Slashdot Mirror
Man Fired When Laptop Malware Downloaded Porn
Geoffrey.landis writes "The Massachusetts Department of Industrial Accidents fired worker Michael Fiola and initiated procedures to prosecute him for child pornography when they determined that internet temporary files on his laptop computer contained child porn. According to Fiola, 'My boss called me into his office at 9 a.m. The director of the Department of Industrial Accidents, my immediate supervisor, and the personnel director were there. They handed me a letter and said, "You are being fired for a violation of the computer usage policy. You have pornography on your computer. You're fired. Clean out your desk. Let's go."' Fiola said, 'They wouldn't talk to me. They said, "We've been advised by our attorney not to talk to you."' However, prosecutors dropped the case when a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files. Computer forensic analyst Tami Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye. The virus protection and software update functions on the laptop had been disabled, and apparently the laptop was 'crippled' by malware. According to Loehrs, 'When they gave him this laptop, it had belonged to another user, and they changed the user name for him, but forgot to change the SMS user name, so SMS was trying to connect to a user that no longer existed ... It was set up to do all of its security updates via the server, and none of that was happening because he was out in the field.' A malware script on the machine surfed foreign sites at a rate of up to 40 per minute whenever the machine was within range of a wireless site."
This guy should get one. And, meanwhile, insure no one touchs that laptop.
-- Slashdot: When Public Access TV Says "No"
This is a tough lesson learned for Mr. Fiola, but the lesson is, always request a clean build when receiving new equipment in the workplace. That would have eliminated the malware and given him a clean system to work on.
--I like turtles...
Government employees in Massachusetts, the state that is so corrupt and dysfunctional it gives government all over the rest of the U.S. a black eye.
Seriously. I just escaped (to D.C., which, despite its warts is a million times better) from three years of living in that hellhole. I don't think I encountered a single effective or competently run state agency the whole time.
I expect the employee who would have been responsible for wiping this laptop is probably a relative of some high official, and probably doesn't know how to do anything except reinstall Windows from a factory CD.
Sounds like it may have been the previous user that got the machine infected.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Julie Amero and the Porn Pop-Ups all over again?
I am a lawyer, but this is not legal advice. If you need legal advice, the attorney in this story might be a good choice . . . (but I cannot endorse him).
This, in a nutshell, is why lawyer's represent guilty scum.
Sometimes, it turns out, they are neither . . .
Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that? I really can't fault the emploeyr for not considering such an idea and investigating it.
The defense attorney, though, is to advocate for his client, even if the client claims seem far-fetched.
hawk, esq.
So expecting them to ask for a clean build is asking to much. Their IT department should have known better and done this automatically.
In Canada that would be unlawful termination.
Actually even if he was guilty, they would have had to tell him before he went outside why he was fired, or he would have grounds for compensation.
Microsoft, Apple, Google, Amazon what's the difference? All steal money from devs and control with walled gardens.
The real problem is that, as the summary said, they didn't change the security software username, and killed the old username at the server. Therefore, he was running unupdated software... leaving him open to any new Internet threat. Sounds like the IT Department deserves to be fired.
Then there's projects like Unattended that work great and can have a laptop or workstation back up and running in a default state, with all programs and updates applied in 60-90 minutes.
There is no excuse for giving someone a used laptop or workstation that hasn't been cleaned. We don't concern ourselves much with our workstations since they never leave our network, but any laptops get a thorough cleansing before being re-issued to someone else.
I would say that the scripts surf a list of shady sites to get hits on banner ads. I imagine that, even though they don't stay up as long, kiddie porn sites may have ads too...
Probably, the malware itself is a temporary webserver to help distribute the load of an illegal kiddie porn pay site. Look up Fast Flux (http://en.wikipedia.org/wiki/Fast_flux) spammers use it all the time and it is very simple to set up.
Your skepticism is mis-placed.
There is more than one kind of malware.
One kind sends Phishing Spam / Viagra spam / etc.
Another performs DDoS attacks.
A third acts as a distributed FTP/Fileshare server so that the guilty have a place to hide & share their wares and not have a single point of being shut down by the authorities. Whether this be lists of CC numbers or kiddie porn is immaterial.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that? The malware wasn't downloading and hiding kiddie porn From the article: "Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see. "Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything," she added." The malware author was probably running a pay per click scam by using his malware to visit a bunch of sites and making it seem a bunch of visitors were browsing the site.
Isn't anyone going mention poor Mary Jo Kopechne? I believe it's mandatory when trashing Ted Kennedy.
Publicly available info from DOL
Refer to the entry for Mass, find Director of Department for Industrial Accidents. Unsure if info is accurate or current.
That part was about the System Management Server trying to update his laptop through a nonexistent user.
So basically the system had no updates because the automatic updates were configured to work through an user that wasn't there anymore. Which leads a windows system to leaking like a sieve, explaining how he got the virus.
Never mind that Ghost is an absurdly simple program -- Linux (and any other Unix, for that matter) has had dd, for free, pretty much forever. More recently, there's ntfsclone, which will grab everything but unallocated space.
Don't thank God, thank a doctor!
He will, however, be suing them.
Legalize recreational marijuana. Seriously.
That would really be insanely stupid considering the hysteria kiddie porn provokes. If he wanted to just store it, encrypt it and it's 100% safe. Stash it in a folder on a innocent DVDR; etc, etc. Anyone capable of creating malware certainly knows how to do this, and not risk having a FBI team break down his door next week.
I think the guys who do trade kiddie porn would be extremely paranoid and cautious.The dumb ones would have been caught by now. The idea that these guys are snickering while sending illegal porn to innocent people is as silly as those characterisations of terrorists as "they hate us because we're free". I believe the guy in this case was likely innocent, I think he was just collateral damage from some pay-per-click scam. The porn in his cache was just a side effect of sending his browser around in the background to earn a few cents.
He knows who you are. You can stop pretending.
Lawyers represent the guilty because A) you may be guilty but we need to make sure your sentence is reasonable (a lot of people would like to hang a man for showing a kid his penis); and B) You might actually not be guilty.
In old country, court used to mean you had no representation (lawyer), the prosecution made whatever wild claims it likes, and then they lock you up. End of story. Guilty or not, you get a fighting chance BECAUSE the alternative is we send men in black to your house and throw you in jail after a cute little show just because we don't like you.
Think Salem Witch Trials, nobody had any real defense, all accusations were absolute indications of guilt. This is what happens when you take away the right of the (presumed) guilty to defend themselves.
Support my political activism on Patreon.
I ask because I have...err...my friend has not seen it since the early early days of the internet. Back then, you truly could stumble across it accidentally. It hasn't been that way for a long long time though, in my experience. I'm fairly sure it is out there on the web if you go looking for it. And sometimes if you aren't looking for it.
About two years ago I was trying out some search page I'd seen here on slashdot that displayed a cloud of very small thumbnails of what other people were browsing. Forget the name of it since I haven't used it since.
Anyhow... Seeing what all other folks were looking at was sort of novel. I was looking at this and that as new thumbnails popped up when I saw one that looked like a page with about a dozen images on it. Vaguely flesh colored images. I thought "That looks like porn. Wonder what they're looking at?" I figured the worst I might get was a page of naked guys and at best some hot, slutty girls. So I clicked the thumbnail.
It was clearly child porn. Naked young teens and pre-teens. Not "young looking 18 year olds with pigtails." Uh-uh. Quite clearly underaged kids.
Sort of an "oh shit" moment. Cleared the browser cache. Ran Eraser over the drive a time or two. That was the end of looking at what other people were browsing via graphical interface for me.
I dislike Massachusetts government enough that I'm actually going to respond to your post in detail. I can't speak for the whole state government, only those parts of it (and municipal subdivisions) that I ran into during my time there. Every one was problematic.
I've never applied for a job there, and would never do so for reasons that will shortly become obvious. To be blunt, the job I will start in DC in September is way better than *any* Massachusetts government job could be for a new lawyer.
My first experience was with the Mass RMV. On their website, they state that you need a certain set of documents to convert an out-of-state license. I brought with me the printout of the linked page along with everything on it. After waiting two hours in line, I was informed by the employee that I needed an original birth certificate to prove my date of birth, despite the fact that my passport, which I had with me, had the date as required by the RMV. I showed her the list of documents, and checked off each item with a pen. No dice; she would not transfer my license. I asked to speak with the office manager and showed her the website printout. She accused me of making a fake printout and repeated what the employee had said.
I gave up, went home, and came back later with a file box full of documents. This time, after another two-hour wait (and presenting more documents than the RMV claims to require), I got my license.
My next experience was attempting to register to vote. It turned out that my apartment literally straddled the Cambridge and Somerville city lines. I first tried to register to vote with the Cambridge city clerk, as the street the apartment abutted was in Cambridge, as was my street address. I was denied because, according to the city of Cambridge, my apartment was in Somerville. So I went to the Somerville city clerk and was told my apartment was in Cambridge. Repeated letters to both cities failed to get me registered (actually, failed to elicit any response) and I was unable to vote in two elections that occurred before I moved one year later to an apartment that was unambiguously in Cambridge. Constitutional rights? Who gives a shit?
Then I experienced the fun of dealing with the Massachusetts Turnpike Authority. Silly me; I thought it would be handy to have an EZPass. So I tried to get one. Registering online was a cinch. But then I never received my EZPass transponder in the mail. They did take my money, and once again repeated contacts to various MTA officials resulted mostly in befuddlement. I eventually ate the $30 or so because it was just not worth my time to pursue the matter. I never saw an EZPass transponder before I moved out of the state. If you read the newspaper, none of this is a surprise. MTA officials are rarely in the news for turnpike-related decisions, but there has been a consistent stream of stories about their perks and inflated salaries.
And, of course, there's the Massachusetts Bay Transit Authority. Constant track fires, track infrastructure that is not as good as that in many Third World countries, speeds literally half those in either the New York or Washington subway systems, equipment that ages before its time due to neglect, a brand-new headhouse (Charles/MGH) with platforms so misaligned that wheelchair users can't get on the trains, an epic light-rail vehicle procurement fiasco (Google "type 8 chronology of events"), and buses that should be impounded and taken off the road for defects (5 bus fires in my 3 years there).
I've already mentioned the entertaining Department of Revenue tax procedure above, although, in fairness, they don't ever seem to have messed anything up for me, only designed a laughable procedure.
My last episode was with the RMV again; this time, they mistyped the VIN on my car registration. I should have known better than to try to fix it. No dice, and an indignant RMV official telling me that my lease contract (which matched my car) was w
Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that?
;-).
Why would it matter whether you believe someone might have a motive? I don't understand why people might commit all sorts of crimes, because I'd never do that. But some people commit those crimes anyway. Lots of people have motives to frame others for crimes.
In any case, on to methods. I have a demo on my web site of how to do "preloading" in javascript. Is javascript enabled in your browser? If so, my demo shows how I can create a web page that quietly downloads images from arbitrary URLs, without showing them to you. This may be used to load those images into your browser's cache. It has valid uses, such as to speed up subsequent downloading of other pages from my site which use those images. But I can just as easily fill your browser's cache with porn. Unless you know how to scan your browser's cache (or have the sense to purge it frequently), you'll never know what I've done to you. My code (actually my web server) also tells me your IP address, which I can use to send the authorities in to examine your browser's cache.
I'd be willing to testify in court how easy this is. And give the court a copy of my code (though they could easily download it from my web site
And yes, I usually do browse with scripting disabled. This was typed into a Firefox 3.0 window, which has the NoScripts extension installed. My demo code won't work against me.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
"He'd have 40 Web sites hitting his computer in a minute -- who's the IT guy who looked at this and said, "Wow, this guy is pretty active on the Internet?'" Loehrs said. "It's physically impossible!"
Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see.
"Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything," she added. Are you still so certain of your position?
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Which makes me wonder --- how, exactly, do they define child porn?
In my state child porn is pictures or video of person under the age of 18 involved in sexual acts or just unclothed. Also, anyone that looks like they are under the age of 18 according to the police inspector whether or not they actually are. Also , anyone that is obviously over the age of 18 but is dressed up to look like someone under the age of 18, also cartoon renderings of imaginary people who if they were not imaginary would be under the age of 18 or look like they would be in the opinion of the police investigator.
If you are not allowed to question your government then the government has answered your question.
In fact, his attorney referred to his former employers as "buffoons".
From the article:
But he is unlikely to take his old job back, even if the DIA were to offer it, [attorney Timothy] Bradl said. "I would think that theoretically he'd be entitled to his job back with back-pay, however he would never want to go back to work with such buffoons," he said.
I feel fantastic, and I'm still alive.
And let us not forget even trusted websites can get compromised,so for all we know this guy was surfing a legitimate website and got hit by a driveby or one of the many exploits that had been released since his machine no longer was updating. I personally hope he gets enough out of them in a lawsuit that he never has to work again. It is obvious to me they never bothered to look at the laptop except to look for porn,and the fact that it was THEIR OWN SCREWUP that caused this in the first place should make it a slam dunk for any decent lawyer. But as always that is my 02c from many years of fixing Windows boxes,YMMV
ACs don't waste your time replying, your posts are never seen by me.
There's no such thing as a legal "slam dunk". The only person who will certainly make money from suing them is the lawyer himself (unless he takes the case on a percentage-of-settlement basis, of course).
This whole case would seem to hinge on one forensic expert's testimony, so if I were a lawyer, I'd be a bit leery about considering this an open-and-shut case.
Still, I wish the guy a lot of luck in setting a precedent that you can't be held accountable in all situations for what your computer does.
I'm not sure if the guy wasn't lucky that the employer went immediately to start criminal proceedings --- that's the only reason he has a valid forensic analysis of the computer to show. In an ordinary instance of firing, the computer would almost certainly have been reimaged before he could sue to have it analyzed.
It seems there's room for a law that in cases like this, the employer has to get a forensic snapshot of the computer involved before reimaging it (or be responsible for destroying evidence in any subsequent discovery proceedings).
Well, the person who said "We stand by our decision" is linnea.walsh@state.ma.us
I think it would be helpful for people to drop her a line asking how she lives with herself, and whether she can look her children in the eye now that she's helped ruined a man's reputation.
It's his job, he had about as much choice in the matter of operating system as he did about which computer he was going to use. The employee who got the sack is genuinely a victim. Management has some of the blame for going off half-cocked, but speaking as an IT professional, the responsibility is with the techs to not only ensure they hand out the good machines, but THOUGHROGHLY investigate an issue, especially concerning somthing as serious as child porn, before they throw the 'offender' under the bus. IT should be supporting, serving and protecting their users, not getting them prosecuted unjustly.