I take a week off to get my head out of a reality distortion field, only to learn I missed something so eerie… check it…
On July 18, Ars Technica reported that a person making bomb hoaxes was busted by the FBI’s use of spyware on the suspect’s computer. The spyware in question is called the “Computer & Internet Protocol Address Verifier” (CIPAV), and was installed on the suspect’s laptop remotely and silently to monitor his activities… like any spyware would be installed.Wired has more details on the malware along with the data the “program” collected.
This isn’t the first time malware was used by law enforcement: In 1999, a key logger was used to snag mobster Nicodemo Scarfo. Recently, an appeals court made a decision on a case where the DEA used key loggers to trap two suspects because they were using PGP and Hushmail (Link to CNET story). The court sided with the DEA citing “probable cause” in the case. The court also added:
“e-mail and Internet users have no expectation of privacy in the To/From addresses of their messages or the IP addresses of the websites they visit because they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service provider and other third parties.”
This may not sound like much of a big deal… until you consider that we’re currently under an illegal (and most likely unconstitutional) NSA surveillance program. Now we have our privacy being slowly chipped away in the name of “national security” and “probable cause” while those who are supposed to enforce the law are doing so by violating it.
Security Corrupted? According to a recent survey by CNET, security companies have their anti-malware software set to detect and remove police spyware. The companies were also asked if they had a government or court order to not scan police-malware. Most said no, but McAfee and Microsoft refused to answer the question. Remember: The NSA reportedly “helped” Microsoft to “secure” Vista.
For an anti-malware to ignore any type of malware is dangerous. If a black hat knows what malware is ignored, he can easily use the white-listed program to craft an unstoppable, irremovable menace. As if current malware isn’t enough of a problem, if a security program won’t detect a malware because of a court order, black hats will have a field day raping and hijacking our computers, and we can thank our government for “protecting” us from spam and identity theft.
Looks like we’re on our own with this one, folks.
