FBI Spyware used for the first time, called CIPAV, allows FBI to infect your computer.

I should first begin by stating that the FBI software in question was only used in the following case after it had been authorized by a judge, in other words, they had a court order to do this.

That said, I'm worried that while the FBI might have employed this in its first use (that we know of) legally and with a warrant, it may be possible that other interests in our government would not go to a judge to use this, if you catch my drift.

http://news.com.com/8301-10784_3-9746451-7.html

The question really is, how do they have that ability? Was it simply an insecure computer? Or was it an exploitable backdoor in Windows? (A backdoor is an addition to software that allows its creator to compromise the security of that software.)

This wasn't just a computer elsewhere at his ISP, this was the kid's own computer, it was by definition spyware.

We shall see what this will bring.

With a court order mind you.

Windows has many known exploits. The good news these exploits are continually fixed through updates. So the most important thing you can do is keep your computer updated. If you have windows XP turn on automatic updates and have them install automatically.

You can also disable javascript and activex but that will prevent you from browsing some sites correctly. What I recommend to a lot of people I work with is to create a new user account on your computer that is registered as a guest and doesn't have any administrator rights. Then only browse the internet under that account. This should provide you with sufficient security to prevent this type of thing from happening. 99% of exploits like this come from you browsing the internet.

There are many other advanced methods of watching open connections to your computer. If you go to command prompt you can type netstat -a -b which will give you a list of all open connections and which program created the connection. If you know what to look for you can figure out what shouldn't be in there.

I've been running windows since my first computer and for the last 6 years or so haven't been running any background antivirus applications, just the regularly weekly adaware scan and I haven't been infected yet.

If you know what to look for windows is a great, safe, OS.

updates on, you seem to know what you are doing.
Most don't, won't, can't do what it takes to make windoze secure.

sure, there aren't as many different threats for macs out there at this perticular time. But there are still plenty of them out there, and saying you don't have to worry about them when you own a mac is absolute fiction made up by apple's marketing team (which I admit is top notch).

Updates can work both ways. A security update can enable this too.

if microsoft did something like this it would be known in a matter of hours. There are people out there that know a lot about these types of back door attacks and can detect them from a mile away, I know its hard to believe. If microsoft was stupid enough to agree to this they would have lawsuits up their ass not to mention they would instantly loose half of their business and government contracts.

It was done by embedding a bug (in a graphic) via and HTML-enable email.

"Putting the legal issues aside for the moment, one key question remains a mystery: Assuming the FBI delivered the CIPAV spyware via e-mail, how did the the program bypass antispyware defenses and install itself as malicious software? (There's no mention of antivirus defenses in the court documents, true, but the bomb-hoaxster also performed a denial of service attack against the school district computers -- which, coupled with compromising the server in Italy, points to some modicum of technical knowledge.)

One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence.

Another is that the FBI has found (or paid someone to uncover) unknown vulnerabilities in Windows or Windows-based security software that would permit CIPAV to be installed. From the FBI's perspective, this would be the most desirable: for one thing, it would also obviate the need to strong-arm dozens of different security vendors, some with headquarters in other countries, into whitelisting CIPAV.

Earlier this week, News.com surveyed 13 security vendors and all said it was their general policy to detect police spyware. Some, however, indicated they would obey a court order to ignore policeware, and neither McAfee nor Microsoft would say whether they had received such a court order."

It sucks balls.

since these FBI viruses are designed not to be distributed but to only infect one perticular computer antivirus has no way of detecting them. Macafee, norton, or any other antivirus company would first need to get a hold of the actual virus before they could add it to their database, since they never see this perticular virus there is no way for them to be able to detect it.

That is why I disable javascript in Thunderbird.

How can they pass all the anti virus programs? And if the anti virus companies are in cahoots with the FBI, can an anti virus program from another County be used? Any teckies?

thats how these programs work. They scan the internet for viruses that affect many people. This won't apply to a virus meant to infect only one or 2 computers as the virus is specifically designed for that one purpose, so Norton or Macafee have no way of detecing it.

I posted above about the best thing you can do, and that is browse the internet in guest mode (I think Vista does this by default). Having a firewall such as zone alarm is very helpful too as it will alert you when something is trying to send information out from your computer (though this can sometimes be hidden).

I am constantly getting alerts about websites wanting to add something to my computer. Of course I always say no.

Virus Scanners work off of definitions...it requires that a virus be 'known' before it can be prevented. Polymorphic virus's (self changing software), makes this very difficult. That being said, this hack wasn't a virus. It was a trojan. It was embedded in an html enabled graphic and, using a technique similar to stenography (embedding coded messages in digital photographs), the code is assembled and automatically executed using the normal functions of IE.

As a person that makes a living in computer network vulnerability assessments, white-hat hacking, etc...I can tell you that the number of vulnerabilities on ANY system (Linux, WinXX, Mac...you name it), is staggering. First, you have to depend on the efficacy of the software (Operating System and Applications) not to have buffer overflow vulnerabilities, arbitrary logical port openings, etc. Oh by the way, do not depend upon the software manufactures to keenly search for these vulnerabilities and then alert you. They are discovered by people like me. We report them to the software company with the promise that we will openly post the vulnerability in a finite amount of time if they (the software company) does not code a patch and post a vulnerability alert ASAP.

If you want to know what your computer really looks like to a hacker? Scan your computer with a freeware tool called NMap. Use the -Z option to do a stealth scan. Don't get crazy and scan your entire IP range...your ISP provider will get reports that you are doing BIG TCP/IP scans and you will get terminated by your ISP provider.

Firewalls will stop script kiddies, but most talented hackers can penetrate them...worse yet, most talented hackers are possessive. They infiltrate your system (or firewall), deposit a back-door for themselves, then 'harden' your system so that nobody else can access it (except himself of course). Most software firewalls (ZoneAlarm, etc.) are childsplay to a professional. Caged Routers, Hardware Network Address Translation (NAT Routers) (configured correctly) are your best (and least cost prohibitive) protection against a direct attack/scan. However, when a trojan, wrapped in 'seemingly' innocuous attachment or as part of a 'trusted website' is called for and then executed (opened) by the computer user, They're screwed.

there is some military grade dynamic run-time monitoring tools that can detect when anomalous threads have been executed on a system--but the cpu overhead would crush a normal desktop/laptop.

Oh--the issue: I am certainly on board with FBI/NSA using these tools with a legally mandated search warrant. Hell Yeah! Also, Title 10 and USCD 18 prevents the military and CIA from doing that to us. I can't / won't go into details, but I promise you that we obey that law closely; and, there is an 'truckload' of oversight used in any domestic exploitation mission.

it pretty much proves what I said, there isn't some big conspiracy out there by norton or the other big antivirus companies to help out the government spy on you. They simply can not detect these threats. I didn't read too much into what methods the FBI used in this perticular instance. Like I said, I think your best bet is to run under guest mode when on the internet so that in theory you are not able to make any changes to your system.

I'll try out NMap, sounds like a cool app. Can it actually break through NAT?

No, it can't break through a NAT Router...whole different enchilada. NMap is a scanner. It has a TON of features depending upon what your goal(s) are. It is a tool to map what ports (and therefore what software) is running on a computer. Based on that information, you can determine what methodology--or, in some cases, what exact exploit you are going to use.

If you are a wireless user, check out AirSnort. This is a wireless encryption hacking tool written by one of my friends. Nobody is safe...that I know of (unless their computer is turned off) :)

I'm new here. I see that you have posted over a 1000 times. I have read several of your posts; and, at the risk of appearing combative, I believe you have a penchant for seeding doubt about stuff you know absolutely nothing about. You immediately go to the absolute worst possible or most conspiratorial notion through innuendo or outright speculation. By doing so, you are worse than the people you loath--you really are creating the seed of doubt in people's minds about something you know ABSOLUTELY nothing about.

I saw the thread you started on Senator Nelson's earmarks for the 21CSI company in Nebraska...now this one. I happen to be VERY knowledgeable about each topic.

About the FBI's use of this technology: What do you know about this country's efforts in computer network operations (exploitation, defense and attack). Who writes this code, who formulates these plans, who actually stores the code. What governing body of law and agency has oversight (for internal and external use). Saying that it raises 'very serious security issues' is, once again, laced with that hint of conspiracy. Try this: Wow!, did you all here about this great technology? I wonder if we have stopped any bombings or pedophiles with this stuff?

About 21CSI: I couldn't believe the BS you said about that company. Do you know what an SBIR (Small Business Innovative Research) company is? Do you know what an '8A' or 'Super 8A' Small business entity is (woman owned/minority woman owned)? The bullshit about 1 product after $40 million...how about 30+ products...don't believe everything you read. And don't go speculating conspiratorial about perfectly legitimate businesses...it has the potential to hurt innocent people.

Oh by the way...I'm no fan of Ben Nelson, but his son works his ass off at the company. I know, I use to work there.

2nd Oh by the way...the office phone number for 21CSI in Hawaii is 808-954-6400.

If you want to know why SBIR companies (who do exclusively high risk, research and development work) live and die by earmarks, look into an acquisition phenomenon called the federal budgeting 'Death Valley'. That is why the Small Business Administration created SBIR funding and why they endorsed earmarks. Small business simply can't wait for a 5 year federal budgeting process like the Northrop Grumman/Lockheed prime vendors can. They will die...and, so will the very cutting edge research that was conducted.

I now own my own technology company and I wouldn't survive against prime military contractors without the SBA/SBIR and, yes, continued funding through plus-ups.

http://www.wired.com/politics/law/news/2007/07/fbi_spyware?currentPage=1

I'm not sure if many DUers know about Inslaw and PROMIS but here's a quick reference to the company.