The FBI impersonated a newspaper website to catch a bomb-threat suspect
By RYAN GORMAN
The FBI has admitted impersonating a major newspaper's website and planted malware in a fake article to catch a bomb threat suspect.
Documents recently made public by the Electronic Frontier Foundation first showed the FBI's spoofing of the Seattle Times to catch the criminal. The agency later admitted to the ruse in a statement to the paper.
Agents built a webpage similar to the Times back in 2007, created a fake article in the newspaper's style and posted it to the impostor page, the documents revealed.
The unusual contravention of normal law-enforcement procedures was undertaken to catch a 15-year-old accused of making multiple bomb threats to a suburban Seattle high school.
The FBI even went so far as emailing the document to the teen's MySpace page, he predictably clicked the link, and was then subjected to malware automatically downloaded onto his computer, according to the files.
Creating a fake webpage with automatically downloading malware is commonly known as spoofing. In this case, the malware immediately sent the reader's location and IP address to investigators.
Other uses for malware include identity theft, destruction of computer systems and any other number of nefarious purposes.
It is a common practice among hackers and other malicious online actors -- not the federal government.
Or, at least, it wasn't known to be a practice used by the feds until the EFF report emerged.
The revelation infuriated the Times and the American Civil Liberties Union (ACLU).
"We are outraged that the FBI, with the apparent assistance of the U.S. Attorney's Office, misappropriated the name of the Seattle Times," Times editor Kathy Bews said in a Monday report in the paper. "Not only does that cross a line, it erases it.
"Our reputation-and our ability to do our job as a government watchdog-is based on trust," she continued. "And nothing is more fundamental to that trust than our independence from law enforcement, from government, from corporations and from all other special interests."
The Associated Press echoed Bews' concerns in a statement.
"This ploy violated AP's name and undermined AP's credibility." a spokesperson told The Verge.
The ACLU agreed.
"That the FBI impersonated a newspaper's website to deliver malware to a target is outrageous. Over the top crazy," Christopher Soghoian, a principal technologist with the ACLU's Speech, Privacy and Technology Project, wrote on Twitter.
"The FBI impersonating the press is just as irresponsible as the CIA running fake immunization programs," he continued. "Completely unacceptable."
Federal agents often run stings dressed as deliverymen or in the uniforms of other corporations, but those are publicly reported as having been done with the company's consent.
It is a federal crime to impersonate a federal officer, Soghoian noted on the social network, but it is not known if it is a crime for the feds to impersonate a person or company.
Evidence of the masquerade has been online since at least 2011, but Soghoian only discovered the documents this week.
Trevor Timm, executive director of Freedom of the Press, and also a columnist for The Guardian, suggested this could be a common law enforcement practice.
"As outrageous as it is, secretly impersonating newspapers to send malware probably works," Timm wrote on Twitter. "You can bet the FBI has done this more than once.
"If the CIA is supposedly never allowed to impersonate journalists in the field, why is the FBI allowed to impersonate newspapers online?" Timm asked.
Frank Montoya, Jr., Special Agent in Charge of the FBI's Seattle office, attempted to answered that question.
"We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting," Montoya told the Times.
"Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat.
"We were fortunate that information provided by the public gave us the opportunity to step in to a potentially dangerous situation before it was too late."
This revelation was made Monday on the same day widespread reports suggested there is a second Snowden leaker.
The public use of deception and trickery to catch criminals without the consent of the companies whose intellectual property is being hijacked by a law enforcement agency is only going to further fuel distrust in government.
Also on AOL:
Snowden: NSA collects mass data on New Zealanders
German security recorded Clinton conversation: media
Lawyer: Snowden gets 3 more years in Russia