There’s a very interesting report on CNet about how the FBI used spyware to nab a variety of cybercriminals who committed crimes via email. Here’s an excerpt:

One suspect used Microsoft’s Hotmail to send bomb and anthrax threats to an undercover government investigator; another demanded a payment of $10,000 a month to stop cutting cables; a third was an alleged European hitman who was soliciting for business from a Hushmail.com account.

The FBI spyware, called CIPAV, came to light in July 2007 through court documents that showed how the bureau used it to nab a teenager who was emailing bomb threats to a high school near Olympia, Wash. (CIPAV stands for Computer and Internet Protocol Address Verifier.)

An affadavit written by FBI Special Agent Norman Sanders at the time said that CIPAV is able to send “network-level messages” containing the target computer’s IP address, Ethernet MAC address, environment variables, the last-visited Web site, and other registry-type information including the name of the registered owner of the computer and the operating system’s serial number. 

The report points out that although anti-virus programs should conceivably detect such spyware, not one of the major companies that make such software would admit to helping the FBI in getting their spyware through such filters. Pretty interesting. While it appears to be used only for good at the present time you do have to wonder what might happen if CIPAV were to fall into the wrong hands. It just goes to show that our emails and presence on the net aren’t nearly as anonymous as we’d like them to be.