The FBI created a fake news story on a bogus Seattle Times Web page to plant software in the computer of a suspect in a series of bomb threats to Timberline High School in 2007, documents reveal.
The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.
The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.
In an interview, Soghoian called the incident “outrageous” and said the practice could result in “significant collateral damage to the public trust” if law enforcement begins co-opting the media for its purposes.
The EFF documents reveal that the FBI dummied up a story with an Associated Press byline about the Thurston County bomb threats with an email link “in the style of The Seattle Times,” including details about subscriber and advertiser information.
The link was sent to the suspect’s MySpace account. When the suspect clicked on the link, the hidden FBI software sent his location and Internet Protocol information to the agents. A juvenile suspect was identified and arrested June 14.
The revelation brought a sharp response from the newspaper.
“We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best.
“Not only does that cross a line, it erases it,” she said.
“Our reputation and our ability to do our job as a government watchdog are based on trust. Nothing is more fundamental to that trust than our independence — from law enforcement, from government, from corporations and from all other special interests,” Best said. “The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.”
An AP spokesman also criticized the tactic.
“We are extremely concerned and find it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP,” Paul Colford, director of AP media relations. “This ploy violated AP’s name and undermined AP’s credibility.”
Frank Montoya Jr., the special agent in charge of the FBI in Seattle, defended the investigation and the technique, which court records show led to the arrest and conviction of a 15-year-old student.
“Every effort we made in this investigation had the goal of preventing a tragic event like what happened at Marysville and Seattle Pacific University,” Montoya said. “We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting.
“Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat,” he said.
Ayn Dietrich-Williams, the spokeswoman for the FBI-Seattle, pointed out that the bureau did not use a “real Seattle Times article, but material generated by the FBI in styles common in reporting and online media.”
Assistant U.S. Attorney Tessa Gorman, chief of the office’s criminal division, was reviewing the EFF documents provided to her by The Times and had no immediate comment. Kathryn Warma, the prosecutor who oversaw the case, has since retired.
The EFF posted 172 pages of documents concerning the FBI’s use of a software tool called a “Computer and Internet Protocol Address Verifier” (CIPAV) in two cases — one involving the Timberline High School bomb threats and the other involving an extortion attempt against a cruise line in Florida. More than half of the documents relate to the Seattle case.
According to the documents, CIPAV lets the FBI “geophysically” locate a computer and its Internet Protocol address.
Soghoian said the software is activated when someone clicks on the bogus link. The technique apparently exploits the same computer-security vulnerabilities used by hackers.
Police in Lacey, Thurston County, contacted the Northwest Cyber-Crime Task Force after the school began receiving a series of bomb threats beginning in late May 2007 and continuing into early June. The school was forced to evacuate students at least twice, and police were unable to identify a suspect.
The documents indicate the FBI in Seattle obtained a search warrant to “deploy” the CIPAV software after the task force, which is run by the FBI, received a public tip about a suspect. Special Agent Norman Sanders, in seeking the warrant, said the bureau would send a “communication” to the suspect’s computer that would make the computer identify itself for the agent.
The case was taken up by the U.S. Attorney’s Office, which helped draft and approve the warrant. The warrant does not say that “communication” would be a bogus news story that appeared to be published online by The Seattle Times.