Last Thursday wired.com, through the FOIA,  obtained 100’s of pages of  documents that detail seven years of the FBI’s use of malicious software in tracking down hackers, hitmen, extortionists and terrorist suspects. The released documents, available for download here, are of course heavily redacted. The software is called CIPAV, or “computer and internet protocol address verifier.” From the documents it’s capabilities include: reporting a computer’s IP address, MAC address, open ports, a list of running programs, the operating system type, version and serial number, preferred internet browser and version, the computer’s registered owner and registered company name, the current logged-in user name and the last-visited URL. After sending this information to FBI servers via covert channel, the software sits quietly and monitors your internet use, reporting the IP addresses of every connection made while on the Internet.

Some of the cases in which CIPAV was used include:

• In 2005, Danny Kelly, an unemployed engineer, used anonymous e-mail to demand money from Verizon and Comcast, in exchange for not cutting cables in their network. He had cut a total of 18 cables between 2004-2005.
• Also in 2005, CIPAV was used to identify a hacker who had compromised thousands of computers at Cisco Systems, NASA JPL, and US Government Laboratories. The hacker was later found to be a 16 year-old from Sweden.
• A European hitman using an anonymous and encrypted e-mail service to solicit business.

At first glance, it seems the feds have gone blackhat in their zealous pursuit of wrongdoers, but the documents indicate that search warrants were applied for and obtained in every case. Even if some of our 4th Amendment protections are in place, I don’t see how they can be sure it’s on the right machine. The documents indicate that the spyware actually takes advantage of security vulnerabilities to install itself… the same method used by viruses and other malware. What happens when an innocent third-party gets his machine infected by visiting some secret FBI trojan-installer website? Are the feds going to call him up and tell him how to remove their spyware? No, but they’ll still be receiving private information sent by the trojan. Maybe it won’t be admissible in court, but they’ll still have it. The only upside is it’s NOT a virus/worm and it does NOT self-propagate. One document even indicates the FBI e-mailed the trojan to a suspect’s yahoo.com account. I haven’t read the entirety of the FOIA release, but there are some interesting items, if you can read through all the redactions. One document even indicates that the FBI is hacking suspects’ WiFi, another reason to use the strongest-available encryption and authentication protocols.

So how do you protect yourself (from accidental infection of course)? Well first I’d recommend not using Internet Explorer, which has a history of security vulnerabilities. Also, running a non-windows operating system may be of help. In one of the documents, the FBI was concerned their attempts to install the trojan may have been detected. A suspect in the hacking of a bank in Cincinnatti visited the trojan site, but “the CIPAV did not deliver its payload because of system incompatibility.” You can safely infer that this trojan will not function on a unix-based operating system, such as Linux or FreeBSD.

Lastly, use anti-spyware and antivirus software that was developed outside of the United States. We don’t know if the FBI has backroom deals with U.S.-based security products vendors. i.e. “Please don’t add our trojan to your virus detection list or your company will be aiding the terrorists and helping kill children.” How could they refuse? So use Avast or AVG for your antivirus (both Czech companies) and Comodo (Great Britain) firewall can be configured to detect covert communications, even over port 80. Security doesn’t have to be difficult. It’s mostly common-sense and a small investment in time to educate yourself. Take the initative, your personal information will appreciate it, I know mine does.

Related Blogs

• Related Blogs on civil rights
• fotowarung.bazuki.com » Blog Archive » U.S. civil rights activist …
• SnarkyBytes » ABC’s Anti-Civil Rights Agenda

• Related Blogs on malware
• Fox News Boycott » Malware in FoxNews.com Ads?
• Boredom Results in Twitter Malware Attack | Malware Blog | Trend Micro
• Search for Twitter Worm News Snowballs to More Malware | Malware …

• Related Blogs on Privacy
• Privacy Lives » Blog Archive » Events of Interest: Fordham …
• Google and Personal Privacy – Is it really that bad? You Decide …
• Privacy International’s Official Response On Deep Packet …

This entry was posted on Monday, April 20th, 2009 at 10:38 am and is filed under Privacy, Security, civil rights. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.