Broadband Tech > Security > Security > Framed for child porn 151; by a PC virus

reply to antdude

Re: Framed for child porn 151; by a PC virus

reply to Blue2

reply to antdude
Sorry, I don't agree.

(1) When the DA drops the charges, from what I can tell, that is the same as having not been charged. You have not proceeed to trial nor have the charges been brought before a judge. Only a judge or a jury can exonerate you, NOT the DA. You are not acquited, as you have NOT been tried.

(2) I have stated all along that unless there is evidence that links you to the crime, there is no cause to charge you. I've never changed my opinion on that. Forget the dead body. They find high grade explosives in the rental car that you are driving. You're a terrorist right? Not quite. They go to great pains to discover where the explosives were acquired and who acquired them. How were they transported to the car. Are there any traces of your DNA that links you to the explosives. Did any other people have access to the car? Was it checked by the car rental company before it was given to you? The mere presence of explosives in the car that you happen to be driving might set off a lot of alarm bells, but it still does NOT link you to any crime or criminal activity.

Sorry, if the DA failed to do these checks BEFORE bringing charges, then he failed to do his job which is to determine if there is sufficient evidence to link the person to the crime.

I don't think I've missing anythng that you've suggested. I just don't agree with your analysis. What does "possession" mean to you? If it is a company computer, do I possess it or do they? Did I install the software or did they? Did they verify the contents before giving it to me? Did anyone else have access to it? Sorry, I still don't buy that the "possession" argument was very well substantiated.

reply to MGD

reply to antdude
Government employees should know a lot about computers.

Huh?

What makes you think an office clerk doing data entry should know anything about the internals of the computer?

As long as the software works, they wouldn't look any further.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to Blue2
All I can say is that you seem to have a blind spot for the obvious.

Let me give you another example. There are bag limits set when hunting for waterfowl. Now the many hunters cannot tell a pintail from a wigeon, so it is routine for hunter's bags to have too many of certain restricted species. There is a steep fine for bag limit violations.

You would not believe the wild excuses these hunters have. "I shot the biggest snow goose you ever saw," when in fact they have a prohibited species of swan. Or "I didn't shoot that one, somebody else must have shot it and my retriever picked it up by mistake."

The point is that this is a simple crime of possession. You have an illegal bag, you pay the price. None of these excuses will get you anywhere. You can fight in court, but good luck with that.

If I have too many pintails in my bag, it's not up to the game warden to prove that the bag is mine. Also he can assume that I didn't find it dead, no matter what I claim. That's how all crimes involving possession work. It could be illegal drugs, illegal child porn or illegal hunting bag limits.

But this is drifting way off topic. Have it your way.
--
This is not a rehearsal.

And all I can say is that you have a peculiar sense of analogies. I believe my example of finding explosives in your rental car was a much closer analogy to what happened here than your hunting violation. To make sure it's "clearer", I'll point out just a few obvious distinctions:

-- The bag is yours. The rental car or company computer ISN'T. It's THEIRS on loan to you, which DE FACTO means that other people had access to it (including the IT guy who could have put the porn there as a joke or to get you fired as just some stupid examples of how one could establish reasonable doubt.)

-- The hunting violation is a fine, with NO trial UNLESS you want to contest the fine. The rental car and computer incidents will automatically bring you to trial, but require a much higher burden of proof to (a) bring a charge, (b) have a judge/grand jury accept the charge to PERMIT it to go to trial and (c) convince a jury to convict.

-- The hunting violation has a minimal sanction, is of little importance to the pubic, and has no risk of embarrassment for a false charge. The rental car or computer incidents have high penalties, are of high importance to the public ("we have to punish someone" or what will the public think), and reflect on the DA's conviction rate. Get lots of your cases tossed out by a judge for insufficient proof linking the crime to the accused and you'll get a reputation pretty quickly. The fact that false prosecutions happen often enough in computer cases shows the general ineptness of computer expertise in law enforcement/judicial system.

If all possession crimes were as obvious as you suggest, why wouldn't law enforcement plant evidence on every one that they'd like to see put away? I believe because as I've suggested, the more significant the crime, the higher will be the standards to link the person to the possession.

"It is actually a worse travesty of justice than that. I read the documentation of the case when it first came out, and that has been a while ago. From memory, Michael Fiola was a industrial accident investigator for the state of MA. He was issued a laptop which he took in the field. He was by no means computer savvy, just entered case site data into form templates. The Laptop also had a wireless cell card. The IT admin guy notices that Fiola's laptop is showing up on the monthly bill as having large data transfers, 3, 4 and 5 times the normal amount. He asks Fiola to bring in his Latop so he can check it. He finds caches of child porn images on the Laptop, tells the dept. manager. Fiola is fired and the cops are called."

Great info if correct .. the bottom line remains WE ALL expect better from any .gov when the average person had no "privacy expectations" within "certain scopes" for .mil, .gov etc issues

.. EVEN SO .. "THIS" IS NO DEFENCE for any .gov or .mil employee. Budget cutbacks are one thing.. compromise security is totally another. Save a cent to lose a dollar? NO thx.. IF this can be done with a .gov comp .. the sky is the limit.

Going forward .. that is not something that can be fixed.

I would have sympathy for the guy if what you say is verified. In the same breath, I ask what is he doing in a .gov position and exposing his collegues to .. well you name it.. this time a porn dl .. next time? who knew?

Nice to know that the "someone" is in control of these issues.. or demands to be.. at the same time FAILing hard.. no?

Finally, child porn is abhorrent.. someones head should roll here..

"Excellent post on this subject. Once again it makes me wonder who protects us from the protectors."
.. EXACTLY!

All "security" relies on "power" .. who empowered this to happen?

When we do not have "power ourselves" it would be time to ask those that "do" .. WTF? Particularly in a case like this no?

I agree with Oleg 100% too .. this came down to "delegation" I think and blame needs to flow UP the chain and not "down"

look.. no blame to individuals. THE SYSTEM.. needs to work.. and if it dont? SHOUT LOUD or next time its you ..

Am I sure this guy didn't dl porn himself .. NO
AM I SURE that this is not acceptable for .gov/.mil .. Absolutely..
However, stuff needs to "bubble up" and not down. Regardless of budget.

Cutbacks + pay peanuts + security is not particularly good either = why claim any security at all?

Bravo Blue2 . Bravo!!!

reply to Blue2

reply to Blue2
".. EVEN SO .. "THIS" IS NO DEFENCE for any .gov or .mil employee."

Hi Blue..

By that I mean his superiors too not just the "accused". If he is proved innocent then its not his fault however these things have a habbit of falling into a "black hole" when justice demands that the evidence trail needs to be followed upwards

Sorry for any confusion but if I was this guy I would sue those that "prosecuted" me..

I think I view this not so much from the perspective of the guy accused. Rather an average citizen that must trust their info to people we expect to be competent. "someone is guilty" that is the point. My bet is .. this is the last we hear of the matter though.

Apologies again if my post confused.

Hi mod,

Let me clarify my point of view. From what was indicated, he wasn't responsible for anything. I'm not sure his bosses were responsible for anything. But his IT dept. was and should be held responsible.

According to what MGD pointed out, they didn't secure the computer properly. They didn't re-image the machine, the coprate AV was not working, the server AV logs were not being watched, the machine was infected possibly BEFORE he was given it. All this lead to it becoming a bot server. And then in a sad irony, it was this same IT dept. who then reported him, got him fired and then caused the government to investigate. So whose head do you think should roll?

He doesn't have to be "proved" anything once the charges were dropped. At that point, there is No case against. But it's too late, because the damage is already done, he's lost his job, lost his life savings proving his inoccence and been branded a "pedophile" for life.

The problem in cases like this is that once they start, they take on a life of their own. I'll give you another one: if by chance your name happens to match the name of someone on the terrorist watch list, you're finished. Your life as you know it is over. Because those interpreting or investigating, will only see O's and 1's and you just became a match.

reply to antdude
And the moral of the story is they should train there employee's to know or at least to recognize signs of infection. Evidence that their AV is functioning etc etc.
He could easily still have turned a blind eye or profited in some way. These avenues should be managed properly.
--
Paradigm Shift beta test pilot. So far nothing to report.
Now is the not right time to stop folding.

reply to Blue2

quote:

---

Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye. DIA turned the matter over to state police who, after confirming "an overwhelming amount of images of prepubescent children engaged in pornographic poses" were stored on the laptop, persuaded Boston Municipal Court to issue a criminal complaint against Fiola in August 2007.

---

quote:

---

Mr. Glennon testified that there is no evidence that anyone else other than the Administrator had ever accessed the Laptop. However, a review of the computer revealed several other accounts that had been created on the Laptop prior to Michael Fiola including diauser, user, test and test2. Unfortunately, all previous accounts had been deleted, thereby eliminating potentially relevant evidence.

---

quote:

---

Glennon went on to testify that it is highly unlikely for Internet files to be on the computer without activity by the user and that there is no way for files to be in the Internet folder without browsing the Internet. A review of the Symantec logs by Mr. Glennon would have revealed the viruses and Trojans that were attacking the Laptop for four and a half months.

---

quote:

---

.. the DIA spent approximately 3 hours investigating the computer ... With only 3 hours spent on the Laptop by the DIA, they could not possibly have conducted a thorough investigation ... I have spent over 100 hours conducting a thorough forensic examination of the Laptop in order to reach the preliminary results and conclusions contained in this report and my investigation continues. It appears that the only investigation by the DIA was to copy the temporary internet files and confirm that child pornography existed on the computer when it was in Michael Fiola’s possession.

---

quote:

---

Meeting Minutes (4-11-07)

DIA SECURITY BREACH – UNAUTHORIZED USE OF CLAIMANT DATA

Mr. John Glennon, Chief Information Officer, updated the Advisory Council Members regarding the recent unauthorized use of claimant data by a DIA contractor. Mr. Glennon stated that the incident, which took place on December 19, 2006, involved internet transactions on a DIA computer. He stated that law enforcement officials have charged the contractor with crimes related to credit card fraud. Mr. Glennon explained that the DIA immediately notified all of the claimants affected by this incident. He stated that to the best of the DIA's knowledge, only three people had their identities compromised.

Mr. Glennon informed the Council that the DIA is in the process of taking actions to resolve this situation and to ensure that this will not happen again. Mr. Glennon reported that the DIA has begun redacting certain information on viewable internal forms and that they are in the process of hiring a security consultant. Mr. Glennon informed the Council that the RFP team is currently in the selection process

---

Nice, MGD. I correct my previous comments.

Mr. Glennon should be taken to Guantanamo. He's far too dangerous and arrogant to leave in ANY position of government authority. With "Chief information Officers" like that in government, forget terrorists. We're likely to self-destruct without any outside assistance.

reply to antdude
This could happen to anybody. A story over at the Register mentions scareware called Win Spy Protect that claims to clean up porn images found on a PC in fact downloads such images to the infected PC:

said by The Register :

---

Roger Thompson, chief of research at security firm AVG, ran across the threat months ago but held back on publishing details until Thursday. Heightened concerns about how malware infection could result in presence of image of child abuse on the PCs of non-paedophiles prompted Thompson into publishing a video of the threat (below).

The hacked website linked to the attack was a children's site and the content strictly adult porn. However, the tactic could result in child abuse images getting dropped onto the machines of surfers whose only mistake was to stray onto hacked websites, as Thompson explains.

Fortunately, LinkScanner detects the rogue-spyware aspects of this and blocks it just fine, but without LinkScanner, these images would now be in the browser cache, and it would sure look like the owner was guilty. Worse still, the images could just as easily be kiddy porn, and just being your cache would be regarded as possession, and therefore highly illegal by most law enforcement agencies.

---

reply to antdude
Hi Blue,

I agree there is no evidence to prosecute this person for the charges he was faced with. I feel sorry for the circumstances he found himself in and I am glad some level of justce is done in that he was proved innocent. However this is .gov and the investigation should not stop there (watch them try to sweep it under some carpet). With power comes responsibility and .gov these days does demand a lot of power.

In these circumstances, there is NO WAY that it is acceptable that a laptop that connects to a .gov network is not secure or could be trojaned in some way. Ok so the user was innocent, who above him allowed this to happen and those would be the heads that need to roll. By "above him", I dont mean his direct boss either but rather the IT Dept and its "head". Not only did this IT Dept provide evidence against him, they didnt realise it was their own internal failure. That for me is "incompetence at its best" and not acceptable.

Lets say that it was a live "malicious hacker" and not some "bot net"? I dont know what info is on their network but it is surely worth better protection. Is it acceptable that a .gov network had such poor security? For me no.

Secondly, ALL .gov employees that can connect to a .gov network should have some security basics. Its a training issue if this guy wasnt equiped to deal with or escalate what happened on his laptop. That is another failure of "the system" or some "higher individual". The "witchhunt" should go on until it falls at the door of those who allowed this to happen. But it probably wont.

I for one second dont want to blame the "individual" .. its the system that allowed this and someone much higher in the food chain needs to answer.

Hi ashrc4,

Exactly, a fool with a tool is still a fool. Where is the training? Worse yet the untrained and infected zombie laptops can connect to secure networks?

Hi MGD,

Some great info.

"Glennon went on to testify that it is highly unlikely for Internet files to be on the computer without activity by the user and that there is no way for files to be in the Internet folder without browsing the Internet. A review of the Symantec logs by Mr. Glennon would have revealed the viruses and Trojans that were attacking the Laptop for four and a half months."

WOW .. whose head should roll?

".. the DIA spent approximately 3 hours investigating the computer ... With only 3 hours spent on the Laptop by the DIA, they could not possibly have conducted a thorough investigation ... I have spent over 100 hours conducting a thorough forensic examination of the Laptop in order to reach the preliminary results and conclusions contained in this report and my investigation continues. It appears that the only investigation by the DIA was to copy the temporary internet files and confirm that child pornography existed on the computer when it was in Michael Fiola’s possession."

OMG is all I can say to that. Especially if that laptop wasnt formatted clean in the first place. Yeah sure.. It would take months then alright. But the first thing I would flag in any "forensic exam" is that it actually wasnt formatted before the guy got it.

"In my opinion it was the total malfeasance of the DIA's IT department, specifically the portion after the discovery, is what really did Fiola in."

Agreed and this would be obvious to any "forensic examiner".

"
What is even more infuriating is that neither Glennon, and the Mass. DIA management, have enough spine to stand up after they were shown to be incompetent, and admit they made an error. That would be both the moral and ethical thing to do."

Well said.. and we need to trust these people with our info? Not to mention the poor "accused" who is "innocent" or NOT TRAINED?

"Based on this, one can only imagine what the overall security status of the DIA's Network is."
I will hazard a "guess" at "LOL".. not really comforting.

"A quick check brings up this in the minutes of a 2007"
OMG.. "He stated that to the best of the DIA's knowledge, only three people had their identities compromised." ... In fairness.. they dont have a lot of knowledge.. and a better presumption is "incompetence" and any data they had responsibility for .. remains at risk. GOD!

@Blue
"Nice, MGD. I correct my previous comments.

Mr. Glennon should be taken to Guantanamo. He's far too dangerous and arrogant to leave in ANY position of government authority. With "Chief information Officers" like that in government, forget terrorists. We're likely to self-destruct without any outside assistance."

I cannot agree more. I just hope that this is not now the "end of it" and some prosecutor follows it up the food chain.

Finally, if I was the "accused" I would be getting the same lawyer that proved me innocent and sue for damages done by this "IT Dept". But maybe that is just me?

reply to antdude

Unwanted porn on computer