back to article FBI sought approval to use spyware against terror suspects

The FBI has reportedly sought the go-ahead to use a custom spyware package to bug terrorists and other national security suspects. Indirect evidence suggests that the request was likely to have been approved. An application to use the Computer and Internet Protocol Address Verifier (CIPAV) spyware program was sought from the …

COMMENTS

This topic is closed for new posts.
  1. amanfromMars Silver badge
    Paris Hilton

    Achilles Heel.....Paris's Arrow

    "The software is designed to log a target's internet use, recording every IP address a suspect computer communicates with. It also performs an inventory of operating systems, installed and running applications and logs open ports, IP addresses and Mac addresses of targeted PCs." ...... which makes it susceptible to Grooming ...recording a Manic Proxy CyberIDEntity Fit for ITs Purpose. Real Advanced DNA ReProfiling

    With a White Hat, that is AIKnight in Virtual Armour...... and an IntelAIgents Asset.

    ""If CIPAV came into our labs we would add detection...." ...... Very Hard to Detect by Virtue of ITs SMARTer Stealth Technology and I notice that there is no Protection Offered.

    Such is AI Stealth. IT will Protect ITself, Thank You ..... with the Deeper Understanding of what You Follow. Take Good Care of IT and IT will Take Good Care of U2.

    "A seminal academic paper written by Fred Cohen in 1984 showed that it was mathematically impossible to write something that was undetectable, ..." ....How about the possibility of something unstoppable? A Certainty?

  2. heystoopid
    Happy

    Sorry bunch of clowns and idiots !

    Sorry I am still laughing from another incident .

    Are these idiots for real and the clones of both Joseph McCarthy and J Edgar Hoover have multiplied ten fold and never left the building ?

    Oh well, were were truly warned about letting clowns thicker then a brick run the show back in the late sixties !

    "stupid is as stupid does" or has the fifties saying morphed to "it is better dead then a terrorist hiding under your bed!" now ? Ha! Ha!

  3. Joe Cooper
    Alert

    Ubuntu

    ...Except, if terrorists just started using Ubuntu, they would make an Ubuntu spyware. It's not hard, though a lot of people who spend their time explaining why it's impossible would never guess how.

  4. BitTwister

    @Joe Cooper

    > [make Ubuntu spyware] It's not hard, though a lot of people who spend their time explaining why it's impossible would never guess how.

    Ok, so why don't you enlighten us all?

  5. Henry Wertz Gold badge

    Ubuntu spyware

    It's much MUCH harder to come up with Ubuntu spyware. No apps shipped with an ubuntu desktop will just decide to autorun an E-Mail attachment or something off a web site. UNIX in general uses an executable bit to mark whether files should be executable,so a ".jpg.exe" or the like won't be executed. A malicious shell script won't be executed, it's not flagged executable. As an added measure, when I misnamed, oh, I think it was a movie clip I misnamed a ".jpg", the gnome shell yelled bloody murder and wouldn't even let me try to open the file until I renamed it properly.

    Don't get me wrong, X actually makes it plenty easy to grab keystrokes, and sending the keystrokes over the network wouldn't be a big deal either. But, the only way to install the spyware would be: 1) FBI comes in in person and installs the keylogger. 2) The target really is daft enough to follow instructions in an E-Mail that are all like "Hey you, please save this file, chmod +x it to make it executable, and execute it. kthxbye."

    (For that matter, a fully patched and up to date Windows box is harder to get spyware on to than an older one too. This likely relies on people not keeping up to date boxes.)

  6. Fiona

    @amanfromMars

    Ah, lost those dried frog pills again I see. Are you any relation of the bursar?

  7. Jach
    Flame

    Sad...

    I think those in charge of this country have lost it. We need to have another healthy revolution, French style. Blood running down the streets of Washington and such.

    Al-Qaeda still can't hack, judging from the lack of 'terrorist' cyber attacks. And as the article noted, just run any or several flavors of Linux.

    @Joe Care to explain how?

  8. alphaxion

    @ubuntu spyware

    I'm guessing the easiest plane of attack is the chump sat at the computer... "free porn, just enter your admin username and password in order to letch at these beauties"...

    as I've said in every argument about which has a greater level of security - none of them, they all have 1 common and very easily exploitable flaw... that being the user.

  9. John Benson
    Pirate

    double agent PCs

    Let's assume you're an "evildoer" and have somehow noticed that your PC has been "turned". (Maybe an antivirus program tipped you off, or IP traffic analysis or whatever.)

    At that point your PC effectively becomes a double-agent because you can choose your in-the-clear web-surfing habits and email transmissions to actively disinform your trackers. Advantage: evildoers.

    Then, you cloak your real correspondence in open source crypto or even steganography, being careful to frequently boot clean off a live CD and encrypt (or frequently zap) the swap partition and check for hardware keystroke collectors. Use SSH or VPN for extra points.

    There's nothing here that isn't well-known and documented, and it's morally neutral because it's as effective against evildoers as it is against evildoers, computing resources being equal.

    Of course, the escalating war of measures and countermeasures is great for business, which is why we'll see it go on in the foreseeable future. The search for pork goes on...

  10. Steven Swenson
    Flame

    Fear Tactics

    Oh geez. Yet another ploy by the government to try and put us under their control in the name of protecting us. Do they seriously think they're protecting us from terrorists when they pull this kind of bullcrap?

    We haven't been hit by terrorists since 9/11. And as long as the administration doesn't go ignoring intelligence suggesting there's going to be a terrorist attack, there won't be another one for a long time.

    It's been almost seven and a half years. If the terrorists were really as determined to strike us on our own soil as the government makes them out to be, they would have already infiltrated our borders and done so already.

    The government hasn't been tirelessly working day in and day out to stop countless terrorist attacks. The government hasn't been arresting terrorists left and right in the act of trying to attack us.

    There are no terrorists here to attack us. They're so poor and undersupplied hiding in a cave somewhere that they can't even get to america much less attack america. If we really were catching terrorists in the act of trying to attack us on US soil, the news reports of their capture would be interspersed with the news reports of suicide bombings in Iraq.

    Where are the "Islamic fundamentalist terrorist captured on U.S. soil" news reports? There are none. So stop feeding us this "it's for fighting terrorists" bullsh**.

    If the terrorists were really that well funded and that determined, they'd hop a plane to mexico, build a bomb there, and smuggle it across the border alongside a bunch of illegal aliens. I haven't seen any reports of illegal immigrants walking across the border with bombs strapped to their chests. Have you?

    @Joe Cooper

    Even though Ubuntu is one of the more user-friendly distros out there, it's still secure enough to be impenetrable to viruses. If I were stupid enough to accept a file from you or anyone else I don't know, and if I were stupid enough to run it with root privilages (which requires the command to be prepended with "sudo", folowed by entering your root user password, by the way), I would still be using Windows like you most likely are.

  11. Scott
    Stop

    Misdirection

    A magician's #1 best friend is misdirection. It sure seems to me that this "magic lantern" spyware is nothing but smoke and mirrors, and the real tool they're using is running within every ISP in the U.S. (and probably many of our allies) intercepting every packet coming in and going out. They could then consolidate this data, "mine" it, and piece together the IP conversations going into and out of suspect computers.

    Anyway, when you think about it, how else could they have used "magic lantern" to nab the mail hoaxers *after they committed the crime*? [*]

    [*] assuming they weren't stupid enough to go blabbing about it on a message board or blog.

  12. amanfromMars Silver badge
    Alien

    Spontaneous Conception ...Immaculate Inception ....Future Perfect Perception

    "2) The target really is daft enough to follow instructions in an E-Mail that are all like "Hey you, please save this file, chmod +x it to make it executable, and execute it. kthxbye."" ....By Henry Wertz Posted Friday 8th February 2008 23:12 GMT

    The State of Spooky Arts has moved well on forward from needing to ask, Henry. The Real SMART Stuff downloads itself in a Security Upgrade.....not only with Protection but also with Alms/Arms for Virtualisation.

    For it is in the IT Space of Virtualisation that the Future and our Perception of Reality are being Formed/Transformed, for IT is a Blank Canvas upon which you can Paint any Picture but only the Best are Stored to Memory for the Future to Witness and Enjoy and the Past to Analyse and Procrastinate Over looking for Reason.

    "Ah, lost those dried frog pills again I see. Are you any relation of the bursar?" .... By Fiona Posted Saturday 9th February 2008 00:34 GMT .... Any relation? Nothing more tangible than Empathy and an Understanding of Such SurReal Predicament, Fiona.

    But then, Cinderellas were missing from the Scene.

    The search for pork goes on... although, as earlier said, the SMART pork would know where the Hogs and Sows are. And if they don't, well, that is a New Program which Delivers them.

  13. Graham Wood

    Ubuntu is perfect, it's the silver bullet, it's unbreakable.

    You don't need to run something to allow a direct attack vector into your machine - it's not that simple. The main attack vectors that have been historically used in the windows world have been chosen because they are simple, effective, and nothing more is needed.

    This ubuntu utopia without rootkits, flawed daemons, and/or other issues is amazing - shame it has no reflection in the real world.

    Let's start down a completely hypothetical road (bear with me on this one). You open up a pdf in your web browser. This is a linux machine, so it's perfect. Even though the filename is really weird, it's passed safely to the viewer application, and therefore doesn't cause a problem. 15 minutes later, your machine reboots at random - and you make sure that on reboot nothing is wrong - looking at the logs for what happened.

    Unfortunately your machins is now running a rootkit, and nothing looks wrong. Only by running a network scanner on ANOTHER MACHINE can you tell that everything that you do is now being reported to a white/black hat - and even that can be well disguised.

    I lied - this isn't totally hypothetical at all. There is a vulnerability in the pcre library (a string handling library) that allows code execution. Since some daemons run as root, and some use grep (linked against the pcre library), your viewing of the pdf could trigger the issue and cause code execution as root.

    You're letting your machine view the web (since you are looking at that pdf) so that code can now download a mode complicated bootstrap code that then does more. Only a complete reinstall from clean media will get you back to a safe machine - and you'd better hope that the place you're installing from is clean.

    BTW there was a discussion a long time ago about the possibility of including a self-maintaining virus in gcc. Every time you compile an application, it deploys some code into it - and it detects when you're compiling a new gcc, to then include the whole codebase again. Even something like gentoo can be tracelessly infected - the sourcecode may be clean, but are all your tools?

    To summaries (sorry, this has been a bit long) - linux could already have been tracelessly and permanently infected with a trojan, as could ANYTHING.

    Hell - are you sure that your bios (or equivalent) doesn't have any backdoors?

  14. Henry Cobb
    Stop

    Google for Godel

    "....How about the possibility of something unstoppable? A Certainty?"

    Yes.

    Once this unstoppable Trojan is discovered then simply check every input stream for it before executing it.

    I have a very simple test that will determine if any program will loop forever, but this comment box is too small to contain it.

    -HJC

  15. Anonymous Coward
    Gates Halo

    Teehee!

    Y'all are just precious, and I have a special place in my heart for the AV industry. They've got the public, nay, the planet utterly bamboozled. I especially love the way they'll assert straight-faced that "if someone creates malware, we'll obviously get a copy handed to us on a silver platter and shortly thereafter we'll detect and remove it!".

    What utter BS! A targeted attack will be undetected - period, unless you Just Happen to have targetted a particularly talented and paranoid systems programmer at a moment when he's paying attention (like happened to Sony with their rootkit, LOL). Ooooh, sorry, shouldn't have brought *that* up in this context, for so many reasons... my bad.

    Nobody's going to send The Great and Powerful Graham Clueless a "sample" so he may decide if he ought detect it or not... They simply won't be confronted with the Ethical Decision of whether to narc out the FBI's or the German's malware, thank Bob.

    Yeah, but, but, but, I'm completely IMPERVIOUS to the Cascade-1542 virus!!!

    Windows/Mac/Linux/VMS users rely on the same defense as do individual fish in a school, or a flock of penguins menaced by a polar bear -- "gosh, odds are pretty good that somebody _else_ will be eaten, and the Big Bad Menace will leave me alone!".

    As to y'all who smirk that "Linux isn't safe either!! Nyah! Nyah!" - pray tell, how might you infect my randomly-downloaded bootable CD or DVD, oh my brother?

    Whee! Security rocks better than Patent Medicine, like, totally fer shure!

    Surreal

    (I'm just some a-hole with a superiority complex. Ne'er mind, go update your Norton and eat your freaking vegetables so you don't catch H5N1.)

  16. amanfromMars Silver badge
    Alien

    Earning urWings

    "BTW there was a discussion a long time ago about the possibility of including a self-maintaining virus in gcc. Every time you compile an application, it deploys some code into it - and it detects when you're compiling a new gcc, to then include the whole codebase again. Even something like gentoo can be tracelessly infected - the sourcecode may be clean, but are all your tools?"

    And the conclusion was.....Entirely Probable?

    "Once this unstoppable Trojan is discovered then simply check every input stream for it before executing it."

    When it is SMART....

    a) You will not discover it

    b) You will not want to discover it

    c) It will execute automatically

    d) It is Binary Medicine to Purge Systems for Fitness in Virtualisation Purposes.

    "I have a very simple test that will determine if any program will loop forever, but this comment box is too small to contain it.

    -HJC" ..... Henry, That would be a nice Test to Pass with Flying Colours. :-)

  17. lucmars

    Always the same story

    Now the "magic lantern" and later Palladium or hardware backdoor again.

  18. Praedor Atrebates
    Flame

    Not quite true

    The claim that there has been no terra-ist attacks since 9/11.

    "We haven't been hit by terrorists since 9/11. And as long as the administration doesn't go ignoring intelligence suggesting there's going to be a terrorist attack, there won't be another one for a long time."

    There was an attack shortly after 9/11, apparently pulled off my US-domestic terra-ists with a likely association with the government itself. Recall the anthrax attacks against EXCLUSIVELY Democratic politicos and a few "problematic" news agencies? Helped to shuttle the Patriot Act right through without thought didn't it? Hasn't been investigated at all (no properly or <i>seriously</i>).

    Just saying. There WAS a big terra attack after 9/11. It just wasn't by brown dudes from the ME.

  19. Anonymous Coward
    Anonymous Coward

    Yes but maybe they can work from home.

    Keeping the FBI inside and sifting through data would keep them from further embarrassing the shit out of the US. I think they are late to the party though, anyone competent enough to be a threat would be capable of not being infected with malware whatever their OS, generic tools that look for suspicious things are available that don't need signatures. Hand held devices, blackberries and such aren't so susceptible to this sort of attack. It's not a very good idea they may as well steal the data stream from already installed malware this they could do anytime.

  20. MacroRodent

    @Graham Wood

    "Since some daemons run as root, and some use grep (linked against the pcre library), your viewing of the pdf could trigger the issue and cause code execution as root."

    I have never heard of a root-privileged daemon grepping random data files. Closest on my linux machine might be clamav (an open-source virus scanner), but that runs as the unprivileged use "clamav". There is also a search database update daemon, but it runs as the user whose data is being indexed. The fact is, your scenario is not impossible but less likely with more modern linux distros that are wiser about security than distros of old, and as standard practice try to reduce root-privileged code to a minimum and employ other techniques that reduce possibilities of damage.

    Anyway, the really smart terrorist of course runs OpenBSD...

  21. Henry Cobb
    Unhappy

    Security like privacy is vastly overrated

    So what exactly would be required for secure computing?

    Hardware that only boots digitally signed OS that then requires every program to be signed and that then check all of their input files?

    And if anything is overlooked at any step you get Linux for X-Box360?

    I'd say death to von Neumann, but that's about five decades too late.

This topic is closed for new posts.

Other stories you might like