Sniffer company details software's role in FBI sting

The FBI's clandestine sting against two Russian hackers accused of breaking into American Web sites, stealing credit card information and then trying to extort money from their victims, has opened new doors -- and a Pandora's Box or two -- in the realm of cybercrime investigation. The FBI used a sniffer program called Investigator to record the hackers' keystrokes and steal their passwords in order to access servers in Russia and garner evidence against the intruders. The bureau's actions have kick-started a firestorm of controversy over their methods, the hackers' search-and-seizure Fourth Amendment rights and whether the Russians, their computers or data are protected by U.S. law and whether Russian law applies to the FBI. SearchSecurity recently spoke to Richard Eaton, the president of WinWhatWhere, the company that created Investigator, about the software and its impact.

What are the long-range implications of the FBI's use of Investigator and their sting operation against the hackers? There are legal issues raised with what the FBI has done. For the first time, they've gone into another country and accessed information from a computer. That has never happened before. These guys (the Russians) had no expectation of privacy. Sure, there's been some of the 'these poor hackers' going around. But, this...

is the first time the FBI has used technology to go into a server in a foreign country. Investigator was apparently installed on two computers in Seattle and used to monitor the hackers' keystrokes to obtain their passwords to the Russian computers. How long has Investigator been around? Investigator has been around in one form or another since 1993. I would say this is the sixth or seventh version of the software and I've seen everything go by in that time. Most of our customer support time on the phone is spent with husbands and wives, mostly because they're not that computer literate. Most of our customer support is spent with that small percentage of our customer base, that's why they come to mind. How did you learn Investigator was the tool that broke the Russian hacker case? I read the Seattle Times article on the FBI-Russian hackers case and I said, 'hey, that sounds like Investigator.' I sent a friend of mine over to the courthouse for the case file and they handed it over to him. And there it was, in an FBI affidavit. I said 'Wow, look at that.' There have been other cases where I have suspected that Investigator was used, but we were never able to prove it. And the FBI would never go public with that information. Can you tell us about Investigator, how it works, who uses it and what it's used for? There's all sorts of uses for it. Who uses it? We've got everyone from disgruntled spouses using it, to parents with teen-agers, to small corporations, to large corporations to government agencies -- anyone who wants to know what's going on with their computer systems. Investigator software records everything that happens on a computer, from every file that's opened or moved, to where you've gone on the Internet to every keystroke that is made on a keyboard. All of it delivered in shocking detail. I run it on myself all the time and it reports things I don't remember ever doing. What kind of information does Investigator report? Investigator issues reports in spreadsheet format with rows and columns. The top row contains the user name, computer name, start time, elapsed time, date, the number of keystrokes ? raw and formatted keystrokes ? all in sequential order. And you can filter down your reports to receive just specific information.

FOR MORE INFORMATION:

Read the FBI's affidavit regarding their use of Investigator

searchSecurity has the Best Web Links on computer forensics

searchSecurity talks to a cyber detective in this news item: "Veteran sleuth on cutting edge of cybercrime investigation"

Dig deeper on Information Security Laws, Investigations and Ethics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close