In 2007, the FBI wrote a fake news story about bomb threats in Thurston County, Washington, and then sent out e-mail links "in the style of the Seattle Times."
The details have now been published by that very same newspaper, which today carries a story including outraged quotes from a Seattle Times editor. The FBI put an Associated Press byline on the fake news story, which was about the bomb threats in Thurston County that they were investigating.
“We are outraged that the FBI, with the apparent assistance of the US Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times editor Kathy Best. "Not only does that cross a line, it erases it."
The information comes from documents about the 2007 FBI operation, which were acquired via a Freedom of Information Act request and published by the Electronic Frontier Foundation in 2011. It wasn't until yesterday that ACLU Technologist Christopher Soghoian noted The Seattle Times/AP reference and published it on Twitter. That spurred the newspaper to express its outrage and get FBI response.
(Score: 2) by Ryan on Wednesday October 29 2014, @09:38PM
I feel this is as wrong as I'm sure all other readers do, but is anyone law-saavy enough to identify exactly what law the FBI broke by impersonating a company? I can't recall (relatively) many cases being won on moral grounds.
(Score: 2) by Snow on Wednesday October 29 2014, @09:42PM
Well since they installed spyware on the victom's PC, then I would suggest that it would fall under anti-hacking laws. Of course, that would also assume that these 3 letter agencies were actually accountable to someone.
(Score: 2) by kaszz on Wednesday October 29 2014, @09:51PM
Pitchfork accountability? ;-)
(Score: 3, Interesting) by kaszz on Wednesday October 29 2014, @09:46PM
Perhaps "seattletimes.com" should get a certificate that belongs to their own domain name and not "a248.e.akamai.net".
And perhaps they should impersonate their impersonator and see what response and moral standing they have..
(Score: 0) by Anonymous Coward on Wednesday October 29 2014, @10:34PM
> And perhaps they should impersonate their impersonator and see what response and moral standing they have..
This is how to impersonate the FBI. [gawker.com]
(Score: 2) by kaszz on Thursday October 30 2014, @12:30AM
It probably didn't caught enough attention because most people use other information channels than google maps. Now if the web server would get the phone number wrong or the exchange started to do something. It would probably get the attention..
(Score: 2) by tynin on Wednesday October 29 2014, @10:40PM
With regards to your first point, it is because you do not know about Akami and what they offer, or don't realize how that aspect of their business works. This website described it pretty well.
Akami and SSL, paragraph 7: [revealingerrors.com]
With your 2nd point, I'm sure the FBI wouldn't take kindly. But being a news organization, it would be an interesting battle to see played out... but I assume it would end in some NSL and fines.
(Score: 2) by kaszz on Thursday October 30 2014, @12:04AM
Regarding the certificate. It's malformed regardless from where the pages are served. Outsourcing also increases the attack surface..
For the second point one can always make use of hidden 3rd party spotlight such that any retaliation is disseminated instantly.
(Score: 2) by hybristic on Thursday October 30 2014, @01:17AM
More to the point, it's almost worse to say that this company serves so much of the internet. It makes it far more likely the FBI has worked very hard to gain influence over Akamai.
(Score: 2) by kaszz on Thursday October 30 2014, @01:40AM
Unencrypted, unsigned, wide scale use of a unaudited network resource.. and TLA:s wouldn't exploit it? ..you definitely have a point.