The suspect called himself Mo, and has repeatedly threatened to set up bombs in a number of public facilities across the US. The threats came via email, video chat, and Google Voice (Internet-based phone service), but Mo used a virtual proxy to prevent the agents to discover details about his computer and IP address.
Going by the information he revealed about himself, the photos he sent, and the information he entered when registering webmail accounts, the agents believed that he was a 27-year-old Iranian male living in Tehran, but they didn't know for sure. They feared that he could be in the US and, therefore, physically able to execute the attacks.
Defeated by the precautions he took to remain anonymous online, the FBI decided to petition a court for permission to use a piece of malware they have in their arsenal, which would harvest the wanted information and the contents of the suspect's computer and, hopefully, reveal his identity.
The judge approved their request, allowing them to use an “Internet web link” that would result in the download of the malware once the suspect opened his Yahoo email account - apparently without any interaction on his part. Yahoo said they had no knowledge of the attack, and that they haven't participated in any was in it.
According to a note submitted to the court by an agent, the "attack" was partially successful - the malware didn't download, but they managed to get two IP addresses that confirmed the suspect was in Tehran.
Previous court appeals of a similar sort in two different cases were once approved and once denied (for being too intrusive).
It seems obvious that the FBI is using this type of attacks very sparingly, but there is no denying that the issue deserves attention and should be discussed publicly, especially as the US Congress has yet to remark on it or approve legislation that would allow it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.