back to article It's OK for the FBI's fake hacks to hack suspects' PCs, says DoJ watchdog

No rules were broken when an FBI agent posed as a journalist to infect a criminal suspect's PC with spyware, says a US watchdog. And the Feds can do it again, provided they get the undercover operation signed off by their higher-ups. Way back in June 2007, 15-year-old Charles Jenkins used a Gmail account to send a bomb threat …

  1. Leeroy Silver badge
    Paris Hilton

    Old trick works

    People often ask me why images in email are not automatically displayed on our system. It's because you can create a tiny unique pic for each email that you send, monitor the Web server logs and match up the email address and public IP of the reader and if \ when they read it etc.

    A lot of mass mailing software uses the tactic, that's why it is blocked even if I'd somehow manages to get past the spam filter.

    If this guy was clever enough to use an out of country proxy and decent browser settings I an very surprised that he fell for this \facepalm.

    1. 78910

      Re: Old trick works

      But this was not the trick used by the FBI on this occasion.

      1. Leeroy Silver badge

        Re: Old trick works

        Close enough, they gave him a link to an image and he followed it.

        1. Allan George Dyer Silver badge

          Re: Old trick works

          @Leeroy: Not "close enough", sure they game him a link and he followed it, BUT that led to, "the surveillance-ware was deployed". They were looking for more than the public IP address: "public IP address, MAC address, details of the logged-in user". The MAC address covers the, "it must have been someone else at the same ISP, these IP addresses are reused" defense (difficult to argue that someone at the same ISP happened to reconfigure their network stack to, coincidentally, the default MAC for your PC), and logged-in user makes the "someone else was using it" defense more difficult (I'm changing my name to Mr. Guest, BTW). They were working on getting a watertight link between the crime and the perp.

          It seems the deception, that the agent was a journalist, was key in getting him to relax his guard... what harm could there be in following a link to a public article [edit: it says image... I'm only guessing that was in a page at a supposed news site] at a newspaper?

          1. Anonymous Coward
            Anonymous Coward

            Re: Old trick works

            I only mention it in passing, but it isn't that hard to forge a MAC address either. I sure as heck don't need it, yet, but it's one of those things I keep in the toolkit for the day when we really do have a police state.

            1. Anonymous Coward
              Anonymous Coward

              Re: Old trick works

              Indeed and it wouldn't be hard to implement rolling random changes to your MAC address.

              1. Sir Runcible Spoon Silver badge

                Re: Old trick works

                If only he had used an out of country server to run his browser from, *then* connected to an anonymizing proxy. It would also have helped if he had restricted all outbound access from the server so it could only go to the proxy.

                Kids eh? They think they're so clever*.

                *I'm not claiming that I am

            2. NonSSL-Login
              Big Brother

              Re: Old trick works

              Unfortunately it's not hard for software to query the hardware and get the real MAC, rather than the spoofed one, which I would expect their software to do considering how easy it is to do.

              If they bothered to write an exploit for unknown or known vulnerabilities, I doubt they will just swipe the results of an ipconfig /all or ifconfig if their exploit and payload is cross platform.

              It won't be long before countries and their intelligence services hack people on mass, to gather information for potential future crimes. For the information that Google, Facebook or Windows 10 doesn't already supply.

    2. Aodhhan

      Re: Old trick works

      This is why most hackers will use links to a malicious site rather than pictures or a variety of other methods.

  2. Anonymous Coward
    Coffee/keyboard

    Aww, the press shedding crocodile tears...

    I would be more inclined to side with the press if it weren't for the fact that the press themselves more than often work without any scrutiny or morale at all. A major accident or catastrophe? Lets make as many pictures as we can, preferably from people who actually got hurt. Who cares if they might be improperly dressed or if the police hasn't had the time to identify everyone and inform their next of kin (in case of a fatality). That is more than often a regular journalist at work for you.

    As to the incident itself... Everyone who knows a tiny bit about computers knows better than to blindly click on a link in an e-mail. No matter who it's from. It wouldn't be the first time that spammers try to impersonate someone else (like an African lottery agency).

    Also important: it's not as this was a destructive piece of malware, all it did was call home; send back any available (contact) information. I agree that there are always risks, but in this case nothing too major. This was a carefully orchestrated pin-point attack, and I honestly can't find too much wrong with it.

    I'm happy to hear they caught that annoying SOB.

    1. asdf Silver badge

      Re: Aww, the press shedding crocodile tears...

      Yep the world would be a much better place if we got all our information only from the government news releases and corporate PR departments. Though will grant you the click bait journalism nobody pays for that dominates is only a half step removed.

    2. veti Silver badge

      Re: Aww, the press shedding crocodile tears...

      Yes, because "the Press" is a monolithic agency and past misbehaviour by any self-styled journalist anywhere justifies retaliation against all journalists everywhere.

      AP's argument in this case is about the damage to their reputation. Not "the press as a whole", but "AP as a specific agency".

      Let's take out the email/press angle, and think about a more, let's say traditional, type of operation. Suppose the Feds had dressed their agent up in overalls and sent him round to the house as a representative of "Joe's Plumbing", to investigate reports of a gas leak, and incidentally plant an old-fashioned bug while he was there.

      Would we consider that "fair play" by the FBI, assuming they got a warrant first? I would.

      But what if there is a real local company called "Joe's Plumbing" that does precisely that kind of work, and the agent had deliberately faked their logo, their stencilled van, their business cards, all without mentioning it to the real company? Don't you think that company would have cause for complaint?

      I think the least the FBI owes the AP in this case is an apology, and probably a mutually agreed system for clearing/approving future operations of this sort in advance.

      1. Squander Two

        Re: Aww, the press shedding crocodile tears...

        > But what if there is a real local company called "Joe's Plumbing" that does precisely that kind of work, and the agent had deliberately faked their logo, their stencilled van, their business cards, all without mentioning it to the real company? Don't you think that company would have cause for complaint?

        No.

        Are we saying now that undercover police officers aren't allowed to pretend to be from real organisations? That is, frankly, weird. Why on Earth not? They're undercover. The whole point is that they lie and that the lies are realistic. Can a police officer deliver a pizza from Domino's in order to get a suspect to open the front door? Yes. I can't think of any way to care less whether Domino's are in on it.

        And there is no damage to AP's reputation. Their only problem here is that criminals will be a little less likely to trust them. I reckon I'll manage to sleep tonight.

    3. a_yank_lurker Silver badge

      Re: Aww, the press shedding crocodile tears...

      Also, undercover agents often assume an identity crafted to gain trust of the target. Since they were dealing with narcissistic turd something that implies he is getting the press attention he is craving is in order.

    4. Robert Carnegie Silver badge

      Re: Aww, the press shedding crocodile tears...

      So the FBI couldn't or wouldn't plant incriminating document files on the suspect's home computer in case there weren't any real ones?

      If I ever happen to annoy a police officer then I confidently expect to be given a little bag of chopped leaves and then immediately be arrested for possessing it.

      With the FBI it would be something grander - maybe a little bag of apple seeds, which contain cyanide, which can be used in mass poisoning if you have enough of it (it would actually need more than that).

      1. Squander Two

        Re: Aww, the press shedding crocodile tears...

        > So the FBI couldn't or wouldn't plant incriminating document files on the suspect's home computer in case there weren't any real ones?

        Course they could, and at least some of them would. The police are human, with all that implies. Don't get me started on Barry George.

        But, in this particular case, I'm not sure what you're on about. The police didn't need to plant any incriminating files on the suspect's computer because they weren't looking for incrimating files; they were just grabbing his geographical location. The evidence against him was his idiot online boasts about what he'd done. Not much fitting up required there.

        And this case isn't in the news because anyone reckons the suspect is innocent. It's in the news because the Associated Press are upset that an undercover police officer claimed to be from the Associated Press. Which they claim is an unconscionable scandal for some reason.

  3. Version 1.0 Silver badge

    unsympathetic but ...

    He's an idiot on two counts, a - making the threats, and b - getting caught so easily. I'd be more sympathetic to the authorities if I thought that the hack would stop there but realistically, its use is expanding daily. Posted an article criticizing the president? Get hacked - you "might be" a threat. Express doubt about a sanctioned police killing ... ditto, the list goes on.

    1. asdf Silver badge

      to further expand

      I agree he's an idiot but I am sure the FBI would only ever use this in a very targeted way always on only the "bad" guys and would never be tempted to go trolling as catching big fish is what helps their careers. If they happen to capture the political views and everything else of all the little minnows for eternity than that is the price we have to pay.

      1. Mark 85 Silver badge

        Re: to further expand

        You missed the joke icon... I hope.

        Indeed, it did work on one idiot. The second part of you post is the scary part... I wonder if maybe this is payback for Woodward and Bernstein? I daresay, that any real journalist should probably be very careful... as well as anyone else with a political opinion.

  4. Anonymous Coward
    Anonymous Coward

    ...and raises serious constitutional concerns.

    I think that's the least of their worries.

    It's not as if swearing an oath to uphold it means anything these days.

  5. Herby Silver badge

    Moral of the story...

    NoScript is your friend.

    All in all it sounds like the "script kiddie" got what he deserved. Yes, an actual script kiddie.

    No, I don't always click on links! Especially those I don't know. Images don't load bu default either!

  6. P. Lee Silver badge

    Cleanup

    What happens if they had got the wrong person or the wrong immature person who said they did it to the "journalist" but wouldn't do so to the police. I hope the have reasonable protocols for dealing with that.

    Do they remotely remove the spyware?

  7. Matt Bryant Silver badge
    Facepalm

    Hello, ego!

    "Once again AP......we demand to be heard in the development of any policies addressing such conduct." Someone call the AP and remind them - despite what they think - no-one died and made them Gawd.

  8. Anonymous Coward
    Facepalm

    FBI hack suspects' Windows PCs

    'CIPAV is a framework of PHP, JavaScript and a Browser Helper Object/Active X code .. every time the suspect uses Internet Explorer the browser helper object will become active and can do its intelligence jobs.'

    1. You aint sin me, roit

      Re: FBI hack suspects' Windows PCs

      I didn't think any self-respecting hacker would use IE...

      But now I'm confused. Should I applaud MS or laugh at the FBI because "the CIPAV failed to run due to undisclosed settings in his browser"?

    2. teebie

      Re: FBI hack suspects' Windows PCs

      ie? And myspace? I'm not sure this guy should be self-respecting/

  9. Anonymous Coward
    Anonymous Coward

    I don't think that AP's reputation has been sullied one iota, though of course they had to protest.

    FBI did take a risk that the perp would recognize the trap for what it was and, for example, email the link to all the staff at the target school. Or just publish it in a kazillion places. How would they have said "Sorry" if their malware had infected thousands of computers? Probably not, the more powerful a gov't dep't, the less likely it is to apologize.

    Eternal vigilance is the price of blablah.

  10. Anonymous Coward
    Anonymous Coward

    One bit of fallout from the search for Osama bin Ladin was that agents covered as a team vaccinating people in Pakistan has led to medical teams targeted by both the government and the terrorists and sympathizers as they attempt to vaccinate for polio. That's led to a surge in polio cases in Pakistan and Afghanistan.

    I seem to recall that it was forbidden for intelligence agencies to use, at least for the US media, journalist as a cover. Very pointless to use foreign media organizations as any check will turn up the fabrication. Apparently no longer the case so long as "the right person" signs off on it. I'm sure even the independents will have a problem with that, not just reputation at stake there.

  11. fnj

    Always watch the watchers

    So who is going to bring the "justice" [snicker] department to justice?

    1. Sir Runcible Spoon Silver badge

      Re: Always watch the watchers

      "So who is going to bring the "justice" [snicker] department to justice?"

      Hint: the US symbol for justice has a sword in one hand.

  12. Anonymous Coward
    Anonymous Coward

    Ah, that explains it ..

    That message would contain a link to a webpage dressed up as a legit article. Hidden in that page is code that installs spyware on the machine, collecting information such as the public IP address, MAC address, details of the logged-in user, and so on. All this data is sent back to the FBI's servers for processing.

    Ah, that explains why the seemingly blank Google homepage is about 1MB heavy on code...

    1. Anonymous Coward
      Anonymous Coward

      Re: Ah, that explains it ..

      It appears these downvoters have never done "view source" on the Google home page..

      Go on, try it. I'll wait.

  13. Crisp Silver badge

    He created a MySpace page.

    The FBI were obviously dealing with a 1337 haxor.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019