FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn 346
nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."
Re:I'm still trying to wrap my brain around... (Score:5, Interesting)
Or.. or... The computer repair shop doesn't know what they're doing
My money's on it's something like this [theregister.co.uk]
Re:Fraud? (Score:3, Interesting)
DBAN is not foolproof. Just the other day I started it up, and the kernel didn't register my hard drive. Started happily erasing my boot stick, and I never would have realized the difference had I not been paying attention.
(Had to go tweak the BIOS a little)
Re:My mind is melting. (Score:4, Interesting)
I won't lie: any day one of these child porn scumbags is caught is a good day.
But the real question is... are you super mega anti-child porn?
Re:Fraud? (Score:3, Interesting)
Shouldn't the shop that supposedly "re-imaged" it busted for fraud? One also might wonder why an FBI agent is using internal FBI resources to "scrub" a non FBI machine that isn't part of an investigation. Finally, these morons don't know about DBAN???
I've been a Slashdotter for 15 years and I had never heard of DBAN until reading your comment and Googling it. Your other two points are pretty solid, though. What the hell happened?
Re:I'm still trying to wrap my brain around... (Score:5, Interesting)
...the spyware surviving a cleaning by a computer repair shop and the FBI...
Pretty astounding, when you consider he knew what he installed and it comes with de-install directions [spectorsoft.com].
Quoting the FAQ:
Tamper-Proof Technology
eBLASTER does not show up as an icon, does not appear in the Windows system tray, does not appear in Windows Programs, does not show up in the Windows task list, cannot be uninstalled without the eBLASTER password YOU specify, and eBLASTER does not slow down the operation of the computer it is recording. eBLASTER does not initiate connections to the Internet and will only forward email and send activity reports when the monitored computer is already connected to the Internet. All of these features make it extremely difficult for unauthorized users to locate and/or remove eBLASTER.
Re-imaging the computer from original installation media should have done it, but I suspect that the shop he took it to did not have
that media, or the Certificate and wasn't about to use their own copy, and simply removed the user account.
I can see the FBI not wanting to waste their time and resources on what was his personal project, and sent him to a private shop.
Good on them if that's how it went down.
But the guy running that private shop might be open to a civil suit by the principal.
Re:I'm still trying to wrap my brain around... (Score:5, Interesting)
...the spyware surviving a cleaning by a computer repair shop and the FBI...
It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.
Or.. or... The computer repair shop doesn't know what they're doing.
And/or... (more chillingly) The FBI doesn't know what they're doing.
Re:with no warrant (Score:4, Interesting)
I try to be very careful about what I use other's equipment for. When I was younger I was less careful about computers, but then when i was younger there was not 10 years of ruling saying that there is no expectation for privacy if you use employers stuff. For instance, is there anything to stop your employer from listening to your telephone calls on phones the employer owns and pays for the operations. Not really. So we bring cell phones to work that we pay for completely. There is no ambiguity if an employer taps a personal phone.
Stories like this are important because it reminds us that using things we don't own for questionable purposes is not really such a good idea. Clearly older people, who grew up in a time maybe when assets were not tracked as carefully as they are today, or younger people who have not learned how carefully things can be tracked, need to hear this lesson. Clearly some believe that that you can steal equipment, use it for illegal activity, and still deserve the full protection of the law.
Re:Fraud? (Score:5, Interesting)
I work for the FBI, and while I am not familiar with this incident, I'm pretty sure there will be some administrative inquiry into misuse of gov't time & resources, especially since it has made us look bad in the press. I'll have to wait for the next quarterly report on ethic violations (which are always hilarious to read, some people are fucking idiots).
Re:Bios flashed spyware? (Score:5, Interesting)
The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. [...] if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner.
If they used the Windows setup disk to nuke the drive, how did the rootkit get on the DVD? How did the rootkit stay running after a reboot? You're almost on the right track, but BIOS/EFI infection is the answer you're looking for (or HDD firmware). The rootkit has to be running before any OS boots up. Even a boot-sector virus won't survive a disk-wipe, so there had to be a re-infection method.
Re:Fraud? (Score:5, Interesting)
They might well understand about DBAN. However, this is what I think happened. The last paragraph is most important.
Something like this is likely as not what happened:
FBI dad is sent to "Saipan in the U.S. territory of the Northern Mariana Islands", an FBI office with three agents and a manager. FBI dad installs spyware on kid's school computer. FBI dad is transferred to new location. He goes to his friends in the local FBI office and asks them to scrub the computer. Either A) there aren't any FBI computer experts in Saipan (quite possible), or the local expert says, "I can wipe it, and I could run the restore software, but there's software on there the school installed that I don't have the disks or licenses for. Take it to a local laptop shop."
FBI Dad takes it to the local shop and says, "I want it restored to what it was like when my kid got it", or "I want you to wipe all my kids info off this laptop", or something similar. They say, "We'll do our best." They have the same problem the FBI expert has. If they DBAN the drive, they could destroy the restore partition, and they won't be able to reinstall the school-installed software. If they run the restore partition, the laptop is like it was before the school got it, and they still won't be able to reinstall the school-installed software. So, they remove all personal data and uninstall all software they think the school didn't install. Maybe they spot the spyware and think it is school installed, maybe they don't spot it, maybe they spot it and try to uninstall it, but instead of uninstalling it hides.
Regardless, they remove what they can without destroying the school-installed software and return it to FBI dad. He returns it to the school. Hilarity ensues.
Slashdot readers read a non-technical report on what happened, written by a non-technical writer, who got his information from non-technical reports made by yet more non-technical people, treats it as if the entire report is completely accurate and all technical terms used correctly, and more hilarity ensues.
Re:I'm still trying to wrap my brain around... (Score:5, Interesting)
Re:I'm still trying to wrap my brain around... (Score:4, Interesting)
I can't figure out why Windows lets a program remove itself from the list of programs in the task list. WTF!
I wonder if windows fudges the task list CPU numbers to add up to 100%?
Re:I'm still trying to wrap my brain around... (Score:4, Interesting)
Sounds like the FBI probably did a simple wipe by their IT and never gave it a s3cond thought that this spyware was so durable. The standing that it was OKed is so condtlitional it would never survive a wider scrutiny. In other words: Dumb luck prevails.
Also, the computer was school owned. The game would have been much different if it were private. It's akin to catching the principal doing it on the school's library computers.
Re:How to succeed as an FBI agen: a tutorial (Score:4, Interesting)
Dear random slashdot user,
The government isn't out to get you. They have better things to do. This story is anecdotal and at best a good laugh since some good came from it. Please refrain from making generalized statements about things you know zero about.
Thanks,
People who actually have dealt with the FBI