-Caveat Lector-
Begin forwarded message:
From: [EMAIL PROTECTED]
Date: July 20, 2007 7:23:20 PM PDT
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: REAL "Spyware"
FBI planted spyware on teen's PC to trace bomb threats
Gregg Keizer
http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9027418
July 19, 2007 (Computerworld) The FBI planted spyware on the
computer used by a Washington state teenager to finger him as the
person behind a rash of bomb threats e-mailed to his high school,
court documents revealed this week.
The 15-year-old, a former student at Timberline High School in
Lacey, Wash., pleaded guilty Monday to making the bomb threats, as
well as to identity theft charges, according to The Olympian. He
was sentenced to 90 days in juvenile detention and must pay the
school district $8,852 to cover expenses. The first e-mailed bomb
threat was sent June 4.
In several of the messages, the student taunted school authorities
and police for their inability to trace the e-mails to him. "Seeing
as how you're too stupid to trace the e-mail back lets [sic] get
serious," an e-mail on June 5 said, according to an unsealed search
warrant application filed with a Seattle federal court in mid-June.
"Stop pretending to be 'tracing it' because I already told you it's
coming from Italy. That is where trace will stop, so just stop
trying."
Within days, however, the FBI had obtained a warrant that allowed
the agency to infect the student's computer with a program it
called a Computer & Internet Protocol Address Verifier (CIPAV). "If
a warrant is approved, a communication will be sent to the computer
being used to administer [the MySpace] user account
'Timberlinebombinfo,'" said FBI Special Agent Norman Sanders in the
June 12 filing.
The CIPAV, said Sanders, would "cause any computer -- wherever
located -- to send network-level messages containing the activating
computer's IP address and/or MAC address, other environmental
variables and certain registry-type information to a computer
controlled by the FBI."
"I'd call that spyware," said Roger Thompson, chief technology
officer at Exploit Prevention Labs. "Or it's pretty darn close."
The warrant did not spell out whether the CIPAV could, for
instance, capture keystrokes or inject other code into the
compromised system, as do commonplace Trojan downloaders. "The
exact nature of [the CIPAV's] commands, processes, capabilities and
their configuration is classified as a law enforcement sensitive
investigative technique," said the warrant applications.
Sanders, however, did say that after making its initial data
harvest, the CIPAV would shift into a silent "pen register" mode in
which it only recorded the IP addresses, dates and times of each
communication. The contents of those communications -- such as e-
mail messages -- would not be captured and passed to the FBI, the
affidavit said.
It was also unclear exactly how Sanders expected to get the CIPAV
onto the suspect's computer, although the warrant application
hinted that it would be delivered through MySpace's own messaging
service. "The CIPAV will be deployed through an electronic
messaging program from an account controlled by the FBI," the
warrant application read. "The electronic message deploying the
CIPAV will only be directed to the administrator(s) of the
'Timberlinebombinfo' account [on MySpace]."
The FBI may have used an exploit -- one already in circulation or
one of its own -- to plant the CIPAV on the student's machine, said
Thompson. Or it might have just gone the simple route, and counted
on the suspect's curiosity to get him to launch an attached file or
click on a link to a malicious site.
Even if his computer had security software installed and active,
the CIPAV could have gotten through, Thompson argued. "In order to
evade antivirus, all you've got to do is use a new version of [a
piece of old malware]. The bad guys do it all the time."
It's also possible, speculated Thompson, that the FBI asked
security vendors to whitelist their CIPAV to let it through any
defenses. "They've always talked about things like this, whether it
was Magic Lantern or Carnivore. But the last time I saw anything
from [the FBI] was three, four years ago, and it was pretty
rudimentary stuff."
Magic Lantern was the name given to a 2001 FBI effort to develop a
keystroke and encryption keylogger. Carnivore, meanwhile, is the
label for e-mail tapping software from the same time frame.
When asked if he would agree to whitelist CIPAV today, or had in
the past when he was with PestPatrol, an antispyware developer
acquired in 2004 by CA Inc., Thompson said: "I don't know. We never
had to face that decision, because we were never asked."
Get a sneak peek of the all-new AOL.com.
www.ctrl.org
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substanceânot soap-boxingâplease! These are
sordid matters and 'conspiracy theory'âwith its many half-truths, mis-
directions and outright fraudsâis used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://www.mail-archive.com/ctrl@listserv.aol.com/
<A HREF="http://www.mail-archive.com/ctrl@listserv.aol.com/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
