It’s well known that the FBI makes use of malware to track the activities of suspects, and a new story from the Washington Post once again demonstrates it.
In April 2013, we learned that a judge had denied the FBI’s request to hack into an alleged criminal’s computer. At the time, the judge argued that the operation was “extremely intrusive” in nature.
However, in the case highlighted by the Washington Post, a judge did approve the FBI’s search warrant in December 2012. The law enforcement agency was trying to track down a man who called himself “Mo.”
Mo started making bomb threats after authorities arrested the man who had shot and killed 12 individuals in a movie theater in Aurora, Colorado. Two days after the incident, the man called the county sheriff’s office and demanded that the shooter be released, as he was a friend of his.
At the time, the suspect communicated with the sheriff via a Gmail email address and by phone. Authorities went to Google to identify the man, but it turned out that he was using Google Voice to make the calls. Furthermore, he used a proxy to mask his real IP address.
Mo later threatened to detonate bombs at the county jail, a hotel, universities, and airports.
After he started using a Yahoo email address, in September 2012, the FBI obtained a warrant for the account information. That was when they learned that the man might be Mohammed Arian Far, a 27-year-old located in Tehran, the capital of Iran.
Authorities had also received a picture from the suspect, which showed that he was wearing an Iranian military uniform.
In December 2012, the FBI obtained a warrant that allowed the agency to use a piece of malware that would transmit information from the man’s computer to servers in Quantico.
Yahoo representatives say they haven’t cooperated with authorities on the case. It appears the FBI had sent the suspect a spear phishing email that had the surveillance software attached.
However, the software failed to perform properly. It only sent the FBI a request for information which included a couple of new IP addresses that confirmed Mo was located in Tehran.