The FBI Hyperlink Honeypot, and what you can do to stay safe
This post is intended to help internet users who make legitimate, non-criminal use of the internet avoid being caught by the FBI’s hyperlink honeypot. While there are methods that can be used to cover deliberate criminal activity on the internet, I will not post them here.
The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.
Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.
This is serious stuff, and not for the reasons you may think. The FBI is operating from the assumption that one IP address equals one household. It’s also operating from the assumption that all HTTP requests are user initiated. Both are wrong.
First, with NAT routing and WiFi, one IP address could be several houses, or even a sizeable chunk of an apartment building. The way most homes are set up with broadband and wireless is pretty simple and extremely open to abuse. The broadband connection comes in the home and has a single IP address. The device closest to the connection is a modem, which acts as a bridge between the home network and the broadband provider. The device after that is a wireless router, which takes traffic from all devices that connect to it and channels it to the modem.
This means that, to anyone on the other side of the modem, like web sites, your ISP, or the FBI, all the traffic looks like it’s coming from a single source. Since someone has to pay for that broadband connection, all the traffic is automatically assumed to come from that person. So, as a user, it’s in your best interest to be in control of all the traffic going over your internet connection, which leads us to…
TIP #1: Lock down your wireless network with WPA
In a utopian world, free love and free WiFi might seem like wonderful things. With creeps running around and the FBI trailing after them, not so much. Since people are actually getting jailed for clicking on hyperlinks based on their IP address, it’s time to get serious about making sure only the people you want get on your network.
WPA stands for Wireless Protected Access, and it is the only secure way to prevent access to your wireless network. WPA works using a pre-shared key (PSK) of up to 63 characters to encrypt network traffic. This means that any device must have the key before any traffic can be sent or received on the wireless network.
(Don’t confuse this with WEP, which is so-called Wired Equivalent Protection. WEP has been thoroughly broken and can be cracked in less than 5 minutes.)
If you need a good, strong password, I highly recommend visiting GRC’s Perfect Passwords page. This page provides extremely secure pseudo-random passwords that make password attacks almost impossible.
If the FBI can’t tell what behind an IP address accessed a given URL, they probably can’t tell whether the user initiated the access or whether the machine did automatically. In addition to making sure that there aren’t machines on your network doing things out of your control, you have to make sure there aren’t things on your machine doing things outside your control. This brings us three more tips…
TIP #2: Scan your system for viruses and malware
Any software on your system can request any web address at any time. Well-behaved programs only do so at the user’s command. Malware, however, doesn’t. Most malware running today exists to use compromised machines as a platform to run the creator’s software on a mammoth scale, usually to generate spam. (You didn’t think there were actual people typing up those ads for Vi4g00, did ya?)
A piece of malware could very well access a honeypot link and get you, the user, into trouble. So, install that anti-virus software and run it, often.
For those who don’t want to load down their (Windows) systems with bloated software like Norton or McAfee, I personally recommend Avast‘s free anti-virus. It’s lightweight and does a good job of catching crud.
Also, no matter what anti-virus you use, be sure and keep your software up to date. Anti-virus software works best when it has the latest virus definitions.
TIP #3: Turn off the preview pane in your e-mail program.
This one’s an inconvenience, but it’s important. If your e-mail program is rendering e-mail without your specific instruction, it’s accessing addresses without your specific instruction.
Every time an e-mail has an image or other embedded content, your e-mail program has to fetch it from the internet. If the FBI were using a JPEG image as the honey pot, all it would take your e-mail program rendering an HTML e-mail with the image in it to make it look like an attempted access.
Once the preview pane is turned off, it’s still your responsibility to delete suspicious messages without opening them. (Hey, sometimes it’s tough to do. Personally, I’m always open to a little chuckle from the latest generic drug scams and variations on the always classic Nigerian money scam. Now, I’m going to behave myself.)
TIP #4: Turn off link prefetching
If you use Mozilla Firefox, iCab, or Google Web Accelerator, your computer is accessing links without your knowledge. This feature is called link prefetching. In a perfect world, this would be a good thing for the user. Not so when a person can be arrested for being associated with the IP that accessed a link.
Here are the directions for turning off link prefetching in Firefox. Google Web Accelerator should be completely uninstalled to prevent prefetching.
These are just the things I can come up with for preventing accidental ensnarement in this despicable FBI trap. I’d appreciate any more tips and tricks for preventing you might have.
Also, for those with a larger interest in security, I highly recommend Security Now! with Steve Gibson and Leo Laporte. It’s a weekly podcast that deals solely with security, and the archives are a wealth of information.
(If you have a few minutes, please come by and check out the new blog at http://pith-n-vinegar.blogspot.com/)