Why You Shouldn't Trust Geek Squad

An anonymous reader quotes a report from Network World: The Orange County Weekly reports that Best Buy's "Geek Squad" repair technicians routinely search devices brought in for repair for files that could earn them $500 reward as FBI informants. This revelation came out in a court case, United States of America v. Mark A. Rettenmaier. Rettenmaier is a prominent Orange County physician and surgeon who took his laptop to the Mission Viejo Best Buy in November 2011 after he was unable to start it. According to court records, Geek Squad technician John "Trey" Westphal found an image of "a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck." Westphal notified his boss, who was also an FBI informant, who alerted another FBI informant -- as well as the FBI itself. The FBI has pretty much guaranteed the case will be thrown out by its behavior, this illegal search aside. According to Rettenmaier's defense attorney, agents conducted two additional searches of the computer without obtaining necessary warrants, lied to trick a federal magistrate judge into authorizing a search warrant for his home, then tried to cover up their misdeeds by initially hiding records. Plus, the file was found in the unallocated "trash" space, meaning it could only be retrieved by "carving" with sophisticated forensics tools. Carving (or file carving) is defined as searching for files or other kinds of objects based on content, rather than on metadata. It's used to recover old files that have been deleted or damaged. To prove child pornography, you have to prove the possessor knew what he had was indeed child porn. There has been a court case where files found on unallocated space did not constitute knowing possession because it's impossible to determine who put the file there and how, since it's not accessible to the user under normal circumstances.

They are full of shit

[darkain]

GeekSquad is full of shit. Was away on a working vacation (being a remote employee who travels the country and logs in from wherever I happen to be at the time). My laptop died on a trip. Needed it replaced ASAP. Picked up a netbook from BestBuy locally, since shipping one would take too long. They were the only option in town where I happened to be at the time. The power supply on this netbook died in under a week. Took it in to BestBuy to replace the power supply. GeekSquad demanded a $40 "fee" to remove the hard drive from the netbook, and place the hard drive into a new netbook... Again, for a failed power supply, which is external to the netbook to begin with! They simply wouldn't replace the power supply, they claimed they could only replace the entire unit, and had to swap the hard drive. Fucking scammers. So much for the BestBuy "Warranty"

But where's the chain of custody?

[mmell]

If the Geek Squad finds child pornography on the hard disk of a computer in their possession, shouldn't Best Buy be held criminally liable for possessing child pornography? Unless they can establish a chain of custody (i.e. - the first thing we do is a hardware binary image of all storage which we can absolutely prove is an accurate and unaltered copy of storage as received from the customer)? That's what law enforcement agencies have to do, in part to prove that any evidence they find was not planted by them.

I have a second concern along the same lines . . . let us assume that the Geek Squad isn't engaging in shenanigans for profit. How are they inspecting my hard drive, and can they assure me that they won't cause a data loss?

Re:But where's the chain of custody?

[blindseer]

I was taking an information security certification course from an interesting character. He was a USMC sniper, police officer on a narc team, then a lecturer offering courses in Microsoft and security certifications, and running a part time data forensics job with one of his old friends. He says he gets a call from the local PD about data recovery on a computer that they say has child porn on it. My instructor tells his partner not to touch the computer. Then tells him that as mere possession of child porn is a felony the only way they could legally touch this is with some kind of immunity or being deputized. The partner seemed to really want the job since it could mean good money and putting a bad guy away. My instructor, a retired police officer, knew that being in possession of child porn regardless of the source is going to be problematic.

He talked a bit more on this and he seemed to imply that child porn cases can fetch good money for the technicians because so few people are willing to do it. There is an obvious "ick" factor that so many healthy people have. There are legal problems to deal with, as in all your ducks in a row or by doing exactly as the PD requests can still end up with getting charged with a crime.

So, you have a presumably high dollar and experienced technician with considerable knowledge on how files can be hidden as well as a beat cop level of legal knowledge on this, and he won't touch it for what I can assume is much more than the $500 that these "geeks" could get. Do these Geek Squad people even know what they are doing? Can they be trusted? Would they be willing to be a witness in court? Would the prosecutor even want the typical Geek Squad member testifying in court?

I can see no good coming from these Geek Squad types looking for incriminating evidence.

Re:But where's the chain of custody?

[DerekLyons]

My instructor, a retired police officer, knew that being in possession of child porn regardless of the source is going to be problematic.

Yup. There was a case a few years back where a person found a bag full of unmarked CD's... took 'em home, stuck 'em in his computer, and found child porn. He turned them into the local PD, who eventually found and arrested the perp.
 
For being a good citizen, the finder was rewarded by being convicted for possessing child porn and sent to prison.

Re:Why "I" shouldn't trust Geek Squad?

[lucm]

What about the illegal drugs and child pornography that the previous occupant left hidden in the wall, next to the water pipes?

Something like that happened to a friend of mine. He bought a warehouse and found a big stash of dvd players and car stereos in a walled-off closet when he gutted the office area. The warehouse had been owned by a bank (foreclosure) for a while, and if he hadn't needed a different office configuration the stuff could have stayed in the walls for a long time.

Re:Why "I" shouldn't trust Geek Squad?

Similar thing happened to a family member of mine as well when he bought his first house. He is a police officer and had a bunch of his cop friends visit. One stopped by at the start of his shift to drop of a present and brought in his canine partner. Well, the dog alerted in the middle of the living room and they discovered a stash hidden there. So they took the dog around the property and found a bunch of stuff in multiple rooms, including those bales like you see on TV. I can only imagine the kind of response that he would have gotten if the cops weren't his friends and knew he'd just bought the house.

Re:Hmm

[Nutria]

or just someone who downloaded some file expecting it to be something else and deleted it immediately... hence it being in the trash.
Stories of people downloading stuff, either by direct download or P2P and ending up with something different aren't all that rare.

Which is why if you do accidentally download something like that, you must clear your cache, empty the recycle bin and repeatedly overwrite all the free space on your disk.

would a person smart enough to be a surgeon be dumb enough to send the computer for repair with a third party knowing it had child pornography inside?

Emphatically YES! Smarts in one narrow field doesn't guarantee smarts in every field: John Podesta is a Smart Guy, but he was stupid enough to fall for a phishing attack.

Re: No shit Sherlock

[ATMAvatar]

If you're then given a check by an FBI agent in return for a report on what you found while breaking and entering, are you still just an arbitrary citizen or a de facto agent of the government?

I wouldn't trust geek squad

[bferrell]

Because four times last year, I repaired systems they said were unrepairable and had attempted to sell a replacement system.

They used to be tech, now they are systems salesmen

This is about more than Best Buy

[taustin]

The Geek Squad techs were, according to the article, "active informants" for the FBI, which is to say, they agreed to be beforehand. That means they are agents of the government, which means they are under the same restrictions as the cops. So if you think it's OK for Geek Squad to search your computer without a warrant, you believe it's OK for the cops to do the same thing, because it is the same thing.

Aside from that, the FBI did additional searches without warrants, like to get warrants, and apparently continues to hide evidence. They claimed the informants told them they (the informants, that is) had "accidentally" run the carving software that was, in no way, involved in repairing the computer, and found the image. So either the informants (at least one, and likely all three) lied to the FBI under penalty of perjury, or the FBI agent getting the warrant perjured himself to the judge. Or both.

There isn't an FBI agent involved in this case that doesn't belong in prison for corruption. Same for the prosecutor, at this point, because it is long since possible for him to not be aware of the FBI's corruption.

Best Buy is the least guilty of anything, and apparently, according to the update at the bottom, actually have policies prohibiting their employees from accepting any kind of reward for reporting this stuff. Whether or not they'll fire the employees named (there are three) for doing so remains to be seen. They are correct, though, that once they become aware of child porn on a computer, they're required to report it.

Re:As it should be...

[Bert64]

Well that's the whole point..
If you visit a link, you have no idea what that link is going to contain... You may follow an innocent looking link, and see childporn. Even if you immediately close the page, your browser has likely inserted the images into its local on-disk cache.

Similarly if you receive an email containing such content, it will typically be downloaded automatically to your machine, even if you immediately delete it upon noticing it there will still be traces on your drive for some time to come.

It's also possible for a website to load images but not make them visible, such images will still be cached by your browser but if they're not displayed your unlikely to realise they're there unless you explicitly check.

Re:Why "I" shouldn't trust Geek Squad?

[LordWabbit2]

I went to a LAN once and as usual there is a bunch of file copying going on at the start, so I grabbed a bunch of stuff, games, movies and yes some pron. Months later I was running out of space and started clearing stuff out. Buried deep in the dump folder was a whole bunch of bestiality pron, shift deleted that, but to this day I cannot remember which friend I copied it from, always wondered if they were also unaware of it, or if they had a darker side I was not aware of.

Re:Why "I" shouldn't trust Geek Squad?

[Big+Hairy+Ian]

If you think that's bad don't even think of having your PC repaired in Texas http://www.techrepublic.com/bl...