EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.21.09

FBI, CIPAV, and the Windows Back Doors Revisited

Posted in Microsoft, Security, Windows at 6:30 am by Dr. Roy Schestowitz

Looking through the tube

Summary: How (and why) the American secret services rely on Windows

THE back doors in Microsoft Windows are a serious issue that we've already covered, so there is no point doing it again. Adding to what we already know, there is now this report from Wired Magazine and another from IDG:

CIPAV spyware helped nab unemployed engineer angry over outsourcing

There is also a discussion at Slashdot and one reader of ours wrote: “A good question to ask is, what is it about Windows that allows CIPAV to be so easily activated? Does it even require visiting a contaminated Web site (see the Slashdot article)? What is it in Windows that allows such features?” Here is some relevant information which this reader sent to us:

CIPAV, which stands for “Computer and Internet Protocol Address Verifier,” is secret surveillance software that the FBI used last month to help identify whoever was e-mailing bomb threats almost daily to a Washington high school.

[...]

The only clue in the affidavit is that the CIPAV would operate as a pen register for up to 60 days after the software had been “activated” by the recipient. In other words, the FBI swore that the monitor would “time out” after 60 days. But not that it would delete itself or not be able to spread in some worm or bot fashion.

This post neither defense nor criticism of malicious and dangerous behaviour that the FBI is rightly intercepting. It is merely recognition of the operation of Microsoft Windows.

It is not news that the FBI uses Windows viruses (there were several articles about it last year) and the DHS, which recently recruited Microsoft after pressure from the BSA, is now recruiting hackers.
________
[1] FBI remotely installs spyware to trace bomb threat

While there’s been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn’t said much about it since.    

[2] FBI ducks questions about its remotely installed spyware

There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect’s computer remotely.

[3] FBI to Notify Microsoft Windows Users Who Were Victims of Botnets

The Department of Justice and FBI have announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets.

[4] FBI: Operation Bot Roast finds over 1 million botnet victims

The Department of Justice and FBI Wednesday said ongoing investigations have identified more than 1 million botnet crime victims.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. The Mad Hatter said,

    April 21, 2009 at 11:03 am

    Gravatar

    Based on what I’ve read, you are regarded as a probable threat if you run an OS or Web Browser that CIPAV cannot infect. The reasoning seems to be that if you have made the choice to run Linux/OSX or use Firefox/Opera on Windows instead of Internet Exploder, you must have something to hide.

    No, I don’t have details or a link, I remember reading this a while back somewhere, and now can’t remember where.

  2. Roy Schestowitz said,

    April 21, 2009 at 11:14 am

    Gravatar

    There’s this recent incident.

  3. Yggdrasil said,

    April 21, 2009 at 7:30 pm

    Gravatar

    You are misleading people, again. You should have cited this from the Computer World article:

    “Some user action was CLEARLY REQUIRED to infect the PC with the CIPAV. In the warrant application, the FBI used the term activate several times and alluded to a spyware plant failure if the target did not trigger the CIPAV through the targeted MySpace account. MySpace accounts can’t receive traditional e-mail, so one hacker standard — attach the CIPAV to a message and hope the recipient is stupid enough to launch it — wasn’t available”

    Exactly. If you want to infect a Linux users, it’s as simple as sending them some program and getting them to run it. You also mention Slashdot, but of course, you only mention comments that would be critical of Microsoft. How about these comments instead? Both of which received high rankings.

    “What makes you think they don’t have a variant for Linux? User stupidity (i.e: bad/no security) isn’t unique to Windows. Off the top of my head, if they are relying on the web as an infection vector combined with user stupidity, why not write it into a Firefox extension?

    Yeah, it wouldn’t get your typical /. geek, but most criminals aren’t known for their foresight or intelligence. “Oh, the private website with the bank account information needs me to install this software! Ok, what could possibly go wrong?”

    In response to that:

    “This is an excellent statement. Stupidity knows no bounds. Its also dangerous to assume that the FBI doesn’t know what it is doing. When I worked in law enforcement, the FBI computer crimes agents I knew were well versed in operating systems other than Windows. The two I worked with most often had a solid knowledge of Linux and Cisco IOS.”

  4. Brian Assaf said,

    April 23, 2009 at 7:53 pm

    Gravatar

    “If you want to infect a Linux users, it’s as simple as sending them some program and getting them to run it.”

    Um. That easy huh? By default files aren’t executable, so it would require changing the permission. It would also need to be run as root to infect the whole system. How about dependencies? How about architecture differences. Just x86 or 64-bits? MIPS? Arm?
    So on and so forth. Linux isn’t a monoculture (no pun intended here guys/gals!) like the Windows ecosystem is.

    Even a pre-packaged deb (which can be installed ala double click in Ubuntu) would ask for a password, and again, wouldn’t be viable for every Linux distribution out there, architecture not withstanding.

    Having to run something out of the blue is odd if you use a package management system. Cryptographically signed, easily installed/uninstalled and updated (and source available for those interested.)

    Although maybe I’m alone in the 24,000+ packages available in Ubuntu being enough for regular computer use.

    My point here is I’ve unlearned a habit, there is no need to grab software willy nilly off the net. Instead check the repos, and check the source of software. Do you trust it, etc and why should I install this. Plus does it behave like a rootkit, if so then it can be scanned for, if this really does become some sort of popular vector…

    So, yes, you could use social engineering to get someone to install something, but the process should set off a red flag in the user.
    There isn’t some autorun or double click deal here. For those users that understand binaries are a blackbox, where no one can inspect, change, etc. anything, install at your own risk.

What Else is New


  1. Links 19/1/2020: Wine 5.0 RC6, Alpine 3.11.3

    Links for the day



  2. Judges Reject EPO Patents on Life as Constitutional Complaints Against the EPO Pile Up in Germany

    EPO judges throw out patents on life (CRISPR at least); there's now growing hope that they'll have the courage to do the same to patents on software



  3. IRC Proceedings: Saturday, January 18, 2020

    IRC logs for Saturday, January 18, 2020



  4. StartPage (System1) Found New Spin Allies. Some Have Been Offered StartPage Jobs. Some Might Already be Working for StartPage in Secret.

    Pro-StartPage voices appear to be paid (or have been promised pay) by StartPage; the key strategy of StartPage seems to be, attack and betray people's privacy while paying people in particular positions to pretend otherwise



  5. IRC Proceedings: Friday, January 17, 2020

    IRC logs for Friday, January 17, 2020



  6. Links 18/1/2020: Mir 1.7 and GNU Guile 3.0.0

    Links for the day



  7. IRC Proceedings: Thursday, January 16, 2020

    IRC logs for Thursday, January 16, 2020



  8. Links 16/1/2020: Mozilla Layoffs, PinePhone Braveheart Shipping, KDE Plasma 5.18 LTS Reaches Beta

    Links for the day



  9. Microsoft is a Market Leader in Lying and Corruption

    Microsoft is working hard to describe itself as the exact opposite of what it is and what it has been; ‘Internet rot’ helps a lot with this agenda, not to mention control of the media (the narrative)



  10. The European Patent Organisation Continues to 'Piss All Over' Separation of Powers

    The EPO continues to scatter invalid patents (IPs) that are European Patents (EPs) all over Europe and nobody can stop this, not even the judges of the EPO because they lack independence (by their very own admission)



  11. Zealots of Team UPC (Patent Litigation) Now Attacking the Courts and the Judges, Removing Their Mask on the Face of Things...

    The tactics of Team UPC aren't changing, only the shamelessness associated with these tactics is changing (because it looks like the end of days to them)



  12. Microsoft Now Uses or Leverages Software Freedom Against Free Software

    A reader's explanation of what Microsoft is trying to accomplish with its so-called 'embrace' and what steps will come next (how they manifest themselves)



  13. IRC Proceedings: Wednesday, January 15, 2020

    IRC logs for Wednesday, January 15, 2020



  14. Links 15/1/2020: CentOS Linux 8.1, Oracle VirtualBox 6.1.2 and GNU Sed 4.8

    Links for the day



  15. OSI Board at Microsoft: This is How Institutions Die or Completely Lose Their Purpose/Direction

    The photo (or meeting) may mark the turning point of the Openwashing as-a-Standard Initiative (OSI), which less than a year earlier took a bucket of money from Microsoft



  16. IRC Proceedings: Tuesday, January 14, 2020

    IRC logs for Tuesday, January 14, 2020



  17. When Microsoft's Actions Speak for Themselves (About Back Door Access)

    Unwittingly, people are being reminded of the 'special relationship' between Microsoft and the US Army (or government); The back doors or bug doors are still there, even 7 years after Edward Snowden's NSA leaks



  18. Why You -- Yes, You Too -- Should Consider Migrating to GNU/Linux

    The window is closing (and Windows/Vista 7 closing down); the chance to use machines that the users actually control is still there



  19. Can We Please Stop Lying for Microsoft in the Mainstream Media?

    Dishonesty for short-term financial gain (e.g. advertising money) will be a big loss in the long run. There’s a reason why so many news sites perish and Datamation (where I wrote more than a decade ago) now throws away remnants of reputation by spreading a big lie from Microsoft.



  20. It's Only Factual and Truthful to Point Out That About Half of the EPO's Management Committee Are From the President's Nation (and Many Are Underqualified Friends of His)

    The patent-granting extravaganza of what a reader and contributor of ours likes to call "Club Med" will result in great pain (not just for the Office but for Europe as a whole); pointing out who's to blame (the culprits) is an exercise in practicality



  21. Stranger Than Fiction: Team UPC's Mental Condition

    Team UPC's delusions continue to unmask UPC proponents (in 2020) as totally and entirely detached from reality



  22. Links 14/1/2020: IBM Joins LOT Network; X.Org Server 1.20.7, Tails 4.2.2 and Zanshin 0.5.71 Released

    Links for the day



  23. Vista 7 is Dead, Long Live GNU/Linux

    A reminder of Microsoft’s universal “PC tax” ambitions — evidence that the company was never interested in ‘playing nice’ with anybody



  24. Links 14/1/2020: Git v2.25.0 and End of Vista 7

    Links for the day



  25. Systematic Abandonment of the Independence of Judiciary at the EPO (or Collective Amnesia)

    The ‘constitution’ or the convention upon which the EPO is based (known as EPC) is routinely violated and nobody seems to care anymore; the EPO governs itself and conducts itself without as much as a fundamental legal text



  26. They Always Say They Love Linux (and 'the Children')

    Microsoft says it “loves Linux” and the Gates Foundation insists it “loves children” but the real underlying motivations have more to do with monopoly (Windows, Monsanto etc.) and nothing to do with “Linux” or “children” or whatever



  27. The Media's Obligation is Not to Repeat the Lies of EPO Management, But Money Changes Things

    The ridiculous lies about prospects of the Unified Patent Court are now spreading to EPO-friendly publishers — few powerful people to whom truth isn’t valued as much as the customers (their subscribers and sponsors are law firms)



  28. IRC Proceedings: Monday, January 13, 2020

    IRC logs for Monday, January 13, 2020



  29. The FSF and GNU Need a Better Savannah to Attract GitHub Refugees

    Thomas Grzybowski's explanation of why GitHub poses a risk to software freedom and what can be done about it



  30. Links 13/1/2020: Linux Lite 4.8, Linux 5.5 RC6, Corebird Continues as ‘Cawbird’

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts