FBI used spyware to catch cable-cutting extortionist

CIPAV spyware helped nab unemployed engineer angry over outsourcing

1 2 Page 2
Page 2 of 2

Details about CIPAV first surfaced in July 2007 in court records related to a case involving a rash of bomb threats e-mailed to a high school in Lacey, Wash. In a filing to the court, an FBI Special Agent said that after getting a warrant, the agency planted CIPAV on a 15-year-old's computer via a link posted to his MySpace page.

According to the agent in the affidavit, CIPAV would "cause any computer -- wherever located -- to send network-level messages containing the activating computer's IP address and/or MAC address, other environmental variables, and certain registry-type information to a computer controlled by the FBI."

However, the warrant application did not spell out whether the CIPAV captured keystrokes or injected other code into the compromised system, as do commonplace Trojan horse downloaders. "The exact nature of [the CIPAV's] commands, processes, capabilities and their configuration is classified as a law-enforcement-sensitive investigative technique," said the 2007 document.

In Kelly's case, the FBI was granted a warrant to use CIPAV on Feb. 10, 2005, said Wired.com. Later that year, Kelly pleaded guilty to extortion, was sentenced to five years probation and ordered to pay Verizon $378,000 for the damage he did.

According to the complaint filed against Kelly, he believed that "companies like Comcast and Verizon were indirectly responsible for his unemployment and dire financial situation because they worked with companies that favored foreign engineers over their counterparts and because they had indirectly stolen his intellectual property."

As part of his sentence in late 2005, Kelly was also ordered to enter a mental health program.

The court documents related to Kelly's case did not detail how the FBI managed to get CIPAV on his computer, but security researchers commenting on the Washington school bomb threat case speculated that the agency may have used an exploit -- one already in circulation or one of its own -- to plant the spyware.

Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon