FBI Uses Malware for Surveillance

Discussion in 'General Discussion' started by tulianr, Dec 8, 2013.

  1. tulianr

    tulianr Don Quixote de la Monkey

    FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance

    The man who called himself “Mo” had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time.

    Mo remained elusive for months, communicating via e-mail, video chat and an Internet-based phone service without revealing his true identity or location, court documents show. So with no house to search or telephone to tap, investigators turned to a new kind of surveillance tool delivered over the Internet.

    The FBI’s elite hacker team designed a piece of malicious software that was to be delivered secretly when Mo signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents.

    The most powerful FBI surveillance software can covertly download files, photographs and stored e-mails, or even gather real-time images by activating cameras connected to computers, say court documents and people familiar with this technology.

    Over several months, Mo allegedly threatened to detonate bombs at a county jail, a DoubleTree hotel, the University of Denver, the University of Texas, San Antonio International Airport, Washington-Dulles International Airport, Virginia Commonwealth University and other heavily used public facilities across the country, court documents show.

    Though no bombs were ever found, during his rash of threats Mo began using an ominous new e-mail address: <texan.slayer at yahoo.com>” He also gave investigators a plausible full name for himself — Mohammed Arian Far — whose initials roughly fit a name he had used when registering his Google account: “mmmmaaaaffff.”

    The account information, gathered after the approval of a search warrant in September 2012, listed a birthday that suggested Mo was 27 years old, fitting the estimates investigators made based on the pictures he had sent them. The field for country said “Iran.” The computer IP address used when Mo had signed up for the account in 2009 suggested he was in Tehran, the capital, at the time. But it wasn’t clear where in the city he lived, or even if he was still there.

    The FBI team works much like other hackers, using security weaknesses in computer programs to gain control of users’ machines. The most common delivery mechanism, say people familiar with the technology, is a simple phishing attack — a link slipped into an e-mail, typically labeled in a misleading way.

    When the user hits the link, it connects to a computer at FBI offices in Quantico, Va., and downloads the malicious software, often called “malware” because it operates covertly, typically to spy on or otherwise exploit the owner of a computer. As in some traditional searches, subjects typically are notified only after evidence is gathered from their property.

    The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, now on the advisory board of Subsentio, a firm that helps telecommunications carriers comply with federal wiretap statutes.

    Even though investigators suspected that Mo was in Iran, the uncertainty around his identity and location complicated the case. Had he turned out to be a U.S. citizen or a foreigner living within the country, a search conducted without a warrant could have jeopardized his prosecution.

    Federal magistrate Judge Kathleen M. Tafoya approved the FBI’s search warrant request on Dec. 11, 2012, nearly five months after the first threatening call from Mo. The order gave the FBI two weeks to attempt to activate surveillance software sent to the <texan.slayer at yahoo.com> e-mail address. All investigators needed, it seemed, was for Mo to sign on to his account and, almost instantaneously, the software would start reporting information back to Quantico.

    The surveillance software was sent across the Internet on Dec. 14, 2012 — three days after the warrant was issued — but the FBI’s program didn’t function properly, according to a court document submitted in February,

    “The program hidden in the link sent to never actually executed as designed,” a federal agent reported in a handwritten note to the court.

    But, it said, Mo’s computer did send a request for information to the FBI computer, revealing two new IP addresses in the process. Both suggested that, as of last December, Mo was still in Tehran.

    FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance - The Washington Post
    Last edited by a moderator: Dec 8, 2013
  2. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    That Texan-slayer is a link. It might not be a good idea to click on any links to an account of a bomber under investigation. Can the links be killed to prevent a accidental linkage to someone here?[tf]
    JABECmfg and Silversnake like this.
  3. Dont

    Dont Just another old gray Jarhead Monkey

    I , for one am not so curious as to click foolishly.
    Yard Dart likes this.
  4. BTPost

    BTPost Stumpy Old Fart Snow Monkey Moderator

    As a MOD, I made the link in the Original Post, a non-active Link. Should anyone desire to make it Active, they just need to replace the "at" with an "@"... FYI....

    fixed the second one.....

    Just a NOTE here:
    The article states that the Malware FAILED to work as it was intended.... Apparently the FBI Hackers were not as "Smart" as they thought they were.... or as good as the Hackers out in the world.... I wonder if they fixed the issue, and tested it in the Lab, before they deployed it again.....
    Last edited: Dec 8, 2013
    Silversnake, Yard Dart and kellory like this.
  5. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    There is another one at the bottom. just sayin'
  6. fmhuff

    fmhuff Monkey+++

    Thinking like Sun Tzu my guess might be that it worked. And worked very well. Perhaps there is more to the story than meets the eye.
    Yard Dart and Moatengator like this.
  7. Dont

    Dont Just another old gray Jarhead Monkey

    Being overly curious has let to many downfalls.. Or should I say, reckless.. Besides , if one wishes to taunt, yet remain anonimous , would not one use a fresh, brand new, never before used computer?? or op sys? A throw away?
    I am not "all that", but reason always dictates your actions..
  8. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    "The FBI’s elite hacker team..." [ROFL]
  9. Dont

    Dont Just another old gray Jarhead Monkey

    If they where that good at writing code they should have been used to write the code for obama care.. Same result, as in, the gathering of personal information...
survivalmonkey SSL seal        survivalmonkey.com warrant canary