Kevin Poulsen from Wired.com broke a story this week about the first confirmed use of an FBI Trojan horse program in a criminal investigation. He tells BoingBoing,
Last month the FBI sent a program it calls a "computer and internet protocol address verifier," or CIPAV, to the owner of an anonymous MySpace profile linked to bomb threats against a high school near Seattle. The code led the FBI to 15-year-old Josh Glazebrook, a student at the school, who pleaded guilty Monday to making bomb threats, and related charges. From my article:
The spyware program gathers a wide range of information, including the computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL.
The CIPAV then settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every computer to which the machine connects for up to 60 days.
Link to Kevin's story. The FBI search warrant affidavit describing the CIPAV is here: Link (pdf)
