The FBI in Seattle has acknowledged it created a fake Associated Press news article to lure a suspect in a series of high-school bomb threats in 2007 into downloading secret software onto his computer, but says it did not use a bogus Seattle Times Web link to do it.
Special Agent in Charge Frank Montoya Jr. said Tuesday that “at no time … did we reference The Seattle Times or provide any connection” to the newspaper when agents acted under the authorization of a federal search warrant.
The FBI sent a link to a 15-year-old suspect’s MySpace page to lure him into opening the article. When he did, it downloaded law-enforcement malware that revealed his location and Internet Protocol address to agents investigating the threats that had led to several evacuations at Timberline High School in Lacey, Thurston County.
That link led to a bogus Associated Press story about the bomb threats, said FBI spokeswoman Ayn Dietrich-Williams.
Most Read Local Stories
- Washington state primary election: How the day unfolded, plus results of key races VIEW
- Coronavirus daily news updates, August 4: What to know today about COVID-19 in the Seattle area, Washington state and the world
- After protests near her home, Seattle police chief asks City Council to intervene; activists say neighbors pointed guns at them
- COVID-19 positivity rates drop in King County, but hot spots to south still burn brightly
- Gyms will need to triple distance for exercising indoors
Internal FBI documents obtained by The Seattle Times through the Electronic Freedom Foundation (EFF) in San Francisco contained a reference by an agent to an “email link in the style of The Seattle Times,” with a headline “Technology savvy student holds Timberline High School hostage.”
The EFF documents contained emails between FBI agents discussing such a link that could be used to plant the software.
On Tuesday, after reviewing the case files, Montoya said that the use of The Seattle Times’ name was only a “suggestion.’’
Asked if the use of the Times’ name was a subject of the internal review, he said: “I will say yes. … It was looked at in the review process,’’ Montoya said.
He added the FBI does have a review process on cases that might touch on the First Amendment. Although he wasn’t in the Seattle office at the time, his review of the case file shows “there was plenty of discussion’’ between the Seattle office and headquarters regarding the case agent’s decision to use a bogus news story to plant the software.
Dietrich-Williams did not provide a copy of the link that was used in the investigation, but said it included the word “article” but nowhere mentioned The Seattle Times or any other news organization.
Paul Colford, the director of media relations for the AP in New York, said Tuesday that the international wire service is “extremely concerned and find(s) it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP.”
“This ploy violated AP’s name and undermined AP’s credibility,” he said.
Seattle Times Editor Kathy Best said, “Even if the Times’ name wasn’t used, the issues raised are the same. The FBI, in placing the name of The Associated Press on a phony story sent to a criminal suspect, crossed a line and undermined the credibility of journalists everywhere — including at The Times.
“We’re pleased to hear the FBI did not use The Seattle Times to further its investigation,” she added. “But we wish we had gotten that definitive ‘no’ from the FBI — instead of a defense of the tactic — Monday after providing the agency with internal FBI documents showing a mocked-up phony Seattle Times email and Web page.”
Civil libertarians and media officials have expressed similar concerns about the FBI tactics.
“The FBI and Justice Department owe some answers to news organizations and the public: How often have they impersonated news organizations to send malware to suspects?” asked Trevor Timm, the executive director of the Freedom of the Press Foundation in San Francisco.
“Do they regularly falsify news articles and impersonate media websites for their hacking targets? What other news organizations have they pretended to be? And how do they prevent innocent readers from clicking on these links?”
The software, called a Computer and Internet Protocol Address Verifier (CIPAV) was successfully downloaded onto the suspect’s computer in the Timberline bomb-threats case, and agents made an arrest within days.
The suspect, a juvenile, was prosecuted in state court.
Mike Carter: 206-464-3706 or firstname.lastname@example.org.