There have been rumors for years about the FBI remotely installing
spyware via e-mail or by exploiting an operating system vulnerability
from afar — and now there's confirmation.
Last month, the FBI obtained a federal court order to remotely install
spyware called CIPAV (Computer and Internet Protocol Address Verifier)
to find out who was behind a MySpace account linked to bomb threats sent
to a high school near Olympia, Wash.
The story is here:
http://news.com.com/8301-10784_3-9746451-7.html
I've posted the FBI affidavit, which is interesting reading, and a
summary of the CIPAV results that the FBI sent back to a magistrate
judge, here:
http://politechbot.com/docs/fbi.cipav.sanders.affidavit.071607.pdf
http://politechbot.com/docs/fbi.cipav.sanders.search.warrant.071607.pdf
Here's a Slashdot thread:
http://yro.slashdot.org/article.pl?sid=07/07/18/1434229
Wired's article on CIPAV notes that the FBI's 2008 budget request
includes $220,000 to "purchase highly specialized equipment and
technical tools used for covert (and) overt search and seizure forensic
operations... This funding will allow the technology challenges (sic)
including bypass, defeat or compromise of computer systems":
http://www.wired.com/politics/law/news/2007/07/fbi_spyware
All this is quite timely given our discussion yesterday about security
firms detecting spyware:
http://www.politechbot.com/2007/07/17/correction-on-security/
-Declan
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
