The FBI has been using an in-house spyware program for several years to monitor the activities of suspected online criminals and hackers, according to recently released documents. The documents, obtained by Wired.com, show that the FBI was able to plant the program on target machines by encouraging their subjects to click on a link that silently installed the software.
The software is known as the “computer and Internet Protocol address verifier” and has the ability to sit silently on a PC and record a variety of activities, including keystrokes and the Web sites the user visits, Wired.com reports. It also has the ability to take an initial reading of the infected PC’s setup, including its MAC address, IP address, open ports, OS version, running applications and other data.
The FBI’s use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student.
But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases.
The FBI has been using the CIPAV for a number of years in a variety of cases, Wired reports, including child pornography and computer crimes.