cryptogon.com news – analysis – conspiracies

May 1st, 2011

Via: Electronic Frontier Foundation:

What is CIPAV and How Does It Work?

The documents discuss technology that, when installed on a target’s computer, allows the FBI to collect the following information:

IP Address

Media Access Control (MAC) address

“Browser environment variables”

Open communication ports

List of the programs running

Operating system type, version, and serial number

Browser type and version

Language encoding

The URL that the target computer was previously connected to

Registered computer name

Registered company name

Currently logged in user name

Other information that would assist with “identifying computer users, computer software installed, [and] computer hardware installed”3

It’s not clear from the documents how the FBI deploys the spyware, though Wired has reported that, in the Washington state case, the FBI may have sent a URL via MySpace’s internal messaging, pointing to code that would install the spyware by exploiting a vulnerability in the user’s browser. Although the documents discuss some problems with installing the tool in some cases, other documents note that the agency’s Crypto Unit only needs 24-48 hours to prepare deployment.4 And once the tool is deployed, “it stay[s] persistent on the compromised computer and . . . every time the computer connects to the Internet, [FBI] will capture the information associated with the PRTT [Pen Register/Trap & Trace Order].5

Technology | Posted in Surveillance Top Of Page