Network World - More details are emerging about how the FBI engages in hacking and the planting of spyware.
This story goes back to at least 2001 when Bob Sullivan of MSNBC and Ted Birdis of AP broke the story of Magic Lantern. At the time the FBI did not want to say much, but now there is real information that clears up some things and reinforces real concerns over this approach.
Law enforcement is faced with some very hard problems when it tries to find and get evidence on bad guys. There are a lot of tools that you and I can use to make the Internet safer when doing business on the 'Net or to protect our privacy if we need to blow the whistle on someone or communicate with a support group. You should be using encryption on your own computer so that your personal or business records are not compromised if your computer is stolen. You can use anonymizing proxies or anonymizing networks if you are a dissident living in a repressive society or would like to visit a mental health support group. These are important tools when used by the good guys, but make life harder for law enforcement when used by the bad guys.
Though note that both of these technologies are far too important to give up just to make law enforcement's job easier.
Still, law enforcement needs to overcome tools of this type if they are to catch the people they are after. This is where Magic Lantern, and its less prosaically named successor, "Computer & Internet Protocol Address Verifier" (CIPAV), come in. These systems are officially sanctioned spyware, theoretically only used when permitted by the courts (in the United States at least).
Wired.com was able to get a bunch of documents on CIPAV under the Freedom of Information Act that help to explain it. (See the Wired article here and the documents here.) You can get a clear picture of the use of CIPAV on pages 64 to 80 of the documents. After being surreptitiously installed on your computer by exploiting some software bug, CIPAV sends the FBI information about your computer then starts monitoring computer activity (software like this is used by bad guys to steal your bank account passwords.). In this case, the FBI can use it to find your encryption keys. Also, because your computer sends its actual location and other information directly to an FBI computer, using an anonymizing proxy will not hide you. (But something like Little Snitch may let you know that something funny is going on.)
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Topic Center White Papers | Webcasts