How Does The FBI's Spyware Get Around Security Software?

from the cloak-and-dagger-or-point-and-click dept

A teenager in Washington state got sentenced to 90 days in juvenile detention this week, after he plead guilty to making some bomb threats via e-mail to a high school. It turns out that the FBI nabbed him with a piece of spyware called the Computer and Internet Protocol Address Verifier, or CIPAV. The FBI used the spyware after it had obtained server logs from Google and MySpace, which gave them an IP address that led to an infected computer in Italy. This isn’t too surprising, really, but what makes it a little more intriguing is that it’s not clear how the FBI slipped the program onto the kid’s computer, nor how it evaded detection by anti-virus software. The most likely possibility is that they took advantage of some unpatched vulnerability on the kid’s PC, with a browser or plug-in hole exploited by a MySpace web message. The question of evading security software looms larger, though, with CNet’s Declan McCullagh wondering if the government persuaded security software vendors to whitelist CIPAV. He said that some vendors said they’d comply with court orders to ignore government or police spyware, and that McAfee and Microsoft wouldn’t say if that’s what had, in fact, happened here. Meanwhile, Kevin Poulsen over at Wired says that a more likely (and less controversial) explanation is that without ever seeing CIPAV, security software vendors can’t make a signature for it, so their systems can detect it.

Filed Under: , ,
Companies: fbi, mcafee, microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How Does The FBI's Spyware Get Around Security Software?”

Subscribe: RSS Leave a comment
Brian Harris (user link) says:

Am i missing something?

Once they found an IP in Italy, how did they manage to find him in Washington State?? it was understanding that cooperation with foreign governments around IP’s would take months of red tape to cut through, at least that is what i was told at a computer forensics meeting a couple years back which was hosted by Yale.

Isn’t this why most hackers use proxy’s outside of the target country?

Enrico Suarve says:

Re: Am i missing something?

I’ve got the same problem here – we traced it to an infected PC in Italy then to his machine

My 2 cents – FBI ring owner of PC in Italy….

FBI: “Did you know that some kid has infected your machine, turned it into a proxy and is using it to send bomb threats?”

Pissed off Italian: “No”

FBI: “We are as annoyed as you are – do you mind if we email you a file to put on your machine which will help identify who it is so we can arrest him? It’ll just grab his real IP, OS etc and where the redirected traffic is going to from HTTP headers”

Pissed off Italian “No”

FBI: “Thanks”

(sorry for the bad acting and poor Italian)

Unknowledgeable Geek says:

Re: Re: Am i missing something?

I think you have it right. This is almost funny that everyone is slamming the FBI because they stopped bomb threats. What if that kid called a bomb threat into your place of business, would you not want the FBI to stop them? You all are looking at the small picture. What about my rights? What about my rights to be able to go to work and not worry about bomb threats!!

Anonymous Coward says:

Remember the thing about cell phones the FBI claimed. They claimed they could listen to any cell phone through its Mic wheather or not the phone is even on. Now they can install spyware on any computer around the world?

Any one else getting the feeling the FBI is claiming to do things they can’t to either cover up their real(and much more sinister or evasive) methods or just to scare potential terrorists and the american public in general.

Anonymous Coward says:

#3 and snooping government

I’m not bothered if they claim abilities they do not have; but they certainly were able to do this little trick.

I am bothered by en masse snooping on ordinary citizens, without probable cause to believe they commited a crime, and/or with no warrant, then sifting through to find some alleged misdead. (I do not refer to the subject of this column, though. He made bomb threats.)

I don’t want the government to have a peep hole into our private lives with the help of Microsoft, McAfee, Intel or anyone else I make a legitimate purchase from.

In fact, where the hell do these companies get off providing such a back door!

I thought we lived in a free country – not under a government microscope.

(they hate us for our freedom?)

Bah who needs one (user link) says:

This FBI act looks like a blatantly illegal search under the 4th amendment. Even assuming they had a wiretap warrant, hacking a suspect’s computer (as opposed to simply tapping their phone line or cable and sniffing the traffic on it) appears to violate the Computer Fraud and Abuse Act as well as the suspect’s property rights in their machine. In effect, they seized the computer without notice. It’s as illegal as if they broke in and removed the computer in the dead of night without all the niceties of showing up in uniform and presenting the owner with a warrant first, or even leaving a note afterward saying they’d served a warrant in the owner’s absence or something.

I think there’s scope here for a savvy defense attorney to not only have the “evidence” obtained thrown out of court but to publicly give the FBI a black eye. This type of behavior cannot be tolerated from law enforcement in a free and just society.

Economist says:

FBI Surveillance

In order to reduce traffic that the FBI has to examine manually, and improve their efficiency, we should probably eliminate much of common English usage.

For example, it is probably a bad idea to refer to a bad movie as “a real xxxx” where what I have omitted has four letters, beginning and ending with “b”.

Discussion of many Vincent Price movie titles would likely also be unwise.

The Waltham Massachusetts Debutantes should probably change their initials.

And we better start referring to it as a “heart event” rather than using words like “axxack” and “sxxzure”.

Anonymous Coward says:

Re: FBI Surveillance

“Waltham Massachusetts Debutantes”

I’m from Waltham, Massachusetts. Believe me when I tell you, there are NO debutantes there. Some working class princesses and some ethnic hotties, yes; but you’d need to go to some neighboring towns (Belmont, Lexington, Weston, Lincoln) to find any real debutantes.

Shalkar says:

My Opinion is:

Well, they scarred the kid in to not taking it to court. In fact, he probably took a plea bargain. After all, he plead “Guilty”. So yeah, maybe if he took it to court a good lawyer would have been able to fight it. The thing is though, you think an appointed attorney would be a good one? I doubt he and/or his family even had money for a lawyer. Period.

Not that he should be let go, but he should have been caught in another way. A more legal and ethical way…

Anonymous Coward says:

Re: My Opinion is:

A skilled attorney would have likely taken a case like this pro bono because of the like hood of setting a legal precedent.

There really isn’t much case law (that I’m aware of) on the books related to this kind of invasive evidence gathering. It too bad the kid didn’t take it to trial. It could have been a supreme court case.

Just Me says:


While I agree that the methods the FBI employed are a bit shady and perhaps even unconstitutional, you have to at some point weigh the good and the bad. Again, don’t misunderstand me; It really pisses me off that they can serruptitiously install spyware on my PC to find out what I’m doing, but in the same vein, they only do that when there is something blatantly illegal going on that they want visibility into. Before 9/11 I’d have been totally opposed to this behavior, but given the good that it can do AND since I don’t engage in bomb threats/life threats/kiddie porn/terrorist activities, I’m not worried about what they will find if they happened to spy on my conversations. In fact, it can only exonerate me.

Anonymous Coward says:

Re: Hmmm.

I disagree.

In (something like) the words of Benjamin Franklin: “A society that would give up a liberty to gain security deserves neither and loses both.”

The most important thing we can do in post-9/11 America is to maintain the liberties that have caused us to be the envy of the world… not give them up so that we can be secure.

facing backwards says:

Re: Re: Hmmm.

Since 911 we can now observe, the terrorists won.
Politicians use terror to win votes.
Companies use terror to gain contracts.
We have given up many liberties in the name of security and gained neither liberty or security.
We have to remove shoes and belts at the airport along with discarding watter bottles!


meh says:

Re: Hmmm.

Are you honestly that short sighted or just retarded. How many years will have to pass before the idiot masses will stop justify government abuse of power in the name of supposed safety. It’s not about whether or not I’m doing something illegal it’s about not wanting people snooping into my business unless they follow the rules we’re all supposed to live by. What right does the government have to pick and choose which laws they are going to inforce, and which they will ignore in the name of the greater good. For those of you wanting to change the privacy laws, read your history fools, I would laugh if you manage to push a change through only to have it used to persecute beliefs you hold that harms no one but doesn’t follow the status quo.

reed says:

We all know the real story...

Behind closed doors the US government and MS struck a deal not to break up the company. I wonder what the specifics of that deal was? You scratch my back, I scratch your back. We don’t break you up, you build those back doors in for us. Doesn’t take a rocket scientist to figure out Bill Gates sold out over 90 % of all computer users.

Giving up our freedom, especially in concerns to computers which control just about every aspect of our lives was the beginning of the end. Welcome to a world where big brother has complete access to all your stuff at the flick of a button.

Sean says:

Sneak and Peak

I think this sort of search would fall under the sneak and peak provisions of Patriot or whatever act is relevant.
I think too much faith has been given to this teen’s “hacker proclivities” (what a phrase!).
It seems that this program merely reported on the IP address, MAC address etc. All this is public information surely(?) so the expectation to privacy is limited (like dumping private letters in the trash). The article specifically says that the feds didn’t record any content.

wthompson says:

The point

Not sure what the point of this is…
Within one paragraph reported AT LEAST second hand, all readers have convicted this kid.
The FBI crap is icing on this cake folks; it only formalizes the disregard for reason.

You mean to say that in no one’s past are there any actions or angry threats which were NOT REALLY intended for action.

Hieronymus says:

If you don't own it, you don't who does or where i

The problem with email and anonymous proxy servers is that unless you own it yourself, you don’t know who has control of it or where it’s located (despite what the seller says).

The thing with encrypted emails is that they will probably attract unwanted attention which defeats the original purpose.

Robert says:


It seems that in addtion to loosing our civil liberties we are loosing our imagination too.

The FBI or any other big brother goverment agency doesn’t need to make a ‘virus’ or to take any advantage of ‘vulnerabilities’ in PCs to invade our already lost privacy.

I can think of many ways spyware… or evidence can be planted in computers.

1. Via any software updates. Microsoft, symantec, itunes, you name it. They know your ISP, IP address and computer profile (MAC addr, registry, hardware list etc)

2. By using unregistered protocols to connec to PCs. Ethereal, wireshark et all only undersand public protocols. Under the un-patriot act I’m sure all new routers let pass some unknown protocols. The only way to really monitor the traffic is to tap into the physical layer (the wires) and see what flows trough.

3. Probably relatively new OSes (Vista, OSX, some or all Linux flavors?) already have built in spy functionality.

The questions are:

1. To what extent is this spying activity going on?
2. Are we going to stop looking for terrorists like AQ? or pedophiles, unfaithful husbands/wives, drug dealers, tax chaeaters, Democrats, Catholics and Muslims are next?
3. Who decides who gets prosecuted like border patrol agents Ramos and Campeon or pardoned like Scooter Liby?
4. Will the ‘spies’ misuse the information for their own advantage? Like getting tips on particular stocks or fed interest descicions?

I can go on and on.

Reed says:

Re: Unclear?

3. Probably relatively new OSes (Vista, OSX, some or all Linux flavors?) already have built in spy functionality.

We know MS made a deal with the government in order to keep operating the way they do. MS also created and developed spyware as a marketing tool (Through 3rd party developers).

OSX? I don’t know about that, but because they are a single company it would be easy to put pressure on them.

Linux? I doubt considering how many different versions there are and the fact that people all over the world code and check code that our government could force a back door in. On a side note there are always ways into a system if you know what your doing.

Handing over that info or creating a back door for the government in the name of security is extremely flawed reasoning.

Chipwhisperer says:

I don’t think this is any big mystery at all. They tracked the incoming IP on the Myspace page, and it was an infected computer in Italy. The infected computer in Italy OBVIOUSLY had lots of ports open with various programs “listening”, so the Feds just sent a trojan down the appropriate port after scanning the ports on that machine. Once settled in, they then sat back and occasionally perused the logs that their trojan in Italy sent regularly to Virginia. And of the incoming IPs shown in the log, an obvious one stuck out: a residential IP in the state of Washington. Wow, what a coincidence.

Now, legally they are covered. The federal trojan did no damage to the target computer, and one can legally make the case that when you are “on the internet” you are on a public medium and cannot have any expectation of privacy, and the federal trojan only monitored for criminal activity and all other log entries are disregarded.

Pretty much basic stuff, yawn.

Carol Stein says:

"hacking" NON-connected PCs

If you search for me online, you may discover that I wrote a paper a few years back for AI-Depot. In this I advised that anyone who has critical information on a PC that isn’t just stored Web pages (etc.) should use both an online PC and an offline PC. Since I am a writer, I have been doing this for sometime. A very cheap used PC works just fine as the offline machine (unless you play processor-intensive online games, I suppose).

Well, first my online PC was hacked, to the point I could no longer connect to the Web (via cable modem). Then, more recently, my OFFLINE pc (a one-year-old Cisnet running Win XP) became unable even to boot up. Previously it had been gradually deteriorating, so that (for example) no devices at all were listed under System/Devices).

After a 2-month hiatus, I am now back online as of today. I’m using a $70 second-hand PC (from Goodwill), plus a free MEPIS 6.5 CD that allows one to try the system before installing it, plus an expensive high-speed cable connection. I have also placed lead sheeting (on cardboard panels) around the business end of the PC, as an added precaution. I had done this with the XP system, but too late, I think, though I suspect the last killing infection occurred during “breaking and entering” of my apartment.

My system is running from the CD drive, and I’m not even going to try to format the HD — I’m literally afraid the feds or whichever hacker this is will pack it with something like child porn if I do! They already tried to frame me once, I think with drugs in a plastic bag.

Be afraid. I am absolutely positive the FBI will break and enter illegally, since it’s been happening to me. They have even incited other residents of my building to keep track of me if I leave my apartment, so I don’t leave unless a friend is “house-sitting” now. Btw, I’m disabled, getting $623/month through SSI, and this has been going on for 9 months now!!!

Carol Stein says:


It turns out the problem is much worse than I suspected. The FBI is able to (1) enter ‘dangerous’ “foreign destination” IP addresses into my PC as shown by netstat lanap listings, even when router and cable modem are both unpowered, (2) at one point they were messing up IPTABLES, again from another PC (located within 10-15′ of mine, in another apartment), (3) when I shutdown my MEPIS 6.5 system (still running from CD-ROM, with NO storage available) — even if I’ve only booted up and then shutdown immediately after logging on — I get a message that OpenBDS Shell Server is shutting down. Hmmmmm.

They still won’t go away, are still illegally messing with my PC from upstairs, and I can’t get them to negotiate or even tell me what they want. The ONLY way I can be rid of them, apparently, is to tell everyone everything I know about what they’re doing. Okay, then.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...