By Kevin Poulsen
April 16, 2009
A sophisticated FBI-produced spyware program has played a crucial
behind-the-scenes role in federal investigations into extortion plots,
terrorist threats and hacker attacks in cases stretching back at least
seven years, newly declassified documents show.
As first reported by Wired.com, the software, called a "computer and
internet protocol address verifier," or CIPAV, is designed to infiltrate
a target's computer and gather a wide range of information, which it
secretly sends to an FBI server in eastern Virginia. The FBI's use of
the spyware surfaced in 2007 when the bureau used it to track e-mailed
bomb threats against a Washington state high school to a 15-year-old
But the documents released Thursday under the Freedom of Information Act
show the FBI has quietly obtained court authorization to deploy the
CIPAV in a wide variety of cases, ranging from major hacker
investigations, to someone posing as an FBI agent online. Shortly after
its launch, the program became so popular with federal law enforcement
that Justice Department lawyers in Washington warned that overuse of the
novel technique could result in its electronic evidence being thrown out
of court in some cases.
"While the technique is of indisputable value in certain kinds of cases,
we are seeing indications that it is being used needlessly by some
agencies, unnecessarily raising difficult legal questions (and a risk of
suppression) without any countervailing benefit," reads a
formerly-classified March 7, 2002 memo from the Justice Department's
Computer Crime and Intellectual Property Section.
Best Selling Security Books and More!