Slashdot Mirror
FBI Dad's Misadventures With Spyware Exposed School Principal's Child Porn
nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."
...the spyware surviving a cleaning by a computer repair shop and the FBI...
Do not look into laser with remaining eye.
the prinicipal was a moron for using a school computer. if it was his own computer then a search warrant would apply.
No, but they seem to be experts at DBAG. :-P
Lost at C:>. Found at C.
Only about 70% of the time.
Lost at C:>. Found at C.
The "FBI" didn't wipe his computer. He simply asked his co-workers for some help. Apparently neither he nor they were particularly tech-savvy so he took it to a computer shop. He probably asked the shop owner to remove "all of my kid's games and stuff". I imagine that this spyware tries to mask itself so that kids cant just find it and uninstall it. The shop owner probably just uninstalled all of the "games and stuff" and then returned it.
The problem is that a person who was so confused by removing software that he had to go to a "computer shop" is trying to tell you what he did. He didn't get the FBI to clean the machine, he simply asked his co-workers who didn't know either. This also happened in Saipan, not New Jersey. The FBI has a small office, not a high tech lab.
The FBI agent screwed up by not notifying authorities immediately(he tried to solve the case himself), but he was probably concerned that the evidence wouldn't hold up in court. Lucky for everyone, the Judge seems like he was willing to stretch the letter of the law to punish a clearly guilty man.
Yes, that or the submitter deliberately misquoted the article:
"Auther first took the laptop to his FBI office and asked his colleagues how to wipe it clean. Apparently they don’t have many cyber experts in the Mariana Islands, because they were unsuccessful. So Auther had to instead take it to a computer repair shop, which cleaned out the old files and allegedly reimaged the hard drive to return it to its original settings."
Sounds to me like there wasn't any professional FBI 'scrubbing' involved, just some guy going to work and talking about wiping a laptop by the water cooler.
He didn't use internal FBI resources, hence the computer repair shop. He asked his friends at the FBI if they knew how to clear the laptop. They didn't, so he took it to the shop. That's hardly using FBI resources (the summary is more than a little misleading).
Agreed on the shop, they sound pretty incompetent.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
The main way that rootkits survive a total hard disk format is because they're running at the time - any decent rootkit is more than able to stop a simple format from removing it simply by intercepting any parts of the format which target it, and returning OK signals. They'll usually survive a low level format in the same manner. "Whats that? You want to change one of my bits to 0? Okay.. umm.. Done! *cough*". You can generally reliably remove rootkits by taking the drive out, putting it into an external drive bay (so its not present on a PC while booting), connect the drive when your PC is started up and then format it with none of its code executing.
:P
However, if the FBI or PC store simply formatted it through, say, re-formatting the drive by running the Windows setup disk, then a kernel level rootkit would happily stay in-tact in this manner. In fact, to spot it, you'd really have to use some imaging software with comparison checksums so that after the the imaging it can make sure everything is as it should be. While the rootkit can happily inform that "nothing is there", it can't predict what should be there in an imaged drive, and would be caught out that way. However - thats not how 99% of us format drives, especially since most don't have MD5d images of other peoples hard disks, or don't put them in external caddies before doing so.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Only about 70% of the time.
"Don't believe everything you read on the Internet." - Abraham Lincoln
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I work for the FBI, and while I am not familiar with this incident, I'm pretty sure there will be some administrative inquiry into misuse of gov't time & resources, especially since it has made us look bad in the press. I'll have to wait for the next quarterly report on ethic violations (which are always hilarious to read, some people are fucking idiots).
They might well understand about DBAN. However, this is what I think happened. The last paragraph is most important.
Something like this is likely as not what happened:
FBI dad is sent to "Saipan in the U.S. territory of the Northern Mariana Islands", an FBI office with three agents and a manager. FBI dad installs spyware on kid's school computer. FBI dad is transferred to new location. He goes to his friends in the local FBI office and asks them to scrub the computer. Either A) there aren't any FBI computer experts in Saipan (quite possible), or the local expert says, "I can wipe it, and I could run the restore software, but there's software on there the school installed that I don't have the disks or licenses for. Take it to a local laptop shop."
FBI Dad takes it to the local shop and says, "I want it restored to what it was like when my kid got it", or "I want you to wipe all my kids info off this laptop", or something similar. They say, "We'll do our best." They have the same problem the FBI expert has. If they DBAN the drive, they could destroy the restore partition, and they won't be able to reinstall the school-installed software. If they run the restore partition, the laptop is like it was before the school got it, and they still won't be able to reinstall the school-installed software. So, they remove all personal data and uninstall all software they think the school didn't install. Maybe they spot the spyware and think it is school installed, maybe they don't spot it, maybe they spot it and try to uninstall it, but instead of uninstalling it hides.
Regardless, they remove what they can without destroying the school-installed software and return it to FBI dad. He returns it to the school. Hilarity ensues.
Slashdot readers read a non-technical report on what happened, written by a non-technical writer, who got his information from non-technical reports made by yet more non-technical people, treats it as if the entire report is completely accurate and all technical terms used correctly, and more hilarity ensues.