Major media outlets expressed outrage following revelations this week that in 2007, the FBI crafted a news story under a false Associated Press byline, and possibly mimicked the Seattle Times website, as part of a covert effort to locate a suspect in a bomb threat.
Chris Soghoian of the American Civil Liberties Union on Monday exposed the findings, which are based on documents obtained by the Electronic Frontier Foundation three years ago through a Freedom of Information Act Request.
The FBI became involved in a case regarding bomb threats that resulted in evacuations in June 2007 at Timberline High School in Lacey, Washington. Internal communications show that the FBI spoofed a story, which it falsely identified as published by the AP, about the bomb threats. Emails indicate the false story may have been designed "in the style of The Seattle Times".
The article was then sent to a MySpace page associated with the then 15-year-old suspect, who was tricked into clicking the link, which contained a software tool that was then used by the FBI to track his location.
The media outlets implicated in the case strongly condemned the FBI's use of their names as a violation of the public's trust.
"We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best. “Our reputation and our ability to do our job as a government watchdog are based on trust. Nothing is more fundamental to that trust than our independence — from law enforcement, from government, from corporations and from all other special interests. The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril."
"We are extremely concerned and find it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP," Paul Colford, director of AP media relations. "This ploy violated AP’s name and undermined AP’s credibility."
Soghoian told the Seattle Times that the "outrageous" practice could bring "significant collateral damage to the public trust."
Frank Montoya Jr., the FBI's special agent in charge in Seattle, admitted on Tuesday that the bureau had used a fake AP story in the ploy but denied that it mimicked the Seattle Times website, saying the use of the publication's name was only a "suggestion." Montoya said, "We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting. Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat,"
But Trevor Timm writes in the Guardian, "In the six years since the FBI impersonated the Seattle Times and AP to hack a suspect, it’s only ramped up its exploits. Since at least 2007, the FBI has had what it calls a “Secure Technologies Exploitation Group”—which is a more polite way of saying they have a team that hacks computers."
Journalist Kevin Paulsen revealed in September, "For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system."