Silk Road forums
Discussion => Security => Topic started by: kmfkewm on January 25, 2012, 02:03 am
-
Fun reading for those who think that using encryption and anonymity solutions, without paying attention to computer security, is enough to keep them safe.
https://secure.wikimedia.org/wikipedia/en/wiki/Cipav
https://secure.wikimedia.org/wikipedia/en/wiki/Magic_Lantern_%28software%29
The Computer and Internet Protocol Address Verifier (CIPAV) is a data gathering tool that the Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance. The software operates on the target computer much like spyware, whereas it is unknown to the operator that the software has been installed and is monitoring and reporting on their activities.[1]
The CIPAV captures location-related information, such as: IP address, MAC address, open ports, running programs, operating system and installed application registration and version information, default web browser, and last visited URL.[1]
Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.[1]
The CIPAV made headlines in July, 2007, when its use was exposed in open court during an investigation of a teen who had made bomb threats against his high school. [1]
FBI sought approval to use CIPAV from Foreign Intelligence Surveillance Court in terrorism or spying investigations.
Magic Lantern can reportedly be installed remotely, via an e-mail attachment or by exploiting common operating system vulnerabilities, unlike previous keystroke logger programs used by the FBI.[3][4] It has been variously described as a virus and a Trojan horse. It is not known how the program might store or communicate the recorded keystrokes.
Some more fun reading:
https://secure.wikimedia.org/wikipedia/en/wiki/Communications_Assistance_For_Law_Enforcement_Act
https://secure.wikimedia.org/wikipedia/en/wiki/Pen_register
https://secure.wikimedia.org/wikipedia/en/wiki/Trap_and_trace_device
https://secure.wikimedia.org/wikipedia/en/wiki/NarusInsight#NarusInsight
https://secure.wikimedia.org/wikipedia/en/wiki/NSA_warrantless_surveillance_controversy
-
The cipav documents have actually been declassified. I know I have them, I have to look around real quick.
-
Here's 900 pages of info on cipav for the few who care:
http://www.sendspace.com/file/9iuwo0
-
Here's 900 pages of info on cipav for the few who care:
http://www.sendspace.com/file/9iuwo0
I did a quick scan through the doc. I wish the leakers would stop whiting out EVERYTHING. It is nearly impossible to decipher what is going on in the thread of conversation.
Anyways, nice find.
-
It's not leakers that are to blame, it's the FBI's information security officers. :/ tl;dr cipav is a series of application level exploits, mostly through the browser or its plugins.