Associated Press sues FBI for impersonating its site to install spyware

Meanwhile, the EFF learns: in Russia, government malware pwns you!

The Associated Press is suing the FBI over allegations government agents used a fake news story to plant malware on the PCs of suspected criminals.

The news agency, along with the Reports Committee for Freedom of the Press, filed suit against the Feds on Thursday in the US District court in Washington, DC, asking the court to force the FBI to hand over all information relating to an alleged 2007 online impersonation.

According to the AP lawsuit (PDF), the incident occurred when the FBI was investigating bomb threats made against a high school in Washington State. Hoping to lure out the person behind a MySpace account connected to the threats, FBI agents came up with an elaborate ruse: they constructed a legit-looking webpage with a fake news story under the AP masthead and the headline "Bomb threat at high school downplayed by local police department." Also buried within the site was a script to covertly install a piece of spyware. A link to the story was then sent to the MySpace account in a private message.

When the suspect (a 15-year-old student) clicked the link to view the supposed story, the FBI page installed the surveillance tool that allowed agents to identify the suspect. The spyware verified the public-facing IP address of the student's computer as well as obtaining its MAC address and details of his Windows PC desktop – all evidence needed to collar the kid. The covert installation was carried out under a search warrant.

The AP and RCFP claim that by impersonating its brand to act on behalf of the government, the FBI was undermining its credibility as a news agency. By being associated with government surveillance, the AP alleges, its business is being harmed.

"This practice undermines the credibility of the independent news media, and should not be tolerated," said RCFP litigation director Katie Townsend.

"Yet while the public clearly has a strong, compelling interest in knowing more about the FBI’s use of this tactic, the FBI seems determined to withhold that information."

The AP and RCFP are asking the FBI to release all documents associated with the operation under the Freedom of Information Act. They are also asking for unspecified damages and attorney's fees.

The FBI isn't the only government agency being accused of using dirty tricks to spy on on citizens. The Electronic Frontier Foundation (EFF) has issued an alert after uncovering a spoof site using its brand to spread malware tied to the Russian government.

The EFF said someone has created a spoof site of EFF.org that contains malicious JavaScript. The site, being linked through targeted phishing campaigns, attempts to install Pawn Storm, a malware package first discovered in 2014. The malware has been traced back to a group with ties to the Russian government, suggesting the phony EFF operation is part of a government attempt to spy on dissidents.

"Drawing from these conclusions, it seems likely that the organization behind the fake-EFF phishing attack also has ties to the Russian government," wrote EFF technologist Cooper Quintin.

"Past attacks have targeted Russian dissidents and journalists, US Defense Contractors, NATO forces, and White House staff."

The EFF is advising users to wary of unsolicited or suspicious emails and keep both their system and antivirus software up to date In this case, updating to the latest version of Java will patch the targeted vulnerability. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017