SomaliNet Forums

Largest online Somali community!

Skip to content

Welcome to SomaliNet Forums, a friendly and gigantic Somali centric active community. Login to hide this block

You are currently viewing this page as a guest. By joining our community you will have the ability to post topics, ask questions, educate others, use the advanced search, subscribe to threads and access many, many other features. Registration is quick, simple and absolutely free. Join SomaliNet forums today! Please note that registered members with over 50 posts see no ads whatsoever! Are you new to SomaliNet? These forums with millions of posts are just one section of a much larger site. Just visit the front page and use the top links to explore deep into SomaliNet oasis, Somali singles, Somali business directory, Somali job bank and much more. Click here to login. If you need to reset your password, click here. If you have any problems with the registration process or your account login, please contact us.

FBI's Secret Spyware Tracks Down Your Movements; But how?

Daily chitchat.

Moderators: Moderators, Junior Moderators

Forum rules
This General Forum is for general discussions from daily chitchat to more serious discussions among Somalinet Forums members. Please do not use it as your Personal Message center (PM). If you want to contact a particular person or a group of people, please use the PM feature. If you want to contact the moderators, pls PM them. If you insist leaving a public message for the mods or other members, it will be deleted.
Locked
OUR SPONSOR: LOGIN TO HIDE
User avatar
*jr
SomaliNet Heavyweight
SomaliNet Heavyweight
Posts: 4992
Joined: Wed Jun 20, 2001 7:00 pm

FBI's Secret Spyware Tracks Down Your Movements; But how?

Postby *jr » Wed Jul 18, 2007 3:46 pm

Source: Wired

FBI agents trying to track the source of e-mailed bomb threats against a Washington high school last month sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server, according to an FBI affidavit obtained by Wired News.

The court filing offers the first public glimpse into the bureau's long-suspected spyware capability, in which the FBI adopts techniques more common to online criminals.

The software was sent to the owner of an anonymous MySpace profile linked to bomb threats against Timberline High School near Seattle. The code led the FBI to 15-year-old Josh Glazebrook, a student at the school, who on Monday pleaded guilty to making bomb threats, identity theft and felony harassment.

In an affidavit seeking a search warrant to use the software, filed last month in U.S. District Court in the Western District of Washington, FBI agent Norman Sanders describes the software as a "computer and internet protocol address verifier," or CIPAV.

http://www.wired.com/politics/law/news/ ... bi_spyw...


--------------------------------------------------

FBI Spyware: How Does the CIPAV Work? -- UPDATE


Following up on my story on the FBI's computer-monitoring malware, the most interesting question unanswered in the FBI affidavit; is how the bureau gets its "Computer and Internet Protocol Address Verifier" onto a target PC.

In the Josh Glazebrook case, the FBI sent its program specifically to Glazebrook's then-anonymous MySpace profile, Timberlinebombinfo. The attack is described this way:

The CIPAV will be deployed through an electronic messaging program from an account controlled by the FBI. The computers sending and receiving the CIPAV data will be machines controlled by the FBI. The electronic message deploying the CIPAV will only be directed to the administrator(s) of the "Timberinebombinfo" account.


It's possible that the FBI used social engineering to trick Glazebrook into downloading and executing the malicious code by hand -- but given the teen's hacker proclivities, it seems unlikely he'd fall for a ruse like that. More likely the FBI used a software vulnerability, either a published one that Glazebrook hadn't patched against, or one that only the FBI knows.

MySpace has an internal instant messaging system, and a web-based stored messaging system. (Contrary to one report, MySpace doesn't offer e-mail, so we can rule out an executable attachment.) Since there's no evidence the CIPAV was crafted specifically to target MySpace, my money is on a browser or plug-in hole, activated through the web-based stored messaging system, which allows one MySpace user to send a message to another's inbox. The message can include HTML and embedded image tags.


http://blog.wired.com/27bstroke6/2007/0 ... ware-ho...
Top
Locked
OUR SPONSOR: LOGIN TO HIDE

Hello, Has your question been answered on this page? We hope yes. If not, you can start a new thread and post your question(s). It is free to join. You can also search our over a million pages (just scroll up and use our site-wide search box) or browse the forums.

  • Similar Topics
    Replies
    Views
    Last post

Return to “General - General Discussions”

Who is online

Users browsing this forum: No registered users and 35 guests

Powered by phpBB® Forum Software © phpBB Limited