EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.21.09

FBI, CIPAV, and the Windows Back Doors Revisited

Posted in Microsoft, Security, Windows at 6:30 am by Dr. Roy Schestowitz

Looking through the tube

Summary: How (and why) the American secret services rely on Windows

THE back doors in Microsoft Windows are a serious issue that we've already covered, so there is no point doing it again. Adding to what we already know, there is now this report from Wired Magazine and another from IDG:

CIPAV spyware helped nab unemployed engineer angry over outsourcing

There is also a discussion at Slashdot and one reader of ours wrote: “A good question to ask is, what is it about Windows that allows CIPAV to be so easily activated? Does it even require visiting a contaminated Web site (see the Slashdot article)? What is it in Windows that allows such features?” Here is some relevant information which this reader sent to us:

CIPAV, which stands for “Computer and Internet Protocol Address Verifier,” is secret surveillance software that the FBI used last month to help identify whoever was e-mailing bomb threats almost daily to a Washington high school.

[...]

The only clue in the affidavit is that the CIPAV would operate as a pen register for up to 60 days after the software had been “activated” by the recipient. In other words, the FBI swore that the monitor would “time out” after 60 days. But not that it would delete itself or not be able to spread in some worm or bot fashion.

This post neither defense nor criticism of malicious and dangerous behaviour that the FBI is rightly intercepting. It is merely recognition of the operation of Microsoft Windows.

It is not news that the FBI uses Windows viruses (there were several articles about it last year) and the DHS, which recently recruited Microsoft after pressure from the BSA, is now recruiting hackers.
________
[1] FBI remotely installs spyware to trace bomb threat

While there’s been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn’t said much about it since.    

[2] FBI ducks questions about its remotely installed spyware

There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect’s computer remotely.

[3] FBI to Notify Microsoft Windows Users Who Were Victims of Botnets

The Department of Justice and FBI have announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets.

[4] FBI: Operation Bot Roast finds over 1 million botnet victims

The Department of Justice and FBI Wednesday said ongoing investigations have identified more than 1 million botnet crime victims.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. The Mad Hatter said,

    April 21, 2009 at 11:03 am

    Gravatar

    Based on what I’ve read, you are regarded as a probable threat if you run an OS or Web Browser that CIPAV cannot infect. The reasoning seems to be that if you have made the choice to run Linux/OSX or use Firefox/Opera on Windows instead of Internet Exploder, you must have something to hide.

    No, I don’t have details or a link, I remember reading this a while back somewhere, and now can’t remember where.

  2. Roy Schestowitz said,

    April 21, 2009 at 11:14 am

    Gravatar

    There’s this recent incident.

  3. Yggdrasil said,

    April 21, 2009 at 7:30 pm

    Gravatar

    You are misleading people, again. You should have cited this from the Computer World article:

    “Some user action was CLEARLY REQUIRED to infect the PC with the CIPAV. In the warrant application, the FBI used the term activate several times and alluded to a spyware plant failure if the target did not trigger the CIPAV through the targeted MySpace account. MySpace accounts can’t receive traditional e-mail, so one hacker standard — attach the CIPAV to a message and hope the recipient is stupid enough to launch it — wasn’t available”

    Exactly. If you want to infect a Linux users, it’s as simple as sending them some program and getting them to run it. You also mention Slashdot, but of course, you only mention comments that would be critical of Microsoft. How about these comments instead? Both of which received high rankings.

    “What makes you think they don’t have a variant for Linux? User stupidity (i.e: bad/no security) isn’t unique to Windows. Off the top of my head, if they are relying on the web as an infection vector combined with user stupidity, why not write it into a Firefox extension?

    Yeah, it wouldn’t get your typical /. geek, but most criminals aren’t known for their foresight or intelligence. “Oh, the private website with the bank account information needs me to install this software! Ok, what could possibly go wrong?”

    In response to that:

    “This is an excellent statement. Stupidity knows no bounds. Its also dangerous to assume that the FBI doesn’t know what it is doing. When I worked in law enforcement, the FBI computer crimes agents I knew were well versed in operating systems other than Windows. The two I worked with most often had a solid knowledge of Linux and Cisco IOS.”

  4. Brian Assaf said,

    April 23, 2009 at 7:53 pm

    Gravatar

    “If you want to infect a Linux users, it’s as simple as sending them some program and getting them to run it.”

    Um. That easy huh? By default files aren’t executable, so it would require changing the permission. It would also need to be run as root to infect the whole system. How about dependencies? How about architecture differences. Just x86 or 64-bits? MIPS? Arm?
    So on and so forth. Linux isn’t a monoculture (no pun intended here guys/gals!) like the Windows ecosystem is.

    Even a pre-packaged deb (which can be installed ala double click in Ubuntu) would ask for a password, and again, wouldn’t be viable for every Linux distribution out there, architecture not withstanding.

    Having to run something out of the blue is odd if you use a package management system. Cryptographically signed, easily installed/uninstalled and updated (and source available for those interested.)

    Although maybe I’m alone in the 24,000+ packages available in Ubuntu being enough for regular computer use.

    My point here is I’ve unlearned a habit, there is no need to grab software willy nilly off the net. Instead check the repos, and check the source of software. Do you trust it, etc and why should I install this. Plus does it behave like a rootkit, if so then it can be scanned for, if this really does become some sort of popular vector…

    So, yes, you could use social engineering to get someone to install something, but the process should set off a red flag in the user.
    There isn’t some autorun or double click deal here. For those users that understand binaries are a blackbox, where no one can inspect, change, etc. anything, install at your own risk.

What Else is New


  1. Kather Augenstein and Bristows Shift Attention to Germany in an Effort to Ram the Dying UPC Down Everyone's Throats

    Down the throat, hopes Team UPC, the Unitary Patent system will go, even though Britain cannot ratify, throwing the whole thing into grave uncertainty



  2. United for Patent Reform Defends USPTO Director Michelle Lee From Attacks by the Patent Microcosm

    Michelle Lee is finally (if not belatedly) shielded by a bunch of large technology companies; The deep-pocketed industry finally steps in line with our position, which is usually when things turn out the way we advocate for



  3. Team UPC and CIPA Are Lobbying, Publishing Puff Pieces, and Rewriting the Law for Unitary Patent (UPC) Behind Closed Doors

    A collection of the latest news and views on the UPC, which is being lied about by those who stand to benefit from it and is probably going nowhere because Brexit means that the UK stays out, in which case it must be reset and pertinent ratifications done all over again



  4. China's Suffering From Patent Maximalism Has Europe Forewarned

    The parasitic elements inside China -- those that just want lots of litigation (even if from patent trolls) -- are winning over, much to the detriment of the Chinese economy, and Team UPC threatens to do the same in Europe with help from Battistelli



  5. Links 27/4/2017: Mesa 17.0.5 RC1, Git 2.13.0 RC1, and Linkerd 1.0

    Links for the day



  6. The Latest Expensive PR Blitz of the EPO, Led by Jana Mittermaier and Rainer Osterwalder Under the 'European Inventor Award' Banner

    The PR agencies of the Corsican in Chief, who appears to be buying political support rather than earning any, are very busy this week, as yet another reputation laundering campaign kicks off



  7. Links 26/4/2017: SMPlayer 17.4.2, Libreboot Wants to Rejoin GNU

    Links for the day



  8. PatentShield is Not the Solution and It Won't Protect Google/Android From Patent Trolls Like Microsoft's

    A new initiative called "PatentShield" is launched, but it's yet another one of those many initiatives (Peer-to-Patent and the likes of it, LOT Network, OIN, PAX etc.) that serve to distract from the real and much simpler solutions



  9. Patent Quality Crisis and Unprecedented Trouble at the European Patent Office (EPO) Negatively Affect Legitimate Companies in the US As Well

    The granting en masse of questionable patents by the EPO (patent maximalism) is becoming a liability and growing risk to companies which operate not only in Europe but also elsewhere



  10. Blog 'Takeovers' by Bristows and Then Censorship: Now This Firm Lies About the Unitary Patent (UPC) and Then Deletes Comments That Point Out the Errors

    Not only are Bristows employees grabbing the mic in various high-profile IP blogs for the purpose of UPC promotion (by distortion of facts); they also actively suppress critics of the UPC



  11. Links 25/4/2017: Kali Linux 2017.1 Released, NSA Back Doors in Windows Cause Chaos

    Links for the day



  12. Astoundingly, IP Kat Has Become a Leading Source of UPC and Battistelli Propaganda

    The pro-UPC outlets, which enjoy EPO budget (i.e. stakeholders' money), are becoming mere amplifiers of Benoît Battistelli and his right-hand UPC woman Margot Fröhlinger, irrespective of actual facts



  13. EPO Fiasco to be Discussed in German Local Authority (Bavarian Parliament) Some Time Today as the Institution Continues Its Avoidable Collapse

    Conflict between management and staff -- a result of truly destructive strategies and violations of the law by Benoît Battistelli -- continues to escalate and threatens to altogether dismantle the European Patent Office (EPO)



  14. In the US and Elsewhere, Qualcomm's Software Patents Are a Significant Tax Everyone Must Pay

    The state of the mobile market when companies such as Qualcomm, which don't really produce anything, take a large piece of the revenue pie



  15. In South Asia, Old Myths to Promote Patent Maximalism, Courtesy of the Patent Microcosm

    The latest example of software patents advocacy and patent 'parades' in India, as well as something from IPOS in Singapore



  16. Links 24/4/2017: Linux 4.11 RC8, MPV 0.25

    Links for the day



  17. Why Authorities in the Netherlands Need to Strip the EPO of Immunity and Investigate Fire Safety Violations

    How intimidation and crackdown on the staff representatives at the EPO may have led to lack of awareness (and action) about lack of compliance with fire safety standards



  18. Insensitivity at the EPO’s Management – Part IX: Testament to the Fear of an Autocratic Regime

    A return to the crucial observation and a reminder of the fact that at the EPO it takes great courage to say the truth nowadays



  19. For the Fordham Echo Chamber (Patent Maximalism), Judges From the EPO Boards of Appeal Are Not Worth Entertaining

    In an event steered if not stuffed by patent radicals such as Bristows and Microsoft (abusive, serial litigators) there are no balanced panels or even reasonable discussions



  20. EPO Staff Representatives Fired Using “Disciplinary Committee That Was Improperly Composed” as Per ILO's Decision

    The Board of the Administrative Council at European Patent Organisation is being informed of the union-busting activities of Battistelli -- activities that are both illegal (as per national and international standards) and are detrimental to the Organisation



  21. Links 23/4/2017: End of arkOS, Collabora Office 5.3 Released

    Links for the day



  22. Intellectual Discovery and Microsoft Feed Patent Trolls Like Intellectual Ventures Which Then Strategically Attack Rivals

    Like a swarm of blood-sucking bats, patent trolls prey on affluent companies that derive their wealth from GNU/Linux and freedom-respecting software (Free/libre software)



  23. The European Patent Office Has Just Killed a Cat (or Skinned a 'Kat')

    The EPO’s attack on the media, including us, resulted in a stream of misinformation and puff pieces about the EPO and UPC, putting at risk not just European democracy but also corrupting the European press



  24. Yann Ménière Resorts to Buzzwords to Recklessly Promote Floods of Patents, Dooming the EPO Amid Decline in Patent Applications

    Battistelli's French Chief Economist is not much of an economist but a patent maximalist toeing the party line of Monsieur Battistelli (lots of easy grants and litigation galore, for UPC hopefuls)



  25. Even Patent Bullies Like Microsoft and Facebook Find the Patent Trial and Appeal Board (PTAB) Useful

    Not just companies accused of patent infringement need the PTAB but also frequent accusers with deep pockets need the PTAB, based on some new figures and new developments



  26. Links 21/4/2017: Qt Creator 4.2.2, ROSA Desktop Fresh R9

    Links for the day



  27. At the EPO, Seeding of Puff Piece in the Press/Academia Sometimes Transparent Enough to View

    The EPO‘s PR team likes to 'spam' journalists and others (for PR) and sometimes does this publicly, as the tweets below show — a desperate recruitment and reputation laundering drive



  28. Affordable and Sophisticated Mobile Devices Are Kept Away by Patent Trolls and Aggressors That Tax Everything

    The war against commoditisation of mobile computing has turned a potentially thriving market with fast innovation rates into a war zone full of patent trolls (sometimes suing at the behest of large companies that hand them patents for this purpose)



  29. In Spite of Lobbying and Endless Attempts by the Patent Microcosm, US Supreme Court Won't Consider Any Software Patent Cases Anymore (in the Foreseeable Future)

    Lobbyists of software patents, i.e. proponents of endless litigation and patent trolls, are attempting to convince the US Supreme Court (SCOTUS) to have another look at abstract patents and reconsider its position on cases like Alice Corp. v CLS Bank International



  30. Expect Team UPC to Remain in Deep Denial About the Unitary Patent/Unified Court (UPC) Having No Prospects

    The prevailing denial that the UPC is effectively dead, courtesy of sites and blogs whose writers stood to profit from the UPC


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts