When he clicked on the custom made link to what he thought was a real news article, it activated the spy tool, allowing the FBI to obtain his IP address and track his location, get a search warrant for his house, and interview him (he confessed to making the threats and ultimately pleaded guilty.)
The case is in the news now because of an FOIA request by a reporter. Based on emails in the documents, it appeared that the FBI also made a bogus Seattle Times webpage to "host" its fake story, but the FBI denies this. Apparently, they are saying while the emails suggested using a Seattle Times as a cover, that part of the plan was scrapped after review. Before that disclosure, the Seattle Times reacted angrily:
We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best. “Not only does that cross a line, it erases it,” she said.
“Our reputation and our ability to do our job as a government watchdog are based on trust. Nothing is more fundamental to that trust than our independence — from law enforcement, from government, from corporations and from all other special interests,” Best said. “The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.”
The affidavit for the warrant is on page 31 of this EFF version of the FOIA documents.
In geek talk, according to the documents received in response to the FOIA request, what the FBI did was have the Cryptologie and Electronic Analysis Unit(CEAU) of the Software Development Group (SDC) of the Operations Technology Division (OTD) "effectuate the remote delivery of a Computer Internet Protocol Address Verifier (CIPAV) to geophysically locate the suspect."
It's a complicated process, which begins when a state or federal law enforcement agency requests such help from the CEAU. The request goes up the chain of command, and if approved, it goes to an AUSA in the district who submits a request to the court for a warrant, supported by a probable cause affidavit. The affidavit tells the court what they are going to do but doesn't give details about the particular spy tool or how they intend to trick the target into activating it, since it wants to keep such specifics to itself. The court then enters an order granting the request and they're off to the races.
Codewords to look for in the order: "remote access search and surveillance (RASS)." Another email says, "we basically have 3 tools to locate a computer. Basic IPAV, Local Info and Local Info with Getter."
According to the documents, similar operations have been carried out in Cincinnati, Houston, Tampa, and St. Louis. One agent wrote in an email:
[T]his was one of many cases that CEAU/SDG was working on at the time, with successful deployments. In fact, CEAU has so many currently pending operations that I have borrowed an SSA from DITU to work an overseas matter.
The latest impersonation case making the news is in a gambling case in Nevada. The FBI caused internet access to be shut off at various intervals at three luxury villas in Las Vegas. When the residents complained, the FBI sent agents to the villa, disguised as repairmen, so they could get inside and gather evidence without a warrant.
Of course, the DEA and FBI have been impersonating workers from other companies for decades. I had cases in the 70's where DEA agents dressed in Fedex uniforms and driving Fedex trucks, delivered packages containing drugs shipped via Fedex. The difference may be that Fedex agreed to the practice.
Now that the FBI has expanded to faking news articles , journalists are up in arms over the impersonation issue, and we can expect to see them tweeting and reporting every instance of impersonation they come across. I, for one, welcome the exposure, even though none of these new stories surprise me. I also think they only reach the tip of the proverbial iceberg.