FBI Spyware **Updated**
April 18, 2009
Some more details have emerged about the spyware that the FBI has used in a number of cases to gather evidence. It’s safe bet to say they use software like this for political surveillance and not just criminal investigations.
What does the software do? According to Wired:
The software’s primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks.
Naturally, quite a few radicals use anonymizers specifically to deter government surveillance. Wired also has more details:
it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL.
After sending the information to the FBI, the CIPAV settles into a silent “pen register” mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects.
The documents shed some light on how the FBI sneaks the CIPAV onto a target’s machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link.
The Wired article suggests that the Feds routinely seek out search warrants in order to use this spyware, but given the continued expansion of state surveillance powers and their documented willingness to regularly break their own rules, this shouldn’t be assumed.
One question to wonder is: if details on this spyware were to come to light, would non-US based security software vendors enable their programs to detect it?
Image credit: Sophos