I believe I have mentioned it before in a couple different posts, about how people could use wireless connections, such as the ones in Starbucks, or the un-secured ones in their apartment building or their neighborhood, to cover their tracks when they are doing something wrong. Most recently I mentioned it in this article at Revenews.com, titled Child Porn Database Bill, that describes a bill Senator McCain has introduced to create a national database of child porn, which ISP’s could use to catch pedophiles sending pictures to each other.
The Washington Post has an article today talking about the same problem, a suspected pedophile exchanging child porn online, but when the police track down his ip address and knock on the door, a totally un-expected person arrives to greet them.
Detectives arrived last summer at a high-rise apartment building in Arlington County, warrant in hand, to nab a suspected pedophile who had traded child pornography online. It was to be a routine, mostly effortless arrest.
But when they pounded on the door, detectives found an elderly woman who, they quickly concluded, had nothing to do with the crime. The real problem was her computer’s wireless router, a device sending a signal through her 10-story building and allowing savvy neighbors a free path to the Internet from the privacy of their homes.
Perhaps one of those neighbors, authorities said, was stealthily uploading photographs of nude children. Doing so essentially rendered him or her untraceable. Source: WiFi Turns Internet Into Hideout for Criminals
Until there are easy ways for people do monitor their own networks themselves, this will continue to be a problem, if the security was easy to setup to start with, this wouldn’t be as much of a problem. Cafes, libraries and other sites, like Starbucks, that offer free wi-fi, need to make people signup to run it, and possibly even make someone who works their setup the client, or even have some proprietary solution, to somehow make it easier to track who is using it and for what.
I posted recently about a teacher who has been convicted of visiting porn sites in front of her class, Kelly Middle School in Norwich, and exposing same students to pornography and whatever else was on the screen at the time. She was charged with 10 counts of risk of injury to a minor, or impairing the morals of a child, and while 6 counts were dropped, she was convicted on the other four. This teacher, Julie Amero, faces 40 years in prison and will be sentenced on March 2, 2007 in Norwich Superior Court.
To say that this is a miscarriage of justice is an understatement. It appears to me that this is all about the conviction now, and the fact that these people don’t want to lose. In a post yesterday on the Norwich Bulletin, the prosecutor for the case David J Smith said all she had to do was turn it off, but that she let it go on for “hours”.
“I think the state proved she was the person using the computer at the time the pornographic Web sites were accessed,” Smith said. “By her own testimony, she allowed those hardcore pornographic images to be accessible in a class of 11-, 12- and 13-year-old children. All she would have to do was turn off the monitor or cover the monitor. But she allowed the situation to go on for hours.” Source: Teacher porn case draws world’s ear
This is the first time I saw anyone mention it going on for hours, so I don’t really know what that is referring to, but, she was a substitute teacher, the normal teacher logged her in and told her not to turn it off because she wouldn’t be able to get back on. So, I guess that is why she just didn’t turn the computer off, that, and being overwhelmed with porn and not knowing what to do in such situations. Without proper training, what would you do?
The main thrust of this post is how Computer Forensics combined without a full knowledge of how a computer works and why and where data is stored can be a very dangerous thing. This is the definition of computer forensics at wikipedia:
The simple definition of Computer Forensics, “… is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel.” (Kroll-OnTrack). This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. Mostly, computer forensics experts investigate data storage devices, either fixed like hard disks or removable like compact disks and solid state devices. Computer forensics experts:
- Identify sources of documentary or other digital evidence.
- Preserve the evidence.
- Analyze the evidence.
- Present the findings.
Source: Computer forensics
The police detective Mark Lounsbury says he knows she visited those sites and that by looking at the source code he could tell that it was not popup based. From today’s article on the Norwich Bulletin:
Norwich Detective Mark Lounsbury maintained his investigation showed Amero knowingly accessed sites, which included meetlovers.com and femalesexual.com, along with others with names too graphic to print.
In examining the computer’s hard drive, Lounsbury said he found numerous instances in which graphic images would have appeared on the computer screen. He said he can differentiate between what is and what is not a pop-up based on the source codes.
Here is where it gets dangerous, because this cop says he knows it to be true, he is influencing the jury, the judge, and the public because he is an “expert” in this case. This expert was using software called ComputerCop, available here, software that was created years ago, as this case actually happened in October of 2004 and is just now coming to trial, a software program that was designed to restore deleted files, it did not check where or how they got there. So, he looked at the URLs recorded in the registry, looked at the images and determined she had to go there, and it could not be from a popup. The article also said this is the very first time this software has ever been used as an acceptable tool for convicting someone in a court case.
“To my knowledge, this is the first conviction using ComputerCop software as an acceptable tool for police officers to conduct a computer forensic examination that is acceptable to the court,” Jacobs said.
That is mostly because it’s not really designed for that. Her defense lawyer had their own guy, Herbert Horner, who has worked in computers since 1966, called in as their expert witness who forensically copied the suspect’s hard drive and did their own examination. He said their antivirus programs send security alerts because it detected the spyware, and that the spyware was tracking the computer before the day of the incident. Some of his findings:
Most significantly, we noted freeze.com, screensaver.com, eharmony.com and zedo.com were being accessed regularly.
On October 19, 2004, around 8:00 A.M., Mr. Napp, the class’ regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer.
http://www.hair-styles.org was accessed at 8:14:24 A.M., A click on the curlyhairstyles.htm icon on the http://www.new-hair-styles.com site led to the execution of the curlyhairstyle script along with others that contained pornographic links and pop-ups. Once the aforementioned started, it would be very difficult even for an experienced user to extricate themselves from this situation of porn pop-ups and loops.
All of the jpg’s that we looked at in the internet cache folders were of the 5, 6 and 15 kb size, very small images indeed. Normally, when a person goes to a pornographic website they are interested in the larger pictures of greater resolution and those jpgs would be at least 35 kb and larger. We found no evidence of where this kind of surfing was exercised on October 19, 2004.
We asked the prosecution to arrange for the defense to have unfettered access to the internet so that we could reenact the events of October 19, 2004. It was not granted. I went to court with two laptops and a box full of reference material prepared to very clearly illustrate what happened to Julie Amero. But, the prosecution objected because they were not given “full disclosure” of my examination. I was allowed to illustrate two screens, that of the www.hair-styles.org , and www.new-hair-styles.com sites.
If there is an appeal and the defense is allowed to show the entire results of the forensic examination in front of experienced computer people, including a computer literate judge and prosecutor, Julie Amero will walk out the court room as a free person. Source: The Strange Case of Ms. Julie Amero: Commentary by Mr. Herb Horner
But they didn’t let him testify because her lawyer forgot to tell the prosecution about him, and since the prosecution case did not check for spyware or anything else that could’ve caused these websites to popup, there is no sure way to tell for sure whether she visited them or whether a website or software caused them. Also, the school system had not paid their bill for their content filter, and this caused it not to update, so, something that should’ve blocked it to start with was not even running, which, if you ask me, puts the blame squarely on the school system. I’ll quote one more person from the Norwich bulletin article to wrap this up:
Since the computer search by investigators did not include spyware, malware or adware — typically advertising integrated into software — there is no way to decisively prove she was the cause of the sexually explicit sites showing up on screen, he said.
Nancy Willard has worked in the field of educational technology for 17 years and spent the last decade focusing on effective management of Internet use in schools and youth risk online. She said the school should have a policy in place to report technical concerns.
“Since none of the technology protections can be trusted to be entirely safe, every staff member and student should be taught that the action to take, if inappropriate material appears, is to turn off the screen and report the problem to the technical department so that the department can investigate and resolve the problem,” Willard said.
Technical fixes are never going to provide total protection, Willard said.
So true. I work for our state school system and I have been to forensic training classes, so I know a little bit about what we are talking about. Hopefully Julie’s defense will be able to get Mr. Horner or someone else in so they can show how these things can happen innocently and how the prosecution did not really prove she visited these websites on purpose. Anyone involved in the case can feel free to contact me if they need some direction.
As anyone who has ever read this blog knows, I always try to tie these spyware, adware posts back to my friends from Zango, those guys who never do anything wrong, it’s always an affiliate or another website. While Zango is not mentioned, I bet money one of their programs was installed, hehe. But I just read this article from Computer World by Preston Gralla, Porn-surfing teacher: Spyware made me do it!, who obviously should not be posting about spyware, as it appears he does not have a clue and his blog post is a complete joke.
A recent court case found a Connecticut substitute teacher guilty of surfing for pornographic sites in front of her seventh grade class, and now, she faces 40 years in prison. Wow, forty years, I was watching something on TV the other night where two guys killed someone and the max they could and did get was 15 years. But this teacher could get forty years? That is just plain wrong. Anyone who is involved in anyway with school systems know, most teachers aren’t prepared for something like this, the teacher was probably as overwhelmed and shocked as the students were when it happened and was just trying to get them to close down. And if it has happened to you, when you click the x to close a popup, one or many more can popup on you, making it look like you may have actually clicked on the popup itself.
Not only that, the prosecutor wanted to know, but if in fact spyware was on the PC, why didn’t the teacher merely turn off the computer or pull the plug on it?
Julie Amero had no answer.
Lawyers have come up with some novel defenses over the years, including the “Twinkie defense” in which a lawyer argued that defendant Dan White’s eating of Twinkies and drinking Coca-Cola proved that he was depressed, and so not responsible for his actions in murdering San Francisco Mayor George Moscone and Supervisor Harvey Milk in 1978. The defense was partially successful; White was convicted of voluntary manslaughter rather than murder.
Luckily, it seems as if the spyware-made-me-do-it defense doesn’t cut it in court. For once, justice prevails. Source: Porn-surfing teacher: Spyware made me do it!
A substitute teacher is just that a substitute, and has not been in similar situations, and probably had no idea unplugging the machine or turning off the projector would have been the best way out, plus, the school system has to have content filtering in place to be able to get E-rate money to help fund all of the computers, internet access, etc. The school systems filters should’ve prevented most porn sites from popping up to start with, so, why isn’t the school system on trial and not the teacher?
And according to a quote from Alex Eckelberry, who is President of Sunbelt Software, they didn’t even check for spyware.
The court actions of the case were flawed as well. For example, one source reports that the Trial Judge, Hillary Strackbein, was seen falling asleep during proceedings and made comments to the jury that she wanted the case over by the end of the week. It was also reported that Judge Strackbein attempted to pressure the defense into an unwanted plea deal, in place of a trial. The defense attorney for Amero, moved for a mistrial shortly before closing arguments Friday, based on reports that jurors had discussed the case at a local restaurant.?
Was justice done here? A bad spyware infestation can splatter a machine full of porn popups and it?s a bit unnerving to think that a teacher could get hard prison time for something that was likely to have been completely innocent.
We need far more evidence than what is available to come to the conclusion that “justice was done”. In fact, all the available evidence shows quite the opposite — that this might just be a grave miscarriage of justice. Source: Alex Eckelberry
I have recently had the chance to attend several classes on computer forensics, so sure, the police found evidence that those sites were visited, but ANY window that is opened on the computer will show up in the cache and list of websites visited. The fact that neither the defense nor the prosecution tried to show how it happened is incomprehensible to me. If it was one website that caused this to happen, it would be so easy for them to repeat what happened. This quote from computer crimes investigator in an article on the Norwhich Bulletin is very telling,
“You have to physically click on it to get to those sites,” Smith said. “I think the evidence is overwhelming that she did intend to access those Web sites.” Source: Teacher guilty in Norwich porn case
You do NOT have to click on any link, it can be loaded from spyware apps, malware, or other malicious websites, it can be loaded from a website, that was loaded in a popup, from a website that was loaded in another popup, from another website that was loaded in a popup, and as the saying goes, on and on and on. This is just a case of one investigator only having the tools to do forensic investigation and not the knowledge of how a computer works to go along with it. Anyone involved in the Julie Amero case feel free to leave me a message at 304-521-2582 or an email to webmaster at tipsdr.com with “Julie Amero case” as the subject and I will be happy to explain how this could happen with the teacher only opening one “innocent” webpage on her computer. The 40 years should go to the spyware makers or to the school system, not this substitute teacher.
Categories: Computer Forensics, Education, Malware, Protect Children Online, Security, Spyware Info Tags: Alex Eckelberry, Computer Forensics, content filtering, E-rate, Julie Amero, Malicious Websites, porn, spyware, Zango
In an article from Techweb on Yahoo.com titled MySpace Beefs Up Security; More To Come, CSO Says, it talks about how they are using technology Sentinel Tech Holding to build a database and search technology to allow employees to monitor and remove profiles of registered sex offenders. They will use name, age, height, and eye color weed them out and cut them from the pack. Does anyone else think, what registered sex offender is going to use their real description, age, etc, on their Myspace account, won’t they be trying to trick young people into thinking they are talking to another young person?
Chief security officer Hemanshu Nigam, who joined MySpace last spring from Microsoft, hopes the database can be used by the rest of the social networking industry. “We saw this really gaping hole here,” Nigam said last week in an interview.
The concept, however, is unproven. It’s not clear how well technology for matching physical characteristics of sex offenders with photos works. And the database won’t include unlisted child predators. “Most of the people who are molesting children online are not registered sex offenders,” says online child safety advocate Parry Aftab of WiredSafety.org.
Connecticut Attorney General Richard Blumenthal applauds the effort but says any safety program without some form of age verification for new members would be ineffective. MySpace uses algorithms to analyze profiles and determine if members are lying about their age, and it deletes 30,000 underage profiles a week. The company continues to assess other age verification technologies, Nigam said. Source: Yahoo
This reminds of the Attorney General from Virginia who is pushing for creation of an email and instant messenger name database of registered sex offenders. Umm, does anyone who works with these guys ever tell them how this stuff works? Sure, they will submit their email addresses and user name, but do you think they will actually be using them when they are targeting kids? No, hello, is anyone out there in federal government thinking about anything? Ridiculous, if the government really wants to make a difference in the lives of children, then they need to create education programs to teach them what to look for, and programs to teach parents how to monitor and make sure their kids don’t get taken advantage of or worse.
This is another one of those feel good programs where they can point and say hey we are doing something, even though it may not be very good at what it is supposed to be doing. If anyone from the government wants some real ideas on protecting children online, feel free to leave me a voice mail at 304-521-2582.
Your computer is like this big red shiny apple, and spyware is the ugly fat green worm eying it. If the apple has no protection (insecticide) the worm will invade it, take chunks out of here and there until the apple reaches a point where it cannot be sold or eaten. It gets thrown away & destroyed.
Spyware will equate a computer to the same fate as the apple: useless and unwanted. Unfortunately, the Internet has become this field of nothing but ugly worms. Sure, there are some clear patches here and there, but for the most part if your computer has no spyware protection – it might as well be an apple left in the middle of a worm farm. Yes. It’s that bad.
It didn’t used to be that bad; however, spyware has grown ever more complicated over the years. It used to be a simple feat to rid a computer of it. However, spyware is now being packaged (bundled) into software from even the most seemingly innocuous places and companies.
For example, Sony has just landed (November, 2005) in a pot of hot-water for releasing a software package that installed a root level spyware program whereby Sony neither disclosed its installation, nor offered a means to uninstall it until the public demanded it. Many companies sadly have alternative agendas counter to their public personas.
A computer actively surfing the internet with no spyware protection will become so infected with spyware in no time that it will essentially become unusable. Try to go to Google to do a search. Nope. Try to do some shopping. Nope. Try to disconnect from the Internet. Nope, can’t do that either. Spyware will control a computer, track wherever the surfer visits, and open a nice and wide two-way door for uploading and downloading whatever data it wants.
All hope is not lost. There are some good insecticides out there to protect your shiny apple, as well as the hair on your head; because if you get a malicious spyware program on your computer, you’ll be pulling it out by the handfuls.
One of the best programs out there for preventing the installation of spyware, as well as cleaning-up spyware infected computers, is a software package from Panda Software (www.pandasoftware.com). Panda Software fully understands how spyware works, so well in fact that their Platinum Internet Security 2006 Suite won the coveted PC WORLD?s “Best Buy” title in their November 2005 magazine issue.
Panda Software went up against all the big names; Norton, McAfee, Trend Micro, and Zone Labs and walked away as the top choice. The Panda Platinum Internet Security 2006 Suite was the only one to eliminate 100% of running processes ahead of all the others. It is a surefire worm killer.
More details about the recent report as well as where and how to buy it can be located here.