FBI Spyware Used to Gain Access to Suspects' Computers
A recent Wired.com story reports that the FBI has been using a proprietary spyware program to snoop on alleged ne'er-do-wells since at least 2004. According to heavily redacted documents that Wired obtained by invoking the Freedom of Information Act, the FBI has developed a sophisticated program it calls 'computer and Internet protocol address verifier,' or CIPAV, that can infiltrate target computers and report information back to an FBI server in Virginia. The software has been crucial in the investigations of many cases that include extortion schemes, terrorist threats, illegal hacking, bomb threats, and electronic bank robbing.
The documents describe how the software is delivered to the target user -- via MySpace Chat messages containing links to an FBI-run Web site loaded with CIPAV. Apparently, the software gains access via the user's system vulnerabilities and runs 'silently' in the background. After logging the computer's IP Address, MAC address, open ports, a list of running programs, the operating system, internet browser and version, and the last-visited Web address, CIPAV sends the information back to the FBI database and switches to a stealth "pen register" mode, with which CIPAV can continually monitor the computer's Internet use.
The software first came to the attention of the media in 2007, when the Bureau engaged it to track down a 15-year-old student who had e-mailed bomb threats to a Washington, D.C. area high school. Of course, the FBI must obtain court authorization to deploy CIPAV, and, according to a Justice Department lawyer's memo, were possibly employing the technology a little too liberally. says a recommendation from the Justice Department's Computer Crime and Intellectual Property Section: "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,"
We guess the real FBI is trying to keep up with the version depicted in '24.' Only with an infinitely more believable computer 'expert' than Janeane Garofalo's Janis Gold deploying the CIPAV. [From: Wired.com]