Cenzic 232 Patent
Paid Advertising
web application security lab

Click A Link, Go To Jail

Whelp, we’ve talked about it, but now it’s finally possible. CSRF can now cause jail time. The FBI has begun arresting people who click on links to supposed child pornography. Now, I understand the noble pursuit, but there’s a fairly huge flaw in the old logic. I can force users to click on links anytime I want. Now here comes some interesting CSRF technology grey area. The authorities might reasonably say, “The referrer doesn’t match.” Okay, well that’s what our good friend META refresh is for. I can force you to click on things without leaving a referring URL at all.

So now the real question is would a user with no referring URL be worthy of investigation? Is this the newest wave in reasons to turn off referring URLs? I mean, seriously, what if the browser pre-fetches, or if an attacker puts a hovering iframe beneath the mouse, or they are using an older browser/plugin that allows spoofed referring URLs. Eesh. Again, I’m all for the noble pursuit, but seriously - this seems a little dangerous to me. Is clicking a link evidence enough of guilt? If so, can I now take search engines to court for trying SQL injection against me or for spidering and caching illicit content? And now have we given people plausible deniability, “I knew it was fake before I clicked on it” or “I was just seeing if it was an FBI site or not” etc….

<sarcasm> Be the first kid on the block to surprise your friend with an illegal version of a Rick-roll. </sarcasm> The act of clicking a link as evidence of guilt is almost certainly asking for trouble and abuse.

Sample code on how easy it is to not send a referring URL: <META HTTP-EQUIV="refresh" CONTENT="0;url=http://child-porn-site">

43 Responses to “Click A Link, Go To Jail”

  1. Jeremiah Grossman Says:

    OK, I’m scared now. I mean WTF, there is no way to protect yourself against this! None, zip, nadda. Great way to frame someone, eesh.

  2. David Mery Says:

    In the UK, the Terrorism Act 2000 is used to criminalise visit of web links. Of course this affects mostly if not exclusively muslims. Human right lawyer Gareth Pierce has been very vocal about this. See for instance: http://gizmonaut.net/blog/uk/english_legal_system_contaminated.html

    br -d

  3. rmogull Says:

    You might want to… leave the house for a bit.

    Sorry about that.

  4. id Says:

    That link totally looked 18.

  5. kuai hinojosa Says:

    Wow! this could make a good plot for a movie :)

  6. Awesome AnDrEw Says:

    That’s okay, id. I’m sure after a few passes with DBAN, and an 18 volt drill to your harddrive you should be alright. But seriously if anything all this does is further entice malicious individuals to use clever attacks such as social engineering and CSRF in order to lure victims into inadvertantly falling between the clutches of the federal government. Several years ago the reaction alone of unassuming chatters was a good enough reason to point them to Goatse and Tubgirl, but now with the prospect of having someone arrested with nothing more than a click (or pseudo-click) of a link I am sure this will become the new thing to do.
    Hell, I’m going to take the text from the documents (the “here is one of my favs” quote), and use it as delicious copypasta. I also found it humorous that none of the IP addresses in the scans of the documents were blurred in any way.

  7. Awesome AnDrEw Says:

    Sorry for the double post, but I’m still just aghast by the entire situation and the incredible potential that this issue has created. TinyURL anyone?

  8. Log0 Says:

    Well, I wonder how many people would fall victim to such attacks. It seems it’s getting easier and easier to get in jail.

    Hey guys, let me ask a question, I know little about the law in the States :
    If there’s a well-known offsite ( outside States ) child pornography ( not FBI’s bait ), and you somehow entered some “benign site” held by FBI ( No child porn, just a fingerprinting site held by FBI ), but then in the site they ( smart enough ) History Fingerprinted that your history went to that child porno site. Are they able to put me in jail?

  9. spayced Says:

    Re: the history fingerprint: I don’t think so, how will they be able to prove the site you viewed is the exact same one they will find at the time they check it?

  10. Kane Says:

    A couple weeks back I used tinyurl.com to get people on IRC to search the FBI for child porn. Their replies where quire funny :P

    What was more funny, was the thought of putting the link in my forum signature and forcing people to load it - Resulting in a few hundred searches per week. We had a good laugh.

    Apparently that could result in arrests now… xD

  11. Rootcomputing Says:

    Of course we can’t forget the basic persistent XSS on blogs and what not.

    script document.location(”bad bad bad”) script

    I could see this getting pretty bad really fast

  12. Alex Says:

    And don’t forget the prefetch-feature from Fasterfox. It would do the job for you also. No need for CSRF.

  13. Willem Says:

    The foundations of Pre-Crime [Minority Report] are being built. With the pre-fetch functionality you’re in jail before you’ve even clicked on any thing….
    Which movie will become real next?

  14. thrill Says:

    Never underestimate the clever ways our fearless leaders will use to attempt to protect us.

    –thrill

  15. HalfOfYouArePedosAnyways Says:

    +1 for RickRoll and less then awesome Andrew being “aghast”.

  16. Log0 Says:

    @HalfOfYouArePedosAnyways

    Pedophobia? =)

  17. Dbyt3r Says:

    And virus-based botnets… These can mess with your logs and the site’s..

  18. Vinícius K-Max Says:

    I just got Rick Rolled, AGAIN :D

  19. rdivilbiss Says:

    U.S.

    If the local police poses a female officer on the street as a prostitute, probable cause to arrest would only occur if the person actually solicited her for an act of prostitution.

    If the person simply stopped and said you’re cute, wanna date, there is no probable cause to arrest for soliciting her for prostitution, but there would be reasonable grounds to detain the individual to ascertain the person’s name, address and purpose in the area. Terry V Ohio.

    If a person clicked on a link purporting to yield “Child Pornography”, there would be cause for a reasonable grounds to interview that person, but how a court can allow that to stand as probable cause for attempting to download child pornography is beyond my wildest imagination, ignoring even all the technical issues that could create doubt as to whether the person ever intentionally clicked the link.

    But it is obviously not beyond the Federal Court, at least the 6 US District. So, given your technical arguments above, one can expect a raid based on a warrant. Has there been a case where such raids resulted in prosecution of somebody who did not have child pornography on their computer?

    Mind you I am NOT arguing if you are not guilty you have nothing to fear. Clearly you do have a real reason to fear.

    But, we as individuals are ill-prepared to afford a quality defense, especially through the appellate process.

    That is why we must have organizations such as ACLU involved. The problem is, I think there are only about 50,000 ACLU members for a population of 300 million. I doubt the EFF is better funded.

    So - bottom line - NO (SUBSTANTIAL) NUMBER OF AMERICANS CARE about their civil liberties.

    Someone is going to have to fund one of these cases to the appellate level to get the probable cause issue overturned and no one is going to waste limited funding from a minuscule number of members to do that when the defendant DID have child porn on their computer.

    The best we can hope for is a raid by the FBI based on one of these warrants executed against an extremely wealthy person who is both innocent and a civil libertarian willing to speak from his or her checkbook. Sadly most of those people would settle a civil suit for damages rather than waste time in court they could be using to make more money.

  20. Jon A. Longoria Says:

    I had an initial knee-jerk reaction of “great-but-wait!” to a write-up on this I read this week, but then I started to think harder about it.

    First off, there is no grounds for a suit against the FBI since there is no form of entrapment being pursued (i.e. the government never MADE you click the link nor did the cops make you purchase the services of a prostitute).

    Secondly, under several provisions long in place after well over twenty years, there are a half dozen scenarios that can be made plausible for a search including a sneak’n'peek warrant issued by a convening authority to observe operations or clues, but no seizure -OR- the matter of probable cause which when accessing the specific link, you’ve surrendered yourself too, unassumingly or not - among others… Unless your are defamed with peers, public or third parties there is no avenue of recourse or retribution. Wrongful prosecution can’t be claimed until the arraignment and hearing process is seen through in federal court and only when that is determined there are grounds. Then, you’re not going to find ANY US attorney willing to throw his career record away on an if, so the FBI would undoubtedly have to have outstanding evidence in such a character assassination.

    Lastly, YES, there is a potential for malicious prosecution by miscreants in this arena who will undoubtedly attempt to forward traffic to these sites; however, there are a few clinchers to this deal:

    1. Said miscreant would either have to have a working knowledge of the operation to pass the user to that specific link (which will eventually be found out by IA) OR the individual would have to access/run across the site in the first place w/ the link which would expose them to the honeypot, in some form however limited that may be.

    2. The referenced article is shortsighted in the sense that leads the user to assume that is the simplest form of reactionary investigation that the FBI will employ, when in fact the FBI is a think-tank of well-educated professionals for in-depth analysis and responsible procedure. I can be fairly sure, the FBI will not be knocking on all 13,000+ doors of inadvertent clickers, but will be compiling said data and looking for patterns of traffic and/or repeat offenders.

    Based on the facts we know, I would say this is more of a assessment tool than anything else and a darn good one at that. See how big the web really is and if we get lucky and catch one… You do the math. We used to employ something between Condemned and ACPO, but there were too many variables to account for. I’d be interested in seeing their execution logic on this task.

  21. Chronic Says:

    Consider this scenario. Mr. Fubar has a little bit of Aspergers and is totally into defend {insert wacko cause of choice here}. He is trolling various forums on the Internet. Mr. Fubar doesn’t like you. He believes you are wrong. He also believes that getting rid of you will make the world a better place.

    Mr Fubar surf the web until he finds an advert that, if you look closely, probably is a FBI-honeypot. Mr. Fubar copies the link, goes to a site for free website re-routing like a http://go.to or whatever. Makes an account, paste the link.

    The he finds you in another context, not very hard. Poses as a friendly person and say “Hey, check out this cool link http://go.to/amazing_bonsai” (since you’re into Bonsai gardening, or whatever).

    Bam! You’re suddenly re-routed straight in to the FBI honeypot. Mr. Fubar sit back and wait for FBI to bust your door, seize your property, destroy your life and lock you up forever.

    And you just like “I never clicked on a a link/banner like that”, and The Feds will reply “You perverted child-molesting scumbag! We go your IP, we got the logs. You’re sooo gone!”

    Trust me, this is a very likely scenario. Especially when you consider all the self proclaimed “pedophile hunters”, trolling the net and dooming people child-molesters and pedophiles on very very * baseless assumptions. It’s likely, with these “tools”, that they will be tempted to try to nail that “pedo” for real using a scenario described above.

    The government wont protect you. The question is; How do you protect yourself from your government?

  22. Chronic Says:

    “…in fact the FBI is a think-tank of well-educated professionals for in-depth analysis and responsible procedure. ”

    And on the other hand, FBI is a sheltered world, people with very few connections to the reality, battling imaginary monsters and plotting grand schemes without seeing its consequences.

  23. Baphomet Says:

    I’ve heard of a similar case here in germany. The police basically came with a search warrant to all those who clicked (maybe accidently) a link to child pornography, which was placed on a public forum.
    Our constitutional court said afterwards that wouldn’t be the way to go and prohibited it, still, in my eyes our state and its institutions are becoming the biggest thread for us.

  24. Netherlands Says:

    As far as I can see people are worried about potential abuse — of investigation methods used by the FBI — by criminals. First of all the FBI setup stings that are only attractive to the intended criminals. Criminals that do not know which hyperlink is actually a sting. Because they do not know which hyperlink is a sting, they cannot abuse such stings to compromise the integrity of others.

    Therefore it is very unlikely that FBI sting hyperlinks can be abused in combination with deceptive malicious spammer-, e-marketeer- and phishing techniques by criminals.

  25. rdivilbiss Says:

    Jon A. Longoria said: Based on the facts we know, I would say this is more of a assessment tool than anything else and a darn good one at that.

    Sir, if any of your analysis was taken from my last comment, I was talking about circumstances where using the click alone they executed a raid against a truly innocent person, in which case there probably would be an opportunity for that person to get some civil damages for any damages done to his household and or computers.

    If we assume other factors not in evidence (given our limited knowledge) then that may not be the case at all.

    To blindly assume there is no unit composed of “cowboys” willing to prosecute based on the justification that the means justify the ends is not founded in real life evidence from the FBI.

    ———– change of subject —————

    The technical aspects known well to the webapp security community that make this so horrific are not well known to US Prosecutors, Judges nor even defense attorneys. A briefing paper for those people, with easily understood examples could be created by members of the webapp security community and filed in future cases by the EFF as an amicus brief so those issues could be considered by the court.

  26. RSnake Says:

    @rdivilbiss - I’d like to help out with that amicus brief if and when you or someone else starts it. I think there are a lot of technical issues around this particular case that are widely mis-understood or unknown and without proper evidence this sort of prosecution is more of a public hazard than a help.

  27. id Says:

    At least 5 FBI users read this site regularly (based on source IP), We would appreciate a comment here explaining your position.

    It’s already understood you’re dealing with technology you don’t fully understand, with consequences that can easily end peoples livelihood if not lives, and you’re not qualified to distill out the bad guys from the innocent.

    Since you need help, ASK, the community is just as disgusted by the problem as law enforcement.

  28. Jon A. Longoria Says:

    @Chronic

    I think thats a bt of a vast generalization… they’re not as adept in technology innovations or the employment of it as the Secret Service or US Customs and Immigration, I’ll concede that; however, thats a lack of evolution in their organization’s core disciplines, not a reflection of the agents themselves. This is even evident in the recent Hollywood movie, “Breach” which depicts a small picture of their repressed culture and delay of modernization.

    @Netherlands

    In a perfect world yes, but that small room for “IF” is much too large to ignore. RSnake has a valid point on the manipulation of this process, regardless of who or how it is discovered, I think we could all agree.

    @rdivilbiss

    Actually, the response was in regards to Robert’s article and the analysis is taken from two publications (one of which is is referenced in Robert’s article) and a source I called to get some perspective. I just now came across your input (I don’t always scan through the comments) and I would agree that you do have a valid point. It will just be a very tough case to chase, especially when you’re requesting discovery on sensitive/classified documentation on operations in an active investigation - grounds that the bureau will not likely give up without a fight. (i.e. Where did outcries on Carnivore end up?)

    I think the point here is though that we can’t base ANYTHING off the assumptions, only the facts as they’ve been relayed that we know at this time, which is why input from the law enforcement community would be beneficial to this quandary as id iterated above.

  29. Netherlands Says:

    I think the FBI does fully understand technology and knows very well how to distinguish bad guys from the innocent.

    If we would put a hyperlink in here suggesting childporn then you are not going to click on it, right? You would not be thinking: “Let’s accidentally click on it and see the movie.”

    You’d rather think that it is disgusting without previewing, which the forum moderator should remove or that it is requesting the attention of law enforcement.

    It is possible for criminals to use criminal techniques like the ones used by spammers, e-marketeers and pishers to e-mail their victims messages with automatic clandestine linking or containing deceptive hyperlinks to files or site’s that may suggest or actually serves illegal content. The victim of such criminal conduct may get visited by law enforcement who will find and investigate the email sent by the criminal and go after him. In other words: the FBI nor other law enforcement is the enemy, but criminals. Do not doubt the intentions of law enforcement, rather be with them against criminals.

  30. thrill Says:

    Lest us not forget other unfortunate individuals that are being prosecuted by immensely ignorant people:

    http://en.wikipedia.org/wiki/Julie_Amero

    Taking that case into consideration, my suggestion would be to NOT trust in the wisdom of those in power.

  31. Netherlands Says:

    Well, let’s not change cases.

    As we can read in the reference article, the suspect did not one attempt but five, at different times each. Two times a HTML page, next a so called update of the HTML page followed by two attempts of downloading a file he thought containing a video of a four year-old female engaging in sexual activity with an adult male. Looking at those specific times and attempts, it seems that the suspect hesitated but clearly wanted to download the intended material he was interested in.

    Of course there is no reason for an innocent person knowingly destroying a hard drive and a thumb drive by physically damaging them when the FBI agents were outside his home; obstructing an FBI investigation by destroying the devices. Unless the suspect was knowingly guilty and that the evidence for it is residing on these devices.

  32. maluc Says:

    just a small expansion for the FBI ‘rickrolling’ .. when you have them go to that link in a hidden iframe, you might also add 10 or so iframes to real child pron websites and images (how you find those, i don’t wanna know).

    That way, not only do your buddies get their homes raided, but they also have planted evidence to send them to a PMITA prison for a dozen years ..

    ‘Remember how I got you put on the child sexual predator list’ is the perfect way to start your Best Man’s wedding speech ^^ .. scary stuff.

  33. qwaxys Says:

    so if you’re using tor you could have the FBI arresting you for something you didn’t do?

    damn.

  34. rdivilbiss Says:

    @rsnake,

    RE: ’d like to help out with that amicus brief if and when you or someone else starts it.

    While I’ve worked in the legal field and been involved in more than my share of criminal and civil court cases, I am not an attorney, but a retired CIO. I will however pass along your name when I renew my member ship to both the ACLU and EFF (both of which are coming due this month.) And I blatantly ask everyone else to donate as well. They have the legal talent and ability to bring this about.

    I don’t think any of my three personal/corporate attorneys are feeling particularly generous with their time, but I might be wrong, and they might be able to get the ball rolling.

    @Netherlands,

    RE: I think the FBI does fully understand technology and knows very well how to distinguish bad guys from the innocent.

    I have personally worked with the FBI, even at the source code level of VICAP. Far more FBI agents are from Accounting backgrounds than Computer Science, and few would be Internet technology experts. Even if that were not the case, we have the human zeal to prosecute seedy pedophiles coupled with human laziness to employ the quickest means to an end. Those require oversight, ergo the Judiciary. The judiciary can in no way be considered subject matter experts in many technical fields, especially the current state of web in-security, in that they have massive volumes of legal briefs and decisions to read to keep their selves abreast of developments in the law.

    Absent case law, the only way to educate the judiciary will be with an amicus brief filed on behalf of some defendant in a similar action. It would be helpful if the defendant in that case did not indeed have a computer containing porn, (in which case,) I postulate that the FBI probably wouldn’t ask the US Attorney for an indictment.

    A similar example would be the war on drugs on say I-95 in Florida. The State Police stop a driver for a minor traffic infraction based on that person’s resemblance to a “mule”. (The used to just profile and stop the mules until that was stopped by the courts.) The idea is to search the vehicle for drugs. If there are no drugs not only will there be no drug charges but there may not be a ticket for the minor offense and an apology for the time taken.

    Here the FBI are looking for the most expeditious excuse to get past the 4th amendment and search that hard drive, et. al. looking for porn to file a charge. Human mature stated above created the homey pot hyperlink trap. Lack of education in the people overseeing the actions of the agents has led to what appears to be outrageous abuse by those who know how the Internet works (or fails to work correctly, as it were.)

    @Jon A. Longoria

    I wasn’t sure if you were or were not referring to my comments and was not offended in any regard. It just prompted a clarification on my part. Your comments were well regarded by me.

  35. Jon A. Longoria Says:

    @rdivilbiss

    :0) No harm, no foul on either part friend.

    @RSnake
    What do you think the ramifications of the operation are against an anonymizing, tunneling network like Tor?

    Roger Dingledine made an exceptional PDF reference from his presentation at SOURCE Boston 2008 on this traffic distribution/relay mechanism being openly, freely employed that readily demonstrates the viability of the traffic relay and makes me question the extent the FBI is capable of when they would have to track EACH connection or service relay within approximately 10 minutes (the switching time between relays in Tor network) or veracity in willingness to invade the privacy of autonomous relays and their operators. Is that also a caveat for them or the DOJ to legally prosecute Tor volunteers for their unwitting participation in an illegal act?

    I think we’d be naive to believe that pedophiles across the net haven’t keyed into this innovation to hide their shenanigans across the Internet.

  36. Jon A. Longoria Says:

    Sorry, for those of you interested in the referenced PDF, I forgot to add the link above. Roger Dingledine’s presentation, “How To Make Tor Play Well With The Rest Of The Internet” can be found on the SOURCE Boston website here:

    http://www.sourceboston.com/sessions/pdf/dingledine-tor.pdf

  37. rdivilbiss Says:

    For those who say it can be done…
    http://www.rodsdot.com/click-trap/default.asp?free-xss

    Please show us.

  38. Netherlands Says:

    @rdivilbiss
    If the suspects computer(s) does indeed not contain child porn and the suspect does not otherwise possesses it, and he seems not to be involved in other crimes, the FBI probably wouldn’t ask the US Attorney for an indictment.

  39. Kyran Says:

    As for the entire, evidence of intent issue, it’s far too easy to create a bunch of hidden images located on an fbi honeypot.
    “But I just clicked the link and left!”
    “Our logs show several requests to download images. Bye scumbag!”

  40. rdivilbiss Says:

    Netherlands Says: If the suspects computer(s) does indeed not contain child porn and the suspect does not otherwise possesses it, and he seems not to be involved in other crimes, the FBI probably wouldn’t ask the US Attorney for an indictment.
    ————————————————————————————–

    I would hope so, but then how does that justify the warrant? You have to have the probable cause first not later.

    What they have here, absent other data or facts is reasonable grounds for suspicion which requires work on the part of the FBI. e.g. some investigation. Sooooo much easier to have a cooperative judge.

    Granted we have not seen the petition for the warrant….maybe more leg work was done. We could probably make a FOIA request. I’ll look into that.

  41. rdivilbiss Says:

    A law professor believes there is probable cause for a warrant in these cases: http://volokh.com/archives/archive_2008_03_16-2008_03_22.shtml#1206052151

  42. r3ck0rd Says:

    Wow, that one’s good.
    Hail CSRF :D

  43. Felstatsu Says:

    Just going to put this out there and hope someone sees and answers this.

    Based on some of Netherlands statements

    “I think the FBI does fully understand technology and knows very well how to distinguish bad guys from the innocent.

    If we would put a hyperlink in here suggesting childporn then you are not going to click on it, right? You would not be thinking: “Let’s accidentally click on it and see the movie.”

    You’d rather think that it is disgusting without previewing, which the forum moderator should remove or that it is requesting the attention of law enforcement.

    It is possible for criminals to use criminal techniques like the ones used by spammers, e-marketeers and pishers to e-mail their victims messages with automatic clandestine linking or containing deceptive hyperlinks to files or site’s that may suggest or actually serves illegal content. The victim of such criminal conduct may get visited by law enforcement who will find and investigate the email sent by the criminal and go after him. In other words: the FBI nor other law enforcement is the enemy, but criminals. Do not doubt the intentions of law enforcement, rather be with them against criminals.”

    and

    “As we can read in the reference article, the suspect did not one attempt but five, at different times each. Two times a HTML page, next a so called update of the HTML page followed by two attempts of downloading a file he thought containing a video of a four year-old female engaging in sexual activity with an adult male. Looking at those specific times and attempts, it seems that the suspect hesitated but clearly wanted to download the intended material he was interested in.

    Of course there is no reason for an innocent person knowingly destroying a hard drive and a thumb drive by physically damaging them when the FBI agents were outside his home; obstructing an FBI investigation by destroying the devices. Unless the suspect was knowingly guilty and that the evidence for it is residing on these devices.”

    and

    “If the suspects computer(s) does indeed not contain child porn and the suspect does not otherwise possesses it, and he seems not to be involved in other crimes, the FBI probably wouldn’t ask the US Attorney for an indictment.”

    What happens to someone when someone with malicious intent and the skills to identify and grab the honey pot along with several other links does so, makes a malicious site that uses multiple techniques to trick you into clicking links (from the various scripting options, hidden links, rows of links that any pre-fetching service would run through, naming the link something other that what it is such as “click here to watch dancing penguins”), includes some drive-by download viruses or dns poisoning so that later on when you try to maybe check your webmail or sometime your not even on your computer it goes back to the site or another one with similar purposes, then reaches the thresh hold for the FBI to visit. What do you think happens to Mr. John Doe when they scan his machine and see that he’s visited a lot of those sites based on browser history, and the cache contains plenty of image evidence against him? Do you really expect them to believe someone in that situation saying “it was that fake bonsai site, it made all these pop-ups when I clicked, and my computer hasn’t been the same since then. I think it’s got a virus doing these things to me.”

    I think that example covers all your points about how the FBI wouldn’t get an innocent person, and shows that a malicious person certainly could set an innocent person up. Honestly some of your points didn’t really apply too, like the “If we would put a hyperlink in here suggesting childporn then you are not going to click on it, right? You would not be thinking: “Let’s accidentally click on it and see the movie.”” obviously if I’m malicious and trying to get you to click it I’m going to say it’s something you’re interested in. I’d say it’s a security video demonstrating an in depth dissection of some new worm or virus instead if it were in here. At the least that gets me the forum moderator when they check out the link to verify it is what I claim it is.

    (assuming the malicious person is good enough to pull this off) In the end we have an innocent person, with a lot of evidence on their machine against them, and very little that would lead the FBI back to the malicious person who’s actually responsible for all of it. There’s most likely just a poisoned DNS that redirects traffic to several sites, that may be the result of any of those sites working to increase their number of hits (and thus proof that the victim at least pseudo-willingly visited those sites at least once), or may be the victim is telling the truth and someone tricked them into clicking a malicious link. As an FBI agent which would you assume and believe?