I’ve said it before, and I’ll say it again.  Cops lie.  They are allowed to.  In the course of conducting investigations, they can go undercover, pretend to be other people, lie, cheat, steal and even inject spyware into people’s computers.

They can (and have) set up fake Facebook pages in the names of real people, lured suspect to those pages, and engaged in tactics which would put mere mortals behind bars.  A few recent cases raise the question of whether there are any limits to what the police can do in the interest of law enforcement.

Fake Journalism

In the latest season of the Showtime TV series “Homeland,” CIA agent (and bipolar mess) Carrie Mathison uses a cover job as a BBC journalist to lure a terror suspect out of the streets of Pakistan and, well into her bedroom.  It’s a dangerous ruse not only for Mathison, but for journalists everywhere — reinforcing the idea that all journalists are just fronts for the CIA, and leading to journalists being captured, tortured, and beheaded.

In fact, in 1977 the CIA banned the practice of using journalists as cover, although the practice informally continues both in the FBI and CIA.  The FBI created an organization called the “Undercover Review Committee” which is supposed to review and approve all sensitive operations, and which is required to “consult the Legal Counsel Division of the FBI and the Office of Legal Counsel or other appropriate division or office at DOJ about any significant unsettled legal questions concerning authority for, or the conduct of, a proposed undercover operation.”

So what about impersonating an entire news bureau?

The Washington Post that, in its pursuit of a 15 year old kid who posted a fake bomb threat at his high school, the FBI identified the suspects MySpace account (this must have been some time ago, right?).

They then consulted with the local Seattle newspaper about how to create a “convincing” news article, and posted a direct link to the MySpace account which linked to a fake “news” story with headlines like “Bomb threat at high school downplayed by local police department.” and “Technology savvy student holds Timberline High School hostage.”  The “fake” news stories were identified as originating from the Associated Press.

When the MySpace account user clicked on the link, malware was installed into his computer, which sent back the IP address of the computer.  The malware, called a “Computer and Internet Protocol Address Verifier” or CIPAV was developed by the FBI’s Cryptological and Electronic Analysis Unit (CEAU), Digital Evidence Section, Operational Technology Division, as revealed in documents formerly classified for national security purposes.

The documents describe CIPAV as law enforcement sensitive, and warn that “we try to make every effort possible to protect the FBI’s sensitive tools and techniques” and that the FBI wants to make sure that discussion of the CIPAV’s capabilities are minimized “if discussed at all.”  As the FBI described the operation internally:

Concurrence for the operation was obtained from Case Agent [REDACTED] and [REDACTED] Assistant United States Attorney. Western District of Washington. In addition, [REDACTED] Office of the General Counsel, concurred with the operation following his review of the affidavit and warrant, signed by James P. Donohue, United States Magistrate Judge, United States District Court, Western District of Washington, dated 6/12/2007.

CONCLUSION

CEAU deployed a CIPAV to a MySpace account identified as possibly belonging to the UNSUB. The CIPAV returned several IP Addresses, one resolving back to Comcast Cable in Seattle, Washington. Subscriber information obtained from Comcast confirmed the suspicions of Law Enforcement and led to the issuing of a search warrant and arrest warrant.

A 15-year-old male student from Timberline High School was taken into custody without incident at his home at approximately 2 A.M. on 6/14/2007. The minor confessed to issuing the bomb threats. Bomb threats dated 6/14/2007, were found on the minor’s computer. The minor’s computer equipment was seized and the arrest was made without incident. Following an interview with the minor, the LPD was able to clear another threat case, as the minor confessed to issuing telephone death threats to teachers and others, including his parents, earlier this year.

Other released documents indicate that lawyers for the FBI’s Science and Technology Unit told the agents that they could not rely on what is called the “trespasser” exception to the Fourth Amendment to just install the CIPAV on the suspects’ computer, and that they should get (and did get) a warrant for the installation of the malware.  Good advice.

Despite the classification of the 2007 technology, it appears that is was no more than a simple beacon — pinging back identifying information about the machine on which it is installed.  The legality of beacons is currently under debate, and will be the subject of a future article.

What is disturbing here is NOT the installation of a beacon with the approval of a court.  It is the manner in which the suspect was tricked into installing the beacon — by the FBI impersonating an AP story.  And a court did probably NOT approve that.

The problem with impersonating a reporter by the FBI and CIA is that it gets reporters killed.  It also makes their work inherently suspect.  The lesson of the 2007 bombing case is, “don’t trust AP articles.  They may be malware.”  Now that’s actually good advice for just about anything, but you really don’t want law enforcement undermining reporters.  Really.

The Cable Guy’s Here

A second reported case about FBI subterfuge comes out of Las Vegas.  What happens here stays here, right?  A bunch of Chinese nationals checked into a luxury Las Vegas hotel with what was described as a lot of sophisticated computer hardware and requiring a lot of “technical support.”  The FBI and the Vegas gaming commission suspected them of some kind of illegal gambling (sports bookmaking).  So they came up with a clever plan.

They turned off the suspects’ Internet at the hotel (with the cooperation of the hotel, which undoubtedly was both a hotel and a casino, right?).  When the hotel occupants called for technical support, the “Geek Squad” consisted of FBI agents, who videotaped the room and also tried to provide a laptop computer to the Chinese.  Presumably, this laptop did more than just provide Internet access.  Without disclosing the previous subterfuge, the FBI THEN got a search warrant for the room.

So the FBI is getting cleverer.  They are impersonating journalists, suspects, and tech support.  They are infiltrating computers and networks.

A little bit of lying is a good thing.  Too much and you get dead journalists, dead informants, and dead cable guys.  And that’s bad.  Depending on what you think of cable guys.

Leave a Reply