Is the Outrage Over the FBI's Seattle Times Tactics a Knee-Jerk Reaction?

reifman writes The Internet's been abuzz the past 48 hours about reports the FBI distributed malware via a fake Seattle Times news website. What the agency actually did is more of an example of smart, precise law enforcement tactics. Is the outrage online an indictment of Twitter's tendency towards uninformed, knee-jerk reactions? In this age of unwarranted, unconstitutional blanket data collection by the NSA, the FBI's tactics from 2007 seem refreshing for their precision.

No. Just no.

[Anonymous Coward]

Whoever thinks this is remotely a good thing needs to be beaten with a lead pipe. Not only is it clearly illegal, it's also a serious breach of trust.

Re:

[Mr D from 63]

Who trusts what they read on the internet anyway? Particularly by reading just one page of content that has no real meaningful impact to anyone but the criminal.

Anyone who doesn't validate what they read on the internet deserves to be......misled.

Re:

[BronsCon]

It is if you share the same bias.

Re:

[reifman]

The FBI told me that the text for the link simply said "article" and that the url was secret but did not include anything of The Seattle Times or Associated Press in it.

Why not? (Re:No. Just no.)

[mi]

Not only is it clearly illegal

Please, cite the violated law. Thank you.

it's also a serious breach of trust

Trust between which parties? The fake was sent to only one person — the suspect, who then became a convict. The suspect knows very well now, that it was a fake — so he continues to trust the actual Seattle Times as much as he did before.

Also, we all know, that it is perfectly legal for police to lie — except, of course, under oath. So, which trust are you talking about?

Re:Why not? (Re:No. Just no.)

[Anonymous Coward]

Not only that, but from what I can tell there was no malware. And the fake website was just a page on a website where the FBI could see the logs. They e-mailed him a link to a story. When he clicked on the link they could see the IP address which requested the story. Nothing I read says it was any more sophisticated than that. I'm not sure they'd even need a warrant to do this. It's no different then e-mailing him a phone number and looking at the caller ID when he calls it. That's not private information.

Re:

[rtb61]

In this case the whole FBI story stinks. Let see they had it down to one suspect, just one suspect, so why send out the email at all, go to a judge and get a search warrant. It sounds very much like, yes they did launch a phishing attack on the person they prosecuted but that was not the only target of that attack, there were many others and the FBI has just chosen to forget about they existed and the FBI committed a criminal actions against innocent parties, something the FBI has a track record for doing.

Re:

[Dutch Gun]

Phishing attacks are not only used to target large numbers of people. Extremely targeted phishing attacks (directed at a specific company or even a particular person) are known as "spear-phishing". For additional irony I'll point you to the FBI's site that describes this cyber-crime in detail [fbi.gov].

Re:

[StormReaver]

Please, cite the violated law. Thank you.

1) Identify theft.
2) Slander of Title.
3) Copyright Infringement.
4) Trademark Infringement.
5) Defamation of Character.

And those are just the ones I can think of off the top of my head.

And no, a warrant cannot authorize those things. There is nothing in the Constitution that allows for committing the above crimes just because a judge issues an illegal order to do so.

Re:

[mi]

1) Identify theft. 2) Slander of Title. 3) Copyright Infringement. 4) Trademark Infringement. 5) Defamation of Character.

These may be legal terms, but not actual laws. Please, try again — cite an actual law (Federal or Washington State's). If you can, mention the paragraph/verse you think was violated. Thank you.

Re:

[rahvin112]

The examples provided are illegal. But that's not even the standard that should be used because it's the combination of actions and intention that can make something illegal even when those actions without specific intent isn't illegal.

The simplest way to test if what they did was wrong and illegal is what the reaction would have been if a private citizen had done the same thing to the FBI. If the answer to that question is that the private citizen would have been arrested and prosecuted then what the FBI d

Re:

[mi]

The simplest way to test if what they did was wrong and illegal is what the reaction would have been if a private citizen had done the same thing to the FBI.

Lying to the FBI (or any other federal agents) is illegal [criminal-l...source.com]. The other way is not.

The FBI, nor any law enforcement agency has the right to willy nilly break the law

They don't alright. And they haven't. Not in this case, anyway.

Re:

[ShakaUVM]

>Please, cite the violated law. Thank you.

Wire fraud could be used to prosecute pretty much anyone in cases like these, if a US Attorney wanted to do so, which they wouldn't. They never go after their own.

Re:

[mi]

Wire fraud could be used to prosecute pretty much anyone in cases like these

The definition of "wire fraud" reads [wikipedia.org]:

In the United States, mail and wire fraud is any fraudulent scheme to intentionally deprive another of property or honest services via mail or wire communication. It has been a federal crime in the United States since 1872.

Does not apply to sting operations [wikipedia.org]...

Re:

[ShakaUVM]

>Does not apply to sting operations...

Your reference says nothing about wire fraud.

Here's the actual law -

"Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such sc

Re:

[stealth_finger]

Wire fraud could be used to prosecute pretty much anyone in cases like these

The definition of "wire fraud" reads [wikipedia.org]:

In the United States, mail and wire fraud is any fraudulent scheme to intentionally deprive another of property or honest services via mail or wire communication. It has been a federal crime in the United States since 1872.

Does not apply to sting operations [wikipedia.org]...

Ha, for someone demanding such precision and exactness for citations you go and post links to wiki. Nice one. Troll level +

Re:

[gweihir]

It is the type of society-eroding tactics usually ascribed to "terrorists". As soon as you cannot take most things at face value anymore, civilization collapses.

Re:

[mi]

It is the type of society-eroding tactics usually ascribed to "terrorists".

No, what we ascribe to terrorists are perfectly overt violence...

As soon as you cannot take most things at face value anymore, civilization collapses.

A single suspect being fooled into clicking on a bogus link by the FBI does not affect my taking things at face value.

Re:

[sjames]

It is at least a trademark violation. It might also run afoul of libel laws (as it could damage the good name of the Seattle Times). Fraud makes an appearance there somewhere as well.

Try phishing using a well known brand name without permission and see what happens to you.

Re:Why not? (Re:No. Just no.) "except under oath"?

[Moof123]

The double standards between law enforcement and the public are exactly the opposite of what they should be. As a trusted public official (with years of training dollars poured into them) they should be held to a higher standard, and face worse penalties for breaking the law than the general public. Sadly, our failing state is more intent on preserving power than protecting justice, truth, and the public.

Re:

[mi]

face worse penalties for breaking the law than the general public

Though I agree with you in general, we are yet to find an actual law, that the FBI have broken dealing with this case... All of the accusers so far have been unable to offer a citation.

There are a number of problems with our law enforcement, but that's not the topic here.

Re:

[king neckbeard]

I'm pretty damn sure that this violates the CFAA in about a dozen different ways, and everything involving electronic communications is wire fraud. Given the standards set for Gary McKinnon, this would also probably constitute some form of property damage.

It's virtually impossible to not break the law in your everyday life, and this was an act of deception that distributed malware.

Re:

[msauve]

From the article: "Every effort we made in this investigation had the goal of..."

Their whole rationale is nothing more than "the end justifies the means."

Re:Why not? (Re:No. Just no.) "except under oath"?

[fustakrakich]

Sounds like you slept through the primaries :-)

Sorry, man, those guys are only winning because people voted for them.

Re:

[el_chicano]

Sorry, man, those guys are only winning because sheeple voted for them.

FTFY

Re:

[mi]

"except under oath"? Don't tell that to Mark Furhman, who perjured himself in the O.J. Simpson trial, and was fined $200

I would not tell him that, alright. What's your point? That punishment for perjury [criminalde...lawyer.com] could range from nothing to a small fine to impeachement [nytimes.com]? Nothing new here — my point was, such lying is illegal — not what the punishment for it is (or should be).

Re:

[mi]

Identity theft.

There is no such law. I asked for a citation — please, be exact.

Or more practically, try trademark dilution by tarnishment

Ok, that's better. But have you read that law [bitlaw.com]? It states — right at the beginning — that it is only applicable to commercial misuses of trademarks:

Any person who, on or in connection with any goods or services, or any container for goods, uses in commerce any word, term, name, symbol, or device, or any combination thereof, or any false designation of ori

Re:

[neoritter]

They also hadn't (quoting from pla), "'willfully' intended to trade on the owner's reputation or to cause dilution of the famous mark..."

Re:

[ProfessionalCookie]

Oh fart

Re:

[king neckbeard]

If they don't attempt to sue, then their legal department must have found, the law does not apply, contrary to what (some of) Slashdot thinks.

Or, it's not worthwhile for them to bring a lawsuit. Discretion can be exercised for reasons other than not having the law on your side. That's a lot of how the patent troll racket works. Even if you could fight the troll and win, it is often not in your direct financial best interest to do so.

Re:

[pla]

Ok, that's better. But have you read that law

Have you, other than to find a misleading snippet from a subsection that, as you point out, doesn't apply? You might want to reconsider subsection (d) before going too far out of your way to flog that (a)(1) strawman.


There is no such law. I asked for a citation — please, be exact.

Not here to do your homework for you, dude; but given that I've had a boring morning... Try 18 USC 1028. "No such law"? Well, not until late 1998, perhaps...

Re:

[mi]

Whoever, having devised or intending to devise any scheme or artifice to defraud [...]

No fraud [wikipedia.org] took place. Hoax, perhaps, but not fraud...

Keep trying...

Re:18 US Code 1343, Wire Fraud

[Frobnicator]

Re:18 US Code 1343, Wire Fraud .... Whoever, having devised or intending to devise any scheme or artifice to defraud [...]

No fraud [wikipedia.org] took place. Hoax, perhaps, but not fraud...

Keep trying...

So first you demand that people cite actual laws, and you refuse to accept things like "copyright infringement", "slander of title", or "defamation of character".

And then when someone cites chapter and verse of the law you reply with a wikipedia link saying it isn't correct.

No, for the law cited above it was fraud. The definition in that chapter is clear: "For the purposes of this chapter, the term “scheme or artifice to defraud” includes a scheme or artifice to deprive another of the intangible right of honest services." They were expecting the honest service of the specific newspaper. Instead they received a different service, an intentionally deceptive site that transmits something called a "computer contaminant" in the law. Chapter 63 (criminal fraud) doesn't have any of the now-common exceptions "except for law enforcement as part of an investigation". Officers can commit quite a lot of what would normally be crimes when they get court approval, but fraud is not on that list.

Their malware is covered under at least one of the variations in the state law, RCW 9A.52.110, 120, and 130. Since the government may argue it wasn't done with the intent to commit another crime (since they were intending to enforce laws but accidentally committed crimes in the process) then 110 may be out, but 120 and 130 both apply.

For copyright, you can pick quite a few different laws under title 17. Several of the exclusive rights in 106 were violated, as were 113. Their designs were protected so 1301. You can pick and choose quite a few more under Copyright as well, with a notable absence of court-authorized police action exemption.

For trademarks the newspapers have certainly trademarked their logos, names, and probably a few other distinctive elements.15 USC 1114 seems to have that covered quite thoroughly, including penalties against DNS hijacking. And thanks to 15 USC 122, they cannot claim immunity for that one.

Defamation is pretty strong since their use injures the newspaper's reputation. People will now pause and think "why should I go there since the government hijacks them"? While there is the statute, it is now the court's test that qualifies it. The four-prong test by the court is, first, a false element purported to be fact (in this case, they communicated that the false website was true), second that it was published (clearly the fact was published), third, actual fault on the person making the statement amounting to at least negligence (in fact, it amounts to the level of fraud, as covered above), and fourth, some harm to the subject of the statement (which can be shown as a harm to trust and harm to their stock). Again, there is no "official government action immunity" to commit fraud thanks to 42 USC 1983. Now if they had limited it to the very specific individuals under investigation this one might not apply as a legal intercept, but since they chose to throw a broad net and infected thousands, causing a huge impact to their brand the single authorized intercept exemption doesn't apply.

I'm sure there are many more, but while some laws make exception for court-authorized police action, these specific laws do not.

Re:

[mi]

And then when someone cites chapter and verse of the law you reply with a wikipedia link saying it isn't correct.

The citation requested must not only refer to actual law, but the referenced law must be applicable. Fraud is not — in my opinion.

The definition in that chapter is clear: "For the purposes of this chapter, the term “scheme or artifice to defraud” includes a scheme or artifice to deprive another of the intangible right of honest services." They were expecting the honest service o

Re:

[tehcyder]

For me this is about porn.

When I go to a reasonably legitimate porn page and type in "sexy girl playing with a dildo" I do NOT expect an underage GIRL; I expect such videos have been expunged and anyone that looks to be 16 or so is at very least 18, but more likely about 22.

Now let's say the fuckers wanted to 'get me' for some reason? Perhaps they put up a bullshit page where they have uploaded child porn, and now i'm going to jail because of what? Because I couldn't trust the page I was going to to be the page I intended to go to.

Entrapment is bullshit, no matter how you cut it.

If the fuckers really wanted to 'get you' they could just plant some drugs/kiddie porn/terrorist bomb making equipment on you anyway. If that's how the world worked.

Re:No. Just no.

[thaylin]

What is illegal about it? They got a warrant, and sent a targeted email with a link people would not normally go to.

Re:

[blue9steel]

Just for amusement value doesn't that violate the CAN-SPAM act?

Re:No. Just no.

[thaylin]

And when someone searches or seizes your property without a warrant is it not illegal? You are defeated by your own statement, however I will add the definition which further defeats you.

warrant
wôrnt,wärnt/Submit
noun
1.
a document issued by a legal or government official authorizing the police or some other body to make an arrest, search premises, or carry out some other action relating to the administration of justice.

I think you needed to look up the definition, notice the last part.

Re:

[sexconker]

And when someone searches or seizes your property without a warrant is it not illegal? You are defeated by your own statement, however I will add the definition which further defeats you.

warrant
wôrnt,wärnt/Submit
noun
1.
a document issued by a legal or government official authorizing the police or some other body to make an arrest, search premises, or carry out some other action relating to the administration of justice.

I think you needed to look up the definition, notice the last part.

Your "logic" is the biggest fail I've seen today.
Search and seizure without a warrant is illegal.
Obtaining a warrant allows you to engage in search and seizure. It does not allow you to otherwise break the law, such as by committing fraud, criminal trespass, etc. Then there's the whole issue of serving the warrant.

Re:

[thaylin]

How is it a "fail"? You agreed with my logic in your on statement. Maybe you dont understand logic?

If

Search and seizure without a warrant is illegal

And

Obtaining a warrant allows you to engage in search and seizure

Then your statement confirms that it allows the officer to break the law, just limited to the scope of the warrant.

Please name one thing that a warrant allows that would not be breaking the law without the warrant.

Warrants dont always have to be served. You are thinking of things like arrest warrant. There are other warrants as well, such as warrants to tap a phone line. Those do not have to be served ei

Re:

[jklovanc]

If the government can imitate the press then there is no Freedom of the Press.

That is a huge leap. Freedom of the press is about what press is able to report and about what the press has to tell the government. I see little if any damage that can be caused by impersonating the press to one person. The link was only sent to one person.

Re:

[stealth_finger]

If the government can imitate the press then there is no Freedom of the Press.

That is a huge leap. Freedom of the press is about what press is able to report and about what the press has to tell the government. I see little if any damage that can be caused by impersonating the press to one person. The link was only sent to one person.

Since when was I only did it to one person a valid legal defence?

Re:

[jklovanc]

Spoofing one person has no effect on the press being able to say what they want and protect their sources.

Since when was I only did it to one person a valid legal defence?

Under a warrant the LEO can to illegal things to that one person. A warrant was obtained in this case.

Re:

[thaylin]

Except labeling a link as a different link is not illegal, otherwise all of slashdot would be in jail. There was nothing stolen from the Seattle times. Use of a trademark is not theft like stealing a crowbar.

Even still if you want to use the analogy, in this case the warrant specifically allowed them to go into Home Depot and steal a crowbar.

Re:

[Triklyn]

gordon freeman approves.

Re:

[Darinbob]

Which part is illegal? The part where they got a warrant, or the part where they targeted only one person?

Re:

[neoritter]

They only emailed it to one person. FTFA:

The FBI e-mailed the fake news story via a link to a suspect's MySpace account. When the suspect clicked on the link, FBI software revealed his location and IP address to agents working the case. A juvenile suspect, who was not named by The Seattle Times, was arrested on June 14, 2007.

Re:

[thaylin]

entrapment is doing something to get you to commit a crime. The officer did not do anything to trap someone into committing a crime so how is it entrapment?

Yes, but

[nwaack]

Yes, it's a knee-jerk reaction. However, our government agencies have done this to themselves. Most of the outrage is probably coming from people who saw "FBI" and "website" in the same sentence and just assumed they did something bad. I can't say I really blame them all that much.

Re:

[Anonymous Coward]

Most of the outrage is probably coming from people who saw "FBI" and "website" in the same sentence and just assumed they did something bad.

Nope, much of the outrage is coming from the Seattle Times who had their website spoofed.

Re:

[pla]

Nope, much of the outrage is coming from the Seattle Times who had their website spoofed.

As the owners of the Seattle Times' tarnished trademark (and depending on the quality of the spoof, quite likely the copyright holders to a significant number of infringements on that front as well to "decorate" the spoofed site), they have more right to outrage here than anyone.

Beyond, of course, the righteous outrage of a population which has granted its government certain limited powers in the interest of mainta

Re:Yes, but

[jellomizer]

Nearly everything in the media is Knee-jerk.
No one has the time to really dig threw and sift threw the facts and see both sides of an issue. We Want Good Guys and Bad Guys. No gray line.
It is nice and neat and easy to know where you are at.

Did they have a warrant?

[gurps_npc]

If they had a warrant, then it is perfectly good police tactics.

If they did not have a warrant, then it is an illegal invasion of privacy.

They electronically entered his computer and that is no different than entering his home. The fact that he had to click on it is meaningless. The creation of the malware would be illegal, without the warrant.

Now, the police may not be smart enough (or ethical enough) to have asked for the warrant, but that is what is clearly needed.

Re:

[r0nc0]

I'm not sure getting a warrant allows any entity to break the law as a means to an end, no matter how just that end seems to be. Entering the computer with a search warrant, fine. Creating and distributing malware? I believe that's against the law. Now, malware is a loaded term subject to broad interpretation, I'll grant you that, so really the line is pretty grey. While I'd be tempted to draw an extreme comparison to, say, killing someone because you have a warrant to do so in order to capture some other

Re:

[ShanghaiBill]

I'm not sure getting a warrant allows any entity to break the law as a means to an end.

If they have a valid warrant to do it, then it is not breaking the law. It is illegal for you to break into my house. If the police have a valid warrant, it is legal for them to break into my house. The whole point of a warrant is to allow the police to legally do things that would otherwise be illegal.

Re:

[ShanghaiBill]

The point here is that a warrant doesn't allow crimes against innocent third parties.

What crime? Which third party?

Re:

[weiserfireman]

They had a warrant. FTA " Furthermore and most importantly, the FBI obtained a warrant before executing these activities."

It was more spyware than malware though, but that is a distinction without a difference in the minds of most people.

Re:

[silas_moeckel]

They got said warrant without mentioning to the judge that they were going to impersonate a major news organization.

They got a 15 year old calling in bomb threats, what idiot made this a FBI case.

Re:

[jklovanc]

They got said warrant without mentioning to the judge that they were going to impersonate a major news organization.

You know this how?

They got a 15 year old calling in bomb threats, what idiot made this a FBI case.

Because a bomb threats are considered domestic terrorism? They also had no idea if it was a 15 year old until they identified him.

Re:

[silas_moeckel]

The linked article.

Yea a random no-name high school that is were the terrorists will strike. Terrorism by definition requires a political aspect and violence, it's doubtful the 15 year old have a political motive or any particular ability for violence. Since when do terrorists make bomb threats anyways they blow stuff up and claim responsibility not tell you specifically we put a bomb here get the people to safety before it blows. The FBI overreacted and was intentionally circumspect in their warrant.

Re:

[jklovanc]

The linked article.

Please quote the part that says the police did not mentioning to the judge that they were going to impersonate a major news organization. I can't seem to find it.

Yea a random no-name high school that is were the terrorists will strike.

Because it is a threat against a government building the Feds get involved.

Re:

[silas_moeckel]

The documents indicate the FBI in Seattle obtained a search warrant to “deploy” the CIPAV software after the task force, which is run by the FBI, received a public tip about a suspect. Special Agent Norman Sanders, in seeking the warrant, said the bureau would send a “communication” to the suspect’s computer that would make the computer identify itself for the agent.

The case was taken up by the U.S. Attorney’s Office, which helped draft and approve the warrant. The warran

Re:

[jklovanc]

The documents indicate the FBI in Seattle

Where is the reference to those documents?

The warrant does not say that “communication” would be a bogus news story that appeared to be published online by The Seattle Times.

These words appear in neither of the articles. Where did they come from or are you making them up?

At the point they got the tip they knew it was a teen and had little creditable threat.

Can you refer to anywhere that they already knew he was a 15 year old and the threat was not credible? Even if he was, when I was fifteen I could have built a bomb quite easily. You seem to be reading documents that I have not seen. Please show the links to those documents.

By the way, this is what a reference looks like.
You wonder why the FBI got involved. According to

Re:

[Knightsword]

Did you even read past the headline, they posted a link to a spoofed site on his myspace page and tracked his I.P. address, when he clicked the link. The was no malware of any kind and I.P. addresses are public information.

Why didn't they ask Myspace?

[hawguy]

If the FBI knew he had a Myspace account and had his MySpace ID (since, after all, they emailed him there), why didn't they just ask MySpace (and by "ask", I mean "force them to hand it over with no recourse to question the 'request'") to hand over IP address?

Re:

[reifman]

Most likely, the suspect used MySpace at an anonymous IP that wouldn't connect him. I expect that the IP address would not give them as deep data as to the identity of the specific user as the CIPAV would.

Re:

[hawguy]

Most likely, the suspect used MySpace at an anonymous IP that wouldn't connect him. I expect that the IP address would not give them as deep data as to the identity of the specific user as the CIPAV would.

So you're saying he checked his MySpace email using an anonymous address, but clicked on links in his MySpace email using his own IP address?

Re:

[reifman]

I've put a question into the FBI spokesperson about this. This is 2007 - so WiFi and laptop penetration was a bit less than it is today. But, theoretically, the CIPAV would leverage additional data from their laptop. But, agreed - this would have been a logical step - trying to confirm if/why they tried this.

Re:

[reifman]

p.s. keep in mind - the CIPAV might be more effective at gathering data that would lead to a conviction beyond a reasonable doubt whereas just the IP only gets them to basic identity of a location.

Re:

[TheCarp]

Well it was at least 3 years before that when I was working at a school that had a student use his pc in his office to spam through our mail relays for his consulting business. I bring it up because, we clearly had IPs in the logs, but the networking group sent someone out to the office anyway.... to get the MAC address, so we could close the correlate the IP of the spammer, with the DHCP logs, with the MAC on his machine.

Now this was a University office (he was a grad student), so the network engineer call

Re:

[Russ1642]

Maybe they'd developed the tool and wanted to use it. It's faster and easier than asking MySpace to go digging through their logs, and they got some experience using the technique.

Re:

[reifman]

They did. See here: 13(b) the suspect was sophisticated enough to use compromised computers to disguise their actual IP address. The MySpace IP obtained in 12(b) helped determine this. http://www.politechbot.com/doc... [politechbot.com]

What malware?

[mi]

The Internet's been abuzz the past 48 hours about reports the FBI distributed malware via a fake Seattle Times news website.

From TFA:

When the suspect clicked on the link, FBI software revealed his location and IP address to agents working the case.

If there is a slashdotter, who — from reading the above "description" — does not realize, that there was no "malware" installed on the doofus' computer and the suspect's IP was obtained simply from the FBI's web-server log, ought to close his account (and change his name)...

Re:

[steelfood]

If it's coming from FBI servers, it can't be good. Must be malware. It's just like how pages served off the CIA and NSA's servers are called spyware. They're spies after all.

Re:

[silas_moeckel]

Seems like a simple warrant for the newspapers logs would have sufficed except they probably would not have gotten the warrant and/or the times would have fought it as the fishing expedition it was.

Re:

[stealth_finger]

The Internet's been abuzz the past 48 hours about reports the FBI distributed malware via a fake Seattle Times news website.

From TFA:

When the suspect clicked on the link, FBI software revealed his location and IP address to agents working the case.

If there is a slashdotter, who — from reading the above "description" — does not realize, that there was no "malware" installed on the doofus' computer and the suspect's IP was obtained simply from the FBI's web-server log, ought to close his account (and change his name)...

An undercover agent sent a MySpace email to the account owner that included a fake news article blurb and a link to a web page that downloaded software (known as CIPAV) that helped the agency identify the suspect and subvert his computer.

I know, I know, that quote is from the second article but I guess if you even do more than skim the summary before shooting your mouth off you're no true slashdotter and should close your account.

Re:

[mi]

Anyways, the description is wrong. There was malware installed to get more information than just the IP.

Why wouldn't you post a link to this additional information?

Re:

[stealth_finger]

Anyways, the description is wrong. There was malware installed to get more information than just the IP.

Why wouldn't you post a link to this additional information?

It's on the second link in the summary you idiot. But to save you the scroll http://www.geekwire.com/2014/commentary-outrage-fbis-online-tactics-highlights-knee-jerk-internet-culture/

What really happened


Here’s what the FBI actually did. Back in 2007, it sought to identify the owner of an anonymous MySpace page that was bragging about a Timberline High School bomb threat. An undercover agent sent a MySpace email to the account owner that included a fake news article blurb and a link to a web page that downloaded software (known as CIPAV) that helped the agency identify the suspect and subvert his computer. The link text said simply “article.” The URL itself did not contain any approximation of The Seattle Times or Associated Press but the website did show a fake Associated Press blurb. Furthermore and most importantly, the FBI obtained a warrant before executing these activities.

Re:

[AHuxley]

Re: "There was malware installed to get more information than just the IP."
The press has more details on the word "software":
http://gizmodo.com/fbi-plants-... [gizmodo.com]
"....-brand malware would be planted on his computer, allowing the Agency to ultimately nab the purported perpetrator. "
http://www.slate.com/blogs/fut... [slate.com] (OCT. 28 2014)
"...using a phony—and malware-laced..."
http://www.theguardian.com/com... [theguardian.com] (29 October 2014)
"...all to deliver malware to a suspect in a criminal case.." http://rt.com/usa/ [rt.com]

Re:

[mi]

Thanks. "CIPAV", huh? The Wikipedia page [wikipedia.org] claims, FBI has thought legal approval to use the tool. I wonder, if they've covered their asses in this case — would've been good for the rest of us to see it appealed and the Supreme Court to decide.

Although, the tools was not used to obtain any evidence — only to deanonymize, so, maybe, there is no purchase in appealing for the convict...

Outrage meter: barely twitching

[Qzukk]

I'm having a hard time being outraged by a guy dumb enough to click a seattletirnes link on his myspace account.

There are real things to be outraged over, like the time the government used a MITM attack at the ISP to serve malware on the real slashdot site [techdirt.com].

Re:

[account_deleted]

Comment removed based on user account deletion

This is America...

[Simulant]

... and if there's nothing to be outraged about we'll manufacture it.

Re:

[phantomfive]

... and if there's nothing to be outraged about we'll manufacture it.

I'm really wondering if people will ever get tired of being manipulated all the time with outrage.

If you haven't noticed it yet, notice it now: the television, radio, politicians, bloggers all manipulate people by making them feel outrage. Then they get what they wanted from the manipulee and move on. Nothing changes, "but it sure feels good I was upset at those [people on the wrong side of the issue]."

Just clicking the link?

[chad.koehler]

I'm confused. They emailed a "fake" story to someone's MySpace account. Clicking on the "fake" story exposed his IP address.

Why exactly, did that make him guilty? What if they emailed me a link? What if I was genuinely interested in the "fake" story? How does reading a story an a news site make me guilty of anything?

Re:

[chad.koehler]

The second article has the information I was looking for. The MySpace page itself was anonymous, and was bragging about making the bomb threats. The direct email lead to the owner of the page.

What I'm doing is just fine,

[qeveren]

...because over there someone is doing something obviously much worse! That's how it works, right?

It is a knee-jerk, but the Gov't earned it.

[TigerPlish]

After a constant barrage of post-wikileaks / snowden sensationalist coverage, I think The Public has been conditioned to outrage at any hint of Gov't maleficence.

Then again, the good old USA has developed instant outrage over anything, over everything, ever since Facetwit came into being.

In any case, the Gov't earned it. Bad Gov't, BAD! *THWACK*

What's wrong with the FBIs distributing malware ..

[lippydude]

If the Feds hacked the perps computer, then how can we be sure they didn't install fake evidence on the said computer?

they should have asked the newspaper...

[Karmashock]

... it is this belief that they can do these things without asking permission that is really troubling. The newspaper might have said yes if consulted. But the government didn't even ask. It did what it wanted to do and THAT is at the root of so many of these controversies.

The arrogance.

Updated Q&A to Answer Readers' Questions

[reifman]

I've posted a summary of common questions from this piece here: http://jeffreifman.com/2014/10... [jeffreifman.com]

Re:People are scared

[just_another_sean]

what is the point of using the Web?

Porn [youtube.com]?

Re:answer to every headline - NO

[thaylin]

There was no entrapment. The person did a bomb threat, all they were doing was locating him.

Re:

[reifman]

I reached out to them. They didn't reach out to me. I thought the Internet was seeing this case wrong - and I stand by what I wrote.

Re:

[Vintermann]

So you're thinking of your career prospects. Carry on soldier, these are the citizens the security state needs!

Re:

[neoritter]

How is it entrapment? They guy already did the crime. The FBI was trying to figure out who exactly he was. They didn't induce him to commit a crime.

Re:

[stealth_finger]

How is it entrapment? They guy already did the crime. The FBI was trying to figure out who exactly he was. They didn't induce him to commit a crime.

They could apparently identify him enough to know his myspace account.

Re:

[neoritter]

First, still not entrapment. Second, define "the press" please.

Re:

[neoritter]

The point I'm making is the press is an unorganized group with no official determining who is the press (or rather the free press is, which I assume you'd think we have in the US). So how can you pose as the press if there's no one saying who is and isn't the press. The FBI did indeed deliver news to the suspect, whether it was wholly truthful, etc is irrelevant.

Re:

[gnasher719]

You don't seem to know what "entrapment" means. "Entrapment" means convincing someone to commit a crime in order to arrest them, when that person otherwise wouldn't commit the crime. Once the crime has been done, the police is absolutely free to set up any traps to catch the criminal. Actually, it is their job to do what they can to catch the criminal.