FBI Spoofs News Story To Send Spyware To Suspect : The Two-Way How did the FBI get a suspect to click on a link? It created a fake news story about the suspect. When he clicked, spyware glommed on to his computer.

FBI Spoofs News Story To Send Spyware To Suspect

It was already known that the FBI uses spyware to investigate people — that was clear in federal documents obtained by the Electronic Frontier Foundation. What hasn't been fully appreciated until now was the lengths to which the FBI will go to infect a target's computer.

"Presumably, your typical Nigerian scam email offering $10 million dollars isn't going to work," says Christopher Soghoian of the ACLU.

"They need something that will convince people to click on that link. And I guess in this case, they went for vanity."

Digging through the EFF's documents, Soghoian found a 2007 case in which the FBI impersonated the Associated Press to catch a suspect in Washington state.

"This was a fake article that was written about the target, and I guess they though that the target would be quite likely to click on a news article about him," Soghoian says.

The fake article described a rash of bomb threats at a Washington state high school, and the link was sent via MySpace to a juvenile suspected of making those threats. The boy was later arrested and suspected.

The AP says its name was "misappropriated," and calls the ploy "unacceptable."

The Seattle Times has also expressed its outrage, though it's not clear it has the same grounds to object. The paper initially reported today that the FBI had created a "fake Seattle Times Web page," but the FBI says it never used the paper's name.

"The link just said 'Article,'" says Ayn Dietrich-Williams, FBI media coordinator in Seattle.

But in the FBI's internal communications revealed in the EFF documents, a Seattle Times email link is referred to as an apparent model for the FBI's bogus link. "Here is the email link in the style of the Seattle Times," says the email.

Whether or not the Seattle Times's identity was used, it sets off alarm bells in newsrooms, whenever law enforcement poses as journalists.

"Who's going to trust that we are who we say we are," says Seattle Times editor Kathy Best. "It affects our ability to be a government watchdog, it affects our ability to be an effective news organization."

A prepared statement from the FBI says, in part, "We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting. Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat."

Soghoian is not convinced the technique is rarely used, in part because the FBI has been reluctant to talk about its spyware program, and there have been no public hearings in Congress about the program.

Editor's Note: An earlier version of this post said the FBI had impersonated the Seattle Times. The FBI has since returned our request for comment, denying that it ever used the paper's name, so we've updated this post to reflect that information.