Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn

Posted by Soulskill on from the lesson-learned-always-spy-on-your-kids dept.

nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."

36 of 346 comments (clear)

  1. I'm still trying to wrap my brain around... by TWX · · Score: 5, Insightful

    ...the spyware surviving a cleaning by a computer repair shop and the FBI...

    --
    Do not look into laser with remaining eye.
    1. Re:I'm still trying to wrap my brain around... by Synerg1y · · Score: 5, Interesting

      It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.

      Or.. or... The computer repair shop doesn't know what they're doing

      My money's on it's something like this

    2. Re:I'm still trying to wrap my brain around... by Sparticus789 · · Score: 4, Funny

      This has restored my faith in the capabilities of the FBI /sarcasm

      --
      sudo make me a sandwich
    3. Re:I'm still trying to wrap my brain around... by Baloroth · · Score: 5, Insightful

      Keep in mind this wasn't exactly the computer specialist division of the FBI, considering he had to take it to a computer repair shop to get them to fix it. TFA says he asked his colleagues, without knowing anything more I'd assume they don't work in the "cybercrime" division. So more like it survive cleaning by some random individuals and a probably-incompetent computer repair shop (Geek Squad or similar, they probably thinking knowing how to use regedit makes them computer "experts".) The FBI as an organization was completely uninvolved.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    4. Re:I'm still trying to wrap my brain around... by cheekyjohnson · · Score: 5, Insightful

      It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.

      More delicious loopholes to exploit left and right!

      --
      Filthy, filthy copyrapists!
    5. Re:I'm still trying to wrap my brain around... by icebike · · Score: 5, Interesting

      ...the spyware surviving a cleaning by a computer repair shop and the FBI...

      Pretty astounding, when you consider he knew what he installed and it comes with de-install directions.
      Quoting the FAQ:

      Tamper-Proof Technology
      eBLASTER does not show up as an icon, does not appear in the Windows system tray, does not appear in Windows Programs, does not show up in the Windows task list, cannot be uninstalled without the eBLASTER password YOU specify, and eBLASTER does not slow down the operation of the computer it is recording. eBLASTER does not initiate connections to the Internet and will only forward email and send activity reports when the monitored computer is already connected to the Internet. All of these features make it extremely difficult for unauthorized users to locate and/or remove eBLASTER.

      Re-imaging the computer from original installation media should have done it, but I suspect that the shop he took it to did not have
      that media, or the Certificate and wasn't about to use their own copy, and simply removed the user account.

      I can see the FBI not wanting to waste their time and resources on what was his personal project, and sent him to a private shop.
      Good on them if that's how it went down.

      But the guy running that private shop might be open to a civil suit by the principal.

      --
      Sig Battery depleted. Reverting to safe mode.
    6. Re:I'm still trying to wrap my brain around... by fahrbot-bot · · Score: 5, Interesting

      ...the spyware surviving a cleaning by a computer repair shop and the FBI...

      It was left on deliberately in an attempt to spy on random U.S. citizens and collect data.
      Or.. or... The computer repair shop doesn't know what they're doing.

      And/or... (more chillingly) The FBI doesn't know what they're doing.

      --
      It must have been something you assimilated. . . .
    7. Re:I'm still trying to wrap my brain around... by screwdriver · · Score: 5, Informative

      Nope. I've used the software mentioned in the article before, and it would most certainly not survive a proper HD re-image. The computer shop either didn't re-image the HD like they said they did, or the FBI lied about taking it to a computer shop in the first place.

    8. Re:I'm still trying to wrap my brain around... by deathlyslow · · Score: 5, Insightful

      Just because he works for the FBI doesn't mean he is computer literate. The majority of them are nothing more than federally paid beat cops doing missing persons investigations and helping out when other LE can't do the investigation themselves. I think you and others are giving him too much credit because he works for a three letter government agency.

      --
      Don't blame me for redundant posts. I can't type very fast. Hence the user ID.
    9. Re:I'm still trying to wrap my brain around... by chemicaldave · · Score: 5, Informative

      The agent shouldn't have needed to take it to a repair shop in the first place. SpectorSoft's own FAQ section states "eBLASTER ... cannot be uninstalled without the eBLASTER password YOU specify..." Sounds like the guy forgot the password AND the shop didn't do its job.

    10. Re:I'm still trying to wrap my brain around... by MichaelSmith · · Score: 4, Informative

      I once bought a computer from a small shop which I intended to use as a linux server. The shop put windows on it as a test and right before they gave it to me told me they would wipe the disk "so I couldn't use their copy of windows". The guy hit enter on some erasure program and immediately said "okay thats done" so obviously it wasn't erased, just unlinked.

      --
      http://michaelsmith.id.au
    11. Re:I'm still trying to wrap my brain around... by dyingtolive · · Score: 4, Interesting

      I think you give computer shops WAAAAY too much credit. I worked at one about 6 years back as the lead service tech The guys I worked with wouldn't even have recognized an OS that wasn't Windows XP, let alone understand what dd is or what can be done with it.

      --
      Support the EFF and Creative Commons. The war is coming, and they're supporting you...
    12. Re:I'm still trying to wrap my brain around... by Impy+the+Impiuos+Imp · · Score: 5, Insightful

      Re-imaging is a kind of factory reset, in this case, to what the school's IT department says is a standard load for these kinds of school computers. Which may also be no special load, just reset Windows to a fresh install.

      Generally, though, only Windoew+ whatever the school had would be installed. Executables generally would not be preserved -- that's the point of a reimage. And data preservation probably isn't done unless specially requested, which doesn't include installed executables anyway.

      In spite of all this and the nasty subject, I'm still not comfortable giving the spying government official the benefit of the doubt rather than the spied-upon citizen. It is hardly shocking to anyone to suggest he may be lying out his ass.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    13. Re:I'm still trying to wrap my brain around... by lgw · · Score: 5, Insightful

      I find it far more chilling if the FBI knew exactly what is was doing: lying to the judge about having deleted the spying software to set a precedent for doing this wholesale, using a case where the judge would likely be extremely biased in their favor.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    14. Re:I'm still trying to wrap my brain around... by cdrguru · · Score: 4, Insightful

      A group operating in the FBI that is supposed to know something about computers is CART - Computer Assist Response Team. Now I happen to know that if you take a computer to someone in CART and want them to do something like this it will certainly happen - in about six months when they have a few moments.

      The backlog of high priority prosecutions is that deep.

      So, do you think this guy got the full attention of someone within the FBI that knew what they were doing for more than two minutes? I doubt it. I don't care if he is in the FBI - there are lots of people in the FBI and most of them don't count for much when compared against current work that someone is waiting for. Sending people to jail is always more important than fixing some colleague's computer.

    15. Re:I'm still trying to wrap my brain around... by StayFrosty · · Score: 4, Informative

      [quote]dd if=/dev/random of=/dev/sda[/quote]

      I would suggest using /dev/urandom as the random number generator used by /dev/random will likely run out of entropy long before the first pass completes.

      --
      "Frequently wrong, never in doubt."
  2. Fraud? by MrLint · · Score: 4, Insightful

    Shouldn't the shop that supposedly "re-imaged" it busted for fraud? One also might wonder why an FBI agent is using internal FBI resources to "scrub" a non FBI machine that isn't part of an investigation. Finally, these morons don't know about DBAN???

    1. Re:Fraud? by gstoddart · · Score: 5, Funny

      Finally, these morons don't know about DBAN???

      No, but they seem to be experts at DBAG. :-P

      --
      Lost at C:>. Found at C.
    2. Re:Fraud? by Baloroth · · Score: 5, Informative

      He didn't use internal FBI resources, hence the computer repair shop. He asked his friends at the FBI if they knew how to clear the laptop. They didn't, so he took it to the shop. That's hardly using FBI resources (the summary is more than a little misleading).

      Agreed on the shop, they sound pretty incompetent.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:Fraud? by Anonymous Coward · · Score: 5, Interesting

      I work for the FBI, and while I am not familiar with this incident, I'm pretty sure there will be some administrative inquiry into misuse of gov't time & resources, especially since it has made us look bad in the press. I'll have to wait for the next quarterly report on ethic violations (which are always hilarious to read, some people are fucking idiots).

    4. Re:Fraud? by CanHasDIY · · Score: 4, Insightful

      Shouldn't the shop that supposedly "re-imaged" it busted for fraud? One also might wonder why an FBI agent is using internal FBI resources to "scrub" a non FBI machine that isn't part of an investigation. Finally, these morons don't know about DBAN???

      I've been a Slashdotter for 15 years and I had never heard of DBAN until reading your comment and Googling it.

      Yea, but do you run a computer repair shop?

      If not, it's fair to assume you've never heard of DBAN; however, if your income is based in an industry for whom re-imaging computers is standard practice, having not heard of DBAN is a nigh unforgivable offense (and a damn good reason to avoid your shop in the future).

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    5. Re:Fraud? by Anonymous Coward · · Score: 5, Interesting

      They might well understand about DBAN. However, this is what I think happened. The last paragraph is most important.

      Something like this is likely as not what happened:

      FBI dad is sent to "Saipan in the U.S. territory of the Northern Mariana Islands", an FBI office with three agents and a manager. FBI dad installs spyware on kid's school computer. FBI dad is transferred to new location. He goes to his friends in the local FBI office and asks them to scrub the computer. Either A) there aren't any FBI computer experts in Saipan (quite possible), or the local expert says, "I can wipe it, and I could run the restore software, but there's software on there the school installed that I don't have the disks or licenses for. Take it to a local laptop shop."

      FBI Dad takes it to the local shop and says, "I want it restored to what it was like when my kid got it", or "I want you to wipe all my kids info off this laptop", or something similar. They say, "We'll do our best." They have the same problem the FBI expert has. If they DBAN the drive, they could destroy the restore partition, and they won't be able to reinstall the school-installed software. If they run the restore partition, the laptop is like it was before the school got it, and they still won't be able to reinstall the school-installed software. So, they remove all personal data and uninstall all software they think the school didn't install. Maybe they spot the spyware and think it is school installed, maybe they don't spot it, maybe they spot it and try to uninstall it, but instead of uninstalling it hides.

      Regardless, they remove what they can without destroying the school-installed software and return it to FBI dad. He returns it to the school. Hilarity ensues.

      Slashdot readers read a non-technical report on what happened, written by a non-technical writer, who got his information from non-technical reports made by yet more non-technical people, treats it as if the entire report is completely accurate and all technical terms used correctly, and more hilarity ensues.

  3. Seth McFarlane? Is that you? by Rosco+P.+Coltrane · · Score: 4, Funny

    So let me guess: the guys's name is Stan, the kid's name is Steve and the principal is called Brian?

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. the judge is kind of right by alen · · Score: 5, Informative

    the prinicipal was a moron for using a school computer. if it was his own computer then a search warrant would apply.

  5. Re:This is probably common by Rosco+P.+Coltrane · · Score: 4, Funny

    I hear 90% of all statistics are made up.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. Re:This is probably common by gstoddart · · Score: 5, Funny

    I hear 90% of all statistics are made up.

    Only about 70% of the time.

    --
    Lost at C:>. Found at C.
  7. Re:can't wipe a disk? by Ixokai · · Score: 4, Insightful

    Not all FBI agents are computer wizzes. TFA said that the office he was in had no computer crimes unit which is where the computer wizzes congregate.

    And it surprises you that a computer repair shop might not actually do what they say they are going to? Really?

  8. Some Clarification by PuckSR · · Score: 5, Informative

    The "FBI" didn't wipe his computer. He simply asked his co-workers for some help. Apparently neither he nor they were particularly tech-savvy so he took it to a computer shop. He probably asked the shop owner to remove "all of my kid's games and stuff". I imagine that this spyware tries to mask itself so that kids cant just find it and uninstall it. The shop owner probably just uninstalled all of the "games and stuff" and then returned it.

    The problem is that a person who was so confused by removing software that he had to go to a "computer shop" is trying to tell you what he did. He didn't get the FBI to clean the machine, he simply asked his co-workers who didn't know either. This also happened in Saipan, not New Jersey. The FBI has a small office, not a high tech lab.

    The FBI agent screwed up by not notifying authorities immediately(he tried to solve the case himself), but he was probably concerned that the evidence wouldn't hold up in court. Lucky for everyone, the Judge seems like he was willing to stretch the letter of the law to punish a clearly guilty man.

  9. Re:Two stories here by dinfinity · · Score: 5, Informative

    Yes, that or the submitter deliberately misquoted the article:
    "Auther first took the laptop to his FBI office and asked his colleagues how to wipe it clean. Apparently they don’t have many cyber experts in the Mariana Islands, because they were unsuccessful. So Auther had to instead take it to a computer repair shop, which cleaned out the old files and allegedly reimaged the hard drive to return it to its original settings."

    Sounds to me like there wasn't any professional FBI 'scrubbing' involved, just some guy going to work and talking about wiping a laptop by the water cooler.

  10. Re:Two stories here by MNNorske · · Score: 4, Insightful

    Most laptops these days have a recovery image on a separate partition of the hard drive. It would not be beyond belief that the spyware the agent used injected itself into the recovery partition so it would re-install itself. My guess is that this particular agent was not a technical expert himself and probably just asked a coworker who was technical what he could use to monitor his child's use of the computer. When he handed the machine off to someone to restore it he may not have told them exactly what he put on it, and if they then used the recovery partition, well... you have this scenario.

  11. Re:My mind is melting. by Ixokai · · Score: 4, Insightful

    "The FBI" is not a monolithic thing.

    He didn't take it to an FBI technician-- if he did, it'd probably have been cleaned up tight and fast. He took it into his office, where TFA says *they don't have cyber guys*. I.e., he's in some dingy little office without a cyber crimes unit. This doesn't sound implausible at all, the guy's in an FBI office across the Pacific in a US territory, not in Los Angeles.

    Then he took it in to a local computer repair shop, and it doesn't at all sound implausible to me that they might have fibbed on just what they did. Instead of re-imagining it, they may have just done a quick scrub of the user settings.

    "The FBI" didn't go through a two step process. A guy who is also an FBI agent went through a two step process. Not everything an FBI agent does is with the full force and resources of The FBI.

  12. Re:Bios flashed spyware? by black3d · · Score: 5, Informative

    The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. They'll usually survive a low level format in the same manner. "Whats that? You want to change one of my bits to 0? Okay.. umm.. Done! *cough*". You can generally reliably remove rootkits by taking the drive out, putting it into an external drive bay (so its not present on a PC while booting), connect the drive when your PC is started up and then format it with none of its code executing.

    However, if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner. In fact, to spot it, you'd really have to use some imaging software with comparison checksums so that after the the imaging it can make sure everything is as it should be. While the rootkit can happily inform that "nothing is there", it can't predict what should be there in an imaged drive, and would be caught out that way. However - thats not how 99% of us format drives, especially since most don't have MD5d images of other peoples hard disks, or don't put them in external caddies before doing so. :P

    --
    "The true measure of a person is how they act when they know they won't get caught." - DSRilk
  13. Re:This is probably common by Phroggy · · Score: 5, Funny

    I hear 90% of all statistics are made up.

    Only about 70% of the time.

    "Don't believe everything you read on the Internet." - Abraham Lincoln

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  14. Re:with no warrant by SJHillman · · Score: 4, Insightful

    Kicking in a door is illegal as a private citizen and is not something you would expect a private citizen to do. Installing software to monitor his kid's activities is something perfectly legal and well within the realm of what a private citizen might be expected to do. As with many laws, there's a gray area that you have to actually use your brain to determine if something is reasonable or not. There's no slippery slope no matter how much you tilt your head.

  15. This just in: by Culture20 · · Score: 4, Funny

    All newly sold computers in the United States will actually be pre-owned by FBI agents' family members. Full story at eleven.

  16. Re:Bios flashed spyware? by Culture20 · · Score: 4, Interesting

    The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. [...] if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner.

    If they used the Windows setup disk to nuke the drive, how did the rootkit get on the DVD? How did the rootkit stay running after a reboot? You're almost on the right track, but BIOS/EFI infection is the answer you're looking for (or HDD firmware). The rootkit has to be running before any OS boots up. Even a boot-sector virus won't survive a disk-wipe, so there had to be a re-infection method.