Page one may be the most interesting page. Someone at CCIPS, my old unit, cautions that "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,"Documents: FBI Spyware Has Been Snaring Extortionists, Hackers for Years...
On page 152, the FBI's Cryptographic and Electronic Analysis Unit (CEAU) "advised Pittsburgh that they could assist with a wireless hack to obtain a file tree, but not the hard drive content." This is fascinating on several levels. First, what wireless hack? The spyware techniques described in Poulsen's reporting are deployed when a target is unlocatable, and the FBI tricks him or her into clicking a link. How does wireless enter the picture? Don't you need to be physically proximate to your target to hack them wirelessly? Second, why could CEAU "assist . . . to obtain a file tree, but not the hard drive content." That smells like a legal constraint, not a technical one. Maybe some lawyer was making distinctions based on probable cause?
Wired publishes documents detailing the FBI's spyware
Leave a comment
More items
Gorilla-viewing glasses prevent eye-contact
The Rotterdam Zoo is giving away cardboard glasses that make it appear that you're looking off to one side; these are gorilla-viewing glasses, meant to avoid incidents in which gorillas attack visitors for making eye contact with them. The glasses' introduction follows an attack on a woman by an e... More.
20-year old Iraqi woman dies; father ran her over for being too Westernized
A young Iraqi woman died tonight in Arizona because her father believed she had become too Westernized. Noor Faleh Almaleki, the 20-year old pictured here, moved to the Phoenix area in the mid-90s with her family. Her father, Faleh Hassan Almaleki, feared that her American upbringing had led her t... More.
The Secret of Liquid Smoke
The secret: It's not the creepy chemical additive you thought. A couple of weekends ago, I caught an episode of the public radio show "The Splendid Table" with soothingly voiced chef Lynne Rossetto Kasper. The topic was BBQ and I was shocked (Shocked!) to hear Lynne* and her guest recommend liquid... More.
Careless forklift driver brings down the warehouse - video
In this brief true-life comedy short film, a gentleman who is careless with his forklift in a warehouse full of cases of glass bottles (vodka?) manages to bring the whole lot crashing to the ground with much hilarity! Fork Lift Accident Brings Down The Warehouse Video (Thanks, Fipi Lele!)... More.
Video from CC footage of Brisbane Zombie Walk
Pool, the Australian public broadcaster's Creative Commons repository, has spawned a video cut together from Aussies' shots of the epic Brisbane Zombie Walk. Video: Outbreak: Brisbane Zombie Walk 2009 (Thanks, Gary!) Previously:Australian Broadcasting Corporation launches Creative Commons ... ... More.
RSS Feed
So is this the mythical "magic lantern" software the FBI claimed to have a couple of years ago?
And the FBI are in your computer looking for..kiddie porn? State secrets? What else could they be looking for?
It's probably a thin book, those cases where this tech has actually provided evidence that could be introduced in a court of law: my guess, only in cases where the possession of that info (kiddie porn only, AFAIK: is the mere possession of "classified" info an imprisonable crime in the USA?), without anything more, is enough to get you a long stretch in jail.
amd if they can get in to look for kiddie porn, they can get in to put in some kiddie porn.
Interesting... according to this you get infected with the FBI spyware by clicking a link. This would seem to rely on specific vulnerabilities in specific browsers; that is, internet explorer. And even then, only versions of internet explorer in which the vulnerability hasn't yet been patched. It could also be an activeX control that a page tricks you into running, but again, it requires IE.
I'm not buying it. In the six hundred other pages of documentation that weren't released at all, I'm sure there's information about other attack vectors. I can't imagine the FBI being helpless against anyone who does something as trivial as using firefox or keeping IE updated with the latest patches.
I'd fully expect this kind of software to use every known remote code execution vulnerability in windows, and maybe a few that aren't yet publicly known.
What makes me nervous is that these technological idiots will eventually have some sort of useful system, and what will they do when that happens?
Eh. People get worked up about this kinda "emerging secrets" stuff, but the more mundane well-documented programs and capabilities such as CALEA are far more worrying, if you're familiar with what something like CALEA can do.
Call it "wiretapping" but that implies cutting into a wire with some alligator clips and attached gadgets in some basement somewhere.
With CALEA, the FBI can themselves just call up a live copy of your phone traffic and send it into their offices.
Do they need a warrant? Well, they probably get one only after they find that there are interesting things going on worth making an arrest for.
With NSA they scoop up huge volumes of traffic and then have computers search for the interesting bits. If they have ever bothered getting warrants, etc..., they probably do so only in those rare cases when they will have to make it obvious to the public they were listening.