If this tech has been in use for 7 years, what far more sophisticated stuff has been developed since then by more secret groups like NSA and others? The depth that CIPAV goes indicates sophisticated users are kidding themselves that they can protect their identities and activities online.
As first reported by Wired.com, the software, called a “computer and internet protocol address verifier,” or CIPAV, is designed to infiltrate a target’s computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI’s use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student.
[…]
“While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,” reads a formerly-classified March 7, 2002 memo from the Justice Department’s Computer Crime and Intellectual Property Section.The documents, which are heavily redacted, do not detail the CIPAV’s capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL.
After sending the information to the FBI, the CIPAV settles into a silent “pen register” mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects.
The documents shed some light on how the FBI sneaks the CIPAV onto a target’s machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link.
If this is true, then how can it be possible that some people can trade child porn online? It would seem a simple matter of breaking the chain of distribution, unless the lawmakers are blocking this to focus on “the terrorists”. If this is BS on both ends, well f me.
[Duplicate comment deleted. Please don’t double post! – ed.]
Why can’t my anti-spyware find and remove this illegal program?
Yawn. Any above average AS program will find & remove this program.
Uncle Dave asked, “what far more sophisticated stuff has been developed since then by more secret groups like NSA and others?”
Well, up until Vista, there were 2-3 AV programs that would detect them all, and remove. Vista made it more difficult because MS would no longer permit kernel patching by any security company that wanted Vista cert for their product…
There actually are people out there who presumed that because the FBI said they halted the Carnivore program – that they really stopped spying on you?
Poor, gullible, trusting Americans. Yes, especially the nutballs who think the Feds won’t spy on them because they’re on the same side. Har!
I never thought a tor/onion proxy could get past the fbi. What it is good for is keeping the webmaster from knowing your ip address Elisha strom was stalking posters on vnn forum tor/onion proxy is easy to install on debian/ubuntu and turn on and off.
https://help.ubuntu.com/community/TOR
https://help.ubuntu.com/community/Security
You need understand something about programs like this. The only way they could work is IF MS had set it up..
This is weird, my letter and spelling start on the RIGHT SIDE.. Im not into hebrew.,
“The only way they could work is IF MS had set it up”
Umm, no. Funny but no.
“Why can’t my anti-spyware find and remove this illegal program?”
I have read that parental monitoring software is intentionally ignored by malware scanners and that is probably done by looking for a CRC code sequence. I suspect that this provides a back door for malware to disguise itself as a parental monitoring program which would then allow it to remain hidden only because the malware scanner does not report it. The code sequence the scanner was looking for could be determined by reverse engineering the scanner and would allow this back door hijacking method to be used without the scanner software authors’ knowledge. At least, if everything is as I assume it is. I have emailed various parental monitoring software companies about this and never received a response.
Parental monitoring s/w is not ignored by any mainstream A/V’s.
Paddy-O – “The only way they could work is IF MS had set it up”
Umm, no. Funny but no.
Why is that “no”? NSA has “helped” Microsoft in the past…
This “new and improved” version of dvorak.org/blog sucks donkey balls.
“Why is that?”
Because it isn’t true. MS does provide source code but doesn’t make holes to order.
Paddy-O – Can you share that source code with me, because it didn’t come with my distro of Windows.
Nope, can’t do that. Get a job at the CIA ,NSA or an MS Sec partner and you might be able to see it…
Nice logo and header .
Jägermeister,
This new version of the blog was issued by the FBI
Get your FBI spyware documents here (limited time offer):
http://blog.wired.com/27bstroke6/2009/04/get-your-fbi-sp.html
Paddy-O – So, NSA providing code doesn’t bother you?
Toxic Asshead – Especially the eyes… 😀
Winston – Nice link.
Years ago, I recall reading in PC Magazine that all antivirus software makers were required to leave a backdoor in their products for law enforcement officials
My summary o fthe contents of the FBI document linked to above:
R E D A C T E D
Keep right on saying that Paddy-O. You’re either fooling yourself or you’re part of the problem. Of course MS has a back door. Why do you think the monopoly lawsuits suddenly went away? It wasn’t because Gates started a foundation.
yes,
Paddy..
the only way that a program could work under windows and NOT be seen is if MS installed it.
There is NO WAY you could get 200+ companies that do AV and anti BOT ware to AVOID finding it..
Iv used HEAVIER and stronger tools on my PC, and its NOT THERE.
ANYONE running a SLIGHTLY secure computer setup knows the BASICS the only way to GET something on a computer is thru INPUT/OUTPUT source..NO EMAILS/NO INTERNET/NO DVD-CD/NO FLOPPY/NO USB access.. If you want that ACCESS, you send the data to a SECOND computer that does NOT have the important/secure data on. THEN PORT any info you NEED by HAND/KEYBOARD or SCAN the PISS out of any device ADDED to the system.
If you think about it, EVEN a USB keyboard can be bugged..
comment
If you do anything on line that is at all questionable you would be safer doing it in your front yard because fewer people would see it happen.
The site redesign is a late april fools joke…
Specially with the right side typing crap…
I don’t get it. The critical piece of the puzzle is the user’s IP address… can’t the IP be obfuscated by a NAT router and a VPN tunel???
Paddy-O said: “Parental monitoring s/w is not ignored by any mainstream A/V’s.”
That is apparently incorrect.
As an experiment after reading your claim, I installed a demo version of a top-rated system activity monitor, configured it at its most invasive levels and set it to start at system start-up. I then configured the latest version of a top-rated AV program to scan at its highest sensitivity setting. It failed to flag the activity monitor as malware during a memory scan or during a drive scan. Spybot Search and Destroy also failed to flag the system monitor as malware. Only a program called Anti-Logger found the activity monitor.
So, I suspect that most people would never detect a monitoring program unless they ran a program
specifically designed to detect such things. If that monitoring program has effective stealth
mechanisms to avoid even heuristic scanners (by using the “ignore me” code string I previosuly described) and is, as a result, never turned in as malware to the AV or malware detection software authors, it could continue to run everywhere undetected. A root-kit version designed to emulate normal web browsing activity on port 80 for outgoing traffic probably wouldn’t raise firewall alarms or be detected by even by software specifically designed to detect system monitors.
Winston says:
“It failed to flag the activity monitor as malware during a memory scan
“or during a drive scan.
As is correct. The s/w wasn’t collecting then SENDING anything from your computer. Good to know the s/w you are using isn’t giving false positives. If you’d like some training on how sophisticated A/S s/w works I’d be happy…
this is really weird.
typing from the right.
punctuation moves left.
new fbi monitoring.
sadly, this does not surprise me.
with open insecure wifi networks everywhere, this technology does nothing against people who seriously want to remain anonymous
a clean second hand laptop, any wifi connection you find just going down the street means that you cannot find me, nor prove that it was me.