

FBI’s search for bomb threat suspect highlights use of malware for surveillance - RockyMcNuts
http://www.washingtonpost.com/business/technology/fbis-search-for-mo-suspect-in-bomb-threats-highlights-use-of-malware-for-surveillance/2013/12/06/352ba174-5397-11e3-9e2c-e1d01116fd98_story.html

======
enkephalin
>> _The FBI’s elite hacker team designed a piece of malicious software that
was to be delivered secretly when Mo signed on to his Yahoo e-mail account,
from any computer anywhere in the world, according to the documents._

i have to ask; could this secret delivery actually be anything else than an
executable file attached to an email?

edit: ok, they seem to use phishing attacks for this sort of thing. but both
methods definitely do not deliver anything just because you log in to your
yahoo account, as the article states.

~~~
dobbsbob
If yahoo sends you FBI made tracking and demasking cookies instead of a
regular one that would work though they claim they didn't help. Could also
have found out what vpn this guy used and had them redirect Iran originating
traffic to the FBI fake yahoo MITM login full of java exploits or sent him a
malware image and turned on image preview on his account.

So turns out this guy is just trolling on cruise control because why not, not
like he's going to be extradited for harassing Americans. Likely there's a
work station at every Iranian military base in the cafeteria that says 'troll
FBI here'

------
vezzy-fnord
FBI has been using malware for ages.

[https://en.wikipedia.org/wiki/Carnivore_%28software%29](https://en.wikipedia.org/wiki/Carnivore_%28software%29)

[https://en.wikipedia.org/wiki/Magic_Lantern_%28software%29](https://en.wikipedia.org/wiki/Magic_Lantern_%28software%29)

[https://en.wikipedia.org/wiki/Computer_and_Internet_Protocol...](https://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier)

Other governments as well:

[https://en.wikipedia.org/wiki/FinFisher](https://en.wikipedia.org/wiki/FinFisher)

Entire (legitimate) businesses are dedicated to selling malware for use by
governments and law enforcement agencies.

~~~
bediger4000
Carnivore (a.k.a. DCS3000 and DCS6000) isn't exactly "malware" \- it's the
system that resides in phone company/ISP machine rooms to do CALEA "lawful
intercepts" of email headers. See:
[http://en.wikipedia.org/wiki/DCSNet](http://en.wikipedia.org/wiki/DCSNet)

There have been rumors to the effect that the DCS systems run on Solaris, and
have been hacked and cracked so that other than FBI can monitor things using
it
([http://www.cooperativeresearch.org/context.jsp?item=a2003dcs...](http://www.cooperativeresearch.org/context.jsp?item=a2003dcsnethack#a2003dcsnethack)).

Also, calling a business that sells malware to Law Enforcement is something of
a stretch. If you mean "legitmate" as "lawful", then you're strictly correct.
If you want "legitimate" to also encompass "ethical", or "upstanding" or
something of that sort, then I don't see it.

~~~
vezzy-fnord
Are you sure Carnivore and DCSNet are presently related? I had thought DCSNet
and ISP-bound traffic monitors like Carnivore were separate.

That's interesting. Though I had always been stuck with the impression that
FBI technology primarily made use of Windows as an OS and Perl as a scripting
language.

I meant legitimate as in lawful.

