The FBI Impersonated the Press to Catch a Bomb Threat Suspect

Published on
by

The FBI Impersonated the Press to Catch a Bomb Threat Suspect

How many times besides this case, which happened over seven years ago, has this happened? (Photo: thebradking/flickr/cc)

Both the Associated Press and Seattle Times are outraged that the FBI impersonated the Seattle Times in order to transmit malware to a bomb threat suspect so his location would be revealed.

In June 2007, the FBI used a software tool called a “computer and Internet Protocol address verifier” or CIPAV. The agency sent a private MySpace message to an account associated with the bomb threat suspect. The message contained a link to a “phony AP story about the bomb threats posted on a fake Seattle Times webpage.”

AP spokesperson Paul Colford stated that the FBI’s “ploy violated AP’s name and undermined AP’s credibility.” He also declared, “We are extremely concerned and find it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP.”

Seattle Times Editor Kathy Best put out a statement as well:

We, like you, just learned of this and are seeking answers ourselves from the FBI and the U.S. Attorney’s office.

But we are outraged that the FBI misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect. Not only does that cross the line, it erases it.

Our reputation—and our ability to do our job as a government watchdog—is based on trust. And nothing is more fundamental to that trust than our independence from law enforcement, from government, from corporations and from all other special interests. The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.

The document revealing the use of the CIPAV, which impersonated a media organization, had been public since 2011. Christopher Soghoian, principal technologist for the ACLU’s Speech Privacy and Technology Project, was reading through posted documents and came across a shocking detail.


An email sent by a Special Agent on June 12, 2007, showed that the FBI used a “news article” headlined, “Bomb threat at high school downplayed by local police department,” to try and get the student at Timberline High School nearby Olympia, Washington, to click on a link and infect his computer with malware. The agent had a meeting scheduled with the judge before the message with the “news article” link would be deployed.

The link was sent in the “style of the Seattle Times.” It was also made to look like the AP had published the story as well.

When the FBI submitted an affidavit [PDF] on June 12, 2007, to a judge for a search warrant, there was nothing in there was nothing in the affidavit about sending a link in the “style of the Seattle Times” to the MySpace account, “Timberlinebombinfo.” There is no information about including a link in the electronic message to the suspect.

FBI agent Norm Sanders generally indicates that a “communication” will be sent and that it will cause “network level messages containing the activating computer’s IP address and/or MAC address, other environment variables and certain registry-type information to a computer controlled by the FBI.”

Here is how the FBI’s special agent in charge in Seattle defended the use of the technique:

…Every effort we made in this investigation had the goal of preventing a tragic event like what happened at Marysville and Seattle Pacific University,” said Frank Montoya Jr., the FBI’s special agent in charge in Seattle, referring to two local school shootings this year. “We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting. Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat…

However, that suggests that the FBI was in a rare circumstance where it could not have used some other method or technique to locate the person who was sending bomb threats.

How many times besides this case, which happened over seven years ago, has this happened?

For example, Ashton Lundeby, who was 16-years-old, was arrested in 2009 by the FBI for engaging in an “extensive conspiracy” in which he another unnamed individuals sent bomb threats using Voice Over Internet Protocol Software (VoIP) software to “set-up large-scale conference calls across the Internet.” They sought to observe the police response in real-time by targeting institutions with “web-based video surveillance cameras.” Lundeby and others were using “software to disguise their true identities and the origin of the calls.”

The FBI had to have had difficulty figuring out that he was behind the numerous bomb threats made by him. How did they go about finding his location and identity? (Note: There are no public reports that a CIPAV was used. Perhaps, another more conventional method may have been used.)

The minor, who was sending bomb threats to a high school, was identified. But that does not legitimize the use of a technique that shows clear contempt for the press and even the First Amendment in this country.

This is how Soghoian made the argument against creating a fake news story to catch a bomb threat suspect:

…[T]he move was as big of a violation of public trust as the sham vaccination program that the U.S. government famously ran in Pakistan to gather intelligence about Osama bin Laden’s whereabouts.

“Impersonating the press is just as outrageous as impersonating doctors. The press plays such a vital role in our democracy and if people believe that clicking on a link to a newspaper is going to get them infected with FBI malware, they may be hesitant to read certain articles,” he said.

Creating a fake news story to catch a suspect is unprecedented, Soghoian said.

“It’s one thing for the government to go undercover using a fake identity. But it’s an entirely different thing for the government to impersonate a real person or a real organization, and in doing so, put their reputation at risk.”

The fear that the FBI may be using this technique in a more widespread manner is not necessarily far-fetched. Seattle FBI spokeswoman Ayn Dietrich was secretive when asked about the fake news story. “In order to safeguard the FBI’s ability to effectively detect, disrupt, and dismantle threats to the public, we must be judicious in how we discuss investigative techniques,” she told the AP.

It is a reminder of how the FBI and other agencies in government find it perfectly acceptable if cherished rights or liberties become collateral damage in their efforts.

In 2004, the FBI bypassed “grand jury review” and obtained the telephone records of Washington Post staff writer Ellen Nakashima and an Indonesian researcher in the Post’s Jakarta bureau, Natasha Tampubolon. They also obtained phone records of New York Times reporters Raymond Bonner and Jane Perlez, who were working in Jakarta.

Though the seizure was likely related to a counterterrorism investigation, the FBI would not disclose the nature of its investigation.

There was outrage in May 2013 when the AP discovered the Justice Department had secretly obtained “records for more than 20 separate telephone lines assigned to AP and its journalists in April and May of 2012.” The lines were used by “more than 100 journalists” involved in producing stories on the government and other subjects.

The records were seized in a leak investigation. The government caught the person suspected of the leak, former FBI agent Donald Sachtleben, and prosecuted him. But that did not justify casting such a wide net during the investigation and not informing the AP that they were going to comb through the phone records of journalists.

The FBI has also used national security letters (NSLs) to target reporters’ phone records, including the records of Washington Post reporter Barton Gellman. These guidelines are classified and, despite the concerns expressed in inspector general reports, the FBI is largely indifferent to the concerns of press.

It may be convenient to go through reporters or media organizations to catch criminals. It, however, tramples press freedom in the process and diminishes the public’s confidence in media, as they suspect these reporters and organizations must be conspiring with the government and are not independent.

Kevin Gosztola

Kevin Gosztola

Kevin Gosztola is managing editor of Shadowproof Press. He also produces and co-hosts the weekly podcast, Unauthorized Disclosure. Follow him on Twitter: @kgosztola

Share This Article