News outlets and privacy advocates are reacting sharply to the disclosure that the FBI tricked a school-bombing suspect in 2007 into revealing his whereabouts by getting him to click on a link to a fake Associated Press article infected with tracking software. the Washington Post reports. “We are extremely concerned and find it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP,” said spokesman Paul Colford. “This ploy violated AP's name and undermined AP's credibility.” American Civil Liberties Union technologist Christopher Soghoian disclosed the ruse in documents obtained by another privacy organization under the Freedom of Information Act.
The FBI Seattle field office created a false AP news story with headlines that served as click bait: “Bomb threat at high school downplayed by local police department” and “Technology savvy student holds Timberline High School hostage.” The agents sent a link to the story in a private message to the owner of an anonymous MySpace account who was believed to have been making bomb threats against Timberline High. By clicking on the link, the suspect unwittingly downloaded “malware” that enabled agents to identify his Internet protocol address. “Of course the FBI should investigate bomb threats to schools, but the ends do not justify the means,” Soghoian said. “It's a dangerous road impersonating the media. If people do not trust the news media, then our democracy cannot function properly.”