Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
ComputerCOP is a popular piece of software that is marketed as an Internet safety program. But when an EFF web developer and staff technologist analyzed the software’s security features, they found that it is actually just spyware. Local police and government agencies have convinced hundreds of thousands of parents to use the software to protect their children from online threats. But ComputerCOP does not provide online security, and can actually create additional Internet safety issues.
ComputerCOP is Spying Software Hiding in an Internet Safety Cloak
Law enforcement has been promoting ComputerCOP for years as the most basic tool that parents need for Internet security at home. Police officers and district attorneys say that it will protect children from the dangers of the Internet. But ComputerCOP is far from the Internet safety software that it claims to be. ComputerCOP is spyware that could allow anyone to keep tabs on all activities performed on a device that has the program installed.
Hundreds of thousands of families have copies of ComputerCOP, which has been distributed to parents at community events, libraries, and schools. It is admirable that law enforcement has taken a lead role in promoting Internet safety. But do they know that this “Internet safety” program is not safe? Do they know that it is spyware that people can use to snoop on anyone who has the program installed? Are they maybe actually giving it away so they can use it to spy on people? The New York based company that sells ComputerCOP to government agencies is also taking advantage of the law enforcement drive to encourage better Internet safety for kids. They make money, cops get to spy on people.
False Advertising Gives Parents False Hope for Internet Safety
To date, the US Marshalls and 35 states have more than 245 agencies that have been actively distributing ComputerCOP. They use public funds like money earned from the sale of seized property to buy and give out the software. But what are they actually endorsing? ComputerCOP comes with signed messages from local law enforcement and a letter that seems to come from the Department of Treasury. When EFF contacted this department to confirm, they immediately released a fraud alert. Looking further, two more fraudulent endorsements were found from the National Center for Missing and Exploited Children and the ACLU.
ComputerCOP advertises a basic search feature that doesn’t even work. It claims to search hard drives for bad keywords and scan media. But many times, the results are full of false positives that will only make parents nervous. And good luck looking for the real bad downloads among the tens of thousands of image results. The search feature includes the built-in icon sets of operating systems. It doesn’t even work for searches done on browsers other than Safari and IE.
Internet Safety is Destabilized by ComputerCOP
If you thought that marketing spyware as Internet safety software was bad, there’s more. The way ComputerCOP works puts user data at risk by using an unsecured keylogger feature. The keylogger saves and sends recorded keystrokes unencrypted. This means that sensitive personal information that is on the computer using ComputerCOP is being broadcast over the open Internet to third party servers and on to parents’ emails without protection.
Anyone who uses that computer becomes a prime target for bullying, identity theft, stalkers, and all the cybercriminals that ComputerCOP is supposed to keep them safe from. Plus, it opens them up to even greater threats like financial theft, social engineering scams and system hacks. We try hard to protect our usernames and passwords by not storing them on our devices. But then here comes ComputerCOP, recording every keystroke and sending it unencrypted for anyone to grab out of the traffic stream.
ComputerCOP also undermines other installed Internet safety features like the HTTPS Everywhere browser plugin and VPN encryption. ComputerCOP gets keystroke logs and other data before it gets encrypted and sends it to the servers. It therefore allows the sensitive data to escape and be made available to anyone who is looking.
ComputerCOP may have been a good tool 24 years ago when it first came out. But now it is just a poor excuse for Internet safety software. Police have taken the bait (probably because the product was endorsed by famous New York detective Bo Dietl) and promoted it without knowing that the program was actually more of a threat than a help. Law enforcement and local government agencies read the cover and figured it looked like a good enough Internet security package. The funny thing is that it took so many years for someone to blow the whistle on this sad piece of fake Internet safety software.