FBI spyware continuously trolls suspects’ surfing

May 9, 2011
Cyber Security, FedCyber Wire
No Comment

via Nextgov

A computer bug akin to spyware, developed by the FBI to trace the source of cyber crimes remains permanent on a suspect’s machine, according to previously Secret documents recently released under the Freedom of Information Act.

The Electronic Frontier Foundation, a privacy group, obtained various emails and records confirming the use of the tracking device, called the Computer and Internet Protocol Address Verifier, after the technology publication Wired first reported its existence in 2007. The new documents also show that the worm continuously retrieves data whenever the targeted computer is online. The papers reveal the names of agencies outside the FBI, including the Air Force, that have sought to use the software. And they show uncertainty among government officials about the legal procedures for seeking permission to use the application.

“The tool will stay persistent on the compromised computer and . . . [every] time the computer connects to the Internet, we will capture the [court-approved] information,” a special agent in the FBI’s cryptologic and electronic analysis unit wrote in one June 2007 email. The agent was emphasizing to a colleague “the importance of telling the judge” about these traits, presumably in a request to deploy the spyware.

The worm can collect the user’s Internet protocol address, or network location; media access control address, a unique code for each piece of computer hardware that connects to a network such as a Wi-Fi card; and certain data, the name of which is redacted, that “can assist with identifying computer users, computer software installed, computer hardware installed, [redacted],” an Oct. 2005 message stated. A separate 2005 email regarding an installation in Honolulu indicates the spyware also can record open communication ports, a list of programs running, the operating system’s serial number, type of browser, current login name, and the website the target last visited.

Continued here.