If this tech has been in use for 7 years, what far more sophisticated stuff has been developed since then by more secret groups like NSA and others? The depth that CIPAV goes indicates sophisticated users are kidding themselves that they can protect their identities and activities online.
As first reported by Wired.com, the software, called a “computer and internet protocol address verifier,” or CIPAV, is designed to infiltrate a target’s computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI’s use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student.
[…]
“While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,” reads a formerly-classified March 7, 2002 memo from the Justice Department’s Computer Crime and Intellectual Property Section.The documents, which are heavily redacted, do not detail the CIPAV’s capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL.
After sending the information to the FBI, the CIPAV settles into a silent “pen register” mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects.
The documents shed some light on how the FBI sneaks the CIPAV onto a target’s machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link.
the fact that child porn is freely available on p2p networks shows how out of touch law enforcement is, it would be so easy to stop
Personally I’ve always liked to watch what’s running on my PC, get a decent taskmanager and you can watch everything thats running and get all kinds of interesting info about connections and memory use. I started doing this out of an obsession for performance issues, but what with all the trojans and such I’ve also found it useful for cleaning up infected systems too. Seems kinda stupid to me. I mean if you’re gonna do something illegal online and use proxies and ip spoofing it just doesn’t gel that you’d be so stupid as to let this crap install on your machine in the first place. I guess they need to justify the millions they’re spending by telling everybody how clever they are.
amodedoma says:
“Personally I’ve always liked to watch what’s running on my PC, get a
“decent taskmanager and you can watch everything thats running
Unless it is a rootkit designed to not show up as a running process. That is how they get caught. They THINK they know how to secure their system.
Ok, first, this right side typing garbage HAS TO GO.
Second, : @amodedoma, suggestions for a decent taskmanager?
Yeah I suppose if your dumb enough to leave your MBR’s exposed rootkit could modify your kernel. I guess the point is in this day of WOW computing, where any idiot can use a computer, there’s plenty for the FBI to do. But that’s always been true. There’s no absolute security, if they want in they’ll get in. I’m just saying that this crap is just that, crap. No broad reaching consequences just more of the same.
Is anyone else having problems with the message editor? It’s right justifiying everything the cursor appears to jump to the beginning of the line on punctuation . I’m finding it hard to use. BTW I’m using latest firefox.
My favorite taskmanager is IASRN’s TaskInfo. It’s ery complete and useful and not too big.
oops that’s IARSN… sorry!
amodedoma says:
Yeah I suppose if your dumb enough to leave your MBR’s exposed rootkit
could modify your kernel.
Well, if you are using Wondoze there’s nothing you can do about it short of a good anti-root kit program. As I said, people get caught because they THINK they know what they are doing. You be careful out there
Actually I learn security from European LAN parties where thousands get together with their PC’s. I take a machine I can monitor and actually hope to get infected while I’m downloading hundreds of gigas of piracy playing online games and showing off my robots. Careful I am where careful I need be.
So, does this spyware run on Linux? And why does your comment box suck so much?
Task manger, watcher..
Check out the utilities in Spybot advanced TOOLS..
They can even tell whcih programs are linked and GIVE you info in WHO wrote it..
Whats troubling is that the FBI spyware could be rewritten by a foreign agent and used for nefarious purposes.
Here is a nice utility from Sysinternals called Process Explorer. It is a Windows app.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
you should get the suit of sysinternals.. Pretty cool, if you KNOW WHAT you are looking at..
I like the one that takes 20 minutes to START windows to check ALL programs that start at startup..
I’ve been waiting for the FBI to press for legal authority to Big Brother anything with connectivity – not that anyone in “law” enforcement feels the need for such quaint notions anymore. But it seemed a bit curious they didn’t play the “drug war”, “kiddie porn”, or “terrorism” cards any harder than they did if only to make it more convenient / less expensive to remotely observe the boring intimate details of my digital life. And this of course explains why – it’s been terribly easy for a long time. Anyone who thinks Procexp or any other tool will reveal everything lurking in Windows doesn’t know Microsoft very well – remember who bought Sysinternals a little while back. And frankly we can’t call ourselves software wizards if we can’t hide such code in something as ponderous, proprietary and opaque as Windows. Just assume anything you do is being observed, by someone, who probably has something particular he’s assigned to watch for, and try not to do that.