Do as I say, not as I do
Entertaining, shall we scream bloody murder a few more times about Iran, Myanmar or any other "repressive" country doing the same?
The Associated Press is suing the FBI over allegations government agents used a fake news story to plant malware on the PCs of suspected criminals. The news agency, along with the Reports Committee for Freedom of the Press, filed suit against the Feds on Thursday in the US District court in Washington, DC, asking the court to …
Iran, Myanmar etc
It is debatable whether misusing corporate branding/trademark is moral (or legal) in this case.
However, you cannot seriously compare this case with repressive regimes. This entire process was set up to track a single criminal via an arrest warrant. In repressive regimes they use blanket surveillance against political dissidents, who are arrested on spurious grounds and disappear into prisons where they are frequently tortured.
You do the cause of anti-surveillance no favours by making spurious comparisons like this.
The real issue is whether AP's brand was damaged by this action. Given the AP ability to screw up I doubt this will hold much water. Plus the attack was targeted to very specific person who was a suspect at the time not just to everyone. In fact the first I heard of this was this particular story though I am not surprised that it has been used.
There can few more temptingly ubiquitous watering holes than news outlets for TLAs wishing to serve rich* content to the cattle. Just must be irritating for those TLAs that all the news outlets have commercial interests and shareholders to consider, which will doubtless instil some degree of resistance to excessive complicity and the risk of being caught-out that such complicity would carry. Little outbursts like this can't be helpful in the heroic war on terror privacy communism footfetishists Eurasia the dangerous enemy du jour. How the "five eyes" must long for some organisation with similar reach but intrinsically and implicitly under their full control.
Could someone explain to me: Why exactly does the British government's Ministry of Truth BBC insist on compelling its victims visitors customers to bend over for a FLASH insertion whenever its servers detect a client capable of running it, despite permitting those clients with no possibility of being pwned by leaveraging FLASH to carry on without it?
'Bomb explodes in high school! Many victims, read all the details! Full video of people tore to pieces! Read the full story of the murderer from Facebook! All the evidences FBI ignored!'
If it was under a legal warrant, and targeted to a single suspect with good reasons to target him, I don't find it so bad. Or an agent under the disguise of a courier or pizza boy to be able to catch off-guard dangerous criminals now is no longer permitted because it damages the brand reputation?
So it'd be ok for them to use your details to honeypot somebody in this way?
Perhaps someone violent?
Even ignoring everything else about it, this appears to be blatant copyright and/or trademark infringement, which under US law is punishable by multi-billion-dollar* fines.
Not to mention unnecessary. A blank page that redirected to an actual AP story would have been just as good.
Also, how many people ended up with this malware installed? Such a drive-by infection would get any vulnerable systems that happened to visit, so it's rather unlikely that the nominal target was the only infected computer.
(*Only a slight exaggeration)
Yes, and I would willfully cooperate, I'm not a coward. A copyright infringement? C'mon. If you know someone has a hostages and the police use an agent dressed as the local pizza chain to get close to the house because the criminals ordered a pizza is a trademark/copyright infringement? And the criminals would take revenge against the pizza chain?
It was also a targeted interception, as I read in this article. No one else could have been compromised, unless the suspect had forwarded the mail. Anyway, when you bug a room or a phone you also get other conversation, it's inevitable.
Face it, today you can't investigate only on the physical world. A lot happens in the 'cyber' one. Just any other interception system it has to be under legal control, a warrant needs to approve it on sound basis, and it has to limited as much as possible to the suspect(s) only.
Or the police should be fully forbidden to investigate in the 'cyber' world? One day, when *you* will be the victim of a crime, I'm sure you will change your mind and ask to gather the whole internet traffic to obtain justice...
On the one hand, they had a warrant to install some spyware on this guys computer, and it was targeted to a single individual, so whatever.
On the other hand, it really isn't necessary to put AP stuff on there -- considering the spyware would have installed as soon as he clicked the link, the visible page content could have been a generic news page, completely blank, or "pwned by the FBI".
This post has been deleted by its author
I donno, as federal spyware goes this is about as benign as it gets. I can't say I'd be particularly happy they chose my company for the scheme, but I think they had a legitimate reason to make it as realistic as possible. I a non-working link would have potentially make him suspicious, and I'm sure they wanted to grab him before he realized he'd been identified.
As I understand it, the issue really wasn't this case. This case was just when they realised what was going on.
The issue is that the FBI are impersonating the press and AP wants to know to what extent this is happening as it may actually put their people in danger in other situations. My reading of it is that they probably want some oversight of the process. I suspect the "harm to the brand" is a ploy to get the issue addressed in court. The press want and are expected to be seen as non-combatants in dangerous situations in which they may have to operate and will want to distance themselves from being known as part of the police force.
That seems reasonable to me.
"This practice undermines the credibility of the independent news media, and should not be tolerated," said RCFP litigation director Katie Townsend.
Dear Katie,
What with the distortions, lies, altering of relevant facts by omission or commission, and a predatory bias in nearly all reportage, the "independent news media", as you call them, are doing a fabulous job of undermining their own credibility. Outside help is not needed.
The #1 cause of malware is the lack of user awareness or care about javascript, allowing any and all to run willy-nilly. Marketers also love this. Sadly, some people actually *bash* the turning off of javascript! Said people are morons, by the way.
Use a utility to reject javascript by default, and don't use Chrome. Keep yourself safe, folks.