Slashdot Mirror
FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn
nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."
...the spyware surviving a cleaning by a computer repair shop and the FBI...
Do not look into laser with remaining eye.
Of course it wasn't Flame!
You want a flame, you stupid dirtbag?!
Do not look into laser with remaining eye.
Shouldn't the shop that supposedly "re-imaged" it busted for fraud? One also might wonder why an FBI agent is using internal FBI resources to "scrub" a non FBI machine that isn't part of an investigation. Finally, these morons don't know about DBAN???
So let me guess: the guys's name is Stan, the kid's name is Steve and the principal is called Brian?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Every law enforcement parent will install spyware on his kids' school computers and "forget" to remove the spy software.
The story enclosed within this one is that (a) the FBI is unable to effectively scrub FBI spyware installed by an FBI agent, and (b) the computer repair shop charged an FBI agent to scrub and reimage a laptop, and then apparently just moved it from the To Do shelf to the Done shelf.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I was originally going to post that TFA makes it clear that this was a case of a person who happened to be employed by the FBI, finding himself in this situation, but is just described by TFS as "an FBI agent" — it made me wonder whether someone should be defined by their employer.
It rather broke down for me when TFA starts saying how he got "all flashy with his FBI badge" to investigate, rather than just reporting it to the police — is this really still just someone acting as a father?
the prinicipal was a moron for using a school computer. if it was his own computer then a search warrant would apply.
a cop kicks a door in and finds pot.
Cop to judge: "I did it as a private citizen!"
Judge: "Ok then. This is admissible."
So, I wonder what would happen to me if I shot that cop busting down my door as a "private citizen"?
It doesn't matter anyway. When it comes to child porn, taxes, drugs or terrorism, you are guilty until proven innocent. Where are the Ben Franklin dressed Teapartiers? Why aren't they out there preaching their message about freedom over this erosion of our liberties? Or it folks are so afraid on being on the side of a consumer of child porn that they won't dare say anything?
Here it is folks the slippery slope and it's happening.
I hear 90% of all statistics are made up.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
FBI agents AND a computer repair shop couldn't wipe a disk?
Not buying it.
https://www.accountkiller.com/removal-requested
SlashCash effect, buy stock in eBlaster before the commerce server melts.
I am no lawyer so perhaps one could feel free to reply.
Here is what I understand?
First, if you had no real expectation of privacy whatsoever we would not have click-thru agreements and signed paperwork by HR giving our rights away as a condition of employment.
Second, judges throw out such claims in court all the time. The evidence should not have been permisable as the agent should be the one in trouble here for interfering with school property. If any evidence was obtained illegally then it needs to be thrown out.
Third, how do you know the FBI agent wasn't an agent? There are overtime lawsuits going on where doing paperwork at home or just checking email constitutes as work and the lawyers are drooling at this with overtime lawsuits. You can't prove otherwise.
http://saveie6.com/
*puts on sunglasses* ... a cold dish.
I won't lie: any day one of these child porn scumbags is caught is a good day. Even so, the story makes no sense. The FBI doesn't know how to remove Spyware? Any technician worth their salt would run DBAN and that would be the end of it. Yet the FBI went though what sounds like a two step process to wipe this thing, yet failed? I'm not buying it. At the same time though, I have no idea why this guy would have any reason to suspect that the principle would immediately start using his son's laptop upon return, nor any reason to think he was looking at child porn. This story is such a hodgepodge of plausible and impossible... I need a freaking drink.
Only about 70% of the time.
Lost at C:>. Found at C.
> by having FBI agents scrub the computer and by taking it
> to a computer repair shop to be re-imaged.
wow..... um.... I am really curious as to how it did this. Something smells fishy. I can understand it surviving a "scrub", since anyone who does systems work should know that there are many places in a modern os to hide, and unless you know exactly what it does and how it hides, its impossible to say for sure a system has been cleaned.
However, the pc shop? maybe they didn't really "re-image" it, but instead did their own quick "scrub" and ran something like sysprep?
Otherwise maybe they just did a reinstall from a hidden factory reinstall partition? I could see something hiding up in there but....
I dunno, it seems like it HAS to be something along one of those lines. Aside from that...if it really was incidental...well.... accidents do happen, and sometimes they end up biting the best possible people.
In any case, I think the circumstances do sound fishy, and in no way should what he caught excuse what he did if it wasn't accidental, so there should be serious investigation into that too....but I could see that just turning up technical incompetence rather than malfeasance....
That is, unless it turns up fraud on the part of the PC Repair shop.... very likely they did not do the job they were paid to do.
"I opened my eyes, and everything went dark again"
Step 1: Install spyware on a computer and then "scrub" such computer
Step 2: Report activities on such computer to authorities, make sure to flash FBI card
Step 3: Wait for reports of internet activity to come in and report anything that is morbidly fascinating; triple points for child porn
Step 4: No evidence? Computer MIA? Get computer user to admit to wrong doing!
Step 4: ?
Step 5: Promotion!
So, it comes to this.
The "FBI" didn't wipe his computer. He simply asked his co-workers for some help. Apparently neither he nor they were particularly tech-savvy so he took it to a computer shop. He probably asked the shop owner to remove "all of my kid's games and stuff". I imagine that this spyware tries to mask itself so that kids cant just find it and uninstall it. The shop owner probably just uninstalled all of the "games and stuff" and then returned it.
The problem is that a person who was so confused by removing software that he had to go to a "computer shop" is trying to tell you what he did. He didn't get the FBI to clean the machine, he simply asked his co-workers who didn't know either. This also happened in Saipan, not New Jersey. The FBI has a small office, not a high tech lab.
The FBI agent screwed up by not notifying authorities immediately(he tried to solve the case himself), but he was probably concerned that the evidence wouldn't hold up in court. Lucky for everyone, the Judge seems like he was willing to stretch the letter of the law to punish a clearly guilty man.
I'm 95% confident that I said it was 84% of the time.
The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. They'll usually survive a low level format in the same manner. "Whats that? You want to change one of my bits to 0? Okay.. umm.. Done! *cough*". You can generally reliably remove rootkits by taking the drive out, putting it into an external drive bay (so its not present on a PC while booting), connect the drive when your PC is started up and then format it with none of its code executing.
:P
However, if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner. In fact, to spot it, you'd really have to use some imaging software with comparison checksums so that after the the imaging it can make sure everything is as it should be. While the rootkit can happily inform that "nothing is there", it can't predict what should be there in an imaged drive, and would be caught out that way. However - thats not how 99% of us format drives, especially since most don't have MD5d images of other peoples hard disks, or don't put them in external caddies before doing so.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Or not every single FBI agent is a computer expert and he just talked with some co-workers in his department rather than having the FBI's IT team take a crack at it. Which is why they would have taken it to an IT shop.
Only about 70% of the time.
"Don't believe everything you read on the Internet." - Abraham Lincoln
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I wonder if the cameras in his bedroom or the GPS ankle bracelet bother him at all.
According to "Brian", the web chat representative for the eBlaster site, the program will not survive a format/re-image.
This means that the 'computer shop' did not actually do the job they were paid to do. This is expected because OEMs have different images for most different hardware lines, which includes all the other crap (bloatware) the OEM pre-loads on the system. Expecting a computer shop to be able to re-image is the problem. They can't unless you provide the system image from the MFG or have your own system image, or have your own software discs, licenses, etc.
All newly sold computers in the United States will actually be pre-owned by FBI agents' family members. Full story at eleven.
That was Moses, not Lincoln. ;-)
Lost at C:>. Found at C.
The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. [...] if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner.
If they used the Windows setup disk to nuke the drive, how did the rootkit get on the DVD? How did the rootkit stay running after a reboot? You're almost on the right track, but BIOS/EFI infection is the answer you're looking for (or HDD firmware). The rootkit has to be running before any OS boots up. Even a boot-sector virus won't survive a disk-wipe, so there had to be a re-infection method.
An FBI agent installed software on a machine on which he wasn't authorized. That's a crime. He acted as an agent when it suited him and then claimed he was acting as a civilian when that suited him.
Knowing what assholes FBI agents can be, and how easy it is to wipe a drive if you really want to, I have to wonder if this isn't an elaborate frame job.
Even if the principal is guilty, so is the agent. Corrupt law enforcement officers are worse than pedophiles.
Confucius said "please stop giving Lincoln credit for my sayings."
"I opened my eyes, and everything went dark again"
Everyone seems to be assuming at least one of two things: 1. That the FBI is lying about not knowing how to remove software. 2. That the computer repair shop he took it to lied and didn't do the work. While both are possible, they aren't the only explanations. First of all, not every member of the FBI is an IT professional. They probably have plenty of tech-illiterate employees in their ranks. I have met a lot of people that are geniuses when it comes to their own trade but are absolutely helpless the second their PC has a problem. It isn't everyone's forte. Secondly, just because the shop he took it to failed to remove the software doesn't mean it was straight up fraud. Believe me when I say that some computer repair "professionals" really are that incompetent. My guess would be that the place was disorganized and the machine ended up in their "finished" queue without being worked on, or the tech that worked on it didn't know the difference between an actual reimage and a repair install or in-place upgrade.
Something that concerns me and is not apparent from TFA is that the only evidence that the principal was downloading child porn was the "reports" generated by the eBlaster. Without the actual laptop in to examine, surely this amounts to circumstantial evidence at best. Yes the reports bear further investigation, but why are they being treated as definitive?
I am Slashdot. Are you Slashdot as well?
You're right - there's actually not many viruses which will survive a reformat if started from a different media - there are some, but they're not extremely common (well, not as a percentage of rootkit installations, although they're fairly accessible) and I may have made it sound more prevalent than it is. I further confused the issue by then talking about kernel level rootkits which would survive formats from within the OS, but certainly not from other boot media.
:)
Back on topic - what the FBI used would almost certainly be a firmware or BIOS based rootkit on a laptop as these are available as security solutions to the private sector and almost certainly as law enforcement tools to the government (or malicious agents), and do mask their signature by already being running, unless you already have checksums to compare against. And a hardware based solution - well, unless you spot it, you're screwed.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
You can generally reliably remove rootkits by taking the drive out, putting it into an external drive bay (so its not present on a PC while booting), connect the drive when your PC is started up and then format it with none of its code executing.
Why go through that much trouble?
Just stick a bootable optical disk with formatting tools on it in, boot from it, and then format the infected drive. No code from the drive will be running so any rootkit on the drive will be overwritten.
I don't know how the Windows setup disk works, but I find it hard to believe it'd start running the kernel that's on the disk drive that you want to format. Certainly a Linux install disk would work just fine.
A BIOS rootkit would be a different kettle of fish.
The enemies of Democracy are
Only about 70% of the time.
With a 3% margin of error.
You would think that an FBI agent would be well-versed enough in law to know that it is a felony for a private citizen to place malicious software on someone else's property.
Or that doing so would render any 'evidence' gathered by said illegal action inadmissable.
I'm gonna laugh my ass off when/if the school has the agent prosecuted for illegally tampering with a secured computer system.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
It wasn't American Dad?
I'm here for the experience, not the Hyperbole.
Confucius said "please stop giving Lincoln credit for my sayings."
Conucisus say "I said not many things I said"
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Really? Really? My grandmother can do that.
I am happy the man got caught but there's something really up here, either the FBI are incompetent or they just feel like installing spyware on every computer they come across.
s/FBI/Department of Homeland Security/g
I think the judge has no clue about software or internet or computers, and should not be allowed to make decisions on this.....
The fact that a) the supposed srub did not wipe out the app, means it is more of a virus then an app....
2) if you have a virus on a computer, precedent was set before hand that an inviddual could not be held responsible for wwhat his pc is doing, as it is now
possibly controlled by someone else...
The guy's defendant was not too bright either, he did not bother to check history on this subject matter.
I wonder if by installing the software on the school's computer assigned to his son, the father was in violation of some ToS or school rule. I guess it depends on what the ToS is, but it could be technically illegal even by a private citizen. This would be not unlike installing unauthorized software on a work computer and getting canned for it. Maybe?
No, just no. If they properly reformatted the drive from a setup disk the rootkit would not be in memory and it would be wiped. That is just wrong. You dont reformat the disk you just booted from, you boot from a known good read only setup disk and then format.
What appears to have happened here is that rather than actually reformatting and reinstalling, the computer shop probably just removed a bunch of stuff from add/remove, restored some default settings and the like and called it good since the computer appeared to be effectively restored and working as it should be.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
What kind of idiot parent would resort to using Eblaster to spy on their own kids. This software is creepy, period. Christ allmighty parents like this dad make me sick to my stomach.
It cannot. If the shop booted to clean media and used 'dd' to zero the drive the spyware would be gone. Period. The fact that it "somehow" survived indicates that the shop did not do their job.
Give me Classic Slashdot or give me death!
*ahem* {best Patrick Stewart voice} "Agent Smith! I want to to take the afternoon off and do a favour for me - you see anything you do on a computer at home doesn't really count as FBI'ing!"
Please consider this account deleted, I just can't be bothered with the spam anymore.
That poor Conucisus guy. Always getting misquoted and his name spelled wrong.
That or he is in favor of staffing the FBI with only sysadmins.
More than anything this may provide insight into the FBI's mentality... spy on your kids, spy on other people's kids, spy on everyone.
You can always make up excuses later.
If the FBI is that incompetent on such a simple operation they shouldn't be trusted to do anything.. and every case they are involved in should be tossed out of court.
Sure, what the Principal was doing is wrong, but that doesn't mean the FBI should also do wrong, then make excuses afterward to cover their butts.
Besides, the FBI agent should be in jail for installing spyware on what was in effect a public owned computer. It wasn't his.
---- Booth was a patriot ----
the kids get to keep the laptops at the end of school so maybe they do get to install there own app's on it. They where retuning it the FBI dad was moved to a other city.
best buy don't even hire real techs they want people who can sell over people who know what they are doing.
I'd say the FBI used their full "scientific" technique of wrapping it up in a polygraph while chanting and shaking chicken bones.
You'd better watch out America. Your self appointed morality police that just took out the head of the CIA are very strange puppies themselves at times.
How is the FBI agent not guilty of the following? 1) Breach of chattel -> spy ware program on laptop belonging to the public 2) Wire tap violations -> electronically monitoring communications of another citizen 3) Unlawful access to computer services/devices to which he had no legal right to. 4) Vandalism of public property 5) Wire fraud I don't care what the guy found, he broke the law doing it. Not only should any information collected be tossed out, he needs to be prosecuted. Further more, I'm really sick of hearing judges weasel out of upholding my 4th amendment rights. I'm almost as angry with the spineless judge as I am at the FBI guy for his role in this.He needs to do about a year in prison.
Kid, the computer is the least of your worries. You know those vaccine shots you got earlier? Actually, they were tracking chips. There are cameras and microphones throughout the house, your schoolbag, your shoes, .... That "friend" of yours--(I'll let you guess which one)--he reports to me. I also regularly send your poop in for analysis. So be good.
If that's the case, it makes me wonder if any licensing terms of the software was violated. Using tools that is licensed for corporate use, for personal use, is a violation of most licensing terms I've seen... For example, if MSFT licenses Office for your work to use, you technically can't use those licenses to run a copy of it at home. I wonder if the principal would have standing by arguing that the spyware was not properly licensed, thus any evidence obtained with it is invalid.
Hypothesis 1: The makers of eBlaster, some niche-market nannyware/spyware, went to the time and trouble to develop not just a way to infect the bios or firmware on one particular job, but across a very wide array of pc hardware.
Hypothesis 2: The computer shop agreed to do a system restore but actually performed a system refresh, saving them significant time on the service and producing an effect that in normal situation would be indistinguishable, at least to most of their customers eyes.
Which one is more likely, hmm?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
You disqualified anything you are about to say by calling the USA a police state. It's a monitored state at best but our crime rate proves it is anything but a police state. We still have serious unsolved rates and almost no political assassinations. So what you think is fringe to reality.
In an open letter to HP’s Board of Directors, Lynch wrote that he rejected “all allegations of impropriety,” and that Autonomy’s finances prior to the acquisition “were handled in accordance with applicable regulations and accounting practices.” He then asked HP for “the interim report and any other documents which you say you have provided to the SEC and the SFO so that I can answer whatever is alleged which ischristianlouboutinshoesbusiness.com for us and great
or simply requiring some basic training in computers, think how much different life would be if people actually had clue how to use their white metal box as something more than foot stool/ solitare deck
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Unbeknownst to his son, the program captured his website visits, his keystrokes, and every email, chat, and instant message he sent and received. This was all delivered up to his dad in emails, while giving the monitored person no hint that it was doing so.
I find it disturbing that any parent would want not only to monitor their child so closely. This guy wants to read every email, chat, and instant message his 12/13 year old boy sent and received. Secretly.
That is extremely strange behaviour. Its creepy. Also, I consider parenting to be about preparing kids for adult life.
This isn't even some ignoramus, but an FBI agent. A professional in an organisation with elevated privilege, control over others and heavily involved with surveillance, and therefore has a very strong ethics requirement. I would hope he will have been trained and tested to think about ethics in similar matters.
Perhaps there are exceptional circumstances rendering the surveillance appropriate, but if so it seems remiss that there is no hint of any in the article. The dad investigating unofficially yet flashing his FBI badge does not bode well.
1.) The student is free to install software on the laptop. If they graduate the laptop becomes the students.
2.) The FBI agent took the laptop to the shop to be clean up, aka, due diligence. He thought the software was gone.
3.) See 1 and 2.
4.) See 1 and 2.
5.) See 2. The agents expectations are that he would never hear from the software again. In most cases he would not have, either the shop or the school would have correctly re-imaged it this would not have occurred.
It was only because the principal 'stole' the laptop (it was returned because the student moved), instead of turning it over the tech department, that this situation occurred. The FBI agent 'expected' to never hear from the computer again. When he did, and it was apparent that it was being used in a crime, he was obligated to investigate. There are questions like, did the first report he received show evidence of a crime?, if so then I totally understand the judges position. This would have been dumb luck from a series of coincidences.
Also, the computer was remanded to a public school and not a private individual. It could be assumed that when the computer started communicating again that it was doing so from the public school system or in its employ. We already know that public school have (suffer from) a lower bar of privacy, aka, your lockers and bags can be searched without a warrant. The school laptop already had a lower expectation of 4th amendment rights, even if this case was by accident.
Looks like a framing to me.
I'm supposed to believe that the FBI and an IT shop don't know how to clean BIOS persistent spyware and that there is no motive from the agent to change the principle at his kids school.
Of course there's nothing conclusive here but I would have thrown it out of court straight away because of the circumstances.
A blog I run for the wealth
My disclaimer. I am not a pervert. I am a grandfather.
I have often thought of why leaders in children's camps, sports organizations, schools, and even religious institutions give rise to acquiring child pornography. This is my theory. In dealing with children, it becomes an obsession. You love your work, and you want to do your best for the kids under your belt. But this safe honest love for the kids generates a need for the individual to protect himself from doing harm to the kids, So, he seeks out the childporn, perhaps as a curiosity to see what attracts people to download and view it, or, for personal gratification. I bet dollars to doughnuts, that the children are safer because the individual possessed the porn, and probably relieved him/her self. than took that next step.
The evil side of child porn is that a child or group of children are exploited. The child is injured for life. Taking the videos or pictures or whatever, and photographing indecent acts should be met with the death penalty, or incarceration for life on a desert island.
Leslie Satenstein Montreal Quebec Canada
I came here to mod and chew bubble gum, and I'm all out of gum. And mod points. Well done sir.
"Powers. I have them."