Infosecly
The Strange Case of The CBS Government Surveillance
29.08.20183 Min Read — In Government Surveillance

Here is the scenario

Sharyl Attkisson was an investigative reporter with CBS.  As a reporter, Attkisson covered sensitive stories, such as the federal gun-trafficking investigation known as “Fast and Furious” and the attack on the American diplomatic compound in Benghazi.  One of Attkisson's stories involved the ATF allowing firearms dealers to sell weapons to straw purchasers to enable the ATF to track the firearms back to higher-up figures in Mexican drug cartels.  This was known as "Fast and Furious."  In her reporting, she was very critical of the DOJ and AG Eric Holder.

The Infosec Part

The Infosec part of it (and why this is written here) goes like this: she began to notice anomalies in numerous electronic devices at home, including a laptop and desktop turning on and off at night.  The house alarm would chirp daily at different times, often indicating phone line trouble.  She also had television interference. These devices all used the Verizon FiOS line installed in the home, and Verizon was unable to cure the problems.

Attkisson noticed problems with the Internet service. Verizon installed a new router but the problems continued. Verizon then replaced the router again and replaced the entire FiOS service box but the issues continued.  A few months later, her phone line was nearly unusable because of anomalies and interruptions and this spread to her mobile phones.  She and the other targeted individuals eventually asked a contact with U.S. government intelligence experience to examine their home. During this examination, the consultant discovered an extra fiber optics line dangling from plaintiffs’ Verizon FiOS box.

Attkisson contacted Verizon to ask about this line. Verizon disclaimed any knowledge of the line and suggested Attkisson contact law enforcement. In New Year’s Day, a person “represented to be a Verizon technician” removed the cable. Attkisson asked the technician to leave the cable by the box and he did so but when her husband arrived home later, the cable was missing.  The phone and internet issues continued and Verizon was notified about these problems, it was unable to fix them.

Finally, Attkisson had an expert conduct a forensic analysis of her laptop.  This discovered evidence of sustained intrusions, including using sophisticated software whose fingerprint indicated the software was proprietary to the federal government.  Attkisson reported this finding to CBS, which retained an expert to examine the laptop and desktop computers.  The forensic analysis also revealed that somebody installed sophisticated surveillance spyware on Attkisson’s work laptop some time  and “remotely ‘refreshed’ the ongoing surveillance.”

Apparently, the intruders executed remote actions to remove evidence of the intrusion from the various electronics. After the forensic examination, the desktop computer began malfunctioning and, after several days of it freezing and emitting a burning odor, it shut down. Attkisson, claiming that at least some of these intrusions were apparently executed via an IP address owned, controlled, and operated by the USPS.

Attkisson filed a lawsuit.  Unfortunately for her, the Federal Court hearing the case dismissed her complaint. Cyber Lawyer Domingo Rivera has a summary of the case or you may find the full Court's opinion here.

This is a case where the disconnect between digital forensics and the law can be seen.  It is also one of those situations that cyber security and cyber forensics experts find somewhat frustrating: having a forensic investigation, having the results, and seeing the evidence just to have attorneys plea the case in an incorrect manner.  When that happens, the case will get dismissed without a hearing on the merits.

From and Infosec Perspective...

From an Infosec perspective, we are interested in knowing the software that was used to penetrate the devices. We would love to reverse engineer it and see where things go.  In these cases, it is also useful to trace the traffic emanating from the compromised devices in order to find the source.  All of this work is important to produce evidence that can be introduced at trial.  Hopefully, our clients obtain legal counsel that can get the case past the initial stage and into the merits.  That did not happen in this case.