Search

Subscribe

Enter your email address below to subscribe to our privacy and security newsletter.

Menu

• Home
• Business/Corporate
• Computer Security
• Digital Signatures
• Encryption
• Firewalls
• Intrusion Detection
• Just Plain Silly
• Personal Security
• Privacy
• Residential Security
• Security Blogs
• Security Consultants
• Spam/Anti-Spam
• Training
• Uncategorized
• Viruses
• Wireless Security

Who Is Cyveillance And Why Should You Care?

By Ian Scott

If you maintain a website, keep a blog, chat on IRC or other Internet “chat rooms,” you should be very concerned about a private corporation in the United States called Cyveillance.

Today, I was going through some web log files and discovered something strange. An IP address identifying itself as “Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)” and sometimes as “Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 3.51)” had been dowloading a number of html pages in minutes, sometimes even seconds. My first thoughts that whoever was downloading these pages must have been a super fast reader, or was simply clicking on links.

But then I noticed something else. This “browser” wasn’t downloading any of the images on the web pages! That’s a curious anomoly for a Mozilla 4.0 compatible browser.

In cases like this, Google is your friend. I typed in the first three quadrants of the IP address and quite a few links were returned. Seems that this IP address is used by a spider that some refer to as the “Cyveillancebot.”

So who exactly is Cyveillance? According to their website, they are a company that claims to be “Minding your business on the net” with their “comprehensive internet monitoring technology.”

Who are their clients? From what I can gather, the U.S. Government has used their services and Cyveillance also claims that half of the Fortune 50 companies are counted among their customers. As well, the RIAA is reportedly a client, presumably for information on illegal music sharing. However, Cyveillance won’t say who exactly their clients are. Who knows who they are sharing your data, posts, and comments with?

Sneaky Intrusion Methods

At first glance, it appears that Cyveillance is simply offering a service to corporations to assist them with copyright infringments, theft of data, and protection of trademarks. But this is definitely not all they do. According to their website, the not only monitor HTTP (website) traffic, but they also monitor IRC and Chat rooms. I don’t know about you but if I am in a chat room, I have a least some small expectation of privacy with those that are in that room. I would not expect that some bot is logging everything, keeping it in a database for further review and perhaps sale to another corporation or government.

As well, on the Government Solutions, one of their selling points is “Assisting in compliance activities such as monitoring for whistleblower information.”

What the heck is that all about? One can only wonder. What governments use the services of Cyveillance to monitor their citizens and employees? I suppose that this could be a round about way for Governments that claim to respect privacy, to purchase information from a company. Governments can then claim they don’t collect data. They just forget to tell you that instead, they purchase it in report format. Already nicely formatted for them.

Of course, Governments need to know who the “about to become” whistleblowers are on corruption and illegal government activities, right?

According to OpinionEditorials.com, the Cyveillance website was once quoted as saying,

As well as IRC and Web spidering, Cyveillance also claims to spider FTP sites. According to J.D. Meadows who operates the Cyveillance Exposed website, his logs show evidence that not only did the Cyveillancebot spider available content, but also tried to search the hard drive for other files and directories. Clearly if true, Cyveillance has participated in actions that are clearly illegal, immoral and unethical.

For one thing, many people use their own ftp sites to upload and backup personal files, or as a temporary holder of data so that it may be accessed from different locations. They don’t expect that some webspider is going to come along and try to access that ftp site.

For another thing, it is illegal to attempt to crack a computer, and by using search methods to simply look for information without knowing it is there, is against the law. It does not matter the method of cracking that is used. Simple methods are just as illegal as more complicated cracks.

Another problem with the Cyveillancebot is that it ignores the convention of looking for a robots.txt file. A robots.txt file has been accepted as a file that web spiders would try to access first before spidering a site for over a decade, known as the Robot’s Exclusion Protocol. The robots.txt contains directives for webspiders regarding content that the site owner doesn’t want the spider to search. Clearly in my log files, the Cyveillance bot did not request the robots.txt file, so it is ignoring this common convention.

And in doing so, it is using up bandwidth that I am paying for but in a use that I never intended. I did not invite Cyveillance to spider my sites so they could sell their data to others, and by ignoring my robots.txt file, they are in fact stealing my bandwidth in order to add to their bottom line.

Not only that, but they use deception to try to hide what they are. Legitimate search engine spiders will identify themselves as such. For instance, when Google’s spider comes to visit my sites, it identifies itself as: “Googlebot/2.1 (+http://www.googlebot.com/bot.html)”

After discovering this information about Cyveillance, I went through my log files and did a search for their IP address showing up. Sure enough, hundreds, if not thousands of files had been downloaded from my servers over the past month.

For a single website owner who is concerned about this, they could use the .htaccess file to stop the Cyveillancebot from accessing their site. I didn’t have time to do that, and instead firewalled the IP range off.

Wondering if the Cyveillancebot has been visiting your site? Search your website logs for this: ‘63.148.99′ I’d be interested to know how many of you discover visits from this deceptful spider.

If the U.S. and Canadian Governments were as concerned about privacy as they claim to, companies like Cyveillance would not exist. Sure, when you post something up on your website or blog, it is public. But I doubt very much that you posted with the expectancy that some spider was going to come along, mine your data, and use to sell to others.

I’m certainly not going to let a spider like that steal resources that I’m paying for.

And of course, there is the even more sinister issue of surveillance of IRC and chat rooms that Cyveillance claims to do. If you really want some privacy, it’s time for you to think about Open Source software and chat programs that are capable of encrypted sessions.

What are your thoughts on this? Have you experienced Cyveillance visits? Doing anything about it? What about the possible surveillance of your chat sessons?

Read more in: Privacy |