FBI Spyware Used to Nab Hackers, Extortionists.

Everything related to computer hardware, software, internet and webdesign.

Moderator: MODs

FBI Spyware Used to Nab Hackers, Extortionists.

Postby Nicktalopia » Mon May 11, 2009 10:38 pm

By Declan McCullagh, CNET News

The FBI has used a secret form of spyware in a series of investigations designed to nab alleged extortionists, database-deleting hackers, child molesters and hit men, according to documents obtained by CNET News.


One suspect used Microsoft's Hotmail to send bomb and anthrax threats to an undercover government investigator; another demanded a payment of $10,000 a month to stop cutting cables; a third was an alleged European hit man who was soliciting for business from a Hushmail.com account.

CNET News obtained the documents -- totaling hundreds of pages, although nearly all of them were heavily redacted -- through a Freedom of Information Act request to the FBI.

The FBI spyware, called CIPAV, came to light in July 2007 through court documents that showed how the bureau used it to nab a teenager who was e-mailing bomb threats to a high school near Olympia, Wash. (CIPAV stands for Computer and Internet Protocol Address Verifier.)

A June 2007 memo says that the FBI's Deployment Operations Personnel were instructed to "deploy a CIPAV to geophysically locate the subject issuing bomb threats to the Timberline High School, Lacy, Washington. The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject's private chat room on MySpace.com."

An affidavit written by FBI Special Agent Norman Sanders at the time said that CIPAV is able to send "network-level messages" containing the target computer's IP address, Ethernet MAC address, environment variables, the last-visited Web site and other registry-type information, including the name of the registered owner of the computer and the operating system's serial number.

The FOIA documents indicate that the FBI turns to CIPAV when a suspect is communicating with police or a crime victim through e-mail and is using an anonymizing service to conceal his computer's Internet protocol address. If an anonymizing service had not been used, a subpoena to the e-mail provider would normally be sufficient.

CIPAV lets the FBI trick a suspect's computer into identifying itself to police, much as an exploding dye packet might identify a bank robber.

One document from March 2007 indicates that the FBI originally used a simple technique known as a "Web bug." Written by the Justice Department's Computer Crime and Intellectual Property Section, it says, "Some investigators have begun to use an investigative technique referred to as an 'Internet Protocol Address Verifier' (IPAV), aka a 'Web bug.'"

Then the bureau appears to have shifted to actual software, once known as Magic Lantern (possibly a Trojan horse) and then CIPAV.

One example of CIPAV's use came in a March 2006 request to the FBI's Cryptologic and Electronic Analysis Unit. It said a victim's Hotmail account is controlled by a suspect who "is extorting the victim because the account had personal info in it. Subject wants victim to set up an e-gold.com account and transfer $10,000 there" and then e-mail the user ID and password to the suspect.

Another was an August 2005 request saying a hacker deleted a company's database and "is extorting the victim company for payment to restore it."

If CIPAV could be detected by antivirus software before being installed, a criminal suspect may be able to avoid having his Internet address divulged to the police. A 2007 CNET News survey of the major anti-spyware vendors found that that not one company acknowledged cooperating unofficially with government agencies.
User avatar
Nicktalopia
Often Trancer
Often Trancer
 
Posts: 890
Joined: Wed Jul 04, 2007 12:50 am

Return to Multimedia

Who is online

Users browsing this forum: No registered users and 1 guest

cron