"A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show.
First reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a target's computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI's use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student.
But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases." - Wired
After reading this article this leads me to believe
- The FBI is possibly using 0day web browser vulnerabilities to deploy this.
- They are likely using known browser flaws against machines that aren't fully patched.
- They may be using intercepting proxies to inject this into HTTP streams of legit sites.
For those interested more in the CIPAV technology check out this FBI affidavit at http://www.politechbot.com/docs/fbi.cipav.sanders.affidavit.071607.pdf which describes the behaviors in more detail.