Unchecked malware on government computer results in bogus child porn charge (UPDATE: Now with excerpts from forensic report)
Forensics experts exonerated a "computer illiterate" man accused of downloading child porn, after finding that his work computer was infected with malware that his employers failed to block, remove, or even identify.
The Boston Herald reports that Michael Fiola's computer quietly filled with a relentless spew of pornographic imagery. The Department of Industrial Accidents terminated him after its discovery.
Fiola’s troubles began in November 2006 when, seven years into a job probing workers’ compensation fraud, DIA gave him a replacement laptop for one that was stolen.Months later, DIA information technology officials noted that the data usage on Fiola’s Verizon wireless bill was 4 times greater than his colleagues’. After discovering the child porn , Commissioner Paul Buckley fired him on
March 14, 2007.
Fiola was forced to hire his own investigators to clear his name. Their conclusions were confirmed by the prosecution's own forensic experts, and he now intends to sue the DIA for ruining his life.
“Our lives have been hell,” Fiola, an ex-park ranger, told the Herald. “I hope to recover my reputation, but our friends all ran.”
The best thing about the story is how Fiola's lawyer calmly exposes Buckley and co. as stupid, presumptuous morons: "As soon as you mention child pornography, everybody’s senses go out the window."
Update: BBG reader Tubman found the forensic report (PDF), which explains exactly how much of a slam-dunk exoneration it is. It also excoriates the original "investigation," which amounted to some incompetent IT jobsworths finding the images and promptly railroading Mr. Fiola.
Nice, considering they gave him a compromised computer, malware on which started slurping down the smut within minutes of "the first significant user activity by Mr. Fiola after receiving the Laptop."
Some excerpts from examiner Tami Loehrs' report:
The pornography appears out of nowhere ... fast and furious with no pattern. While search results pages appear, the pages that follow do not come from links on the search results page and the content that appears next does not match the search. In addition, the content itself is sporadic – child pornography, scat sites, urination sites, gay men, incest, large women, etc. This activity is more indicative of a virus, Trojan or hacker than an individual browsing the Internet for pornography. ... we know for sure that the system was badly infected....
Mr. Glennon testified that there is no evidence that anyone else other than the Administrator had ever accessed the Laptop. However, a review of the computer revealed several other accounts that had been created on the Laptop prior to Michael Fiola including diauser, user, test and test2. Unfortunately, all previous accounts had been deleted, thereby eliminating potentially relevant evidence.
...
Glennon went on to testify that it is highly unlikely for Internet files to be on the computer without activity by the user and that there is no way for files to be in the Internet folder without browsing the Internet. A review of the Symantec logs by Mr. Glennon would have revealed the viruses and Trojans that were attacking the Laptop for four and a half months.
...
the DIA spent approximately 3 hours investigating the computer ... With only 3 hours spent on the Laptop by the DIA, they could not possibly have conducted a thorough investigation ... I have spent over 100 hours conducting a thorough forensic examination of the Laptop in order to reach the preliminary results and conclusions contained in this report and my investigation continues. It appears that the only investigation by the DIA was to copy the temporary internet files and confirm that child pornography existed on the computer when it was in Michael Fiola’s possession.
State worker cleared on child porn charges that were due to malware [News.cnet.com]
the latest
latest episodes
And people wonder why I tell them not to use Microsoft products.
My heart goes out to this guy; I saw this kind of thing coming more than a decade ago.
#1
How is this Microsoft's fault, other than having the Windows logo in the post body?
And yet we wonder why so many gov't laptops go missing.
#2 - each of my 3 MS machines have become infected despite minimal use and layers of protetion (and hours spend setting it up). Zero of my seven Macs have, and I've never spent 30 seconds on anti-virus.
I too blame MS for writing a shoddy, easily infected, OS.
One thing I'm learning from my experimental Ubuntu/WinXP setup on my secondary PC is that I don't have anything LIKE the maintenance hassles associated with surfing using Firefox under Ubuntu like I do using IE or even Firefox under WinXP.
So, were they able to actually prove that all of teh porn on his computer was directly put there by malware that he had no knowledge of? Or was their argument basically that "because the IT department was inept in keeping malware off his computer, you can't prove that the porn is his?"
Because it's been my experience that typically, when you get porn on a computer in any quantity more than one or two images, the user probably put it there in some fashion. Either by directly downloading it and/or visiting porn sites, or by visiting other sites that typically have porn ads on them (torrent sites, hack sites, etc).
Maybe I'm just being a cynical bastard. But I'm not always swayed by the Bart Simpson "you can't prove it! nobody saw me!" defense.
Browser history didn't match up to what was in the cache, according to the story. And I'm sure the operation of the malware was quite clear once it was discovered, esp. given that the prosecutor's own forensics people agreed he wasn't their man.
I'm guessing it's a click-fraud machine of some kind, generating page impressions for its creator's smut sites.
#3- The Microsoft OS is easily infected because it is easy to program for, also the reason there are so few viruses for Macs is that the amount of Mac users is so small when compaired to Pcs. With the recent surge in macs popularity on college campuses expect to start spending alot more then 30-seconds on with your anti-viruse software. If you want a secure system so that this type of thing wont happen to you your best bet is to learn how to program and use linux.
Kind of funny that he works for the Department of Industrial Accidents. Do you suppose the PC infection and his firing could be considered industrial accidents?
as for "Browser history didn't match up to what was in the cache", couldn't that be the result of deleting or selectively deleting some of either one at some point?
I should imagine that the presence of malware that sits there sucking child porn off the internet and placing it into the browser cache might in dicate that the computer's owner was not doing it manually.
No need to imagine, Rob. Here's the forensic report by Tami Loehrs which Fiola commissioned. The exculpatory evidence is pretty overwhelming, but the best bit's the part of the summary where the DIA guys who handled the original "investigation" get their asses handed to them.
Awesome find! Thank you, Tubman
As former owner of Bold Type, one of the plaintiffs in Ashcroft v Free Speech Coalition, which resulted in the Supreme Court striking down two provisions of the CPPA, I am disgusted but not surprised by the typical knee-jerk [over]reaction of the authorities involved.
As a sometimes-VJ who spends countless hours seeking out public domain and out-of-copyright material by the gigabuttload, I fear the current legal and political climate of zero tolerance for possibly illegal imagery, no matter how old and no matter the circumstances under which it was obtained. As I've often performed at goth/fetish clubs and at events by or benefits for the Center for Sex and Culture, I've amassed a pretty substantial (ok, embarrassingly large) collection of vintage porn and erotica, typically by indiscriminately sucking down archived collections from P2P nets. It can take months for me to vet downloaded files, especially if I don't have any pressing gigs — I bet there's at least a couple dozen hours of vintage smut on one of my drives I haven't touched in the 4 years since I downloaded it. God only knows what's in it….
Unfortunately, should those files include anything known to be a deathly poison for our way of life — four or five seconds of Tracy Lords playing with a tennis racket, for example — and I'm facing having to spend the rest of my life as a registered sex offender, should the authorities somehow find them before I do. (And maybe even if I do, should the feds decide to recover my deleted files.) And at least I know who Tracy Lords is, what she looks like, and which of her film(s) were made after turning 18. What about the nameless stars who debauched their way through hundreds of silent smoker reels and feelthy French feelms? What did filmmakers photocopy in the days before drivers' licenses?
For that matter, never mind what's on my hard drive — maybe I should start worrying about what's on my shelves. I know I have at least three books about film censorship or transgressive/experimental cinema that feature frames from Smart Alec, one of the first widely circulated porn films. I've noticed it popping up everywhere from cheapie "Porn Just Like Daddy Used to Make" compilations to quasi-academic historical surveys to erotic mash-ups from Oddball Films. Imagine my surprise upon recently learning that Candy Barr (neé Juanita Slusher) was only 16 when the film was made. Does this mean I should take an X-Acto to my old film studies textbooks?
[As an aside, I'm always amazed by the assumption that computer viruses are an unavoidable aspect of the wired life. After 25 years online, more or less daily and using MS products almost exclusively, I suffered my first real viral infection (as opposed to house-guest-doing-something-stupid infection, or I-know-this-is-going-to-install-adware-but-I'll-clean-it-out-*after*-I watch-the-unlocked-video infection) last October. It was a drive-by infection thanks to a Firefox exploit. (Ironically enough, the week before I had finally switched my default browser from Netscape 6.reallyold to Firefox, 'cause I was tired of all the cool kids making fun of me.) During those 25 infection-free years, I downloaded hundreds of thousands of files, often from extremely sketchy sources. I've also *never* run any sort of real-time anti-virus, preferring instead to scan suspect downloads manually.]
MS = Not the devil.
I use a combination of Windows Defender, AVG Anti-virus, Firefox, and UPDATING MY COMPUTER.
All of them update automatically, are free, and have kept me free from viruses, adware, malware, etc, for as long as I have been computer literate.
These programs take maybe 5 minutes a week to maintain. I'm sick of people bitching about the security of MS products, when they obviously take their own security for granted.
If you leave the front door open - thieves will come.
#13 says: "MS = Not the devil.......etc."
Well, goody for you. What about the other 98% of computer users who don't have any idea what's going on in their computer and rightfully expect that the manufacturer should not give them a loaded gun with the safety off?
@ Vandalin
I use the exact same combination of tools that you mention and have also never had any real issue with Viruses or Malware.
However I'd much rather just install an operating system and have all this junk taken care of as it should be and while I agree for the most part it doesn't take long to download the updates, etc. Try running an office with 15 computers of which 13 users are nearly computer illiterate and tell me the issues are not frustrating then.
If the office was networked with Macs or Ubuntu when I moved in these things would not be half the issue they are. Of course if the office was networked with Ubuntu I also wouldn't be using Adobe CS3 and until the day that Adobe realise they'd be making a sensible business venture by supporting Linux users I'll always have a Windows machine lying around. Macs are simply too expensive to justify for my own use.
I have to echo SAMF's response - why would someone write & distribute a virus or trojan that would download porn into a user's browser's cache ?
I could come up with some conspiracy theories, but none seem very likely to me.
As example: one could want to get people like Mr. Fiola in trouble, but as the trojan doesn't seem to target anyone in specific, the trojan's creator is not likely to hear of his/her success.
[OK, he heard now, but it isn't really success if the employee has proven his innocence, and will probably get his work back and/or compensated.]
Anonymizing proxy, for cryin' out loud.