In a twist of security irony, software that was supposed to help parents protect their kids online—and widely distributed by law enforcement agencies—was actually malware in disguise that could expose and capture sensitive information and now it has drawn the scrutiny of the Electronic Frontier Foundation (EFF).
ComputerCOP, a program from a New York company was sold as security software to law enforcement agencies across the country and became so popular as a “first step” for protecting children, that agencies have vigorously distributed it, many personalized with their own emblems, throughout their communities. But once installed the software sheds its “protective shield” and operates as classic malware. According to a blog post by the EFF's David Maass, the apparently poorly designed spyware features a keylogger that can steal login and other personal information, which can then be transmitted to third parties over the internet without the benefit or protection of encryption. Instead of protecting children (and their families or anyone using an affected computer), the program can expose them to outside prying eyes.
“By providing a free keylogging program—especially one that operates without even the most basic security safeguards—law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers,” Maass wrote.
Based on its own review and ComputerCOP's marketing information, EFF estimates that 245 agencies in more than 35 states, in addition to U.S. Marshalls “have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP.”
The privacy advocates also found that the company used “misleading marketing material” to hawk ComputerCOP, sending out a letter of endorsement that is reportedly from the U.S. Department of Treasury and another from the American Civil Liberties Union. The Treasury Department has issued a fraud alert and the ACLU letter appears to be fake. Another supposed endorsement, from the National Center for Missing and Exploited Children, has expired.
“ComputerCOP's interface is a throwback to an earlier, clunkier age of computing,” Maass wrote. “Indeed, its origins trace back 15 years, when software companies began to target a new demographic: parents worried about their children's exposure to all manner of danger and inappropriate material on the Internet.”