The Wall Street Journal reports: Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.

A spokeswoman for the FBI declined to comment.

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.’s Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment. [Continue reading…]

Salon: FBI Director Robert Mueller admitted to Congress Wednesday that drones are already being used over U.S. soil. While the use of surveillance drones domestically — both by local and federal law enforcement agencies — has been long anticipated and ushered in by a lobby with a powerful congressional caucus of supporters, Mueller’s admissions highlighted the lack of legislation currently in place to govern the use drone technology at home.

Mueller told a hearing that the FBI had used drones to aid its investigations in a “very, very minimal way, very seldom… Our footprint is very small, and we have very few and of limited use, and we’re exploring not only the use but also the necessary guidelines for that use,” he said.

Mueller’s acknowledgment is only the latest in a series of disclosures about the domestic use of drones. In 2010, it was revealed — and has since become common knowledge — that Border Patrol surveils both Canadian and Mexican borders with unmanned aircraft.

The New York Times reports: After contradictory stories emerged about an F.B.I. agent’s killing last month of a Chechen man in Orlando, Fla., who was being questioned over ties to the Boston Marathon bombing suspects, the bureau reassured the public that it would clear up the murky episode.

“The F.B.I. takes very seriously any shooting incidents involving our agents, and as such we have an effective, time-tested process for addressing them internally,” a bureau spokesman said.

But if such internal investigations are time-tested, their outcomes are also predictable: from 1993 to early 2011, F.B.I. agents fatally shot about 70 “subjects” and wounded about 80 others — and every one of those episodes was deemed justified, according to interviews and internal F.B.I. records obtained by The New York Times through a Freedom of Information Act lawsuit.

The last two years have followed the same pattern: an F.B.I. spokesman said that since 2011, there had been no findings of improper intentional shootings.

In most of the shootings, the F.B.I.’s internal investigation was the only official inquiry. In the Orlando case, for example, there have been conflicting accounts about basic facts like whether the Chechen man, Ibragim Todashev, attacked an agent with a knife, was unarmed or was brandishing a metal pole. But Orlando homicide detectives are not independently investigating what happened. [Continue reading…]

MarketWatch: Emails are not private. A message may have one sender and one recipient but it can, with little effort, be read by a third party. In fact, despite the Fourth Amendment’s protections against unlawful searches, federal agencies do not necessarily need a warrant to read emails older than six months.

Concerns over such government snooping were raised by the American Civil Liberties Union, which last week noted a “troubling picture” of email surveillance practices by the Federal Bureau of Investigation and the Department of Justice. The agencies may be taking advantage of a component of the Electronic Communications Privacy Act, which requires warrants only for emails that have been stored on a third-party server for less than 180 days.

Documents reviewed by the ACLU showed that the FBI may be reading emails and other electronic messages without a warrant, and that different U.S. attorney’s offices may be applying “conflicting standards,” the group says. “It is time for Congress to step in and standardize the requirements and require warrants across the board,” says Nathan Wessler, a staff attorney with the ACLU. The report follows a similar review of IRS documents. [Continue reading…]

The New York Times reports: Surveillance can be a tricky affair in the Internet age.

A federal law called the Communications Assistance for Law Enforcement Act allows law enforcement officials to tap a traditional phone, as long as they get approval from a judge. But if communication is through voice over Internet Protocol technology — Skype, for instance — it’s not as simple.

That conversation doesn’t pass through a central hub controlled by the service provider. It is encrypted — to varying degrees of protection — as it travels through the Internet, from the caller’s end to the recipient’s.

The Federal Bureau of Investigation has made it clear it wants to intercept Internet audio and video chats. And that, according to a new report being released Friday by a group of technologists, could pose “serious security risks” to ordinary Internet users, giving thieves and even foreign agents a way to listen in on Americans’ conversations, undetected.

The 20 computer experts and cryptographers who drafted the report say the only way that companies can meet wiretap orders is to re-engineer the way their systems are built at the endpoints, either in the software or in users’ devices, in effect creating a valuable listening station for repressive governments as well as for ordinary thieves and blackmailers.

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report, released by the Center for Democracy and Technology, an advocacy group in Washington.

“That’s a security vulnerability waiting to happen, as if we needed more,” he said. [Continue reading…]

Slate: Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.

Last week, during a talk for the American Bar Association in Washington, D.C., FBI general counsel Andrew Weissmann discussed some of the pressing surveillance and national security issues facing the bureau. He gave a few updates on the FBI’s efforts to address what it calls the “going dark” problem — how the rise in popularity of email and social networks has stifled its ability to monitor communications as they are being transmitted. It’s no secret that under the Electronic Communications Privacy Act, the feds can easily obtain archive copies of emails. When it comes to spying on emails or Gchat in real time, however, it’s a different story.

That’s because a 1994 surveillance law called the Communications Assistance for Law Enforcement Act only allows the government to force Internet providers and phone companies to install surveillance equipment within their networks. But it doesn’t cover email, cloud services, or online chat providers like Skype. Weissmann said that the FBI wants the power to mandate real-time surveillance of everything from Dropbox and online games (“the chat feature in Scrabble”) to Gmail and Google Voice. “Those communications are being used for criminal conversations,” he said. [Continue reading…]

In The Terror Factory: Inside the FBI’s Manufactured War on Terrorism, Trevor Aaronson writes: Antonio Martinez was a punk. The twenty-two-year-old from Baltimore was chunky, with a wide nose and jet-black hair pulled back close to his scalp and tied into long braids that hung past his shoulders. He preferred to be called Muhammad Hussain, the name he gave himself following his conversion to Islam. But his mother still called him Tony, and she couldn’t understand her son’s burning desire to be the Maryland Mujahideen.

As a young man, Martinez had been angry and lost. He’d dropped out of Laurel High School, in Prince George’s County, Maryland, and spent his teens as a small-time thief in the Washington, D.C., suburbs. By the age of sixteen, he’d been charged with armed robbery. In February 2008, at the age of eighteen, he tried to steal a car. Catholic University doctoral student Daniel Tobin was looking out of the window of his apartment one day when he saw a man driving off in his car. Tobin gave chase, running between apartment buildings and finally catching up to the stolen vehicle. He opened the passenger-side door and got in. Martinez, in the driver’s seat, dashed out and ran away on foot. Jumping behind the wheel, Tobin followed the would-be car thief. “You may as well give up running,” he yelled at Martinez. Martinez was apprehended and charged with grand theft of a motor vehicle—he had stolen the vehicle using an extra set of car keys which had gone missing when someone had broken into Tobin’s apartment earlier. However, prosecutors dropped the charges against Martinez after Tobin failed to appear in court.

Despite the close call, Martinez’s petty crimes continued. One month after the car theft, he and a friend approached a cashier at a Safeway grocery store, acting as if they wanted to buy potato chips. When the cashier opened the register, Martinez and his friend grabbed as much money as they could and ran out of the store. The cashier and store manager chased after them, and later identified the pair to police. Martinez pleaded guilty to theft of one hundred dollars and received a ninety-day suspended sentence, plus six months of probation.

Searching for greater meaning in his life, Martinez was baptized and became a Christian when he was twenty-one years old, but he didn’t stick with the religion. “He said he tried the Christian thing. He just really didn’t understand it,” said Alisha Legrand, a former girlfriend. Martinez chose Islam instead. On his Facebook page, Martinez wrote that he was “just a yung brotha from the wrong side of the tracks who embraced Islam.” But for reasons that have never been clear to his family and friends, Martinez drifted toward a violent, extremist brand of Islam. When the FBI discovered him, Martinez was an angry extremist mouthing off on Facebook about violence, with misspelled posts such as, “The sword is cummin the reign of oppression is about 2 cease inshallah.” Based on the Facebook postings alone, an FBI agent gave an informant the “green light” to get to know Martinez and determine if he had a propensity for violence. In other words, to see if he was dangerous.

The government was setting the trap. [Continue reading…]

Trevor Aaronson writes: Quazi Mohammad Nafis was a 21-year-old student living in Queens, New York, when the US government helped turn him into a terrorist.

His transformation began on July 5, when Nafis, a Bangladeshi citizen who’d come to the United States on a student visa that January, shared aspirations with a man he believed he could trust. Nafis told this man in a phone call that he wanted to wage jihad in the United States, that he enjoyed reading Al Qaeda propaganda, and that he admired “Sheikh O,” or Osama bin Laden. Who this confidant was and how Nafis came to meet him remain unclear; what we know from public documents is that the man told Nafis he could introduce him to an Al Qaeda operative.

It was a hot, sunny day in Central Park on July 24 when Nafis met with Kareem, who said he was with Al Qaeda. Nafis, who had a slight build, mop of black hair, and a feebly grown beard, told Kareem that he was “ready for action.”

“What I really mean is that I don’t want something that’s, like, small,” Nafis said. “I just want something big. Something very big. Very, very, very, very big, that will shake the whole country.”

Nafis said he wanted to bomb the New York Stock Exchange, and with help from his new Al Qaeda contact, he surveilled the iconic building at 11 Wall Street. “We are going to need a lot of TNT or dynamite,” Nafis told Kareem. But Nafis didn’t have any explosives, and, as court records indicate, he didn’t know anyone who could sell him explosives, let alone have the money to purchase such materials. His father, a banker in Bangladesh, had spent his entire life savings to send Nafis to the United States after his son, who was described to journalists as dim by people who knew him in his native country, had flunked out of North South University in Bangladesh.

Kareem suggested they rent a storage facility to stash the material they’d need for a car bomb. He said he’d put up the money for it, and get the materials. Nafis dutifully agreed, and suggested a new target: the Federal Reserve Bank of New York. Nafis later met Kareem at a storage facility, where Nafis poured the materials Kareem had brought into trash bins, believing he was creating a 1,000-pound car bomb that could level a city block.

In truth, the stuff was inert. And Kareem was an undercover FBI agent, tipped off by the man who Nafis had believed was a confidant—an FBI informant. The FBI had secretly provided everything Nafis needed for his attack: not only the storage facility and supposed explosives, but also the detonator and the van that Nafis believed would deliver the bomb.

On the morning of October 17, Nafis and Kareem drove the van to Lower Manhattan and parked it in front of the Federal Reserve Bank on Liberty Street. Then they walked to a nearby hotel room, where Nafis dialed on his cellphone the number he believed would trigger the bomb, but nothing happened. He dialed again, and again. The only result was Nafis’ apprehension by federal agents.

“The defendant thought he was striking a blow to the American economy,” US Attorney Loretta E. Lynch said in a statement after the arrest. “At every turn, he was wrong, and his extensive efforts to strike at the heart of the nation’s financial system were foiled by effective law enforcement. We will use all of the tools at our disposal to stop any such attack before it can occur.”

Federal officials say they are protecting Americans with these operations—but from whom? Real terrorists, or dupes like Nafis, who appear unlikely to have the capacity for terrorism were it not for FBI agents providing the opportunity and means? [Continue reading…]

Jason Leopold writes: Hesham opened the envelope at the bar, expecting a green card. Instead, it was a subpoena from a federal prosecutor, which would force him to testify–against his brother.

He thought about fleeing to Norway or Poland with his wife and daughter. But it would be much easier to cross the border into Canada in his Cadillac Escalade and avoid the hassle of airport security and the possibility that his name would pop up on the no-fly list. In Canada, he could start over again. Raise farm animals or something. Change his name. Never look back. Hesham had played this fantasy out in his head dozens of times since he had quit working as a confidential informant for the FBI.

“This is what you wanted from me all along, isn’t it?” Hesham asked the FBI agent who handed him the envelope. “You guys used me.”

When he’d been living in Portland, Oregon, Hesham had agreed to infiltrate mosques and spy on other Muslims because his FBI handler led him to believe she could help him obtain a green card. She didn’t, and he cut off contact with the agency when he moved to a small town in Florida. But they had found him again.

“No way,” Hesham said.

“You don’t have a choice,” the agent told Hesham. “Testify or go back to jail.”

Hesham stared at the agent. He didn’t say a word. His eyes started to twitch, which happens whenever he gets angry. He stood up, pulled his wallet out of his back pocket, placed a $20 bill under his whiskey glass and walked outside to light a cigarette. He paced the parking lot, cursing his brother’s name. Two FBI agents and a special agent with the US Army’s Criminal Investigation Command watched him from a distance.

Hesham flicked his cigarette butt and walked back toward them. Going back to jail wasn’t an option. He was afraid he would never get out and would never see his wife and daughter again.

“When do I need to do this?” Hesham asked the agents.

“Probably in a few weeks,” the Army special agent said. “We’ll either stop by or call you.”

Hesham got into his car and tore out of the parking lot, his tires screeching. He felt weak, trapped and ashamed. Hesham hoped his brother would forgive him for ratting him out.

Hesham Mohamed Hussain Abu Zubaidah is the younger brother of Zayn al-Abidin Mohamed Husayn, better known to the world as the high-value Guantanamo detainee “Abu Zubaidah,” whom the US government has for more than a decade claimed was “one of the highest-ranking members of the al-Qaeda terrorist organization” and “involved in every major terrorist operation carried out by al-Qaeda,” including the 9/11 attacks [1].

Research I was conducting on the accused terrorist led me to Hesham. I had stumbled across a three-year-old comment on a blog post left by someone who identified himself as Hesham.

“Yes that is my brother and I live in Oregon,” the commenter said. “Do you think I should have been locked away for 2 years with no charges for a [sic] act of a sibling? I am the younger brother of Zayn and I live in the USA. Tell me what you think.”

I was blown away. A search of his name on Google turned up only 28 results, including another comment posted by a person using Hesham’s name, as well as one by a person identifying herself as Hesham’s wife. Who was Hesham, and why hadn’t we heard of him before? [Continue reading…]

CNET reports: The FBI has recently formed a secretive surveillance unit with an ambitious goal: to invent technology that will let police more readily eavesdrop on Internet and wireless communications.

The establishment of the Quantico, Va.-based unit, which is also staffed by agents from the U.S. Marshals Service and the Drug Enforcement Agency, is a response to technological developments that FBI officials believe outpace law enforcement’s ability to listen in on private communications.

While the FBI has been tight-lipped about the creation of its Domestic Communications Assistance Center, or DCAC — it declined to respond to requests made two days ago about who’s running it, for instance — CNET has pieced together information about its operations through interviews and a review of internal government documents.

DCAC’s mandate is broad, covering everything from trying to intercept and decode Skype conversations to building custom wiretap hardware or analyzing the gigabytes of data that a wireless provider or social network might turn over in response to a court order. It’s also designed to serve as a kind of surveillance help desk for state, local, and other federal police. [Continue reading…]

Rick Perlstein writes: This past October, at an Occupy encampment in Cleveland, Ohio, “suspicious males with walkie-talkies around their necks” and “scarves or towels around their heads” were heard grumbling at the protesters’ unwillingness to act violently. At meetings a few months later, one of them, a 26-year-old with a black Mohawk known as “Cyco,” explained to his anarchist colleagues how “you can make plastic explosives with bleach,” and the group of five men fantasized about what they might blow up. Cyco suggested a small bridge. One of the others thought they’d have a better chance of not hurting people if they blew up a cargo ship. A third, however, argued for a big bridge – “Gotta slow the traffic that’s going to make them money” – and won. He then led them to a connection who sold them C-4 explosives for $450. Then, the night before the May Day Occupy protests, they allegedly put the plan into motion – and just as the would-be terrorists fiddled with the detonator they hoped would blow to smithereens a scenic bridge in Ohio’s Cuyahoga Valley National Park traversed by 13,610 vehicles every day, the FBI swooped in to arrest them.

Right in the nick of time, just like in the movies. The authorities couldn’t have more effectively made the Occupy movement look like a danger to the republic if they had scripted it. Maybe that’s because, more or less, they did.

The guy who convinced the plotters to blow up a big bridge, led them to the arms merchant, and drove the team to the bomb site was an FBI informant. The merchant was an FBI agent. The bomb, of course, was a dud. And the arrest was part of a pattern of entrapment by federal law enforcement since September 11, 2001, not of terrorist suspects, but of young men federal agents have had to talk into embracing violence in the first place. One of the Cleveland arrestees, Connor Stevens, complained to his sister of feeling “very pressured” by the guy who turned out to be an informant and was recorded in 2011 rejecting property destruction: “We’re in it for the long haul and those kind of tactics just don’t cut it,” he said. “And it’s actually harder to be non-violent than it is to do stuff like that.” Though when Cleveland’s NEWS Channel 5 broadcast that footage, they headlined it “Accused Bomb Plot Suspect Caught on Camera Talking Violence.”

In all these law enforcement schemes the alleged terrorists masterminds end up seeming, when the full story comes out, unable to terrorize their way out of a paper bag without law enforcement tutelage. [Continue reading…]

CNET reports: The FBI is asking Internet companies not to oppose a controversial proposal that would require the firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.

In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.

The FBI general counsel’s office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

“If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding,” a person who has reviewed the FBI’s draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second person briefed on it.

The FBI’s proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.