CNET reports obtained a court order last month to install spyware on a PC to trace the location of someone who was e-mailing bomb treats to a high school near Olympia, Washington.
Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb-threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections.
The suspect, former Timberline High School student Josh Glazebrook, was sentenced this week to 90 days in juvenile detention after pleading guilty to making bomb threats and other charges.
While there's been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn't said much about it since. The two other cases in which federal investigators were known to have used spyware--the Scarfo and Forrester cases--involved agents actually sneaking into offices to implant key loggers.
The FBI calls its spyware CIPAV, or Computer and Internet Protocol Addres Verifier. How this program works is unknown as its classified as a law enforcement sensitive investigative technique.