See your link here
More child pr0n fallout
1 comment- TAGS:child pornography, forensic expert
- IT TOPICS:Security
Imagine you are just a normal, everyday person working away at your job. You're not an information security professional. Just a guy or gal trying to make a living. Then, all of a sudden, you are accused of downloading child pornography on your compnay laptop, you're fired, you are brought up on charges for kiddie porn, your friends and family shun you, and you wife gets sick because of all the stress caused by the issue. Well, that is exactly what happened to Michael Fiola while working for the Commonwealth of Massachusetts as an investigator for the Department of Industrial Accidents (DIA). His old laptop had been stolen, and he was issued a new one. Very soon thereafter, someone noticed an unusally high wireless bill (he used a broadband card through Verizon for Internet access) on his account, so they started investigating. Lo and behold, they found child porn.
Fiola claimed he did not download the porn, and he also claimed that he would not even know HOW to download it. So he hired his own forensic investigator to prove his innocence. And that investigator came up with some interesting facts. Here are some key excerpts:
In her examination, Loehrs noted that on certain dates, porn appeared "in the temporary Internet files with no apparent origin or user interaction preceding the pornographic activity. There were no Web site addresses typed into the browser, no searches conducted, no other pages accessed that led to the pornography appearing on the laptop. There are no Symantec logs for this date."
In addition, "Microsoft (NSDQ:MSFT)'s Systems Management server had previously been installed on September 20, 2006 with the computer name BOLLE04 and it appears that the new computer name BOLIN17 was not changed in the SMS software. According to the registry settings, the Windows Firewall was turned off."
"With no preceding activity by Fiola, a file titled smp[1].htm appears in the temporary Internet files folder," Loehrs wrote in her report. "The forensics software identifies this file type as unknown and the file is not viewable. However, the underlying HTML code includes several URLs in addition to several other unusual files. Because there was no user activity that prompted these files to appear such as an Internet search, access to other Web sites, checking e-mail or downloading files, this suspicious activity is indicative of a virus and/or Trojan that was likely resident on the Laptop when Fiola received," stated Loehrs.
"It is evident from reviewing the Symantec logs that the virus protection software was either not configured correctly or was not functioning properly. Log files for November and December are missing and entries for November are incomplete."
It goes on to say that more than likely the malware erased the logs. It also makes me wonder whether the malware smacked Symantec or if it was just not configured correctly in the first place.
You can read the rest in the article, but the general conclusion was that Fiola had not downloaded the bad content, but that it was caused by malware installed on the machine. After the investigation, all charges against Fiola were dropped.
But what really irks me most about this case is the following:
According to her assistant, forensic analyst John Hansen, Fiola's computer was initially examined for "a grand total of three hours" by the DIA's IT department and never checked by forensic investigators. By contrast, Hansen said that he and Loehr examined the computer for over a month. Hansen also said that "no one was bothering to check" logs to see if the laptop was experiencing problems.
That just tears me up. Not only had this lazy IT department not done their job when they configured Fiola's computer, the investigative team (likely someone who didn't know what they were doing) looked at it for only three hours. "Yep, there's some kiddie porn. GUILTY!!!"
And the DIA is standing by its decision to fire Fiola! WHAT? Man, talk about prideful. Why didn't they hire their own investigator? Why didn't the police hire one? This is just crazy.
Print
Email this
Digg this
