Slashdot Mirror
Man Fired When Laptop Malware Downloaded Porn
Geoffrey.landis writes "The Massachusetts Department of Industrial Accidents fired worker Michael Fiola and initiated procedures to prosecute him for child pornography when they determined that internet temporary files on his laptop computer contained child porn. According to Fiola, 'My boss called me into his office at 9 a.m. The director of the Department of Industrial Accidents, my immediate supervisor, and the personnel director were there. They handed me a letter and said, "You are being fired for a violation of the computer usage policy. You have pornography on your computer. You're fired. Clean out your desk. Let's go."' Fiola said, 'They wouldn't talk to me. They said, "We've been advised by our attorney not to talk to you."' However, prosecutors dropped the case when a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files. Computer forensic analyst Tami Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye. The virus protection and software update functions on the laptop had been disabled, and apparently the laptop was 'crippled' by malware. According to Loehrs, 'When they gave him this laptop, it had belonged to another user, and they changed the user name for him, but forgot to change the SMS user name, so SMS was trying to connect to a user that no longer existed ... It was set up to do all of its security updates via the server, and none of that was happening because he was out in the field.' A malware script on the machine surfed foreign sites at a rate of up to 40 per minute whenever the machine was within range of a wireless site."
This is a tough lesson learned for Mr. Fiola, but the lesson is, always request a clean build when receiving new equipment in the workplace. That would have eliminated the malware and given him a clean system to work on.
--I like turtles...
Government employees in Massachusetts, the state that is so corrupt and dysfunctional it gives government all over the rest of the U.S. a black eye.
Seriously. I just escaped (to D.C., which, despite its warts is a million times better) from three years of living in that hellhole. I don't think I encountered a single effective or competently run state agency the whole time.
I expect the employee who would have been responsible for wiping this laptop is probably a relative of some high official, and probably doesn't know how to do anything except reinstall Windows from a factory CD.
Sounds like it may have been the previous user that got the machine infected.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Julie Amero and the Porn Pop-Ups all over again?
I am a lawyer, but this is not legal advice. If you need legal advice, the attorney in this story might be a good choice . . . (but I cannot endorse him).
This, in a nutshell, is why lawyer's represent guilty scum.
Sometimes, it turns out, they are neither . . .
Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that? I really can't fault the emploeyr for not considering such an idea and investigating it.
The defense attorney, though, is to advocate for his client, even if the client claims seem far-fetched.
hawk, esq.
So expecting them to ask for a clean build is asking to much. Their IT department should have known better and done this automatically.
The real problem is that, as the summary said, they didn't change the security software username, and killed the old username at the server. Therefore, he was running unupdated software... leaving him open to any new Internet threat. Sounds like the IT Department deserves to be fired.
Then there's projects like Unattended that work great and can have a laptop or workstation back up and running in a default state, with all programs and updates applied in 60-90 minutes.
There is no excuse for giving someone a used laptop or workstation that hasn't been cleaned. We don't concern ourselves much with our workstations since they never leave our network, but any laptops get a thorough cleansing before being re-issued to someone else.
I would say that the scripts surf a list of shady sites to get hits on banner ads. I imagine that, even though they don't stay up as long, kiddie porn sites may have ads too...
Probably, the malware itself is a temporary webserver to help distribute the load of an illegal kiddie porn pay site. Look up Fast Flux (http://en.wikipedia.org/wiki/Fast_flux) spammers use it all the time and it is very simple to set up.
Your skepticism is mis-placed.
There is more than one kind of malware.
One kind sends Phishing Spam / Viagra spam / etc.
Another performs DDoS attacks.
A third acts as a distributed FTP/Fileshare server so that the guilty have a place to hide & share their wares and not have a single point of being shut down by the authorities. Whether this be lists of CC numbers or kiddie porn is immaterial.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that? The malware wasn't downloading and hiding kiddie porn From the article: "Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see. "Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything," she added." The malware author was probably running a pay per click scam by using his malware to visit a bunch of sites and making it seem a bunch of visitors were browsing the site.
He will, however, be suing them.
Legalize recreational marijuana. Seriously.
Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that?
;-).
Why would it matter whether you believe someone might have a motive? I don't understand why people might commit all sorts of crimes, because I'd never do that. But some people commit those crimes anyway. Lots of people have motives to frame others for crimes.
In any case, on to methods. I have a demo on my web site of how to do "preloading" in javascript. Is javascript enabled in your browser? If so, my demo shows how I can create a web page that quietly downloads images from arbitrary URLs, without showing them to you. This may be used to load those images into your browser's cache. It has valid uses, such as to speed up subsequent downloading of other pages from my site which use those images. But I can just as easily fill your browser's cache with porn. Unless you know how to scan your browser's cache (or have the sense to purge it frequently), you'll never know what I've done to you. My code (actually my web server) also tells me your IP address, which I can use to send the authorities in to examine your browser's cache.
I'd be willing to testify in court how easy this is. And give the court a copy of my code (though they could easily download it from my web site
And yes, I usually do browse with scripting disabled. This was typed into a Firefox 3.0 window, which has the NoScripts extension installed. My demo code won't work against me.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
"He'd have 40 Web sites hitting his computer in a minute -- who's the IT guy who looked at this and said, "Wow, this guy is pretty active on the Internet?'" Loehrs said. "It's physically impossible!"
Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see.
"Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything," she added. Are you still so certain of your position?
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
And let us not forget even trusted websites can get compromised,so for all we know this guy was surfing a legitimate website and got hit by a driveby or one of the many exploits that had been released since his machine no longer was updating. I personally hope he gets enough out of them in a lawsuit that he never has to work again. It is obvious to me they never bothered to look at the laptop except to look for porn,and the fact that it was THEIR OWN SCREWUP that caused this in the first place should make it a slam dunk for any decent lawyer. But as always that is my 02c from many years of fixing Windows boxes,YMMV
ACs don't waste your time replying, your posts are never seen by me.
It's his job, he had about as much choice in the matter of operating system as he did about which computer he was going to use. The employee who got the sack is genuinely a victim. Management has some of the blame for going off half-cocked, but speaking as an IT professional, the responsibility is with the techs to not only ensure they hand out the good machines, but THOUGHROGHLY investigate an issue, especially concerning somthing as serious as child porn, before they throw the 'offender' under the bus. IT should be supporting, serving and protecting their users, not getting them prosecuted unjustly.