Identity Theft Expert Robert Siciliano

The US National Security Agency is probably the most sophisticated group of cyber security hackers in the world. Many will argue this point. The fact is without NSA, US STRATCOM, which directs the operation and defense of the military’s gigantic Global Information Grid, and US CERT, attacks on our critical infrastructures would be successful. Otherwise we’d be nsaliving in the dark, telephones wouldn’t work, food wouldn’t be delivered to your supermarket and your toilet wouldn’t flush.

These are not the same bumbling government employees you see on C-SPAN

The Obama administration is in process of completing an internal cyber security review and announcing its plans for its cyber security initiatives and who’s going to lead the charge.

The New York Times reports the NSA wants the job and of course is raising hackles amongst whiny privacy advocates and civil libertarians who fear the spy agency already has too much power. They worry the agency will monopolizes its powers. I’m all for checks and balances.

However, in order to detect threats against our nation, and other global computer infrastructures by criminal hackers, and terrorists — those in charge of cyber security must have full and unlimited access to networks.

There is certainly a legitimate concern here that any government agency with too much power can overstep citizens’ rights. However, coming from a security perspective, there are some very bad, bad guys cyber-terrorists out there who would like nothing more for you to be dead.

Here’s a glowing example of how this power is used for good.

Wired.coms Kevin Poulsen, should be required reading for anyone who breathes, reports on an FBI-developed super spyware program called “computer and internet protocol address verifier,” or CIPAV which has been used to investigate extortion plots, terrorist threats and hacker attacks in cases stretching back post dotcom bust.

This is James Bond Hollywood blockbuster technology that makes for a gripping storyline.

The CIPAV’s capabilities indicate it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL.

That’s the equivalent of a Crime Scene Investigator having fresh samples of blood for the victim and perpetrator and 360 degree crystal clear video of the crime committed.

The FBI sneaks the CIPAV onto a target’s machine, like any criminal hacker would using known web browser vulnerabilities. They further use the same hacker psychology that gets people to click the link in a Phish email tricking the target into downloading the and installing the spyware. They function legally like any illegal hacker would.

In once case they hacked a marks MySpace page and posted a link on fbi the subject’s private chat room, getting him to click it.

In another case the FBI was trying to track a sexual predator that’d begun threatening the life of a teenage girl he’d met for sex. The man’s IP addresses were anonymous from all over the world which made it impossible to track him down. Getting the target to install CIPAV makes it possible to find the animal.

Numerous cases are cited in the article including an undercover agent working a case described as a “weapon of mass destruction” (bomb & anthrax) threat, communicated with a suspect via Hotmail, and sought approval from Washington to use a CIPAV to locate the subject’s computer.

So while Big Brother may yield some scary power, criminals and terrorists are a tad scarier. I’ve always viewed the term “Big Brother” as someone who watches over and protects you. Just my take.

Like always, invest in identity theft protection and anti-virus solutions to keep the bad guys and the spyware out.

Robert Siciliano Identity Theft Speaker discussing spyware

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out for more information.

Be Sociable, Share!