Federal law enforcement is using spyware to catch criminals.
by John Brandon
Are hackers the only ones using spyware? It turns out that government agencies, including the FBI, also use small executable programs to catch criminals and spy on other governments. According to a Wired News report by former hacker Kevin Poulsen, the FBI used a malware client called CIPAV to track the Internet activity of a Seattle student who was making bomb threats. The student likely downloaded the malware when he visited his own MySpace page.
According to Jennifer Granick, civil liberties director at the Electronic Frontier Foundation (EFF), the FBI probably has arrangements with antispyware companies such as Symantec and Microsoft that allow them to bypass spyware blockers and take advantage of browser exploits. Such malware can capture IP addresses and Web browser history, as well as record keystrokes. Installing the malware client is legal if the FBI has a warrant and can prove suspicious activity.
"Our investigative methods utilized in conjunction with court-authorized surveillance orders are lawful and effective," says Paul Bresson, an FBI spokesperson. "They are subject to rigorous review and oversight within the Department of Justice and within the courts where such evidence is introduced."
According to a CNET News survey, 13 leading antispyware vendors said they do not help the feds use spyware on suspects. Some vendors indicated, however, that if they were under court-ordered secrecy, they would not alert customers to the presence of such federal malware. And in an interesting bit of irony, the U.S. House of Representatives in May passed the I-SPY Prevention Act, placing stricter penalties (including up to five years in prison) on those who are caught using spyware to gain personal information. The law includes a provision exempting law enforcement and intelligence agencies.
In Europe, governments are also going on the offensive to prevent terrorist attacks by using spyware and other online means. The Boston Herald reported that Germany's interior minister, Wolfgang Schäuble, is seeking approval for the use of spyware to thwart terrorists. This came after German authorities were able to uncover and prevent a bomb plot that involved the Frankfurt airport and the U.S. military's Ramstein Air Base. In Sweden, the defense minister is pushing for a provision that would grant broad powers to the government to monitor e-mail without court orders.
Foreign governments have also used spyware clients to gather intelligence on one another, says Matt Sergeant, a senior antispam technologist at MessageLabs, although it's not clear who the culprits are: "We don't know if the Chinese government is using spyware, or if people use a Chinese IP address because it's very easy to get bulletproof [undetectable] hosting." Sergeant said some foreign governments use spyware, in addition, to monitor their own citizens' Web activity. And protecting your own privacy? The EFF suggests enabling your firewall and installing software that blocks spyware installs.