CIPAV: FBI Spyware

May 1st, 2011

Via: Electronic Frontier Foundation:

What is CIPAV and How Does It Work?

The documents discuss technology that, when installed on a target’s computer, allows the FBI to collect the following information:

IP Address
Media Access Control (MAC) address
“Browser environment variables”
Open communication ports
List of the programs running
Operating system type, version, and serial number
Browser type and version
Language encoding
The URL that the target computer was previously connected to
Registered computer name
Registered company name
Currently logged in user name
Other information that would assist with “identifying computer users, computer software installed, [and] computer hardware installed”3

It’s not clear from the documents how the FBI deploys the spyware, though Wired has reported that, in the Washington state case, the FBI may have sent a URL via MySpace’s internal messaging, pointing to code that would install the spyware by exploiting a vulnerability in the user’s browser. Although the documents discuss some problems with installing the tool in some cases, other documents note that the agency’s Crypto Unit only needs 24-48 hours to prepare deployment.4 And once the tool is deployed, “it stay[s] persistent on the compromised computer and . . . every time the computer connects to the Internet, [FBI] will capture the information associated with the PRTT [Pen Register/Trap & Trace Order].5

Posted in Surveillance, Technology | Top Of Page

2 Responses to “CIPAV: FBI Spyware”

  1. AHuxley says:
    May 1, 2011 at 8:22 am

    Great for Windows, any news on Mac or Linux?

  2. Red says:
    May 3, 2011 at 11:21 am

    @AHuxley: What is it that you think would be different about Mac OS or Linux?

Leave a Reply

You must be logged in to post a comment.