FBI-CIPAV.exe Is an Unknown Application. Install Anyway?
The email was sent over a newly made Gmail account, from overseas in a foreign country. Seeing as you’re too stupid to trace the email back lets [sic] get serious,” he taunted in another. “Maybe you should hire Bill Gates to tell you that it is coming from Italy. HAHAHA. Oh wait. I already told you that it’s coming from Italy.”
–Bomb hoaxer Josh Glazebrook
Now that the FBI has made “significant progress in decreasing the rate of loss for … laptops,” it can get on with the much more important business of using them to nab bad guys. Bad guys like former Timberline High School student Josh Glazebrook of Lacey, Wash., who pleaded guilty to emailing bomb threats and other charges after the bureau tracked him down with a piece of spyware called a Computer and Internet Protocol Address Verifier, or CIPAV. A remotely installed application, CIPAV logs a computer’s Internet protocol address, its open TCP and UDP ports, the type and serial number of the operating system it’s running, the registered user of that operating system, and that user’s login name, and then it sends them all along to the government.
Just how the FBI managed to install CIPAV on Glazebrook’s computer is anyone’s guess. Perhaps the bureau convinced security software makers to white-list the application so it could operate undetected. Or perhaps it exploited an unknown vulnerability in Windows. Of those two explanations, it’s the latter that seems most plausible. “It’s quite possible the FBI knows about vulnerabilities that have not been disclosed to the rest of the world,” Roger Thompson, CTO of security vendor Exploit Prevention Labs, told Wired. “If they had discovered one, they would not have disclosed it, and that would be a great way to get stuff on people’s computer. Then I guess they can bug whoever they want.”