FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn 346
nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."
the judge is kind of right (Score:5, Informative)
the prinicipal was a moron for using a school computer. if it was his own computer then a search warrant would apply.
Some Clarification (Score:5, Informative)
The "FBI" didn't wipe his computer. He simply asked his co-workers for some help. Apparently neither he nor they were particularly tech-savvy so he took it to a computer shop. He probably asked the shop owner to remove "all of my kid's games and stuff". I imagine that this spyware tries to mask itself so that kids cant just find it and uninstall it. The shop owner probably just uninstalled all of the "games and stuff" and then returned it.
The problem is that a person who was so confused by removing software that he had to go to a "computer shop" is trying to tell you what he did. He didn't get the FBI to clean the machine, he simply asked his co-workers who didn't know either. This also happened in Saipan, not New Jersey. The FBI has a small office, not a high tech lab.
The FBI agent screwed up by not notifying authorities immediately(he tried to solve the case himself), but he was probably concerned that the evidence wouldn't hold up in court. Lucky for everyone, the Judge seems like he was willing to stretch the letter of the law to punish a clearly guilty man.
Re:Two stories here (Score:5, Informative)
Yes, that or the submitter deliberately misquoted the article:
"Auther first took the laptop to his FBI office and asked his colleagues how to wipe it clean. Apparently they don’t have many cyber experts in the Mariana Islands, because they were unsuccessful. So Auther had to instead take it to a computer repair shop, which cleaned out the old files and allegedly reimaged the hard drive to return it to its original settings."
Sounds to me like there wasn't any professional FBI 'scrubbing' involved, just some guy going to work and talking about wiping a laptop by the water cooler.
Re:Fraud? (Score:5, Informative)
He didn't use internal FBI resources, hence the computer repair shop. He asked his friends at the FBI if they knew how to clear the laptop. They didn't, so he took it to the shop. That's hardly using FBI resources (the summary is more than a little misleading).
Agreed on the shop, they sound pretty incompetent.
Re:Bios flashed spyware? (Score:5, Informative)
However, if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner. In fact, to spot it, you'd really have to use some imaging software with comparison checksums so that after the the imaging it can make sure everything is as it should be. While the rootkit can happily inform that "nothing is there", it can't predict what should be there in an imaged drive, and would be caught out that way. However - thats not how 99% of us format drives, especially since most don't have MD5d images of other peoples hard disks, or don't put them in external caddies before doing so.
Re:I'm still trying to wrap my brain around... (Score:5, Informative)
Re:I'm still trying to wrap my brain around... (Score:5, Informative)
Re:I'm still trying to wrap my brain around... (Score:5, Informative)
I once bought a computer from a small shop which I intended to use as a linux server. The shop put windows on it as a test and right before they gave it to me told me they would wipe the disk "so I couldn't use their copy of windows". The guy hit enter on some erasure program and immediately said "okay thats done" so obviously it wasn't erased, just unlinked.
Re:I'm still trying to wrap my brain around... (Score:3, Informative)
#!/bin/bash
echo "Wiping drive sda...Do not interrupt."
dd if=/dev/zero of=/dev/sda
dd if=/dev/one of=/dev/sda
echo "Performing 7 random overwrite passes...Do not interrupt."
for i in `1 2 3 4 5 6 7`
do
dd if=/dev/random of=/dev/sda
done
echo "If you did not interrupt the process then the drive wipe has completed successfully."
exit 0
Re:I'm still trying to wrap my brain around... (Score:5, Informative)
[quote]dd if=/dev/random of=/dev/sda[/quote]
I would suggest using /dev/urandom as the random number generator used by /dev/random will likely run out of entropy long before the first pass completes.
Re:I'm still trying to wrap my brain around... (Score:4, Informative)
Will the above take seconds, hours, or a century?
Not sure about a century, but months seems likely on a modern disk.
1) dd without a fairly large block size is very slow at copying hundreds of gigabytes of data.
2) /dev/random (on Linux, anyways) only gives as much random data as it can generate from the entropy available to it -- which isn't much. /dev/urandom would be much faster (and more than random enough, especially after seven passes.)