E-Threats

ComputerCOP: The most dangerous way to spy on your kids’ online activity?

It’s perfectly understandable that many parents are concerned about what their children might be doing on the internet.

Are they the victims of cyberbullying? Discussing drugs or joining criminal gangs? Visiting adult websites? Being groomed by paedophiles or sharing inappropriate photographs online? The list goes on…

But one thing you need to be very careful about is what technology – if any – you use to guard your children.

Therefore, it wouldn’t be any surprise at all if many American households chose to try out ComputerCOP – a piece of software handed out hundreds of thousands of times by law enforcement agencies to parents and guardians.

There’s only one problem. ComputerCOP is spyware, and so carelessly engineered that it can actually leak private information about your children and other computer users to hackers.

That’s the verdict of the Electronic Freedom Foundation (EFF) which has taken an indepth look at ComputerCOP and determined that it is “neither safe nor secure.”

“…we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.”

What is more – the fact that law enforcement officers are freely distributing the keylogging software means that it could be used by stalkers, work rivals, jealous partners and domestic abusers to spy on their victims.

The EFF says that it has uncovered evidence that approximately 245 agencies in more than 35 states have used public funds to purchase and distribute ComputerCOP. In at least one case, a sheriff’s department bought a copy of the software for every family in his county.

Those are alarming statistics, when you understand that ComputerCOP dangerously transmits its keystroke logs entirely unencrypted across the net, meaning that many types of information (such as passwords, credit card details and telephone numbers) could be scooped up by a hacker.

The only silver lining therefore, is that the EFF reports that the ComputerCOP software is so clunky, impractical to use, and difficult to install that chances are that many families have hopefully chosen to ignore it.

Curiously, some law enforcement advocates of ComputerCOP haven’t taken well to the EFF report. For instance, in San Diego district attorney Bonnie Dumais issued a warning about ComputerCOP’s keylogging feature but continued to make it available to the public, seemingly unconcerned by how the software could be abused.

The San Diego District Attorney’s office has spent $25,000 purchasing thousands of copies of ComputerCOP, according to media reports.

It sounds to me like ComputerCOP isn’t protecting children at all, and might in fact be putting children (and indeed adults using the same computer) at greater risk. The only thing that seems to be enhanced by using the software is the parents’ false sense of security.

Sadly it seems that the law enforcement agencies who together spent hundreds of thousands of dollars purchasing the software might be too concerned about the fallout to do the right thing, and properly warn the public that the software they were given was not just flawed but actually putting them at risk.

The full report investigating ComputerCOP is recommended reading. You can check it out on the EFF’s website.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

2 Comments

Click here to post a comment

  • It is (remains) beyond my comprehension why both private persons and gov’t organizations just as well simply prove to be be too stupid to think about what they’re doing when it comes to security. Oh, how well all of this bodes for our surveillance society that we are definitely creeping towards…. “Don’t worry, we will know what is good for you. Meantime, we f-up big time.”

  • Good article ! I loved the analysis , Does someone know where my business could possibly get ahold of a template CA BOF 4546 example to edit ?