Government Prosecutor Caught Sending Emails With Tracking Software To Reporters And Defense Attorneys
from the Mark-Harmon-must-be-rolling-over-in-his-grave dept
Well, this is a new twist on prosecutorial misconduct. Why play fair when you can play with Network Investigative Techniques?
A Navy prosecutor last week sent an email to the editor of Navy Times that was embedded with a secret digital tracking device. The tracking device came at a time when the Naval Criminal Investigative Service is mounting an investigation into media leaks surrounding the high-profile court-martial of a Navy SEAL accused of war crimes.
That email, from Navy prosecutor Cmdr. Christopher Czaplak to Navy Times editor Carl Prine, came after several months of Navy Times reporting that raised serious questions about the Navy lawyers’ handling of the prosecution in the war crimes case.
The NCIS claims this is all above-board, which is obviously the case because no one was surprised by the presence of trackers and no one had to issue a statement defending the use of emails containing tracking software. Oh wait. The other thing.
The reporter was more than surprised the prosecutor decided to engage in his own leak investigation to track the source of information covered by a protective order. The prosecutor’s employer, the US fucking government, explained via a spokesman that this tracking software was not “malware” or a “virus” and does nothing more than send IP addresses back to the NCIS home base. This is apparently supposed to make this OK.
But how OK is it really? Not very, it would appear. Not only does the use of this NIT violate a handful of laws, it also plays havoc with a handful of protections, Constitutional and otherwise.
The Navy email to Navy Times contained hidden computer coding designed to extract the IP address of the Navy Times computer network and to send that information back to a server located in San Diego. Under U.S. criminal law, authorities normally have to obtain a subpoena or court order to acquire IP addresses or other metadata. Not using one could be a violation of existing privacy laws, including the Electronic Communications Privacy Act.
Defense attorneys involved in the SEALs’ war crimes cases have said that 13 lawyers and paralegals on their team also received emails with a similar tracking device, according to court documents filed by the defense attorneys.
Sure, there’s not much to be gleaned from scraped IP addresses, but it’s possible that’s not all that was picked up by the NCIS’s NIT. It could have gathered email metadata as well, which can be almost as revealing as the content of the emails, especially when prosecutors are looking for sources of leaks.
This is problematic for a number of reasons. Targeting journalists to reveal sources does damage to First Amendment protections. Targeting defense attorneys puts attorney-client confidentiality at risk and strongly suggests the government isn’t interested in a fair trial.
NCIS insists its prosecutor is in the right, despite all this potential collateral damage. The attorney representing a Navy SEAL accused of war crimes begs to differ.
“The conduct of the prosecution is egregious,” said Tim Parlatore, a New York-based attorney, who is among several, including Marc Mukasey, a member of President Donald Trump’s legal team, defending the 39-year-old Gallagher. “(Cmdr.) Chris Czaplak should lose his law license and face criminal charges. He illegally spied on the defense attorneys and the media. The prosecutor needs his own defense attorney.”
The US government continues to downplay this as just a normal thing done in leak investigations. But it isn’t. It targeted journalists and defense attorneys — two parties that definitely shouldn’t be on the receiving end of anything even mildly nefarious originating from government prosecutors. This prosecutor decided the most important thing here wasn’t respecting rights or focusing on the suspect on trial, but rather sniffing out the source of a leak. This doesn’t reflect well on the NCIS and it’s quite possible there’s a benchslap awaiting this prosecutor, if not sanctions and a dismissal.
Filed Under: 4th amendment, carl pine, christopher czaplak, investigation, leaks, navy, nit, tracking, war crimes
Companies: navy times
Comments on “Government Prosecutor Caught Sending Emails With Tracking Software To Reporters And Defense Attorneys”
When you’ve enjoyed doing whatever to people once you call them a terrorist or leaker, you forget the law actually exists.
"The prosecutor’s employer, the US fucking government,"
This one comment alone is sufficient for one to understand that most likely everything in this article is a lie and that the author is engaged in spreading hate, fear, and lies.
Re: Re:
Not "one". Just you.
Re: Re:
"The prosecutor’s employer, the US fucking government,"
This one comment alone is sufficient for one to understand that most likely everything in this article is a lie and that the author is engaged in spreading hate, fear, and lies.
Guess you are the fucking paradigm of truthiness and reporting?
Please show us the published article you wrote that tells us how it really is?
Re: Re: "Gary", you astro-turfing by Timothy Geigner, aka "Dark Helmet"
So you have ZERO authority to snipe at anyone.
And are at least TWO with same view of Techdirt. So few reasonable people read this tiny little site that doesn’t give any indication of how anomalous and stupid are its netwit notions.
DULL STALE topics like this certainly don’t help, either.
By the way… No one seems to pick up on the HOW of this, but "emails" are mere TEXT and can’t "track" themselves. The REAL story here is how vulnerable are "modern" systems, especially Linux, Apple, Android, and Crimosoft: no email reader should be executing ANY code from such "containers" in first place! It’s. Just. Stupid.
Now, had Techdirt followed THAT slant, it’d be interesting. But since utterly conventional un-imaginative netwits re-writing for other such, it won’t even now pointed out, just re-writes slightly what’s been out a week.
Re: Re: Re:
So few reasonable people read this tiny little site that doesn’t give any indication of how anomalous and stupid are its netwit notions.
Thanks for reminding us that you’re an unreasonable person!
Re: Re: Re: "Gary", you astro-turfing by Timothy Geigner, aka "Dark Helm
There are dozens of us! Literally dozens of us!
Re: Re: Re:2 I love watching unmedicated schizos brains melt.
I am at least 22 Bangladeshis and one Sparticus.
Re: Re:
This information is about two weeks old. It’s well beyond the regular news cycle. As to the article itself, had you clicked any of the links embedded within or maybe searched for yourself, outside of Techdirt, you would have found this same information.
There are organizations that earn their pay with Fake News. Techdirt is not one of them.
One has to wonder, with the type of news org that is Techdirt and those that follow it, why would you waste your time on weeks-old news on a blog that you don’t care enough about to register and post under at least a pseudonym.
Re: Re:
Are you always an idiot, or just today?
Re: Re: Re:
that comment was supposed to be to the idiot decrying this whole artukle is liez!
So much for that evidence
Tainted, collected illegally, inadmissible.
Re: So much for that evidence
Irrelevant.
It does not matter – all the prosecutor is doing is establishing what is the public IP of the email recipient. (I.e. because he email downloaded the "transparent 1 pixel image" embedded in the HTML of the message, he now knows what the IP address is. if it was opened at home, he knows the journalist’s home IP. From there, the prosecutor looks for any other people in the suspect group of leakers who may have had chats, sent items, etc. to that IP, thus making them suspects. He searches the navy base firewalls, which log all sorts of data about connections to outside.
Re: Re: So much for that evidence
From the military times:
Navy Times is not part of the Navy
For those who don’t know, the Navy Times is NOT part of the Navy, or the DoD in any way. Sightline Media Group publishes the Navy Times, the Army Times, and the Air Force Times – and frequently goes head-to-head with the powers that be in the military.
As a former sailor … the Navy Times was most often a realistic counterpoint to the propaganda the official Navy channel published.
Just in case you thought it was OK for a navy prosecutor to go after a Navy publication because they’re both DoD – they’re not.
Re: Navy Times is not part of the Navy
So, someone is getting into a blue with the Navy?
CFAA Violation?
"…could be a violation of existing privacy laws, including the Electronic Communications Privacy Act."
What about a violation of the CFAA for unauthorized access of a computer network?
Re: CFAA Violation?
Two words: selective enforcement
Not entirely accurate
Um, no, not really. These "tracking devices" are typically 1 pixel square transparent images linked to an external server, i.e. the image is downloaded from some server via http. This is how HTML email, the kind that displays more than simple text, works. The request from your mail client for the image from the server hosting the image passes along the "user agent" (your email client name and version) and your IP address. Nothing more.
There is no chance of exposing "email metadata" or anything else necessary to put attorney-client privilege or news sources at risk. This article demonstrates a typical yet fundamental lack of understanding of how email and the internet work.
Yeah, it’s crappy that they’re collecting IP addresses but that and the time/date their emails were viewed are all they get out of this. They’re also super easy to defeat: Disable automatic remote content in emails and only download remote content for emails for which you choose to do so.
Re: Not entirely accurate
According to the story:
It also specifically says software was included, not just an image. But an earlier paragraph describes a suspicious image, so I think you’re right that the malware claim is bullshit. I get the impression that neither the reporter nor the squadron tech people know what they’re talking about.
Re: Re: Not entirely accurate
Everything in an email is digital. Most is hidden. Unless there’s either an embedded exploit or an embedded phishing attack, the most they can do is embed a callback script or image reference that calls home. And most email clients are designed to NOT call home on those unless you load images or agree to run a script.
I’d really like to know what sort of "NIT" was used here, because if it’s not one of the simple ones that can be ignored by the mail client, it breaks all sorts of laws by being deployed against civilians by the military.
Re: Re: Re: Not entirely accurate
Doesn’t "NIT" specifically refer to something that uses an exploit? I certainly wouldn’t use the term for a tracking image, which would lead us to the conclusion "OMG Facebook like buttons are hacking our computers!!!"". They’re using a feature as designed, which as noted only shitty email clients will even allow.
Re: Not entirely accurate - Dang. Techdirt's shrieking misled me
Yup, fell into the trap of thinking this was a big deal with code executed, when you’re probably right: just pixel based tracking, as GOOGLE and every other SPY corporation uses.
You need to "host out" the known commercial ones to defeat it when merely browsing, though of course that wouldn’t work for a custom server.
Re: Re: Not entirely accurate - Dang. Techdirt's shrieking misle
I think you’ll find the shrieking was in the courtroom; TD’s just reporting it.
Re: Not entirely accurate
There is no such option in PINE (nor is it probably even needed)
Another ‘solution’ is to use a proxy or VPN, as well as make sure that all scripting is disabled, though that doesn’t prevent the attacker from using some other zero-day exploit that can peek behind proxies. And let’s not forget that TOR was thought to be untraceable, until the FBI proved otherwise.
Re: Re: Not entirely accurate
Please be careful with statements like this. It gives the impression that the FBI discovered some fundamental flaw in the design of Tor–when in reality they did what any attacker would do and attacked not the strong foundation but a weaker upper layer, viz., Firefox which is the basis of the Tor Browser. Tor Browser is not the same as Tor, and a browser bug doesn’t make all uses of Tor traceable.
Re: Not entirely accurate
And it shouldn’t work anyway, all email clients I know of (well, all non-Web-based ones anyway) default to not fetching remote content in email bodies at all and you have to deliberately enable it before it’ll go fetch the embedded image. A reporter probably shouldn’t be using a Webmail client simply because it doesn’t let you disable things like remote content and scripts.
Re: Re: Not entirely accurate
There’s no reason a webmail service has to send the original, possibly harmful, HTML to the browser. That’s laziness at best (more cynically, we might note that many webmail services are run by advertising companies…).
Re: Not entirely accurate
I have Thunderbird set to never load remote content.
Re: Not entirely accurate
Yeah, I’d go so far as to say that over 75% of the emails most people receive have these tracking pixels in them, including every email you get from any major business. Outlook has the option to include them in your private email.
In fact, pretty much any email with an image in it, hidden or not, is probably causing a server log to be updated with your IP, software, operating system, etc. It’s just how the internet works.
Re: Not entirely accurate
You’re missing the fact that many HTML tags can have event tracking attributes that cause JavaScript scripts to run, and said scripts can harvest a great deal of data, not unlike the urchin script that is at the core of Google Analytics’ page tracking code. You’d be amazed at how much ‘anonymized’ data you can see in Google Analytics, and that’s not even explicitly malicious.
Re: Not entirely accurate
This is, of course, a load of fetid dingo’s kidneys. Tracking pixels are not normally anonymous. Each one does, or should, identify the mail with which it was included.
Example will illustrate. You send potentially forwardable e-mails to persons A, B, and C, including mail identifier and recipient identifiers. Watch to see what lights up. Not only do you know who brought up your e-mail when, but you can keep watching. When you see the e-mail marker for a message to B light up again, from a different IP address, you know which e-mail got forwarded.
Spam trackers generally work on a similar principle. When you fetch tracking pixels , they can send back your e-mail address, or an index into a table of sent e-mails, along with some sort of campaign identifier, to verify that your address is a live one and a good prospect for future spam.
Here is an example. [<img src="https://track.firmfinder.net/o.z?j=320920807&email=marklegal@yandex.com" height=24 width=24 title="tracking pixel example">]. Due to bugs with this "markdown" stuff, which ought to be ditched in favor of standard HTML, it is hard to illustrate here.
1 comment
Monkey see, monkey do..
Ok, I’m really getting tired of the press continually suggesting that because they’re "journalists" they individually deserve more rights than the average person. This is patently NOT the case. The rights of journalists are the the SAME as that of private citizens. The field of journalism enjoys a few extra protections in First Amendment law because of its nature in exposing relevant information to the public at large, but any single journalist has no greater or lesser rights than any single Joe off the street before the Law.
There is no exception in the US Constitution for journalists because it was well understood that the rights of citizens are the same as those of the rights of journalists. Any single individual could be a reporter at any instant of time and serving in the same capacity. It’s the pursuit of journalism that has the protection. This has very vividly been exposed with the advent of the Internet and the democratization of news dissemination taking the reporting of news and divesting it of those more traditional media conglomerates and back into the hands of the independent citizenry as it was when the US was founded.
"The prosecutor needs his own defense attorney.”
Doubt it. Prosecutors are rarely prosecuted for any laws, especially federal ones and especially civil rights laws. He may need a specialist in civil law, but even that is iffy because many courts decline to hear cases against prosecutorial civil rights abuses.
Re: Re:
Everyone is a journalist.
This is not criminal court
First off I don’t agree with the tactics here.This is a military court that falls under the UCMJ Military code of conduct.
Civilian laws do not apply here they are playing on a completely different field when it comes to law different rules. I don’t believe that they don’t have to prove guilt rather the defense must prove innocents (at least that’s what they told up in boot camp)
Re: This is not criminal court
I can’t speak to the specifics of military courts, but I’m pretty goddamn sure being a military prosecutor doesn’t make it legal to engage in unauthorized surveillance of a privately-owned newspaper.
Even USAF doesn't like this
Amusingly even the US Air Force is annoyed with this and is investigating what the hell is going on.
https://www.airforcetimes.com/news/your-air-force/2019/05/21/why-the-air-force-is-investigating-a-cyber-attack-from-the-navy/
Not a good sign when your fellow brethren in arms, even if different branch of DoD, thinks you’re shady.
Let’s give the government some credit here…at least they didn’t pull the SFPD bullshit of raiding a journalist’s home and seizing all the electronics….
YET
'Well, not YET anyway...'
The US government continues to downplay this as just a normal thing done in leak investigations. But it isn’t. It targeted journalists and defense attorneys — two parties that definitely shouldn’t be on the receiving end of anything even mildly nefarious originating from government prosecutors.
Let’s be honest though, if they thought they could get away with it(or, you know, did in the case of the FBI/Playpen…) it would be a regular, ‘normal’ action.
‘Make the government look bad? The rules/laws no longer apply when it comes to investigating/prosecuting you.’
All you have to do is look at how infrequently prosecutorial misconduct has any repurcussions to realize that it’s a way of life for prosecutors.