Posts Tagged ‘Julie Amero’

Julie Amero Granted New Trial

Finally, some justice in the Julie Amero case, Judge Hillary B. Strackbein has granted Julie Amero a new trial based on the fact that the Norwhich Police detective, Mark Lounsbury, provided erroneous testimony, i.e., did not know what he was talking about, and the jury may have relied at least in part on his testimony. The Judge cited additional forensic analysis done by the state after the guilty verdict, and said it contradicted the testimony of the state’s computer witness. The article posted on the website made it sound like she would not be tried again.

But today, Smith said state would take no position on Dow’s motion for a new trial, making it unlikely she will be tried again. Smith also acknowledged that erroneous information about the computer was presented during trial.

Amero, who was pregnant at the time of the incident on Oct. 19, 2004, faced as many as 40 years in jail following the January verdict. Her sentencing was postponed four times this spring as the state considered new evidence in the case.

Amero’s case became a hot issue for bloggers throughout the country, many of whom sharply criticized the guilty verdict. Strackbein criticized the bloggers today, saying they tried to “improperly influence” the court. Source: Amero Granted New Trial

I wonder how the Judge means that bloggers tried to improperly influence the court? The tech community was very active in this case because we all new it was crap, but I hadn’t heard anything about bloggers being pushy or anything, so I really don’t know what she is referring to.

What is funny, is the article in the Norwhich Bulletin, the local rag that has pushed the fact that she was guilty from the beginning, posted an article about this story, here, and the first line said she “claims pornographic images on her classroom computer were the result of pop-up ads”. Claims? Sounds pretty obvious to me Greg, even the State admitted they were wrong, can’t you?

Congratulations Julie, hopefully this is the end, if you want to contribute to her fund to help pay for her defense, visit the blog they setup here, because you know she will have to foot the entire bill for being wrongly accused.

Note: I have a big rundown of what happened previously in the case posted in this article, Teacher Porn Case and Computer Forensics.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 6, 2007 at 6:23 pm

Categories: Computer Forensics   Tags:

Julie Amero Sentencing Delayed Yet Again

Not sure if this is some ploy to drag the Julie Amero case out so the community that has built up around her will forget about it or what, but her sentencing has been delayed again this time until June 6, 2007. It is funny watching people change their tunes, the Norwhich Bulletin has always suggested or implied, at least the way that I read it, that she was guilty. Now, they seem to be baking off a little, as they should, all they have done is give local papers a bad name and helped to erode confidence in what you can and cannot believe online and in the papers. Stay tuned.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - May 24, 2007 at 4:19 pm

Categories: Computer Forensics   Tags:

Computer Security News

Here is a roundup of some of the top security stories on the net.

Amero sentencing pushed back to mid-May The scheduled sentencing for Julie Amero, the former Connecticut middle school teacher found guilty of exposing her students to internet pornography pop-ups, was pushed back again today – this time to May 18. These guys must be trying to regroup or something to keep from looking stupid when they get back into court.

The real security threats facing businesses Video of Mark Sunner, chief security analyst at MessageLabs, discussing some of the security problems businesses will have to deal with, like Next-generation bots, new scales of Trojans and the interweaving of social engineering.

Hackers tailor malware to individual businesses Video of F-Secure’s Hypponen talking about how high-profile businesses now face an evolution of traditional malware attacks as hackers write malicious code designed specifically to break through their defences, with antivirus unable to spot such intrusions.

Infosecurity: Convergence of spam and viruses detected in new attack Hackers have launched an attack that combines spam and viruses in a new global campaign, according to the latest report from MessageLabs.

Kaspersky: Mac and Linux viruses to rise “significantly” According to security expert Eugene Kaspersky, we are at the brink of seeing a significant rise in malware attacks on Mac and Linux platforms. So, are hackers ready to target a broad range of platforms or is this merely hyperbole from a security firm that wants to sell products?

Beware Of Google AdWords Account Hacks via Computer Exploit It appears that some external program gained access to his computer. The program then logged into his AdWords account, set up several ads that redirected to “places like and” and also tried to install “activex remote desktop program” on those computers through the redirects (to infect other computers). Then it blocked access for that computer to login into AdWords by setting the local host files to (which means if someone on that computer tries accessing, they get a not found). This prevents this computer from logging into Google AdWords to see if changed have been made to the account.

‘Evil twin’ Wi-Fi access points proliferate That’s the term for a Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. Unfortunately, experts say there is little consumers can do to protect themselves, but enterprises may be in better shape.

5 Cheap But Effective Tips To Improve Security Periodically check for rogue wireless access points, plus four other simple, yet inexpensive, improvements you can implement to boost the security of your enterprise.

Web threats to surpass e-mail pests By next year, Internet users can expect more cyberattacks to originate from the Web than via e-mail, security firm Trend Micro predicts.

2 comments - What do you think?  Posted by Jimmy Daniels - April 25, 2007 at 12:43 pm

Categories: Security   Tags: , , , , , , , ,

Julie Amero Sentencing Delayed Again

I forgot to post this the other day, but, the Julie Amero case has been delayed again, this time without a reason given, but, hopefully, it is to help her case. It has been delayed until April 26, 2007 in the Norwich Superior Court. The Norwhich Bulletin, the local “newspaper”, is still spinning it like she was some drooling pervert and we are her fervent supporters.

Amero has been portrayed by her growing number of fervent supporters as the helpless victim of pop-up pornography ads.

Amero never denied the porn appeared on the computer. She said she had done everything she could to prevent the children from seeing the computer screen that day. The examination of her computer showed she had accessed the Internet for nearly the entire school day, with porn sites accessed for several hours during that time. Source: Amero sentencing put off until April

Sorry Greg, but it is awful easy for people who know computers to pick out some bullshit information and call someone on it, like when Lounsbury, the gentleman who did the wonderful forensics job on the computer, said “You have to physically click on it to get to those sites”. Hello, red flag, it just records every website visited, it doesn’t matter how it was initiated. Anyway, good luck Julie, hopefully Alex Eckelberry and some of the other computer experts can help you get away from the Keystone cops.

In a related story, apparently, students at the Hebron elementary school were sent home a link that was supposed to go to a farm they were going to visit on a field trip, but, as things sometimes go on the Internet, it didn’t turn out that way. Instead, up popped a porn site that had bought the domain name after it was accidentally allowed to expire.

Vasquez said that instead of seeing images of the farm, her daughter found graphic sexual images on the site.

Vasquez said she informed the school, which then sent out letters to the students’ parents, trying to explain what had happened.

Superintendent Ellie Cruz said that the school checked the site a few weeks ago and it was fine, but the farm did not renew its Web site address, and a pornographic company bought it. Source: Students Sent Home With X-Rated Web Link

Wonder who is going to jail for this flub up?

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 5, 2007 at 1:44 pm

Categories: Computer Forensics   Tags: , ,

Julie Amero Gets More Time

More time to work on her case that is. The sentencing, which was originally scheduled for last Friday, has been postponed until March 29th, 2007. Her defense attorney requested the postponement so he could have more time to help familiarize another attorney and a consultant with the case.

In his letter to the court, Cocheo said attorney William Dow has become involved in the case, along with sentencing consultant Clinton Roberts. Cocheo could not be reached for comment Monday. Source: Amero sentencing postponed

If you haven’t been following the case, Julie Amero was accused of visiting porn websites in front of her class as a substitute teacher at Kelly Middle School and is facing 40 YEARS in prison for it, yes, 40 years. But the case has taken a turn and is now focused on the the fact that she didn’t turn the computer off, even though she was told not to, or did not do more to prevent them from seeing it. So, she is actually facing 40 years in prison because the school system did not have filters in place to block porn websites, was using outdated, less secure equipment and provided no training in what to do in such circumstances, and she was not allowed to properly defend herself.

Assistant State’s Attorney David Smith, who prosecuted the case, has said Amero did not do enough –such as shutting of the computer — to protect the children from exposure to the pornography.

If that is what she is guilty of, then she certainly does not need to be facing 40 years in prison. The case started out accusing her of visiting the porn sites, they said, “It is the state’s contention that she purposefully went to these websites”, how can this change? With all of the great computer people, like Alex Eckelberry, who are helping with the case now, hopefully they can spin this back around and point it right back at the school system and the local legal system, who should be held responsible for this.

The PaperGhost has quite a few posts on the Julie Amero case, and has been very vocal on the Norwhich Bulletin website, where they have repeatedly slanted their stories against her, and, after being pressured, have deleted blog posts and comments on their site. Check out his website for more, like this post Julie Amero Court Transcripts Online: AKA, Ragearama 2007.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 7, 2007 at 4:31 am

Categories: Computer Forensics   Tags: ,

Sucks to be an IT Manager

If you add one blog to your feed reader, or subscribe to an alert from google blog alerts, it should be to the Sunbelt Blog, it always has tons of good info about what kind of security things they are currently going through, spam, spyware and virus they are fighting, but it also includes all kinds of good tips and tricks they find on other sites, plus there is always good commentary by Alex Eckelberry about all thing tech. I first read about the Julie Amero case on that blog, and hopefully, they have been instrumental in helping her out, I haven’t heard anything yet.

But a post I just read concerning IT managers and the first quarter of 2007 is so true. There are so many things that can cause them problems of all sorts, new operating system, new version of Office and a new version of IE7.

IE 7 rollouts. Legacy software breaking and certificate problems. Here are a couple of posts I just picked off our NTSysadmin forum:

Right now, when a user uses IE6 and goes to a https website that does its own certificate (like ours) it comes up and gives them the option to view the certificate then install. Then no more issues.

But with IE7, NOOOOOOOOO, it blocks the content and maybe, perhaps it’ll let the user through if they beg, but maybe it won’t.

Other than removing IE7 off all the machines (which is the current solution), is there any way for IE7 to trust us? I even did that http://domain/certsrv and installed the certificate manually (which works with IE6) but it won’t freaking work with IE7. Source: When life sucks to be an IT manager

Definitely worth a daily check if you have no feed reader. They also touch on something that could be big to, the change in daylight savings time could be big, I guess I will be preparing for it this coming week. Ugh.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 3, 2007 at 11:49 pm

Categories: Tech News   Tags: , , ,

USAToday Gives Norwhich a Failing Grade

Nice write-up in the USAToday about the Julie Amero case, if that’s what you want to call it, it is more like one of those old fashioned railroad jobs, where they decided she was guilty and that’s what happened.

Imagine you know next to nothing about computers. You’re a substitute teacher for a seventh grade class. There’s a computer in the classroom and, knowing you’re going to be sitting there for a while, you ask a fulltime teacher if you can use it. He logs you in with his password and tells you not to shut it off because you couldn’t get back on.
Not that you have a clue about this stuff, but that computer is running Windows 98 and the outdated Internet Explorer 6.02. Its filtering and anti-virus software have expired, and it has no anti-spyware software.

You step out of the classroom for a moment. When you get back the kids are clustered around the computer, checking out hairstyle websites. But one is actually a link to porn sites, and it loads a Trojan onto the unprotected computer.

Suddenly, pop-ups start appearing, X-rated popups. Source: Police, school get failing grade in sad case of Julie Amero

The writer did misspell her name in the title, he must be like me, I never remember to spell check the title either. He really sums it up when he says, “Thus according to that jury, “not having the sense to turn off a computer” is a multi-count felony punishable by 40 years in prison. Wow.” I wish Alex Eckelberry and everyone working on the computer forensics of this case good luck and hope they can find all of the proper evidence to help show she’s inoocent. If there is anything I can do to help, please let me know.

Her husband has started a blog where you can donate to help pay for her case, Julie Amero. From the blog,

George Orwell was a little off, but not by much. Technology has engulfed the average American at an alarming rate. To think that it is possible for the average layperson to understand all the ins and outs of how a computer works is just not reasonable. What’s worse, our employer’s don’t know any more than we do, and they rely on us to identify problems when they happen. If you are lucky, your employer will know what to do when a crisis happens with your system. If not you?ll end up like Julie arrested, ridiculed, demeaned and left with useless teacher’s degree in special education.

The illicit pornography industry is a business with estimated profits in excess of $2 billion annually. That?s a lot of reasons to attract rogue scriptwriters to circumvent any patch that Microsoft can come up with. Make no mistake, these programmers do not care about you or anyone else for that matter. Regardless of where these rogue programmers are located, they operate under the radar of social conscience and in my opinion are or should be considered terrorists or criminals at the very least.

Julie is scheduled to be sentenced on Friday March 2nd, next week.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - February 24, 2007 at 7:02 am

Categories: Computer Forensics   Tags: , , ,

Teacher Porn Case and Computer Forensics

I posted recently about a teacher who has been convicted of visiting porn sites in front of her class, Kelly Middle School in Norwich, and exposing same students to pornography and whatever else was on the screen at the time. She was charged with 10 counts of risk of injury to a minor, or impairing the morals of a child, and while 6 counts were dropped, she was convicted on the other four. This teacher, Julie Amero, faces 40 years in prison and will be sentenced on March 2, 2007 in Norwich Superior Court.

To say that this is a miscarriage of justice is an understatement. It appears to me that this is all about the conviction now, and the fact that these people don’t want to lose. In a post yesterday on the Norwich Bulletin, the prosecutor for the case David J Smith said all she had to do was turn it off, but that she let it go on for “hours”.

“I think the state proved she was the person using the computer at the time the pornographic Web sites were accessed,” Smith said. “By her own testimony, she allowed those hardcore pornographic images to be accessible in a class of 11-, 12- and 13-year-old children. All she would have to do was turn off the monitor or cover the monitor. But she allowed the situation to go on for hours.” Source: Teacher porn case draws world’s ear

This is the first time I saw anyone mention it going on for hours, so I don’t really know what that is referring to, but, she was a substitute teacher, the normal teacher logged her in and told her not to turn it off because she wouldn’t be able to get back on. So, I guess that is why she just didn’t turn the computer off, that, and being overwhelmed with porn and not knowing what to do in such situations. Without proper training, what would you do?

The main thrust of this post is how Computer Forensics combined without a full knowledge of how a computer works and why and where data is stored can be a very dangerous thing. This is the definition of computer forensics at wikipedia:

The simple definition of Computer Forensics, “… is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel.” (Kroll-OnTrack). This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. Mostly, computer forensics experts investigate data storage devices, either fixed like hard disks or removable like compact disks and solid state devices. Computer forensics experts:

  1. Identify sources of documentary or other digital evidence.
  2. Preserve the evidence.
  3. Analyze the evidence.
  4. Present the findings.

Source: Computer forensics

The police detective Mark Lounsbury says he knows she visited those sites and that by looking at the source code he could tell that it was not popup based. From today’s article on the Norwich Bulletin:

Norwich Detective Mark Lounsbury maintained his investigation showed Amero knowingly accessed sites, which included and, along with others with names too graphic to print.

In examining the computer’s hard drive, Lounsbury said he found numerous instances in which graphic images would have appeared on the computer screen. He said he can differentiate between what is and what is not a pop-up based on the source codes.

Here is where it gets dangerous, because this cop says he knows it to be true, he is influencing the jury, the judge, and the public because he is an “expert” in this case. This expert was using software called ComputerCop, available here, software that was created years ago, as this case actually happened in October of 2004 and is just now coming to trial, a software program that was designed to restore deleted files, it did not check where or how they got there. So, he looked at the URLs recorded in the registry, looked at the images and determined she had to go there, and it could not be from a popup. The article also said this is the very first time this software has ever been used as an acceptable tool for convicting someone in a court case.

“To my knowledge, this is the first conviction using ComputerCop software as an acceptable tool for police officers to conduct a computer forensic examination that is acceptable to the court,” Jacobs said.

That is mostly because it’s not really designed for that. Her defense lawyer had their own guy, Herbert Horner, who has worked in computers since 1966, called in as their expert witness who forensically copied the suspect’s hard drive and did their own examination. He said their antivirus programs send security alerts because it detected the spyware, and that the spyware was tracking the computer before the day of the incident. Some of his findings:

Most significantly, we noted,, and were being accessed regularly.

On October 19, 2004, around 8:00 A.M., Mr. Napp, the class’ regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer. was accessed at 8:14:24 A.M., A click on the curlyhairstyles.htm icon on the site led to the execution of the curlyhairstyle script along with others that contained pornographic links and pop-ups. Once the aforementioned started, it would be very difficult even for an experienced user to extricate themselves from this situation of porn pop-ups and loops.

All of the jpg’s that we looked at in the internet cache folders were of the 5, 6 and 15 kb size, very small images indeed. Normally, when a person goes to a pornographic website they are interested in the larger pictures of greater resolution and those jpgs would be at least 35 kb and larger. We found no evidence of where this kind of surfing was exercised on October 19, 2004.

We asked the prosecution to arrange for the defense to have unfettered access to the internet so that we could reenact the events of October 19, 2004. It was not granted. I went to court with two laptops and a box full of reference material prepared to very clearly illustrate what happened to Julie Amero. But, the prosecution objected because they were not given “full disclosure” of my examination. I was allowed to illustrate two screens, that of the , and sites.

If there is an appeal and the defense is allowed to show the entire results of the forensic examination in front of experienced computer people, including a computer literate judge and prosecutor, Julie Amero will walk out the court room as a free person. Source: The Strange Case of Ms. Julie Amero: Commentary by Mr. Herb Horner

But they didn’t let him testify because her lawyer forgot to tell the prosecution about him, and since the prosecution case did not check for spyware or anything else that could’ve caused these websites to popup, there is no sure way to tell for sure whether she visited them or whether a website or software caused them. Also, the school system had not paid their bill for their content filter, and this caused it not to update, so, something that should’ve blocked it to start with was not even running, which, if you ask me, puts the blame squarely on the school system. I’ll quote one more person from the Norwich bulletin article to wrap this up:

Since the computer search by investigators did not include spyware, malware or adware — typically advertising integrated into software — there is no way to decisively prove she was the cause of the sexually explicit sites showing up on screen, he said.

Nancy Willard has worked in the field of educational technology for 17 years and spent the last decade focusing on effective management of Internet use in schools and youth risk online. She said the school should have a policy in place to report technical concerns.

“Since none of the technology protections can be trusted to be entirely safe, every staff member and student should be taught that the action to take, if inappropriate material appears, is to turn off the screen and report the problem to the technical department so that the department can investigate and resolve the problem,” Willard said.

Technical fixes are never going to provide total protection, Willard said.

So true. I work for our state school system and I have been to forensic training classes, so I know a little bit about what we are talking about. Hopefully Julie’s defense will be able to get Mr. Horner or someone else in so they can show how these things can happen innocently and how the prosecution did not really prove she visited these websites on purpose. Anyone involved in the case can feel free to contact me if they need some direction.

2 comments - What do you think?  Posted by Jimmy Daniels - January 25, 2007 at 5:24 pm

Categories: Computer Forensics, Malware, Protect Children Online   Tags: , , ,

Could a Spyware Ridden Machine Get you 40 Years in Jail?

As anyone who has ever read this blog knows, I always try to tie these spyware, adware posts back to my friends from Zango, those guys who never do anything wrong, it’s always an affiliate or another website. While Zango is not mentioned, I bet money one of their programs was installed, hehe. But I just read this article from Computer World by Preston Gralla, Porn-surfing teacher: Spyware made me do it!, who obviously should not be posting about spyware, as it appears he does not have a clue and his blog post is a complete joke.

A recent court case found a Connecticut substitute teacher guilty of surfing for pornographic sites in front of her seventh grade class, and now, she faces 40 years in prison. Wow, forty years, I was watching something on TV the other night where two guys killed someone and the max they could and did get was 15 years. But this teacher could get forty years? That is just plain wrong. Anyone who is involved in anyway with school systems know, most teachers aren’t prepared for something like this, the teacher was probably as overwhelmed and shocked as the students were when it happened and was just trying to get them to close down. And if it has happened to you, when you click the x to close a popup, one or many more can popup on you, making it look like you may have actually clicked on the popup itself.

Not only that, the prosecutor wanted to know, but if in fact spyware was on the PC, why didn’t the teacher merely turn off the computer or pull the plug on it?

Julie Amero had no answer.

Lawyers have come up with some novel defenses over the years, including the “Twinkie defense” in which a lawyer argued that defendant Dan White’s eating of Twinkies and drinking Coca-Cola proved that he was depressed, and so not responsible for his actions in murdering San Francisco Mayor George Moscone and Supervisor Harvey Milk in 1978. The defense was partially successful; White was convicted of voluntary manslaughter rather than murder.

Luckily, it seems as if the spyware-made-me-do-it defense doesn’t cut it in court. For once, justice prevails. Source: Porn-surfing teacher: Spyware made me do it!

A substitute teacher is just that a substitute, and has not been in similar situations, and probably had no idea unplugging the machine or turning off the projector would have been the best way out, plus, the school system has to have content filtering in place to be able to get E-rate money to help fund all of the computers, internet access, etc. The school systems filters should’ve prevented most porn sites from popping up to start with, so, why isn’t the school system on trial and not the teacher?

And according to a quote from Alex Eckelberry, who is President of Sunbelt Software, they didn’t even check for spyware.

The court actions of the case were flawed as well. For example, one source reports that the Trial Judge, Hillary Strackbein, was seen falling asleep during proceedings and made comments to the jury that she wanted the case over by the end of the week. It was also reported that Judge Strackbein attempted to pressure the defense into an unwanted plea deal, in place of a trial. The defense attorney for Amero, moved for a mistrial shortly before closing arguments Friday, based on reports that jurors had discussed the case at a local restaurant.?

Was justice done here? A bad spyware infestation can splatter a machine full of porn popups and it?s a bit unnerving to think that a teacher could get hard prison time for something that was likely to have been completely innocent.

We need far more evidence than what is available to come to the conclusion that “justice was done”. In fact, all the available evidence shows quite the opposite — that this might just be a grave miscarriage of justice. Source: Alex Eckelberry

I have recently had the chance to attend several classes on computer forensics, so sure, the police found evidence that those sites were visited, but ANY window that is opened on the computer will show up in the cache and list of websites visited. The fact that neither the defense nor the prosecution tried to show how it happened is incomprehensible to me. If it was one website that caused this to happen, it would be so easy for them to repeat what happened. This quote from computer crimes investigator in an article on the Norwhich Bulletin is very telling,

“You have to physically click on it to get to those sites,” Smith said. “I think the evidence is overwhelming that she did intend to access those Web sites.” Source: Teacher guilty in Norwich porn case

You do NOT have to click on any link, it can be loaded from spyware apps, malware, or other malicious websites, it can be loaded from a website, that was loaded in a popup, from a website that was loaded in another popup, from another website that was loaded in a popup, and as the saying goes, on and on and on. This is just a case of one investigator only having the tools to do forensic investigation and not the knowledge of how a computer works to go along with it. Anyone involved in the Julie Amero case feel free to leave me a message at 304-521-2582 or an email to webmaster at with “Julie Amero case” as the subject and I will be happy to explain how this could happen with the teacher only opening one “innocent” webpage on her computer. The 40 years should go to the spyware makers or to the school system, not this substitute teacher.

2 comments - What do you think?  Posted by Jimmy Daniels - January 13, 2007 at 12:25 am

Categories: Computer Forensics, Education, Malware, Protect Children Online, Security, Spyware Info   Tags: , , , , , , , ,