The CNet News Blog reports that the FBI used a novel type of remotely installed spyware last month to investigate the identity of someone who sent bomb threats to a high school in Washington state. The software, called CIPAV (Computer and Internet Protocol Address Verifier), is described in an affadavit filed by the FBI agent when applying for a search warrant.
CIPAV is a program deployed via e-mail or Instant Messaging. The program installs itself on the target computer or on a web account such as MySpace or Google Mail and then moves on to the target computer. Once installed, CIPAV searches the entire hard disk and sends the FBI a record of the names of all running programs, browser data, operating system type (including the serial number) and all user information from the registry. It records the URLs and IP addresses visited but not the contents of communications - a point which the FBI emphasised several times in their declaration.
Apparently this is the first time that the FBI's use of spyware to uncover a perpetrator has been publicly documented. By using CIPAV, the FBI was able to determine the identity of the former student of Timberline High School who had been terrorising the school with bomb threats for days. The juvenile had been using five different Google Mail addresses to issue his threats and also a MySpace account.