Network World - More details are emerging about how the FBI engages in hacking and the planting of spyware.
This story goes back to at least 2001 when Bob Sullivan of MSNBC and Ted Birdis of AP broke the story of Magic Lantern. At the time the FBI did not want to say much, but now there is real information that clears up some things and reinforces real concerns over this approach.
Law enforcement is faced with some very hard problems when it tries to find and get evidence on bad guys. There are a lot of tools that you and I can use to make the Internet safer when doing business on the 'Net or to protect our privacy if we need to blow the whistle on someone or communicate with a support group. You should be using encryption on your own computer so that your personal or business records are not compromised if your computer is stolen. You can use anonymizing proxies or anonymizing networks if you are a dissident living in a repressive society or would like to visit a mental health support group. These are important tools when used by the good guys, but make life harder for law enforcement when used by the bad guys.
Though note that both of these technologies are far too important to give up just to make law enforcement's job easier.
Still, law enforcement needs to overcome tools of this type if they are to catch the people they are after. This is where Magic Lantern, and its less prosaically named successor, "Computer & Internet Protocol Address Verifier" (CIPAV), come in. These systems are officially sanctioned spyware, theoretically only used when permitted by the courts (in the United States at least).
Wired.com was able to get a bunch of documents on CIPAV under the Freedom of Information Act that help to explain it. (See the Wired article here and the documents here.) You can get a clear picture of the use of CIPAV on pages 64 to 80 of the documents. After being surreptitiously installed on your computer by exploiting some software bug, CIPAV sends the FBI information about your computer then starts monitoring computer activity (software like this is used by bad guys to steal your bank account passwords.). In this case, the FBI can use it to find your encryption keys. Also, because your computer sends its actual location and other information directly to an FBI computer, using an anonymizing proxy will not hide you. (But something like Little Snitch may let you know that something funny is going on.)
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Topic Center White Papers | Webcasts