Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Wired publishes documents detailing the FBI's spyware

Cory Doctorow at 10:25 pm Fri, Apr 17, 2009

— FEATURED —

Science

Last chance to enter the Armchair Taxonomist challenge!

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Book Review

We Can Fix it! - a graphic novel time travel memoir

Science

The technology that links taxonomy and Star Trek

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Wired's Kevin Poulsen has pried loose details about the FBI's homebrew spyware, used in criminal investigations. The document is redacted almost to the point of uselessness, but there are some interesting nuggets. Paul Ohm, who used to work in the FBI department responsible for the spyware, notes,
Page one may be the most interesting page. Someone at CCIPS, my old unit, cautions that "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,"

...

On page 152, the FBI's Cryptographic and Electronic Analysis Unit (CEAU) "advised Pittsburgh that they could assist with a wireless hack to obtain a file tree, but not the hard drive content." This is fascinating on several levels. First, what wireless hack? The spyware techniques described in Poulsen's reporting are deployed when a target is unlocatable, and the FBI tricks him or her into clicking a link. How does wireless enter the picture? Don't you need to be physically proximate to your target to hack them wirelessly? Second, why could CEAU "assist . . . to obtain a file tree, but not the hard drive content." That smells like a legal constraint, not a technical one. Maybe some lawyer was making distinctions based on probable cause?

Documents: FBI Spyware Has Been Snaring Extortionists, Hackers for Years

Get Your FBI Spyware Documents Here

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  Civlib • politics

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

  • johnphantom

    What makes me nervous is that these technological idiots will eventually have some sort of useful system, and what will they do when that happens?

  • syncrotic

    Interesting… according to this you get infected with the FBI spyware by clicking a link. This would seem to rely on specific vulnerabilities in specific browsers; that is, internet explorer. And even then, only versions of internet explorer in which the vulnerability hasn’t yet been patched. It could also be an activeX control that a page tricks you into running, but again, it requires IE.

    I’m not buying it. In the six hundred other pages of documentation that weren’t released at all, I’m sure there’s information about other attack vectors. I can’t imagine the FBI being helpless against anyone who does something as trivial as using firefox or keeping IE updated with the latest patches.

    I’d fully expect this kind of software to use every known remote code execution vulnerability in windows, and maybe a few that aren’t yet publicly known.

  • Pantograph

    So is this the mythical “magic lantern” software the FBI claimed to have a couple of years ago?

  • Keeper of the Lantern

    Eh. People get worked up about this kinda “emerging secrets” stuff, but the more mundane well-documented programs and capabilities such as CALEA are far more worrying, if you’re familiar with what something like CALEA can do.

    Call it “wiretapping” but that implies cutting into a wire with some alligator clips and attached gadgets in some basement somewhere.

    With CALEA, the FBI can themselves just call up a live copy of your phone traffic and send it into their offices.

    Do they need a warrant? Well, they probably get one only after they find that there are interesting things going on worth making an arrest for.

    With NSA they scoop up huge volumes of traffic and then have computers search for the interesting bits. If they have ever bothered getting warrants, etc…, they probably do so only in those rare cases when they will have to make it obvious to the public they were listening.

  • Ugly Canuck

    And the FBI are in your computer looking for..kiddie porn? State secrets? What else could they be looking for?
    It’s probably a thin book, those cases where this tech has actually provided evidence that could be introduced in a court of law: my guess, only in cases where the possession of that info (kiddie porn only, AFAIK: is the mere possession of “classified” info an imprisonable crime in the USA?), without anything more, is enough to get you a long stretch in jail.

  • Takuan

    amd if they can get in to look for kiddie porn, they can get in to put in some kiddie porn.