1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FBI Spyware Used to Gain Access to Suspects' Computers

Discussion in 'BlackHat Lounge' started by CyberDilemma, Apr 22, 2009.

  1. CyberDilemma

    CyberDilemma Regular Member

    Joined:
    Apr 22, 2008
    Messages:
    322
    Likes Received:
    139
    A recent Wired.com story reports that the FBI has been using a proprietary spyware program to snoop on alleged ne'er-do-wells since at least 2004. According to heavily redacted documents that Wired obtained by invoking the Freedom of Information Act, the FBI has developed a sophisticated program it calls 'computer and Internet protocol address verifier,' or CIPAV, that can infiltrate target computers and report information back to an FBI server in Virginia. The software has been crucial in the investigations of many cases that include extortion schemes, terrorist threats, illegal hacking, bomb threats, and electronic bank robbing.

    The documents describe how the software is delivered to the target user -- via MySpace Chat messages containing links to an FBI-run Web site loaded with CIPAV. Apparently, the software gains access via the user's system vulnerabilities and runs 'silently' in the background. After logging the computer's IP Address, MAC address, open ports, a list of running programs, the operating system, internet browser and version, and the last-visited Web address, CIPAV sends the information back to the FBI database and switches to a stealth "pen register" mode, with which CIPAV can continually monitor the computer's Internet use.

    The software first came to the attention of the media in 2007, when the Bureau engaged it to track down a 15-year-old student who had e-mailed bomb threats to a Washington, D.C. area high school. Of course, the FBI must obtain court authorization to deploy CIPAV, and, according to a Justice Department lawyer's memo, were possibly employing the technology a little too liberally. says a recommendation from the Justice Department's Computer Crime and Intellectual Property Section: "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,"

    We guess the real FBI is trying to keep up with the version depicted in '24.' Only with an infinitely more believable computer 'expert' than Janeane Garofalo's Janis Gold deploying the CIPAV.
     
  2. domainplayer

    domainplayer Junior Member

    Joined:
    Dec 30, 2008
    Messages:
    133
    Likes Received:
    15
    Occupation:
    Black Hat Stuff
    Location:
    United States of Blackhat
    thanks for the share. That's really interesting and kind of scary. Do you think they will use that spyware to catch people committing piracy for software, movies, music, and other digital copyrighted media?
     
  3. CyberDilemma

    CyberDilemma Regular Member

    Joined:
    Apr 22, 2008
    Messages:
    322
    Likes Received:
    139
    Only if it is a big enough fish to after. The corporate world does have their way of influencing government.
     
  4. bizcredit

    bizcredit Power Member

    Joined:
    Apr 1, 2008
    Messages:
    678
    Likes Received:
    253
    Occupation:
    blackhat
    Location:
    usa
    Home Page:
    Soo.... dont use myspace chat?
     
  5. mrtornado

    mrtornado Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 16, 2008
    Messages:
    498
    Likes Received:
    527
    Location:
    {LOCATION}
    Home Page:
    This news is total bullshit.
     
  6. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    why fbi can trojan people, cool...
     
  7. mrtornado

    mrtornado Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 16, 2008
    Messages:
    498
    Likes Received:
    527
    Location:
    {LOCATION}
    Home Page:
    trust me when I tell you that they would fine other ways to track you then to put a trojan into a computer using myspace lol
     
  8. CyberDilemma

    CyberDilemma Regular Member

    Joined:
    Apr 22, 2008
    Messages:
    322
    Likes Received:
    139
    That's the part that worries me.
     
  9. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    ... They don't need trojans they just supeana your ISP and have all the data they need every packet in and out.

    For the concerned American or other person(s) Google these and get them:
    - pidgin
    - pidgin encryption plugin
    - truecrypt
    - peer guardian
    - tor
    - ccleaner
    - dban
    - track me not

    Why?
    - secure encrypted communication over instant messenger
    - protect your files
    - securely erase your harddrive
    - scramble search history
    - hide behind proxies
    - block government and other naughty IP
    - erase computer history securely (ccleaner + gutmann 35 wipe enabled)

    MY: Public service announcement

    ... As an American you have a right to privacy. Don't let power hungry government agencies who break constitutional rights and freedoms take it from you...
     
    Last edited: Apr 23, 2009