Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
FBI installs spyware to gather evidence
Published: 2007-07-18

A former Washington high school student received 90 days in juvenile detention this week after pleading guilty to charges stemming from a rash of bomb threats and being tracked down by the Federal Bureau of Investigation through the use of a Trojan horse that identified his computer.

The student used a false name and other pseudonyms in e-mail addresses registered with Google's Gmail to send bomb threats to Timberline High School in Lacey, Washington, FBI Special Ageny Norman Sanders Jr. stated in an affidavit. The threats caused daily evacuations of the school the week of June 4, 2007. An earlier bomb threat, which evacuated the school on May 30, was found in a handwritten note.

The sender of the threats had claimed to be using a computer in Italy and taunted police and the FBI for their apparent lack of success in locating him, according to the affidavit.

"Seriously, you are not going to catch me. So just give up," the student wrote, according to the court filing. "Maybe you should hire Bill Gates to tell you that it is coming from Italy."

More than thirty students at the school received a request from the suspect to link to a MySpace page, "Timberlinebombinfo." The suspect had used another student's name to send the invitations using America Online's Instant Messenger.

Internet addresses used to register the Gmail and MySpace accounts resolved to an Internet service provider in Italy, while the address used to post bomb threats on the bulletin board of The Olympian came from a computer at the National Institute of Nuclear Physics in Italy, the affidavit stated. Because of the likelihood that the suspect was using compromised systems to hide his identity, the FBI decided to use a program dubbed the Computer and Internet Protocol Address Verifier (CIPAV) to locate the miscreant, according to the affidavit filed by Sanders requesting the use of the program.

The FBI sent the Trojan horse to the administrator of the MySpace account "Timberlinebombinfo". The program is designed to record the IP address, dates, and times when data is sent, but not the content of the messages. Both Wired News and CNET have additional coverage of the use of the CIPAV Trojan horse.

The student whose identity was stolen was ostracized at school and has since enrolled in a different district, the Olympian reported. The ninety day sentence is the maximum allowed under the standard sentencing guidelines for juveniles.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus