'START USING THOSE SOON'.... on the gullible.

Not sure what to think (1)

houghi (78078) | more than 7 years ago | (#19924003)

On the one side it is good that they go after people like this and use the tools available. On the other side with how things are going in the US, this might have been a proof of concept.
Also I see it just a s a tool and just like anything it can be used and it can be abused.

Re:Not sure what to think (1)

drumsetdrummer (237047) | more than 7 years ago | (#19929695)

Notice the first time it's *publicized* that CIPAV was used is in a case like this where a school bomb threat is foiled. I wonder how many other times CIPAV has been used that have *not* been publicized.

This is an international issue. (1)

Futurepower(R) (558542) | more than 7 years ago | (#19924621)

This is an international issue. The FBI, CIA, NSA, and other "government" agencies now operate world-wide, and have become, in effect, a secret police.

It is possible that this particular case has been picked for its public relations value. The U.S. government's spy agencies have for many years been using ANY tool at their disposal to spy ANYWHERE. It is possible that this case is designed to try to get approval from U.S. citizens for this kind of spying, when much of the spying they do is not to prevent crime, but to help a company like Cheney's Halliburton [halliburtonwatch.org] make more profit [krysstal.com] .

CIA (2, Insightful)

AnyThingButWindows (939158) | more than 7 years ago | (#19924787)

Running a comp repair shop I removed a Trojan that possibly came from the CIA. Breaking it down in HEX revealed that. It snooped IE cache, and was as easy to remove as running toolbarcop, then hijack this, then removing the binary manually. Dumped IE cache, then put the user on a cacheless firefox configuration. That fixed the problem.

huh? (0)

Anonymous Coward | more than 7 years ago | (#19925331)

it should say "is using"...

A warning to all - FBI program is only one of MANY (0)

Anonymous Coward | more than 7 years ago | (#19928823)

A warning to all - FBI program is only one of MANY various major programs and efforts by the US gov to infiltrate home computers using unrevealed remote exploits and unpatched exploits.

There are no less than THREE independent new offices of the US gov tasked with creating remote exploits for injecting arbitray data into or out of compromised systems. They have relatively small teams of hackers wholly unrelated to military or NRO or NSA efforts.

The Legislative Branch has a program!

The Excutive Branch has a program initially staffed at 16 million per year for salaries pre-9/11 and soaring much higher since.

The Judicial branch of the government has of course a larger program for creating these keyloggers and such.

Some craftier ones communicate data outward merely by creating detectable radio emissions outside of the room or dwelling by accessing non cached ram pages in unique encoding patterns (timing). This is merely a NSA TEMPEST derived method but effective if it is feared the people being keylogged or studied are using external routers that detect or log outgoing traffic. Little can be done to thwart this vector as the encoding is robust enough and ahs enough error correction and redundancy to shine through, especially with such a primitive and small payload (all keypresses, all unique new IP addresses being acceessed and times, SMTP and POP activity and custom payloads.

The best defense against sneak-and-peak USB tampered keyboard swaps or usb dongle sniffers being installed when you leave a premises is only using a laptop and keeping it in a custom locked briefcase, though anything can be picked. counter surveillance of the briefcase is needed. Hiding password entry fingerstrokes from possibly installed spycams is also prudent if you use encrypted volumes.

The goal is to prevent your passphrase from ever being captured and used. Once arrested, if the passphrase is NOT recorded on paper, and only in your mind, the us constitution and case law protects you from incriminating yourself.... if you are sent to a real federal jail with actual rights and not sent to a CIA torture-prison in another country for brutal interrogation and doping.

Using the ATA standard to encrypt a drive is not secure, you need a software block encryptor.

OSX has a fairly good one (AES), but does not cover the boot partition.

The Mac OS (not OSX) Mac OS 9 ironically is the only os in history never ever to be remotely exploited in history. Check BugTraq immense database if you do not believe me. Using it, or in an emulator, with a much older Netscape or iCab is a good solution for sandboxing and avoiding all possible FBI magic lantern activity.

By the way Cryptome.org hosted actual stolen copies of client and server binaries for FBI Magic Lantern back in 2001 ! They used a excel spreadsheet and outlook express flaw and not a MSIE flaw I seem to recall hazily. I could dig up the binaries again if motivated, though the files seemed genuine.

This revelation in todays news is 6 years behind the times.

I tried top post this to slashdot a couple days ago as #19902095 but, as expected a us government account downmodded my 100% factual and informative post.

Nothing in this post is speculation or incorrect.

installs itself on Google Mail? (0)

Anonymous Coward | more than 7 years ago | (#19929623)

FTFA:

a Windows program which [...] installs itself [...] on a web account such as MySpace or Google Mail from whence it moves on to the target computer
Google runs Windows now and lets some government trojans install themselves on their servers? Or was this written by a USA Today editor?

Given that the NSA knows how to crack Windows (1)

Master of Transhuman (597628) | more than 7 years ago | (#19931949)

and hasn't told Microsoft about it, this merely indicates that the FBI is either being inefficient again (unless of course they used the methods developed by the NSA) or is once again on the tail end of an intra-agency dispute - meaning that the NSA deliberately didn't tell them how to crack Windows because the NSA is using that method to crack the FBI's computers...:-)

In this current posting, however, the issue is /.'s inability to remember what's on the front page for 24 hours...

Or maybe the FBI just cracked /. and reposted the article themselves to let us know in order to make us FEEL THE FEAR...:-)

Or maybe the moron who reposted the article secretly works for the FBI, monitoring the rest of the morons on Slashdot....:-) And now, being a moron, he has blown his cover...:-)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>