New classified documents have surfaced which show a sophisticated and influential spyware used by the FBI in crucial stages in various federal investigations involving cases of extortion, terrorist plots and hacker attacks – some of them as far back as seven years ago.

 CIPAV, short for "Computer and Internet Protocol Address Verifier", was designed to gather information from a target computer and send it secretly to an FBI server based in Virginia. The first knowledge of this software being used was back in 2007 when the FBI used it to trace email bomb threats sent to a Washington state high school to a 15 year-old student.

However recent documents released Thursday show that the CIPAV was a very popular program to use by federal agents that the Department of Justice warned that this may lead to electronic evidence being dismissed in courts due to the potential rampant misuse of CIPAV. These documents were released to the public under authority from the Freedom of Information Act. According to the document, while it is an invaluable technique at the FBI's disposal, concerns are raised that the CIPAV might be used needlessly in some cases without any major benefit.

The document does not detail the specifications nor the technical procedures of the program, but an FBI affidavit from 2007 it sends the target computer's IP address, MAC address, the version of operating system used (as well as the serial number), default internet browser, and the machine's registered owner and registered company name. It also current data, such as the currently logged in user, any open ports, a list of programs currently running, and the website currently being viewed by the user. After sending this initial data, CIPAV then hides itself within the machine and records all Internet use, including the IP addresses of every server the machine connects to.

It is also hinted that the FBI may use browser vulnerabilities to sneak CIPAV into target machines. However, in many cases the FBI would host CIPAV on a website, and would find ways to trick the target users into accessing the URL in order to infect the machine with CIPAV. In some cases they would leave the URL on the target's MySpace chatroom.

From the document, it would seem that the primary use of the program is to track down suspects online, particularly those who use proxy servers to hide their original IP addresses. Several cases in the document illustrate this including one in 2004 where the FBI used CIPAV to track down a man cutting off telephone, cable TV and internet service lines in Boston.