nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Associated Press sues FBI for impersonating its site to install spyware

Anonymous Coward

Do as I say, not as I do

Entertaining, shall we scream bloody murder a few more times about Iran, Myanmar or any other "repressive" country doing the same?

12
6
Silver badge

Re: Do as I say, not as I do

Can we sue the US Government for damaging several company's brands as well as Our Freedom Loving People As A Role Model For All. Try and get those past a federal Magistrate judge.

2
0

Re: Do as I say, not as I do

Iran, Myanmar etc

It is debatable whether misusing corporate branding/trademark is moral (or legal) in this case.

However, you cannot seriously compare this case with repressive regimes. This entire process was set up to track a single criminal via an arrest warrant. In repressive regimes they use blanket surveillance against political dissidents, who are arrested on spurious grounds and disappear into prisons where they are frequently tortured.

You do the cause of anti-surveillance no favours by making spurious comparisons like this.

4
3
Silver badge

Re: Do as I say, not as I do

The real issue is whether AP's brand was damaged by this action. Given the AP ability to screw up I doubt this will hold much water. Plus the attack was targeted to very specific person who was a suspect at the time not just to everyone. In fact the first I heard of this was this particular story though I am not surprised that it has been used.

1
1
Silver badge

Re: Do as I say, not as I do

What you say is true... but... how about if they decided for a mass sweep? Where's the line drawn?

1
1
Big Brother

Textbook "watering hole attack"

There can few more temptingly ubiquitous watering holes than news outlets for TLAs wishing to serve rich* content to the cattle. Just must be irritating for those TLAs that all the news outlets have commercial interests and shareholders to consider, which will doubtless instil some degree of resistance to excessive complicity and the risk of being caught-out that such complicity would carry. Little outbursts like this can't be helpful in the heroic war on terror privacy communism footfetishists Eurasia the dangerous enemy du jour. How the "five eyes" must long for some organisation with similar reach but intrinsically and implicitly under their full control.

Could someone explain to me: Why exactly does the British government's Ministry of Truth BBC insist on compelling its victims visitors customers to bend over for a FLASH insertion whenever its servers detect a client capable of running it, despite permitting those clients with no possibility of being pwned by leaveraging FLASH to carry on without it?

2
7
LDS
Silver badge

Is AP angry because FBI hindered a big piece of news?

'Bomb explodes in high school! Many victims, read all the details! Full video of people tore to pieces! Read the full story of the murderer from Facebook! All the evidences FBI ignored!'

If it was under a legal warrant, and targeted to a single suspect with good reasons to target him, I don't find it so bad. Or an agent under the disguise of a courier or pizza boy to be able to catch off-guard dangerous criminals now is no longer permitted because it damages the brand reputation?

8
9
Silver badge

Re: Is AP angry because FBI hindered a big piece of news?

So it'd be ok for them to use your details to honeypot somebody in this way?

Perhaps someone violent?

Even ignoring everything else about it, this appears to be blatant copyright and/or trademark infringement, which under US law is punishable by multi-billion-dollar* fines.

Not to mention unnecessary. A blank page that redirected to an actual AP story would have been just as good.

Also, how many people ended up with this malware installed? Such a drive-by infection would get any vulnerable systems that happened to visit, so it's rather unlikely that the nominal target was the only infected computer.

(*Only a slight exaggeration)

5
4
LDS
Silver badge

Re: Is AP angry because FBI hindered a big piece of news?

Yes, and I would willfully cooperate, I'm not a coward. A copyright infringement? C'mon. If you know someone has a hostages and the police use an agent dressed as the local pizza chain to get close to the house because the criminals ordered a pizza is a trademark/copyright infringement? And the criminals would take revenge against the pizza chain?

It was also a targeted interception, as I read in this article. No one else could have been compromised, unless the suspect had forwarded the mail. Anyway, when you bug a room or a phone you also get other conversation, it's inevitable.

Face it, today you can't investigate only on the physical world. A lot happens in the 'cyber' one. Just any other interception system it has to be under legal control, a warrant needs to approve it on sound basis, and it has to limited as much as possible to the suspect(s) only.

Or the police should be fully forbidden to investigate in the 'cyber' world? One day, when *you* will be the victim of a crime, I'm sure you will change your mind and ask to gather the whole internet traffic to obtain justice...

4
5

Clever

That's kinda smart. I didn't know the FBI had it in them.

6
2
Black Helicopters

Re: Clever

Even cleverer if they had their man anyway and just installed the spyware to make it more likely that this high profile case would provide justification for continuing to install this sort of thing in the future.

1
3
Silver badge

Re: Clever

The spyware as apparently needed to properly identify the computer in question was the one used.

1
0

Updating.

Updating to the latest version of Java will patch the targeted vulnerability - and install two shortly-to-be-targeted vulnerabilities.

12
0
Black Helicopters

Re: Updating.

Updating to the latest version of Java will patch the targeted vulnerability - and install two shortly-to-be-"discovered" vulnerabilities.

FTFY O:)

1
0
Gold badge

It really is unnecessary

On the one hand, they had a warrant to install some spyware on this guys computer, and it was targeted to a single individual, so whatever.

On the other hand, it really isn't necessary to put AP stuff on there -- considering the spyware would have installed as soon as he clicked the link, the visible page content could have been a generic news page, completely blank, or "pwned by the FBI".

4
3

This post has been deleted by its author

Silver badge
Pint

"...private message..."

Obscure website, limited exposure, possibly seen by just the one suspect.

Guilty / Upheld for the plaintiff. Damages: $0.04.

2
3

Re: "...private message..."

So, no harm, no foul? there's some truth in that... Could have damaged and ACTUALLY damaged are quite different... so i agree, but it's till bad form on the part of the FBI. Clever, yes... good idea, no.

2
1

I donno, as federal spyware goes this is about as benign as it gets. I can't say I'd be particularly happy they chose my company for the scheme, but I think they had a legitimate reason to make it as realistic as possible. I a non-working link would have potentially make him suspicious, and I'm sure they wanted to grab him before he realized he'd been identified.

1
4
Silver badge

Wider Issues

As I understand it, the issue really wasn't this case. This case was just when they realised what was going on.

The issue is that the FBI are impersonating the press and AP wants to know to what extent this is happening as it may actually put their people in danger in other situations. My reading of it is that they probably want some oversight of the process. I suspect the "harm to the brand" is a ploy to get the issue addressed in court. The press want and are expected to be seen as non-combatants in dangerous situations in which they may have to operate and will want to distance themselves from being known as part of the police force.

That seems reasonable to me.

4
0
Silver badge

Re: Wider Issues

But then why don't they press for a ban on police impersonating journalists as well, which has happened in real life, particularly in hostage situations where the hostage-taker is in it for the press coverage?

1
0

Credibilty Lost?

"This practice undermines the credibility of the independent news media, and should not be tolerated," said RCFP litigation director Katie Townsend.

Dear Katie,

What with the distortions, lies, altering of relevant facts by omission or commission, and a predatory bias in nearly all reportage, the "independent news media", as you call them, are doing a fabulous job of undermining their own credibility. Outside help is not needed.

0
0

Or, better yet, just turn off effing javascript!

The #1 cause of malware is the lack of user awareness or care about javascript, allowing any and all to run willy-nilly. Marketers also love this. Sadly, some people actually *bash* the turning off of javascript! Said people are morons, by the way.

Use a utility to reject javascript by default, and don't use Chrome. Keep yourself safe, folks.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing