Exploding Garrmondo Weiner Interactive Swiss Army Penis

Exploding Garrmondo Weiner Interactive Swiss Army Penis (http://www.gamingforce.org/forums/index.php)
-   Political Palace (http://www.gamingforce.org/forums/forumdisplay.php?f=7)
-   -   The FBI's Secret Spyware (http://www.gamingforce.org/forums/showthread.php?t=23533)

Matt Jul 19, 2007 11:34 PM

The FBI's Secret Spyware
 
Quote:

FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats

FBI agents trying to track the source of e-mailed bomb threats against a Washington high school last month sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server, according to an FBI affidavit obtained by Wired News.

The court filing offers the first public glimpse into the bureau's long-suspected spyware capability, in which the FBI adopts techniques more common to online criminals.

The software was sent to the owner of an anonymous MySpace profile linked to bomb threats against Timberline High School near Seattle. The code led the FBI to 15-year-old Josh Glazebrook, a student at the school, who on Monday pleaded guilty to making bomb threats, identity theft and felony harassment.

In an affidavit seeking a search warrant to use the software, filed last month in U.S. District Court in the Western District of Washington, FBI agent Norman Sanders describes the software as a "computer and internet protocol address verifier," or CIPAV.

In the Washington case, the FBI delivered the program through MySpace's messaging system, which allows HTML and embedded images. The FBI might have simply tricked the suspect into downloading and opening an executable file, says Roger Thompson, CTO of security vendor Exploit Prevention Labs. But the bureau could also have exploited one of the legion of web browser vulnerabilities discovered by computer-security researchers and cybercrooks -- or even used one of its own.

"It's quite possible the FBI knows about vulnerabilities that have not been disclosed to the rest of the world," says Thompson. "If they had discovered one, they would not have disclosed it, and that would be a great way to get stuff on people's computer. Then I guess they can bug whoever they want."


FBI Spyware in a nutshell:


The full capabilities of the FBI's "computer and internet protocol address verifier" are closely guarded secrets, but here's some of the data the malware collects from a computer immediately after infiltrating it, according to a bureau affidavit acquired by Wired News.

• IP address
• MAC address of ethernet cards
• A list of open TCP and UDP ports
• A list of running programs
• The operating system type, version and serial number
• The default internet browser and version
• The registered user of the operating system, and registered company name, if any
• The current logged-in user name
• The last visited URL

Once that data is gathered, the CIPAV begins secretly monitoring the computer's internet use, logging every IP address to which the machine connects.

All that information is sent over the internet to an FBI computer in Virginia, likely located at the FBI's technical laboratory in Quantico.

Is this even legal?

How can the Court of Appeals claim that "internet users have no 'reasonable expectation of privacy' in the data when using the internet" when such things as data encryption exist?

Robo Jesus Jul 19, 2007 11:49 PM

I either expect big legal fuss over this, or I expect the media to try to bury it under the rug, so to say.

ctu Jul 19, 2007 11:56 PM

That is BS :( I don't want them tracking me and what I do :(

Nehmi Jul 20, 2007 12:35 AM

Nutty Response from Nehmi go!
 
This is the tip of the iceberg when it comes to government monitoring programs. You can imagine that if they are releasing this information out in the public, they've had it for quite some time and are likely to have even more advanced surveillance techniques.


Here's a fun little arktikle.
Yes, I know it's a conspiracy website.
No, I don't care.

While some of the conjecture of the author may not be sound, the items he mentions are real. Weeeeeee....

Gechmir Jul 20, 2007 09:16 AM

lol.

"You have freedom of speech. But that doesn't apply to bad-words."
"We respect your privacy. Just not on the internet."

=I

JackyBoy Jul 20, 2007 10:40 AM

So the government essentially employ hackers to track down pirates and criminals on the internets. This is surprising to anyone, why? Freedom has become a concept you read about in a book. Has no one paid any attention to the loss of Habeas Corpus, the Patriot Act, the Military Commission Act and all the other shadowy Bills getting signed in by our esteemed dear leader?

RacinReaver Jul 20, 2007 12:06 PM

They probably just sent him freexxxpornhotstufflolinotavirussexywomenbeastiali tysisterfuckedhardreallyreallynotavirus.jpg.scr.ex e.zip.openthisforonemilliondollars.gif.png.exe

Aardark Jul 20, 2007 12:51 PM

Quote:

Originally Posted by JackyBoy (Post 475404)
So the government essentially employ hackers to track down pirates and criminals on the internets. This is surprising to anyone, why? Freedom has become a concept you read about in a book. Has no one paid any attention to the loss of Habeas Corpus, the Patriot Act, the Military Commission Act and all the other shadowy Bills getting signed in by our esteemed dear leader?

To be honest, it would seem weird to me if governments didn't employ hackers. The best hackers are the best experts in computer security; I imagine hackers in the sense of 'hardcore computer fanatics' are much more skilled than someone who just finished Computer Pros College. A government, especially at this age, would be pretty helpless and vulnerable without people like that. Of course, it gives conspiracy nuts a lot of ammo, and valid privacy concerns arise as well, but that's quite inevitable.

Divest Jul 20, 2007 08:24 PM

When I went on a business trip for work one of my trainer's was telling me that her husband at a very young age (like 15 or so) hacked into some sort of military computer bullshit and moved equipment across the country. They found out it was him and then basically black mailed him into showing them how he did it.

I'm not sure how true the story is, but if it IS true, that's some pretty fucked up shit.

DarkMageOzzie Jul 20, 2007 08:33 PM

I think the main problem is that the internet is a worldwide thing. They could essentially spy on people from other countries using this and I could see that landing them in hot water if they piss off another government.

Windsong Jul 21, 2007 01:01 PM

I think that some people's assertions about hacker's abilities here are correct..they are the best at cracking security. Even if you encrypt your hdwith a long passphrase..with this program they could install a keylogger on your system and send your pass to their own gubmint computers:eye:.

In a related note..I recall the devs of Bioshock saying they are doing "online activation" with their release (not sure if its steam), saying it will prevent piracy. I seem to recall the same thing being said by the Half-Life 2 team.:rolleyes:

Yggdrasil Jul 21, 2007 04:18 PM

With this it would appear Anonymous isn't so Anonymous after all, at least in the eyes of the FBI.

janus zeal Jul 21, 2007 07:01 PM

Quote:

Originally Posted by Yggdrasil (Post 476123)
With this it would appear Anonymous isn't so Anonymous after all, at least in the eyes of the FBI.

lol Anonymous.

It looks like it requires someone to open something in order for this to work, I wouldn't work with anyone that internets with a moderate amount of intelligence/paranoia.

On the other hand, I'm sure they have other tools that work better. This probably works much better then they let on...

Quote:

Originally Posted by RacinReaver (Post 475452)
They probably just sent him freexxxpornhotstufflolinotavirussexywomenbeastiali tysisterfuckedhardreallyreallynotavirus.jpg.scr.ex e.zip.openthisforonemilliondollars.gif.png.exe

loooooooooool.

Angel of Light Jul 22, 2007 04:34 AM

It just seems like privacy was a luxury to a lot of people once upon a time. It just seems like that one of those days people can't even talk about controversial things.

The internet has been one of the best tools that people have used to express their opinions no matter how they might be perceived by other people. It just seems like with all the spy network, practically everything you say or do is being watched or heard by somebody else.

Its kind of shameful, but I suppose as long as there are people that are in a position of power that think in order for the world to be prosperous they have to be stuck into thinking and being one type of person, it'll only get worse before it gets any better.

Its only a matter of time, and practically every home in every state or province will be wired just to make sure we're not doing anything remotely bad by government standards.

Gumby Jul 23, 2007 11:49 AM

Wait. Let me get this straight, if a criminal uses that kind of program it is a violation of my privacy, but if the FBI does it... it is what, ok?

Aardark Jul 23, 2007 11:59 AM

Government bodies have authority that private individuals do not? Amerikkka!!!

RacinReaver Jul 23, 2007 02:40 PM

Quote:

Originally Posted by Gumby (Post 477184)
Wait. Let me get this straight, if a criminal uses that kind of program it is a violation of my privacy, but if the FBI does it... it is what, ok?

Is including a program that does all of these kinds of things actually illegal? I mean, isn't this pretty much the same thing that Banzai Buddy did?

ctu Jul 23, 2007 02:41 PM

I wonder how long till somebody find a way to detect it and remove that BS syware

ramoth Jul 23, 2007 09:06 PM

Quote:

Originally Posted by janus zeal (Post 476159)
lol Anonymous.

It looks like it requires someone to open something in order for this to work, I wouldn't work with anyone that internets with a moderate amount of intelligence/paranoia.

On the other hand, I'm sure they have other tools that work better. This probably works much better then they let on...

loooooooooool.

In theory, they could exploit a buffer overflow in say, image decoding code. Or the HTML parser. Or corrupt the DOM tree and access a dangling pointer.

Then they could execute arbitrary code on your system, and you're basically hosed. This is exactly the same way people get exploited by spammers and turned into botnet zombies. It happens every day.

It's extremely unethical of the FBI to "hoard" a security vulnerability they know about, for any reason. They should disclose this sort of thing to the vendor.

Full disclosure: I work for a browser vendor.

Gumby Jul 24, 2007 12:04 AM

Quote:

Originally Posted by Aardark (Post 477186)
Government bodies have authority that private individuals do not? Amerikkka!!!

I'd be a little more comfortable with this idea if they were required to get warrant before they could do this...

Night Phoenix Jul 24, 2007 07:28 AM

They are.

Quote:

In an affidavit seeking a search warrant to use the software...
Try reading the OP's source article.

BlueMikey Jul 24, 2007 03:15 PM

Well, the most important part is this:

Quote:

Under a ruling this month by the 9th U.S. Circuit Court of Appeals, such surveillance -- which does not capture the content of the communications -- can be conducted without a wiretap warrant, because internet users have no "reasonable expectation of privacy" in the data when using the internet.
The evidence they collected wouldn't be admissible under the search warrant if they had collected what he was doing, they were only allowed to track that he was doing something.

If they wanted to find out what he was doing, they would have required a wiretap warrant, which isn't much different from tapping someone's phone.

janus zeal Jul 25, 2007 04:01 PM

Quote:

Originally Posted by ramoth (Post 477553)
In theory, they could exploit a buffer overflow in say, image decoding code. Or the HTML parser. Or corrupt the DOM tree and access a dangling pointer.

Then they could execute arbitrary code on your system, and you're basically hosed. This is exactly the same way people get exploited by spammers and turned into botnet zombies. It happens every day.

But, the people who the FBI really want to watch use SSH tunnels, proxies, and Linux boxes. When was the last time you heard of a Linux based zombie net?

Why does it seem that the government is putting way to much effort into watching the common citizen?

RacinReaver Jul 25, 2007 04:59 PM

Because non-citizens are the CIA's turf? :tpg:


All times are GMT -5. The time now is 10:44 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2025, vBulletin Solutions, Inc.