FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn

← Back to Stories (view on slashdot.org)

FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn

Posted by Soulskill on Friday November 30, 2012 @07:27AM from the lesson-learned-always-spy-on-your-kids dept.

nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."

52 of 346 comments (clear)

Min score:

Reason:

Sort:

I'm still trying to wrap my brain around... by TWX · 2012-11-30 07:30 · Score: 5, Insightful

...the spyware surviving a cleaning by a computer repair shop and the FBI...

--
Do not look into laser with remaining eye.
1. Re:I'm still trying to wrap my brain around... by Synerg1y · 2012-11-30 07:34 · Score: 5, Interesting
  
  It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.
  
  Or.. or... The computer repair shop doesn't know what they're doing
  
  My money's on it's something like this
2. Re:I'm still trying to wrap my brain around... by Sparticus789 · 2012-11-30 07:36 · Score: 4, Funny
  
  This has restored my faith in the capabilities of the FBI /sarcasm
  
  --
  sudo make me a sandwich
3. Re:I'm still trying to wrap my brain around... by Baloroth · 2012-11-30 07:49 · Score: 5, Insightful
  
  Keep in mind this wasn't exactly the computer specialist division of the FBI, considering he had to take it to a computer repair shop to get them to fix it. TFA says he asked his colleagues, without knowing anything more I'd assume they don't work in the "cybercrime" division. So more like it survive cleaning by some random individuals and a probably-incompetent computer repair shop (Geek Squad or similar, they probably thinking knowing how to use regedit makes them computer "experts".) The FBI as an organization was completely uninvolved.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
4. Re:I'm still trying to wrap my brain around... by cheekyjohnson · 2012-11-30 07:55 · Score: 5, Insightful
  
  It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.
  
  More delicious loopholes to exploit left and right!
  
  --
  Filthy, filthy copyrapists!
5. Re:I'm still trying to wrap my brain around... by icebike · 2012-11-30 08:00 · Score: 5, Interesting
  
  ...the spyware surviving a cleaning by a computer repair shop and the FBI...
  Pretty astounding, when you consider he knew what he installed and it comes with de-install directions.
  Quoting the FAQ:
  
  Tamper-Proof Technology
  eBLASTER does not show up as an icon, does not appear in the Windows system tray, does not appear in Windows Programs, does not show up in the Windows task list, cannot be uninstalled without the eBLASTER password YOU specify, and eBLASTER does not slow down the operation of the computer it is recording. eBLASTER does not initiate connections to the Internet and will only forward email and send activity reports when the monitored computer is already connected to the Internet. All of these features make it extremely difficult for unauthorized users to locate and/or remove eBLASTER.
  Re-imaging the computer from original installation media should have done it, but I suspect that the shop he took it to did not have
  that media, or the Certificate and wasn't about to use their own copy, and simply removed the user account.
  I can see the FBI not wanting to waste their time and resources on what was his personal project, and sent him to a private shop.
  Good on them if that's how it went down.
  But the guy running that private shop might be open to a civil suit by the principal.
  
  --
  Sig Battery depleted. Reverting to safe mode.
6. Re:I'm still trying to wrap my brain around... by fahrbot-bot · 2012-11-30 08:02 · Score: 5, Interesting
  
  ...the spyware surviving a cleaning by a computer repair shop and the FBI...
  
  It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.
  Or.. or... The computer repair shop doesn't know what they're doing.
  And/or... (more chillingly) The FBI doesn't know what they're doing.
  
  --
  It must have been something you assimilated. . . .
7. Re:I'm still trying to wrap my brain around... by screwdriver · 2012-11-30 08:02 · Score: 5, Informative
  
  Nope. I've used the software mentioned in the article before, and it would most certainly not survive a proper HD re-image. The computer shop either didn't re-image the HD like they said they did, or the FBI lied about taking it to a computer shop in the first place.
8. Re:I'm still trying to wrap my brain around... by deathlyslow · 2012-11-30 08:17 · Score: 5, Insightful
  
  Just because he works for the FBI doesn't mean he is computer literate. The majority of them are nothing more than federally paid beat cops doing missing persons investigations and helping out when other LE can't do the investigation themselves. I think you and others are giving him too much credit because he works for a three letter government agency.
  
  --
  Don't blame me for redundant posts. I can't type very fast. Hence the user ID.
9. Re:I'm still trying to wrap my brain around... by chemicaldave · 2012-11-30 08:21 · Score: 5, Informative
  
  The agent shouldn't have needed to take it to a repair shop in the first place. SpectorSoft's own FAQ section states "eBLASTER ... cannot be uninstalled without the eBLASTER password YOU specify..." Sounds like the guy forgot the password AND the shop didn't do its job.
10. Re:I'm still trying to wrap my brain around... by MichaelSmith · 2012-11-30 08:33 · Score: 4, Informative
  
  I once bought a computer from a small shop which I intended to use as a linux server. The shop put windows on it as a test and right before they gave it to me told me they would wipe the disk "so I couldn't use their copy of windows". The guy hit enter on some erasure program and immediately said "okay thats done" so obviously it wasn't erased, just unlinked.
  
  --
  http://michaelsmith.id.au
11. Re:I'm still trying to wrap my brain around... by dyingtolive · 2012-11-30 09:42 · Score: 4, Interesting
  
  I think you give computer shops WAAAAY too much credit. I worked at one about 6 years back as the lead service tech The guys I worked with wouldn't even have recognized an OS that wasn't Windows XP, let alone understand what dd is or what can be done with it.
  
  --
  Support the EFF and Creative Commons. The war is coming, and they're supporting you...
12. Re:I'm still trying to wrap my brain around... by Impy+the+Impiuos+Imp · 2012-11-30 09:48 · Score: 5, Insightful
  
  Re-imaging is a kind of factory reset, in this case, to what the school's IT department says is a standard load for these kinds of school computers. Which may also be no special load, just reset Windows to a fresh install.
  Generally, though, only Windoew+ whatever the school had would be installed. Executables generally would not be preserved -- that's the point of a reimage. And data preservation probably isn't done unless specially requested, which doesn't include installed executables anyway.
  In spite of all this and the nasty subject, I'm still not comfortable giving the spying government official the benefit of the doubt rather than the spied-upon citizen. It is hardly shocking to anyone to suggest he may be lying out his ass.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
13. Re:I'm still trying to wrap my brain around... by lgw · 2012-11-30 09:55 · Score: 5, Insightful
  
  I find it far more chilling if the FBI knew exactly what is was doing: lying to the judge about having deleted the spying software to set a precedent for doing this wholesale, using a case where the judge would likely be extremely biased in their favor.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
14. Re:I'm still trying to wrap my brain around... by frostfreek · 2012-11-30 09:56 · Score: 3, Interesting
  
  I can't figure out why Windows lets a program remove itself from the list of programs in the task list. WTF!
  I wonder if windows fudges the task list CPU numbers to add up to 100%?
15. Re:I'm still trying to wrap my brain around... by cdrguru · 2012-11-30 10:16 · Score: 4, Insightful
  
  A group operating in the FBI that is supposed to know something about computers is CART - Computer Assist Response Team. Now I happen to know that if you take a computer to someone in CART and want them to do something like this it will certainly happen - in about six months when they have a few moments.
  The backlog of high priority prosecutions is that deep.
  So, do you think this guy got the full attention of someone within the FBI that knew what they were doing for more than two minutes? I doubt it. I don't care if he is in the FBI - there are lots of people in the FBI and most of them don't count for much when compared against current work that someone is waiting for. Sending people to jail is always more important than fixing some colleague's computer.
16. Re:I'm still trying to wrap my brain around... by Anonymous Coward · 2012-11-30 10:41 · Score: 3, Informative
  
  #!/bin/bash echo "Wiping drive sda...Do not interrupt." dd if=/dev/zero of=/dev/sda dd if=/dev/one of=/dev/sda echo "Performing 7 random overwrite passes...Do not interrupt." for i in `1 2 3 4 5 6 7` do dd if=/dev/random of=/dev/sda done echo "If you did not interrupt the process then the drive wipe has completed successfully." exit 0
17. Re:I'm still trying to wrap my brain around... by StayFrosty · 2012-11-30 12:39 · Score: 4, Informative
  
  [quote]dd if=/dev/random of=/dev/sda[/quote]
  I would suggest using /dev/urandom as the random number generator used by /dev/random will likely run out of entropy long before the first pass completes.
  
  --
  "Frequently wrong, never in doubt."
18. Re:I'm still trying to wrap my brain around... by Xeranar · 2012-11-30 12:44 · Score: 3, Interesting
  
  Sounds like the FBI probably did a simple wipe by their IT and never gave it a s3cond thought that this spyware was so durable. The standing that it was OKed is so condtlitional it would never survive a wider scrutiny. In other words: Dumb luck prevails.
  Also, the computer was school owned. The game would have been much different if it were private. It's akin to catching the principal doing it on the school's library computers.
19. Re:I'm still trying to wrap my brain around... by Boltronics · 2012-11-30 15:40 · Score: 3, Insightful
  
  $ for i in `1 2 3 4 5 6 7` > do > echo ${1} > done 1: command not found $
  Instead, try a Bash loop like this (which is also less typing):
  for i in {1..7} do dd if=/dev/urandom of=/dev/sda bs=2M done
  I believe something like bs=2M (writing two mebibytes at a time) will significantly speed the process up in most cases.
  
  --
  It's GNU/Linux dammit!
20. Re:I'm still trying to wrap my brain around... by dougmc · 2012-11-30 19:10 · Score: 3, Informative
  
  Will the above take seconds, hours, or a century?
  Not sure about a century, but months seems likely on a modern disk.
  1) dd without a fairly large block size is very slow at copying hundreds of gigabytes of data.
  2) /dev/random (on Linux, anyways) only gives as much random data as it can generate from the entropy available to it -- which isn't much. /dev/urandom would be much faster (and more than random enough, especially after seven passes.)
Fraud? by MrLint · 2012-11-30 07:31 · Score: 4, Insightful

Shouldn't the shop that supposedly "re-imaged" it busted for fraud? One also might wonder why an FBI agent is using internal FBI resources to "scrub" a non FBI machine that isn't part of an investigation. Finally, these morons don't know about DBAN???
1. Re:Fraud? by gstoddart · 2012-11-30 07:37 · Score: 5, Funny
  
  Finally, these morons don't know about DBAN???
  No, but they seem to be experts at DBAG. :-P
  
  --
  Lost at C:>. Found at C.
2. Re:Fraud? by Anonymous Coward · 2012-11-30 07:49 · Score: 3, Interesting
  
  DBAN is not foolproof. Just the other day I started it up, and the kernel didn't register my hard drive. Started happily erasing my boot stick, and I never would have realized the difference had I not been paying attention.
  (Had to go tweak the BIOS a little)
3. Re:Fraud? by Baloroth · 2012-11-30 07:51 · Score: 5, Informative
  
  He didn't use internal FBI resources, hence the computer repair shop. He asked his friends at the FBI if they knew how to clear the laptop. They didn't, so he took it to the shop. That's hardly using FBI resources (the summary is more than a little misleading).
  Agreed on the shop, they sound pretty incompetent.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
4. Re:Fraud? by Anonymous Coward · 2012-11-30 08:18 · Score: 5, Interesting
  
  I work for the FBI, and while I am not familiar with this incident, I'm pretty sure there will be some administrative inquiry into misuse of gov't time & resources, especially since it has made us look bad in the press. I'll have to wait for the next quarterly report on ethic violations (which are always hilarious to read, some people are fucking idiots).
5. Re:Fraud? by CanHasDIY · 2012-11-30 08:28 · Score: 4, Insightful
  
  Shouldn't the shop that supposedly "re-imaged" it busted for fraud? One also might wonder why an FBI agent is using internal FBI resources to "scrub" a non FBI machine that isn't part of an investigation. Finally, these morons don't know about DBAN???
  I've been a Slashdotter for 15 years and I had never heard of DBAN until reading your comment and Googling it.
  Yea, but do you run a computer repair shop?
  
  If not, it's fair to assume you've never heard of DBAN; however, if your income is based in an industry for whom re-imaging computers is standard practice, having not heard of DBAN is a nigh unforgivable offense (and a damn good reason to avoid your shop in the future).
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
6. Re:Fraud? by Anonymous Coward · 2012-11-30 09:34 · Score: 5, Interesting
  
  They might well understand about DBAN. However, this is what I think happened. The last paragraph is most important.
  Something like this is likely as not what happened:
  FBI dad is sent to "Saipan in the U.S. territory of the Northern Mariana Islands", an FBI office with three agents and a manager. FBI dad installs spyware on kid's school computer. FBI dad is transferred to new location. He goes to his friends in the local FBI office and asks them to scrub the computer. Either A) there aren't any FBI computer experts in Saipan (quite possible), or the local expert says, "I can wipe it, and I could run the restore software, but there's software on there the school installed that I don't have the disks or licenses for. Take it to a local laptop shop."
  FBI Dad takes it to the local shop and says, "I want it restored to what it was like when my kid got it", or "I want you to wipe all my kids info off this laptop", or something similar. They say, "We'll do our best." They have the same problem the FBI expert has. If they DBAN the drive, they could destroy the restore partition, and they won't be able to reinstall the school-installed software. If they run the restore partition, the laptop is like it was before the school got it, and they still won't be able to reinstall the school-installed software. So, they remove all personal data and uninstall all software they think the school didn't install. Maybe they spot the spyware and think it is school installed, maybe they don't spot it, maybe they spot it and try to uninstall it, but instead of uninstalling it hides.
  Regardless, they remove what they can without destroying the school-installed software and return it to FBI dad. He returns it to the school. Hilarity ensues.
  Slashdot readers read a non-technical report on what happened, written by a non-technical writer, who got his information from non-technical reports made by yet more non-technical people, treats it as if the entire report is completely accurate and all technical terms used correctly, and more hilarity ensues.
Seth McFarlane? Is that you? by Rosco+P.+Coltrane · 2012-11-30 07:32 · Score: 4, Funny

So let me guess: the guys's name is Stan, the kid's name is Steve and the principal is called Brian?

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
So now, by Anonymous Coward · 2012-11-30 07:34 · Score: 3, Insightful

Every law enforcement parent will install spyware on his kids' school computers and "forget" to remove the spy software.
1. Re:So now, by poofmeisterp · 2012-11-30 08:45 · Score: 3, Insightful
  
  Every law enforcement parent will install spyware on his kids' school computers and "forget" to remove the spy software.
  Wait for the decision in the case. That will say what will or will not happen.
  Given your assumption (which is a good one), law enforcement will suddenly declare that nearly ALL findings of anything related to ANYTHING illegal (child porn, money laundering, pro-terrorist crap, some LE's wife cheating on him, etc) were due to "accidental placement and failed removal" of spyware.
the judge is kind of right by alen · 2012-11-30 07:36 · Score: 5, Informative

the prinicipal was a moron for using a school computer. if it was his own computer then a search warrant would apply.
Re:This is probably common by Rosco+P.+Coltrane · 2012-11-30 07:36 · Score: 4, Funny

I hear 90% of all statistics are made up.

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
My mind is melting. by Sydin · 2012-11-30 07:39 · Score: 3, Insightful

I won't lie: any day one of these child porn scumbags is caught is a good day. Even so, the story makes no sense. The FBI doesn't know how to remove Spyware? Any technician worth their salt would run DBAN and that would be the end of it. Yet the FBI went though what sounds like a two step process to wipe this thing, yet failed? I'm not buying it. At the same time though, I have no idea why this guy would have any reason to suspect that the principle would immediately start using his son's laptop upon return, nor any reason to think he was looking at child porn. This story is such a hodgepodge of plausible and impossible... I need a freaking drink.
1. Re:My mind is melting. by iggymanz · 2012-11-30 07:48 · Score: 3, Insightful
  
  we're talking about the FBI in Saipan, the U.S. territory of the Northern Mariana Islands. no surprise they wouldn't be cyber experts nor have one, and that the parent would just take a school's laptop to a computer shop for a wipe before returning it to school. not a government computer, not U.S. government concern.
2. Re:My mind is melting. by cheekyjohnson · 2012-11-30 07:53 · Score: 3, Interesting
  
  I won't lie: any day one of these child porn scumbags is caught is a good day.
  But the real question is... are you super mega anti-child porn?
  
  --
  Filthy, filthy copyrapists!
3. Re:My mind is melting. by Ixokai · 2012-11-30 07:58 · Score: 4, Insightful
  
  "The FBI" is not a monolithic thing.
  He didn't take it to an FBI technician-- if he did, it'd probably have been cleaned up tight and fast. He took it into his office, where TFA says *they don't have cyber guys*. I.e., he's in some dingy little office without a cyber crimes unit. This doesn't sound implausible at all, the guy's in an FBI office across the Pacific in a US territory, not in Los Angeles.
  Then he took it in to a local computer repair shop, and it doesn't at all sound implausible to me that they might have fibbed on just what they did. Instead of re-imagining it, they may have just done a quick scrub of the user settings.
  "The FBI" didn't go through a two step process. A guy who is also an FBI agent went through a two step process. Not everything an FBI agent does is with the full force and resources of The FBI.
Re:This is probably common by gstoddart · 2012-11-30 07:40 · Score: 5, Funny

I hear 90% of all statistics are made up.
Only about 70% of the time.

--
Lost at C:>. Found at C.
Re:Defined by their employer... by Ixokai · 2012-11-30 07:46 · Score: 3, Insightful

Read TFA -- the Judge made a note of this. The initial report that he got was just him as a father: after that what he was doing was basically being an FBI agent. *However* even though he was, the fact that the computer was essentially stolen meant the guy had no expectation of privacy for it. anyways.
Re:can't wipe a disk? by Ixokai · 2012-11-30 07:48 · Score: 4, Insightful

Not all FBI agents are computer wizzes. TFA said that the office he was in had no computer crimes unit which is where the computer wizzes congregate.
And it surprises you that a computer repair shop might not actually do what they say they are going to? Really?
Some Clarification by PuckSR · 2012-11-30 07:49 · Score: 5, Informative

The "FBI" didn't wipe his computer. He simply asked his co-workers for some help. Apparently neither he nor they were particularly tech-savvy so he took it to a computer shop. He probably asked the shop owner to remove "all of my kid's games and stuff". I imagine that this spyware tries to mask itself so that kids cant just find it and uninstall it. The shop owner probably just uninstalled all of the "games and stuff" and then returned it.
The problem is that a person who was so confused by removing software that he had to go to a "computer shop" is trying to tell you what he did. He didn't get the FBI to clean the machine, he simply asked his co-workers who didn't know either. This also happened in Saipan, not New Jersey. The FBI has a small office, not a high tech lab.
The FBI agent screwed up by not notifying authorities immediately(he tried to solve the case himself), but he was probably concerned that the evidence wouldn't hold up in court. Lucky for everyone, the Judge seems like he was willing to stretch the letter of the law to punish a clearly guilty man.
Re:Two stories here by dinfinity · 2012-11-30 07:49 · Score: 5, Informative

Yes, that or the submitter deliberately misquoted the article:
"Auther first took the laptop to his FBI office and asked his colleagues how to wipe it clean. Apparently they don’t have many cyber experts in the Mariana Islands, because they were unsuccessful. So Auther had to instead take it to a computer repair shop, which cleaned out the old files and allegedly reimaged the hard drive to return it to its original settings."
Sounds to me like there wasn't any professional FBI 'scrubbing' involved, just some guy going to work and talking about wiping a laptop by the water cooler.
Re:Two stories here by MNNorske · 2012-11-30 07:58 · Score: 4, Insightful

Most laptops these days have a recovery image on a separate partition of the hard drive. It would not be beyond belief that the spyware the agent used injected itself into the recovery partition so it would re-install itself. My guess is that this particular agent was not a technical expert himself and probably just asked a coworker who was technical what he could use to monitor his child's use of the computer. When he handed the machine off to someone to restore it he may not have told them exactly what he put on it, and if they then used the recovery partition, well... you have this scenario.
Re:Bios flashed spyware? by black3d · 2012-11-30 07:59 · Score: 5, Informative

The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. They'll usually survive a low level format in the same manner. "Whats that? You want to change one of my bits to 0? Okay.. umm.. Done! *cough*". You can generally reliably remove rootkits by taking the drive out, putting it into an external drive bay (so its not present on a PC while booting), connect the drive when your PC is started up and then format it with none of its code executing.

However, if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner. In fact, to spot it, you'd really have to use some imaging software with comparison checksums so that after the the imaging it can make sure everything is as it should be. While the rootkit can happily inform that "nothing is there", it can't predict what should be there in an imaged drive, and would be caught out that way. However - thats not how 99% of us format drives, especially since most don't have MD5d images of other peoples hard disks, or don't put them in external caddies before doing so. :P

--
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Re:This is probably common by Phroggy · 2012-11-30 07:59 · Score: 5, Funny

I hear 90% of all statistics are made up.
Only about 70% of the time.
"Don't believe everything you read on the Internet." - Abraham Lincoln

--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:with no warrant by SJHillman · 2012-11-30 08:04 · Score: 4, Insightful

Kicking in a door is illegal as a private citizen and is not something you would expect a private citizen to do. Installing software to monitor his kid's activities is something perfectly legal and well within the realm of what a private citizen might be expected to do. As with many laws, there's a gray area that you have to actually use your brain to determine if something is reasonable or not. There's no slippery slope no matter how much you tilt your head.
Re:with no warrant by fermion · 2012-11-30 08:09 · Score: 3, Interesting

In this case the fact is that the guy was an FBI agent was just a random happenstance. Equipment that he did not own was used for illegal activity. It is like if one was borrowing a school bus to transport drugs on the assumption that no one would suspect a school bus. Does the FBI need permission from you to inspect the school bus owned by the school? I wouldn't think so. If a kid were being raped in a classroom, would the cops need probably cause or the rapist permission to enter? No, it is a school, they can enter. I suppose we would be defending the rapist for shooting a teacher who entered the classroom to see what the commotion is?
I try to be very careful about what I use other's equipment for. When I was younger I was less careful about computers, but then when i was younger there was not 10 years of ruling saying that there is no expectation for privacy if you use employers stuff. For instance, is there anything to stop your employer from listening to your telephone calls on phones the employer owns and pays for the operations. Not really. So we bring cell phones to work that we pay for completely. There is no ambiguity if an employer taps a personal phone.
Stories like this are important because it reminds us that using things we don't own for questionable purposes is not really such a good idea. Clearly older people, who grew up in a time maybe when assets were not tracked as carefully as they are today, or younger people who have not learned how carefully things can be tracked, need to hear this lesson. Clearly some believe that that you can steal equipment, use it for illegal activity, and still deserve the full protection of the law.

--
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
This just in: by Culture20 · 2012-11-30 08:11 · Score: 4, Funny

All newly sold computers in the United States will actually be pre-owned by FBI agents' family members. Full story at eleven.
Re:Bios flashed spyware? by Culture20 · 2012-11-30 08:24 · Score: 4, Interesting

The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. [...] if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner.
If they used the Windows setup disk to nuke the drive, how did the rootkit get on the DVD? How did the rootkit stay running after a reboot? You're almost on the right track, but BIOS/EFI infection is the answer you're looking for (or HDD firmware). The rootkit has to be running before any OS boots up. Even a boot-sector virus won't survive a disk-wipe, so there had to be a re-infection method.
Re:with no warrant by amorsen · 2012-11-30 09:02 · Score: 3, Insightful

What's the "legal grey area" answer for installing malware on someone else's machine?
There is none, installing software on a school-provided laptop is legal. At most it is breach of contract if the school has a policy against it, but that is a civil matter.
If there was intent to damage or to spy on someone other than the child, that would be a different matter.

--
Finally! A year of moderation! Ready for 2019?
Re:How to succeed as an FBI agen: a tutorial by Xeranar · 2012-11-30 12:51 · Score: 3, Interesting

Dear random slashdot user,
The government isn't out to get you. They have better things to do. This story is anecdotal and at best a good laugh since some good came from it. Please refrain from making generalized statements about things you know zero about.
Thanks,
People who actually have dealt with the FBI
Re:with no warrant by MacDork · 2012-11-30 16:25 · Score: 3, Insightful

Installing software to monitor his kid's activities is something perfectly legal and well within the realm of what a private citizen might be expected to do.
If the principal had installed spyware, that would be a problem. Oh, but it's a private citizen installing spyware on someone elses hardware... oh wait, that's definitely not cool either.
It seems the only reason this parent isn't getting a visit from the FBI is because he *is* the FBI. If the guy is installing spyware, he could have remotely installed the porn. The spyware itself could have been the delivery mechanism for all sorts of nasty stuff. He certainly had the means, all he would need is a motive. How do we know the guy didn't have a personal vendetta with the principal? But it doesn't matter... because the principal has already been ruined. Yaaaay! Let's all burn another witch!!