FBI Remotely Installed Fedware Called CIPAV

By Jimmy Daniels
Contributing Writer, RealTechNews

The FBI remotely installed spyware, now being called fedware by some, on a suspects PC to determine if he was the suspect who was e-mailing bomb threats to a high school near Olympia, Washington. This is the first known case where they remotely installed the spyware, although there are a couple other cases where spyware was installed by someone sneaking into offices.

An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET News.com claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV.

“The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique,” Sanders wrote. A reference to the operating system’s registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was “previously connected to.” Source: News.com

We Say: The documents did not say exactly how the CIPAV was installed, but email is suspected, and this brings to focus how exactly did they get past existing virus or spyware protection. If is indeed because of a white list, as Michael mentioned, then we will all eventually get into trouble as soon as someone gets a copy of the spyware, or fedware, but what if they have discovered a vulnerability they could exploit to do it? In the past they acknowledged that they were working on a virus called Magic Lantern, could this possibly be the result?