August 23, 2011, 12:23 PM — Ever wonder how the FBI decides a case is worth investigating, and how it decides whether the investigation is justified just because a crime was committed, or because it was committed by or in the name of some counter-cultural force such as Anonymous that needs to be squelched?
So did Ars Technica, which filed a Freedom of Information Act asking for case documents describing how the FBI investigated attacks by members of Anonymous on web pages and Facebook accounts connected with Fox pundit Bill O'Reilly and his staff in 2008.
The FBI case documents on Anonymous (PDF) showed the FBI opened the investigation only a day after members of Anonymous broke into the member database of O'Reilly's Fox web site, which held contact and login information for 205 members paying $5 a month for more streams of bloviation than they could get straight from Fox or O'Reilly free.
Hackers took the membership data and used some of it to buy joke products (penile enlargement products for one woman member) and to break into AOL, Facebook and other accounts for which the O'Reilly members used the same login information.
The FBI got involved after Fox staffers claimed members of Anonymous contacted the network to threaten they planned to rape the woman to whom they'd sent penile enlargement products.
Agents' first concern, apparently, was that evidence would be lost or deleted. They sent "preservation letters" to Facebook and ISPs ordering that activity logs, messages and other records relevant to the attacks not be deleted or modified.
By analyzing server logs, the FBI found attackers got in by using an applet designed to create a list of new members without going through the security that protected the rest of the site's administrative functions and data.
Anonymi found the error, the documents theorize, by running searches from "various IPs" looking for pages within the administrative section but not controlled by security. The new-member report gave them the 205 names, emails and logins they used.