Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Wednesday October 29 2014, @09:11PM   Printer-friendly
from the ends-justifying-means dept.

In 2007, the FBI wrote a fake news story about bomb threats in Thurston County, Washington, and then sent out e-mail links "in the style of the Seattle Times."

The details have now been published by that very same newspaper, which today carries a story including outraged quotes from a Seattle Times editor. The FBI put an Associated Press byline on the fake news story, which was about the bomb threats in Thurston County that they were investigating.

“We are outraged that the FBI, with the apparent assistance of the US Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times editor Kathy Best. "Not only does that cross a line, it erases it."

The information comes from documents about the 2007 FBI operation, which were acquired via a Freedom of Information Act request and published by the Electronic Frontier Foundation in 2011. It wasn't until yesterday that ACLU Technologist Christopher Soghoian noted The Seattle Times/AP reference and published it on Twitter. That spurred the newspaper to express its outrage and get FBI response.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Ryan on Wednesday October 29 2014, @09:38PM

    by Ryan (4837) on Wednesday October 29 2014, @09:38PM (#111353)

    I feel this is as wrong as I'm sure all other readers do, but is anyone law-saavy enough to identify exactly what law the FBI broke by impersonating a company? I can't recall (relatively) many cases being won on moral grounds.

    • (Score: 2) by Snow on Wednesday October 29 2014, @09:42PM

      by Snow (1601) on Wednesday October 29 2014, @09:42PM (#111354) Journal

      Well since they installed spyware on the victom's PC, then I would suggest that it would fall under anti-hacking laws. Of course, that would also assume that these 3 letter agencies were actually accountable to someone.

      • (Score: 2) by kaszz on Wednesday October 29 2014, @09:51PM

        by kaszz (4211) on Wednesday October 29 2014, @09:51PM (#111358) Journal

        Pitchfork accountability? ;-)

  • (Score: 3, Interesting) by kaszz on Wednesday October 29 2014, @09:46PM

    by kaszz (4211) on Wednesday October 29 2014, @09:46PM (#111356) Journal

    Perhaps "seattletimes.com" should get a certificate that belongs to their own domain name and not "a248.e.akamai.net".

    And perhaps they should impersonate their impersonator and see what response and moral standing they have..

    • (Score: 0) by Anonymous Coward on Wednesday October 29 2014, @10:34PM

      by Anonymous Coward on Wednesday October 29 2014, @10:34PM (#111368)

      > And perhaps they should impersonate their impersonator and see what response and moral standing they have..

      This is how to impersonate the FBI. [gawker.com]

      • (Score: 2) by kaszz on Thursday October 30 2014, @12:30AM

        by kaszz (4211) on Thursday October 30 2014, @12:30AM (#111386) Journal

        It probably didn't caught enough attention because most people use other information channels than google maps. Now if the web server would get the phone number wrong or the exchange started to do something. It would probably get the attention..

    • (Score: 2) by tynin on Wednesday October 29 2014, @10:40PM

      by tynin (2013) on Wednesday October 29 2014, @10:40PM (#111371) Journal

      With regards to your first point, it is because you do not know about Akami and what they offer, or don't realize how that aspect of their business works. This website described it pretty well.

      Akami and SSL, paragraph 7: [revealingerrors.com]

      a248.e.akamai.net is the name of a server that belongs to a company called Akamai. Akamai, while unfamiliar to most Internet users, serves between 10 and 20 percent of all web traffic. The company operates a vast network of servers around the world and rents space on these servers to customers who want their websites to work faster. Rather than serving content from their own computers in centralized data centers, Akamai’s customers can distribute content from locations close to every user. When a user goes to, say, Whitehouse.gov, their computer is silently redirected to one of Akamai’s copies of the Whitehouse website. Often, the user will receive the web page much more quickly than if they had connected directly to the Whitehouse servers. And although Akamai’s network delivers more 650 gigabits of data per second around the world, it is almost entirely invisible to the vast majority of its users. Nearly anyone reading this uses Akamai repeatedly throughout the day and never realizes it. Except when Akamai doesn’t work.

      With your 2nd point, I'm sure the FBI wouldn't take kindly. But being a news organization, it would be an interesting battle to see played out... but I assume it would end in some NSL and fines.

      • (Score: 2) by kaszz on Thursday October 30 2014, @12:04AM

        by kaszz (4211) on Thursday October 30 2014, @12:04AM (#111383) Journal

        Regarding the certificate. It's malformed regardless from where the pages are served. Outsourcing also increases the attack surface..

        For the second point one can always make use of hidden 3rd party spotlight such that any retaliation is disseminated instantly.

        • (Score: 2) by hybristic on Thursday October 30 2014, @01:17AM

          by hybristic (10) on Thursday October 30 2014, @01:17AM (#111393) Journal

          More to the point, it's almost worse to say that this company serves so much of the internet. It makes it far more likely the FBI has worked very hard to gain influence over Akamai.

          • (Score: 2) by kaszz on Thursday October 30 2014, @01:40AM

            by kaszz (4211) on Thursday October 30 2014, @01:40AM (#111398) Journal

            Unencrypted, unsigned, wide scale use of a unaudited network resource.. and TLA:s wouldn't exploit it? ..you definitely have a point.