Since the late summer, we've known that the FBI had an elite hacker squad to develop surveillance on terrorism and organized crime suspects using malware. Now new details are emerging about the capabilities of that malware, and it reportedly includes using a suspect's laptop camera to spy on them.
Court documents, reported on by The Washington Post in a great narrative feature, reveal new details about the FBI hacker team's investigation of a suspected terrorism suspect, identified only as "Mo." The man had made a series of bomb threats at universities and airports last year, causing police disruption and catching the investigative eye of the FBI.
But with no concrete leads on "Mo," who was adept at communicating through VoIP (internet phone), email, and video services, without giving away his identity or location, the FBI called on the elite hacker team to design some surveillance malware to deliver to Mo's Yahoo email account. Notably making the FBI's use of internet surveillance different than some other government agencies' surveillance efforts, this was after the FBI was given court approval through a search warrant (which is why the court documents exist in the first place).
The court order allowed the FBI a two-week window in which to attempt to get Mo to sign on, and thus activate, the surveillance malware sent to his email address, which was named - ominously enough - texan.slayer@yahoo.com.
This may be the most interesting twist from a technological viewpoint. According to the Washington Post, "all investigators needed, it seemed, was for Mo to sign on to his account and, almost instantaneously, the software would start reporting information back to Quantico." If true, that low threshold of infection means this was no ordinary "phishing" blind link or deceptive email attachment - especially because Yahoo says it had no knowledge of the operation and did not assist the FBI. Technical details about the malware, however, were not revealed in the court papers.
In any case, after several logistical problems - including a software update to the target of the FBI's malware, which necessitated a re-write by the hacker team - the FBI managed to send the surveillance software to Mo's account.
But according to later court documents, the malware, in this instance, did not work: "The program hidden in the link sent to texan.slayer@yahoo.com never actually executed as designed," said a note to the court in February. However, Mo was discovered to be in Tehran, due to two new IP addresses being linked with the suspect after Mo's computer sent an information request to the FBI hacker team's computer.
Mo is only one of a handful of suspects the FBI has used malware to conduct surveillance on. In the course of the Washington Post's examination, reporters talked to former assistant director of the FBI's Operational Technology Division in Quantico, Marcus Thomas, who now works in the private sector.
Thomas said that the FBI's malware is able to secretly activate a suspect's front-facing webcam on their computer, without triggering the light that lets users know the camera is active. The FBI has had this capability, according to Thomas, for several years, though he expressed that only the most criminal investigations or terrorism cases warrant it.
In fact, court documents from a case in Houston confirm this, as the judge in that case rejected an FBI search warrant request to use the camera-activating malware on a bank fraud suspects, calling it "extremely intrusive."
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
