Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Fired When Laptop Malware Downloaded Porn

Posted by samzenpus on from the your-computer-wants-porn dept.

Geoffrey.landis writes "The Massachusetts Department of Industrial Accidents fired worker Michael Fiola and initiated procedures to prosecute him for child pornography when they determined that internet temporary files on his laptop computer contained child porn. According to Fiola, 'My boss called me into his office at 9 a.m. The director of the Department of Industrial Accidents, my immediate supervisor, and the personnel director were there. They handed me a letter and said, "You are being fired for a violation of the computer usage policy. You have pornography on your computer. You're fired. Clean out your desk. Let's go."' Fiola said, 'They wouldn't talk to me. They said, "We've been advised by our attorney not to talk to you."' However, prosecutors dropped the case when a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files. Computer forensic analyst Tami Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye. The virus protection and software update functions on the laptop had been disabled, and apparently the laptop was 'crippled' by malware. According to Loehrs, 'When they gave him this laptop, it had belonged to another user, and they changed the user name for him, but forgot to change the SMS user name, so SMS was trying to connect to a user that no longer existed ... It was set up to do all of its security updates via the server, and none of that was happening because he was out in the field.' A malware script on the machine surfed foreign sites at a rate of up to 40 per minute whenever the machine was within range of a wireless site."

10 of 635 comments (clear)

  1. Tough lesson learned... by Muckluck · · Score: 5, Informative

    This is a tough lesson learned for Mr. Fiola, but the lesson is, always request a clean build when receiving new equipment in the workplace. That would have eliminated the malware and given him a clean system to work on.

    --


    --I like turtles...
  2. Julie Amero ? by PoliTech · · Score: 5, Informative

    Julie Amero and the Porn Pop-Ups all over again?

    1. Re:Julie Amero ? by stavros-59 · · Score: 5, Informative

      Yep.

      The forensic report is linked to on this page and is scathing about the IT staff.
      They did the handover and didn't even notice that the antivirus wasn't working and that their SMS update system wasn't working.

      It should be policy to handover computers with clean image and with updates.

  3. Re:The real crime here... by LostCluster · · Score: 5, Informative

    The real problem is that, as the summary said, they didn't change the security software username, and killed the old username at the server. Therefore, he was running unupdated software... leaving him open to any new Internet threat. Sounds like the IT Department deserves to be fired.

  4. Re:Certainly sounds fair... by wtfispcloadletter · · Score: 5, Informative

    Then there's projects like Unattended that work great and can have a laptop or workstation back up and running in a default state, with all programs and updates applied in 60-90 minutes.

    There is no excuse for giving someone a used laptop or workstation that hasn't been cleaned. We don't concern ourselves much with our workstations since they never leave our network, but any laptops get a thorough cleansing before being re-issued to someone else.

  5. Re:Lawyer: This, boys and girls, is why . . . by Anonymous Coward · · Score: 5, Informative

    Probably, the malware itself is a temporary webserver to help distribute the load of an illegal kiddie porn pay site. Look up Fast Flux (http://en.wikipedia.org/wiki/Fast_flux) spammers use it all the time and it is very simple to set up.

  6. Re:Lawyer: This, boys and girls, is why . . . by Killeroid · · Score: 5, Informative

    Personally, I'm skeptical about the idea of malware that secretly downloads and hides kiddie porn--why would the malware developer do that? The malware wasn't downloading and hiding kiddie porn From the article: "Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see. "Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything," she added." The malware author was probably running a pay per click scam by using his malware to visit a bunch of sites and making it seem a bunch of visitors were browsing the site.

  7. Re:Certainly sounds fair... by LackThereof · · Score: 5, Informative

    I wonder if he will be hired back with back pay. A different article I read about this said that he had no interest in ever working for or having any dealings with this company ever again.

    He will, however, be suing them.
    --
    Legalize recreational marijuana. Seriously.
  8. Re:What is the real truth here? by palegray.net · · Score: 5, Informative
    The phrase "innocent until proven guilty beyond a reasonable doubt" comes to mind. Forensic analysis of the machine apparently showed it to be severely compromised by malware. Allow me to quote from one of TFAs:

    "What I found is, he would log in to the state's Web site, he'd be on for five or 10 minutes and during the exact same time that he's filling out a form, an image shows up, out of nowhere. No typed [Uniform Resource Locator], no search, no Web site activity, just bam, a cached image shows up on his computer," Loehrs said. The offending images were located in the laptop's browser cache directory.

    "He'd have 40 Web sites hitting his computer in a minute -- who's the IT guy who looked at this and said, "Wow, this guy is pretty active on the Internet?'" Loehrs said. "It's physically impossible!"

    Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see.

    "Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything," she added. Are you still so certain of your position?
    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  9. Re:What is the real truth here? by hairyfeet · · Score: 5, Informative
    Actually he didn't need to even look at ANY porn. I have worked more years in PC repair than I care to admit and I can tell you from experience I have seen an old lady's PC infected from a travel site, one that got rootkitted when his kid went to get gameshark codes and a couple hit by ActiveX drivebys from "webchat" sites the teenage son went to. These are just the ones I know about,because I knew these folks and I got curious and so went to the sites listed in the IE history for the times that the customer said the PC started "acting weird". I used to keep an old WinXP box with a 4Gb HDD that was imaged just for checking out malware or testing bug removal tools and was surprised how quick these "legit" sites hit that box.


    And let us not forget even trusted websites can get compromised,so for all we know this guy was surfing a legitimate website and got hit by a driveby or one of the many exploits that had been released since his machine no longer was updating. I personally hope he gets enough out of them in a lawsuit that he never has to work again. It is obvious to me they never bothered to look at the laptop except to look for porn,and the fact that it was THEIR OWN SCREWUP that caused this in the first place should make it a slam dunk for any decent lawyer. But as always that is my 02c from many years of fixing Windows boxes,YMMV

    --
    ACs don't waste your time replying, your posts are never seen by me.