Insight On FBI Hacking Ops

New submitter krakman writes "The Washington Post has an interesting story about how the FBI can investigate and collect details from computers over the net, without knowing anything about the computer location. Here's an example of the FBI's network investigative techniques: 'The man who called himself "Mo" had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time. Mo remained elusive for months, communicating via e-mail, video chat and an Internet-based phone service without revealing his true identity or location, court documents show. ... The FBI’s elite hacker team designed a piece of malicious software that was to be delivered secretly when Mo signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents. The goal of the software was to gather a range of information — Web sites he had visited and indicators of the location of the computer — that would allow investigators to find Mo and tie him to the bomb threats. ... Even though investigators suspected that Mo was in Iran, the uncertainty around his identity and location complicated the case. Had he turned out to be a U.S. citizen or a foreigner living within the country, a search conducted without a warrant could have jeopardized his prosecution. ...But, [a court document] said, Mo’s computer did send a request for information to the FBI computer, revealing two new IP addresses in the process. Both suggested that, as of last December, Mo was still in Tehran.'"

This is why warrantless searches are OK!

[Anonymous Coward]

"Had he turned out to be a U.S. citizen or a foreigner living within the country, a search conducted without a warrant could have jeopardized his prosecution"

It is almost like there's no possible way they could get a warrant on this guy, right? So, clearly, this is just another example of why the government can completely ignore the 4th amendment for your own protection. Requesting a warrant is WAY harder than writing and distributing a complex piece of malware such as is described and might have slowed them down by about 12 seconds. Of course, the cost is only the destruction of rights for a few hundred million people; no big deal.

Yahoo! Custom! Spyware! Embed! Service!

[pepsikid]

Unless this Iranian troll was naive enough to open one of those "e-cards" that required a little "browser helper", this strongly suggests that Yahoo complied with the government's request to push spyware onto a specific member's computer. They could do this through the ad mechanism, or perhaps the all-new Yahoo! Email! has an embedded Patriot! Patch! facility built-in?

Re:Riiiight

[imunfair]

Well, either they emailed him a trojan and are trying to make it sound fancy, or Yahoo was letting them run exploits on the mail site targeted at specific users. Probably the former, but the latter is technically possible and wouldn't surprise me considering all the companies that have bent over for the government surveillance machine so far.

Re:Axis of evil, again

[BlueStrat]

I guess people started to forget that Iran is the arch-nemesis of the entire free world.

If Iran is the kind of arch nemesis the Free World gets nowadays, why is everyone so worried?

Right, like what has Iran ever done to the US and the West, anyway?

I mean, besides supplying training, logistical and intelligence support, safe refuge, and munitions to jihadists that kill US troops in Iraq & Afghanistan, and launch terror attacks and suicide bombings there and elsewhere against civilians including women and children, as well as military.

Oh, and grab Western tourists and hold them hostage.

Oh, and that little US embassy kerfluffle back in Jimmy Carter's administration that he handled so deftly.

But really, that's all ancient history. Has no bearing whatsoever. Why wouldn't we trust any diplomatic agreements or treaties made with them? Never mind there are Iranian officials openly mocking the idea of Iran actually obeying any meaningful restrictions to their nuclear ambitions in the recent "agreement" touted in the news and mocking the West for our stupidity to believe they would honor any such agreements.

That at the very least will cause Saudi Arabia and any others that possibly can to acquire nukes, and if the 13-Imam nut-cases in leadership positions in Iran like Ahmadinejad attempt or actually do nuke Israel, the entire world will explode in conflict, as I'm sure Israel will launch at least one wave of nukes in retaliation before the Iranian nukes clear their launch-towers.

Strat

Re:So VirtualBox to the rescue?

[BlueStrat]

Couldn't the FBI just ask Yahoo! for the IP address of the account that sent those messages?

I have one question (well, OK, lots of them, but meh).

Why the *hell* are we asking a domestic LE agency, the FBI , about this instead of the foreign data/signals intelligence agency, the damned NSA that supposedly exercises all this surveillance apparatus abusing everyone's 4A rights just for such foreign threats?

Really, WTF?

It seems like the FBI is chasing foreign enemies while the NSA is data-mining the shit out of the domestic population.

Some kind of kinky "role-reversal play' among government agencies?

Or a clear indication of who they believe is the real threat to their goals of more power, control, and wealth?

Strat

Re:Axis of evil, again

[MightyMartian]

The US could turn virtually every major urban area of Iran into radioactive craters, could wipe out most of its navy and air force in 48 hours and likely most of its anti aircraft capacity in pretty short order as well.

When I think of major threats I think of Japan in WWII or the USSR during the Cold War.