ComputerCOP: The Dubious 'Internet Safety Software'

As some of you know and understand, the federal government has been aggressively monitoring and storing average citizens personal data officially since 2007. 2007 was when the PRISM project and many of it's connected projects were approved by the secretive FISA court. While many of us suspected this kind of monitoring had been going on long before, Edward Snowden confirmed it with no room left for doubt.

The software program ComputerCOP has been used by police departments around the country for some time now. It's been marketed as a tool to help parents protect their children's internet usage by monitoring what they do online. 

Police chiefs, sheriffs, and district attorneys have handed out hundreds  of thousands of copies of the disc to families for free at schools,  libraries, and community events, usually as a part of an “Internet  Safety” outreach initiative. The packaging typically features the  agency’s official seal and the chief’s portrait, with a signed message  warning of the “dark and dangerous off-ramps” of the Internet.

So on the surface, to a parent this sounds like a pretty good thing. A tool to help keep their children safe from the dark pits of the internet that we all know exist. Too bad it's not actually that.

As official as it looks, ComputerCOP is actually just spyware, generally  bought in bulk from a New York company that appears to do nothing but  market this software to local government agencies.

It's a keylogger. More disturbing however, is that it's a keylogger that stores all logged data on unencrypted, non secure servers connected to the internet.

The way ComputerCOP works is neither safe nor secure. It isn’t  particularly effective either, except for generating positive PR for the  law enforcement agencies distributing it. As security software goes, we  observed a product with a keystroke-capturing function, also called a  “keylogger,” that could place a family’s personal information at extreme  risk by transmitting what a user types over the Internet to third-party  servers without encryption. That means many versions of  ComputerCOP leave children (and their parents, guests, friends, and  anyone using the affected computer) exposed to the same predators,  identity thieves, and bullies that police claim the software protects  against.

In essence the cops are giving people a spyware program that not only DOES NOT PROTECT the data logged, it , in fact, makes these families more vulnerable to threats on the internet. 

EFF conducted a security review of ComputerCOP while also following the  paper trail of public records to see how widely the software has spread.  Based on ComputerCOP’s own marketing information, we identified  approximately 245 agencies in more than 35 states, plus the U.S.  Marshals, that have used public funds (often the proceeds from property  seized during criminal investigations) to purchase and distribute  ComputerCOP. One sheriff’s department even bought a copy for every  family in its county

On both Windows and Mac computers, parents can also set ComputerCOP up  to email them whenever chosen keywords are typed. When that happens, the  software transmits the key logs, unencrypted, to a third-party server,  which then sends the email.

Are we beginning to see the problem here? Keyloggers have traditionally been tools for malicious hackers, spies, and employers who want to monitor their employees computer usage. This program touted around by law enforcement agencies is a pre packaged, easy to use spy suite. Furthermore the data passes through unencrypted servers and leaves it exposed to whoever gains access to those servers, be that blackhats, alphabet agencies ( o hai NSA), thieves, you name it.

The lack of encryption is even more troubling. Security experts  universally agree that a user should never store passwords and banking  details or other sensitive details unprotected on one’s hard drive, but  that’s exactly what ComputerCOP does by placing everything someone types  in a folder. The email alert system further weakens protections by  logging into a third-party commercial server. When a child with  ComputerCOP installed on their laptop connects to public Wi-Fi, any  sexual predator, identity thief, or bully with freely available  packet-sniffing software can grab those key logs right out of the air

Some of you may be familiar with a packet sniffing tool called Wireshark? 

A screen cap of Wireshark data from intercepted keylogs ^^

The EFF information goes into further and equally disturbing details of what boil down to LIES about who endorsed this program for law enforcement agencies to spread around...

For one, ComputerCOP claims that it is endorsed by the American Civil Liberties Union (ACLU) .... When asked about the origin of the ACLU endorsement, DelGiorno told EFF  that someone from the ACLU recommended the software in a Newsday article as the “most non-intrusive of the products as it did not filter web pages nor block user access to them.”

No, it doesn't block access to web sights, it logs all your families sensitive information in the most unsecured way possible. Oh yeah, Newsday was unable to locate any article with that claim, and the ACLU? Well:

“I can say unequivocally that it was not an endorsement of the product,"  ACLU of Michigan Deputy Director Rana Elmir told EFF. "Our position as  an organization is not to endorse technology like this.”

So what have we learned? Law Enforcement agencies around the country are totally full of crap, for starters. Also, they are either too incompetent to know the incredible security risks for the families they give this software to, OR, they know exactly the holes in this software and use them to spy. When i say that I don't mean local police departments, even though it would be possible for them to do so. I'm referring to the king of feds. The NSA. For an agency that supposedly has National Security as it's top priority, they love to use blackhat techniques. All they would have to do is provide some of these third party servers to ComputerCOP and boom: all your data are belonging to NSA. And if you think thats out of the realm of possibility I urge you to Google a couple things: shell companies, Utah data center, PRISM, Blarney, Bonesaw, and XKeyScore.

Theres better ways to keep children safe on the internet. Hell you can do it through the options on most web browsers. ComputerCOP is one of the worst examples of state sponsored spyware this internet denizen has ever seen, and you should all be aware of that.

Thanks and compliments to the EFF and Dave Maass for watching our backs in the age of government lies and massive data surveillance.

Source

List of agencies that have distributed ComputerCOP

How to remove ComputerCOP from your PC

How long before we find out the government is recording our thoughts?

Well, they are now, but I mean directly from your cranium. Its a possibility no?

a reply to: nrd101

I'm not sure about reading our minds, but they are certainly able to generate a profile of individuals using some little things called cookies. It's known as cookie profiling. You may or may not be familiar with it, but have you ever wondered why the adds you see on google, or yahoo, and other popular sights seem to all be related to things you like? Thats because your data has been recorded, and based on browsing and search history, they do know what you like.

Almost every websight uses them, and the data they collect is often sold to other companies for proffit. It may not be as sophisticated as mind reading technology, but it sure can tell a lot about an individuals thoughts in terms of what they like, the products they purchase online, and the sights they choose to visit.

What is cookie profiling?

Well done. S&F.

Yes, there are better ways to keep children safe on the internet. Stop shielding their eyes to everything, and start educating them about the world they live in. If we don't, the system will. But then, that would require parenting skills. Nevermind.

Amerika, land of the free,
Home of Big Brother.

a reply to: Klassified

Agreed, and a point well made.

I had thought of posting something similar in the OP but decided for this thread my opinions on parenting don't matter much.

Also, to be fair, the average American family hears about something like ComputerCOP and goes 'this is great! now i can control my childs internet activity better'. That's one of the devious aspects of this program. Your average computer/internet using family wouldnt think to look into potential security risks or where their personal data may end up when using this program. Especially because it's from law enforcement.

All in all it seems nefarious to say the least, if not an outright attemt at another data monitoring tool from our friendly alphabet boys.

a reply to: Klassified

Good sleuthing OP.

Parents need a resource for them to go to when they aren't so sure about how internet security works. No disrespect but many don't have the computer knowledge or the time needed to protect their children online, after all there are more pressing concerns such as feeding and clothing their tots.

I'm not a parent myself but a website that provided trusted advice and security programs would be invaluable to parents, and if they had that resource then they'd be less likely to accept a dubious disc from an official and take matters into their own hands.

The best computer security for parents is to be sat next to them and be able at a moments glance just stop whatever they're doing should it not be suitable, any computer software is pretty much 4th rate at best and while it can provide some basic filtering so they can't visit known dubious sites it can never beat parenting done properly so they explain why they shouldn't visit that site as a big banner saying "you can't view this stuff" will just get them more interested and unless you're pretty good with tech yourself they'll just google on how to break it all and be doing what they want anyway.

but anything that keylogs will generally have to store it in a manner that it can be restored in some manner and its got to be simple as most parents wont want to type in 60 character passwords to know what their kids typing and these days with multi machine homes being popular there should be the option of storing it on another machine on the local network but its hard to see if that wireshark is logging truely outgoing to the net traffic or just local network traffic being recorded to perhaps the parents machine

a reply to: Maxatoria

ComputerCOP doesn't filter sites at all. It logs all data from the PC it's installed on and sends it to unencrypted servers connected to the internet.

The wireshark capture was from packets sniffed over a wireless network running ComputerCOP during the transfer of an automated email alert. Notice the bottom of the wireshark capture where it says Reassembled SMTP (Standard Mail Transfer Protocol).

a reply to: AnonyMason

Still a bit unsure as theres some to a 64.x.x.x address and some to a 10.x.x.x and on my screen i can't see what matches up with what but if wireshark can read any SMTP commands then theres something wrong for such a product as slapping some basic SSL onto it aint hard so i sense idle dev's who are just following the RFC's and also idle parents who just want to be able to click on an email and see what the little ones have been doing and probably even if the software had used encryption to the server it may of been open text on the way back down

Good work op, I hope your posting it plenty of other places too? because parents need to hear about it!


Healthy properly educated children dont need to be spied on. Nothing I hate more than parents who spy on their kids!

a reply to: Maxatoria

Jesus, please learn to use punctuation.

Wireshark sniffs packets. If those packets contain cleartext unencrypted data, like the one shown in the image, by inspecting that packet you can see that data.

This is not a wireshark lesson. If you want to learn how to use it properly RTFM.

a reply to: VoidHawk

It's making the rounds on other sights/forums as well. I made this thread specifically for ATS, but a quick google search will bring up the others.