Why is the FBI falsifying AP stories and possibly spoofing news websites to hack suspects?

trevor

Executive Director

Buried in a three-year old Freedom of Information Act document, ACLU's Chris Soghoian yesterday found a 2007 email from a Seattle FBI office that showed the FBI secretly falsified an Associated Press story, and possibly spoofed the Seattle Times website, in an attempt to get a suspect to click a malicious link so they could hack his computer.

After defending the practice yesterday amid outcry yesterday, the FBI has suddenly switched its story and now says it did not, in fact, use a fake Seattle Times link, but did make up an AP story. The Washington Post also reported tonight that the FBI is now "researching the policy on whether an agent could impersonate a news organization." Here's what the editor in chief of the Seattle Times told the AP this afternoon:

Kathy Best, editor of The Seattle Times, said in a statement that while the newspaper was "pleased to hear" the FBI did not use the paper's name, it would have preferred to have found that information out earlier from the agency "instead of a defense of the tactic" Monday after the FBI was presented with internal agency documents showing a mocked up, phony Seattle Times email and Web page.

"Even if The Seattle Times name wasn't used, the issues raised are the same. The FBI, in placing the name of The Associated Press on a phony story sent to a criminal suspect, crossed a line and undermined the credibility of journalists everywhere -- including at The Times," Best said.

We wholeheartedly agree. 

If the FBI is impersonating news organizations in an attempt to send malware to suspects, it not only erodes reader trust in newspapers, but it is an affront to press freedom. This should be beyond the pale for the FBI—whether they did it in this case through a falsified AP story, a disguised Seattle Times link, or both.

The FBI and Justice Department owe some answers to news organizations and the public: How often have US law enforcement agencies impersonated news organizations to send malware to suspects? Since it worked in this 2007 case, has the number of times they've falsified news article and impersonated media websites to hack their targets increased in recent years? What other news organizations have they pretended to be? And how do they prevent innocent readers from clicking on these malicious links? We call on the FBI and Justice Department to condemn this sleazy tactic and make sure the US government never again impersonates a news organization—whether it's online or off.

Donate to support press freedom

Your support is more important than ever.

Read more about Security

New guide helps journalists know their rights when police come knocking

Guide responds to confusion (at best) among law enforcement and judges evidenced by recent raids of newsrooms and journalists' homes in Kansas and Florida

Five years of Secure The News

In 2016, Freedom of the Press Foundation launched Secure The News to track and grade HTTPS adoption by news organizations. Today, five years later, we’re happy to say that its goals have been largely achieved, and we are retiring the project while archiving and preserving its historical data.

Filmmakers, take action: A new digital security resource and free digital security clinic

Today, we're launching an interactive digital security platform and free clinic for filmmakers.