Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Crime Privacy Portables Security Your Rights Online

FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn 346

Posted by Soulskill
from the lesson-learned-always-spy-on-your-kids dept.
nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."
This discussion has been archived. No new comments can be posted.

FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn

Comments Filter:
  • by alen (225700) on Friday November 30, 2012 @02:36PM (#42146003)

    the prinicipal was a moron for using a school computer. if it was his own computer then a search warrant would apply.

  • Some Clarification (Score:5, Informative)

    by PuckSR (1073464) on Friday November 30, 2012 @02:49PM (#42146231)

    The "FBI" didn't wipe his computer. He simply asked his co-workers for some help. Apparently neither he nor they were particularly tech-savvy so he took it to a computer shop. He probably asked the shop owner to remove "all of my kid's games and stuff". I imagine that this spyware tries to mask itself so that kids cant just find it and uninstall it. The shop owner probably just uninstalled all of the "games and stuff" and then returned it.

    The problem is that a person who was so confused by removing software that he had to go to a "computer shop" is trying to tell you what he did. He didn't get the FBI to clean the machine, he simply asked his co-workers who didn't know either. This also happened in Saipan, not New Jersey. The FBI has a small office, not a high tech lab.

    The FBI agent screwed up by not notifying authorities immediately(he tried to solve the case himself), but he was probably concerned that the evidence wouldn't hold up in court. Lucky for everyone, the Judge seems like he was willing to stretch the letter of the law to punish a clearly guilty man.

  • Re:Two stories here (Score:5, Informative)

    by dinfinity (2300094) on Friday November 30, 2012 @02:49PM (#42146253)

    Yes, that or the submitter deliberately misquoted the article:
    "Auther first took the laptop to his FBI office and asked his colleagues how to wipe it clean. Apparently they don’t have many cyber experts in the Mariana Islands, because they were unsuccessful. So Auther had to instead take it to a computer repair shop, which cleaned out the old files and allegedly reimaged the hard drive to return it to its original settings."

    Sounds to me like there wasn't any professional FBI 'scrubbing' involved, just some guy going to work and talking about wiping a laptop by the water cooler.

  • Re:Fraud? (Score:5, Informative)

    by Baloroth (2370816) on Friday November 30, 2012 @02:51PM (#42146277)

    He didn't use internal FBI resources, hence the computer repair shop. He asked his friends at the FBI if they knew how to clear the laptop. They didn't, so he took it to the shop. That's hardly using FBI resources (the summary is more than a little misleading).

    Agreed on the shop, they sound pretty incompetent.

  • by black3d (1648913) on Friday November 30, 2012 @02:59PM (#42146425)
    The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. They'll usually survive a low level format in the same manner. "Whats that? You want to change one of my bits to 0? Okay.. umm.. Done! *cough*". You can generally reliably remove rootkits by taking the drive out, putting it into an external drive bay (so its not present on a PC while booting), connect the drive when your PC is started up and then format it with none of its code executing.

    However, if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner. In fact, to spot it, you'd really have to use some imaging software with comparison checksums so that after the the imaging it can make sure everything is as it should be. While the rootkit can happily inform that "nothing is there", it can't predict what should be there in an imaged drive, and would be caught out that way. However - thats not how 99% of us format drives, especially since most don't have MD5d images of other peoples hard disks, or don't put them in external caddies before doing so. :P
  • by screwdriver (691980) on Friday November 30, 2012 @03:02PM (#42146491)
    Nope. I've used the software mentioned in the article before, and it would most certainly not survive a proper HD re-image. The computer shop either didn't re-image the HD like they said they did, or the FBI lied about taking it to a computer shop in the first place.
  • by chemicaldave (1776600) on Friday November 30, 2012 @03:21PM (#42146745)
    The agent shouldn't have needed to take it to a repair shop in the first place. SpectorSoft's own FAQ section states "eBLASTER ... cannot be uninstalled without the eBLASTER password YOU specify..." Sounds like the guy forgot the password AND the shop didn't do its job.
  • by MichaelSmith (789609) on Friday November 30, 2012 @03:33PM (#42146937) Homepage Journal

    I once bought a computer from a small shop which I intended to use as a linux server. The shop put windows on it as a test and right before they gave it to me told me they would wipe the disk "so I couldn't use their copy of windows". The guy hit enter on some erasure program and immediately said "okay thats done" so obviously it wasn't erased, just unlinked.

  • by Anonymous Coward on Friday November 30, 2012 @05:41PM (#42148991)


    #!/bin/bash
    echo "Wiping drive sda...Do not interrupt."
    dd if=/dev/zero of=/dev/sda
    dd if=/dev/one of=/dev/sda
    echo "Performing 7 random overwrite passes...Do not interrupt."
    for i in `1 2 3 4 5 6 7`
    do
        dd if=/dev/random of=/dev/sda
    done
    echo "If you did not interrupt the process then the drive wipe has completed successfully."
    exit 0

  • by StayFrosty (1521445) on Friday November 30, 2012 @07:39PM (#42150457)

    [quote]dd if=/dev/random of=/dev/sda[/quote]

    I would suggest using /dev/urandom as the random number generator used by /dev/random will likely run out of entropy long before the first pass completes.

  • by dougmc (70836) <dougmc+slashdot@frenzied.us> on Saturday December 01, 2012 @02:10AM (#42152757) Homepage

    Will the above take seconds, hours, or a century?

    Not sure about a century, but months seems likely on a modern disk.

    1) dd without a fairly large block size is very slow at copying hundreds of gigabytes of data.

    2) /dev/random (on Linux, anyways) only gives as much random data as it can generate from the entropy available to it -- which isn't much. /dev/urandom would be much faster (and more than random enough, especially after seven passes.)

You might have mail.

Working...