Feeds

back to article Malware not man blamed in child abuse download case

A Department of Industrial Accidents investigator has been cleared of child porn possession charges after a forensic investigation revealed that malware was to blame for depraved smut on his company laptop. Michael Fiola, 53, of Rhode Island, went through a massive ordeal after images of child abuse were discovered on a …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

And so we see...

... Another victim of the "presumed guilty unless you can prove your innocence" mentality that the worldwide media have managed to whip up regarding child pornography.

Luckily for him, unlike many who were baselessly accused during the Operation Ore fiasco and similar events, he *has* managed to show that it wasn't anything to do with him.

Unfortunately it seems that his so-called friends were willing to assume the worst and his employers (who should certainly shoulder some of the responsibility for failing to adequately secure their computers) were willing to try to destroy his career and leave him penniless to cover their own backsides.

I hope he gets a serious wodge of compensation and finds himself some new friends.

0
0
Silver badge

What needs to be done...

Is prosecute the SUPPLIER of the laptop since they were the ones responsible for the distribution of the "bad stuff".

What you should do when getting a "supplied" computer is a statement that the supplier warrants it to be "in good working order" (which given some suppliers of operating systems may well be impossible).

0
0
Coat

Boom!

"Imagine this scenario: Your employer gives you a ticking time bomb full of child porn..."

I suppose that's what they mean by a dirty bomb.

Mine's the one making the ticking sound.

0
0

@Graham

I think the employer was dumb not to have the laptop secured better, and I think they shouldn't fire people until their guilt is proven. However, it's the police who need to be scorched on this one. They had no business even thinking about naming this guy as a suspect (much less arresting him) without first conducting a thorough investigation as to whether the laptop was compromised by a virus or other badware.

As for his friends, any "friend" who abandons you in difficult times was never really a friend in the first place.

0
0

They don't prosecute the guilty...

... they prosecute the practicable.

0
0
Pirate

Dirty images!!

Do his employers use a corporate image for their PC's & laptops? If they do then they'd better check every one for porn.

0
0
Anonymous Coward

deniability

it would be interesting to know whether the rise of peer-to-peer services (and malware) has caused a lot of this. I suspect it would be very convenient for others such as terrorists to have have a bunch of unsuspecting folks providing file servers for them...

0
0
Go

Needs to be spread around.

I wish this case were more mainstream media fare, the people reading The Register don't really count as we are all extremely paranoid already. Ignorance _can_ really bite you but then we already knew this. A little more knowledge might not have helped him, but I bet he wished he had it anyway.

0
0
Boffin

Am I the only one a little suspicious?

Come on guys, we are all computer literate here and we all have a rough idea how this could have been done as the courts say, plus have an idea of how you could fake such things to look like an arbitrary 3rd party is responsible.

I am not making a judgement either way, but all the comments on here so far seem to totally back up the courts ruling yet none of us have actually seen the actual evidence that acquitted the guy. (which granted the experts witness's did).

All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically.

0
0

@Ricky

Experts testified in court that, in their expert opinion, the laptop had been compromised by viruses. Experts who, one would guess, have qualifications to back up the use of the term "experts".

So either youre suggesting you know better than these experts, or youre saying that youre suspicious of the innocent verdict just because you havent read the specific details.

Do you work for The Sun at all?

0
0
Anonymous Coward

Wrong even when theyre right?

Ricky

im pretty sure it said both the prosecutors and the defence came to the same conclusion that it was a virus. Im sure if there were any doubt they would have thrown the book at him in a long drawn out legal battle. prosecutors dont back down that easily, espcicially in cases of kiddie porn.

0
0

@RickyTheRiot

"All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically." I'm not sure the report ever said he was targeted specifically, his machine was compromised according to the report. If the prosecution expert agrees then what is your point?

0
0

@Ricky

From your post you seem to be part of the rabid-string-em-all-up-by-the-nuts-cos-they-MUST-be-guilty-won't-somebody-think-of-the-children crowd. Yes we are mostly computer literate here, and so can also see that this could of been entirely innocent. I agree with you that we haven't seen the evidence, however don't forget that both the prosecution *and* the defence brought in experts, possibly people who you might think would be computer literate, and possibly even Reg readers themselves. And don't forget both of the experts agreed that this was caused by a third party.

Tell me, do you disagree with every single criminal conviction because you haven't seen the evidence for yourself?

Also, what gives you the right to judge somebody else, *without* seeing the evidence for yourself?

I am not a malicious man, but seeing as I have a hangover this morning I shall allow myself to say that I hope something like this happens to you, that you lose your job and your friends, and that you don't have such a supportive partner. Perhaps then you might not be so judgemental of others.

0
0
Alert

Well done on missing the point, mate

@RickyTheRiot:

If a court's teams for defence AND prosecution have agreed that this is the most likely explanation, why then are you persisting with the "accusation = guilt" mentality? In the relevant legal system, the onus is on the accuser to provide the burden of proof. They have not done so. End of story. Keep your fearmongering "ZOMG THE PAEDOS ARE INVADING!" crap for the likes of the Daily Mail.

0
0
Silver badge
Boffin

@ Ricky

You're assuming that everyone that touches a computer knows what they are doing with them. This is so far from reality it could be a Fox News report. Most people don't have a clue and will click on anything they see. They don't have a clue about firewalls, anti-virus or anti-spam - just that they are given a machine which is supposed to be part of their normal office lives. They have no interest in how email works, what the internet is (or isn't) or even that you need to put oil in the shredder now and then. They have problems changing printer and fax cartridges and even setting an email signature.

The notebook or desktop machine is just another bit of stuff you plug in that you are told you can't do your job without. They have no desire (nor should they) to know what is going on inside the thing.

Most people wouldn't know about how ignition works on a car - they only drive the things.

0
0
Anonymous Coward

The Paedofinder General Strikes Again !!!

Anyone remember Monkey Dust??

http://www.youtube.com/watch?v=UvsoVdvtZC4

0
0
Bronze badge

@ RickyTheRiot

Yes, your the only person that's suspicious. You haven't seen the evidence from the prosecution either! He's been found to be innocent by a court of law. Trial by media and the court of public opinion is utterly irrelevant given that he has been found innocent in a real court with all the evidence.

It would be a point of interest knowing exactly which virus or piece of malware caused this purely from a tech's point of view to see if systems we are responsible for are protected against it, but for that reason only. Not to start making our own judgements as to his guilt or innocence.

0
0

@RickyTheRiot

When prosecution say he's innocent (okay, I assume el'reg have read up), then it's safe to say he's innocent.

Or, he has friends in many right places (doesn't sound like it, no decent friends bar one). Or prosecution were wholey inept. On a case like this? I again doubt it.

You have a point of saying read the evidence for ourselves, but that is what defence and prosecution are for. If they both agree.....

0
0
Linux

@ Scott

I don't know where you live Scott but I know that if you are accused of Child Porn or anything like that you are always guilty. The same as if you are accused of a sex related crime like rape, or assault.

People will always look at you differently because there are those idiots who honestly believe that there is no smoke without fire.

0
0
Black Helicopters

@Ricky

Do you think that three expert witnesses were all fooled, including the one working for the prosecution?

If so, I doubt that any of us would fair any better.

even circumstance supports the guys defence, his mobile access bill didn't shoot up until he got the replacement laptop...

@Grahame

The police can't investigate something without grounds to do so. It's not unreasonable to identify the owner of a computer as a suspect if child porn is found.

Maybe they should have held off on the prosecution though until their forensics had done an examination, could have saved everyone some time, grief and money.

0
0
Silver badge
Thumb Down

@Alan Donaly

Unfortunately, this sort of information is quite well-known among the child porn scumbugs, so friends in law enforcement tell me. The scumbags pass around instructions on how to infect their PCs with backdoors, trojans, etc., so they have deniability if they are ever caught.

The forensics guys have to be good to tell the difference, which is what the line, "there was no sign that any user had viewed or attempted to access this content" alludes to.

The two obvious scenarios in this case are, i) someone with a grudge against the victim; and ii) a conspiracy of paedophiles aiming to get more cases like this, so they are less likely to be convicted if they are caught.

0
0
Paris Hilton

@RickyTheRiot

Yes, I think you are the only one a little suspicious. I'm also struggling to see what point you're trying to make.

It sounds like you're saying, "Ok, computer experts for the defence AND the prosecution both agree that this was the result of a trojan infection. However, that's not good enough for me unless I see it myself."

Arrogant much?

"I am not making a judgement either way..."

The courts will doubtless be relieved that you have chosen not to overrule them in this matter.

Paris, because, well, work it out...

0
0

@Alan Donaly

"I wish this case were more mainstream media fare, the people reading The Register don't really count as we are all extremely paranoid already."

Lol.......we're not paranoid (he says while adjusting his tinfoil hat)

and @RickyTheRiot

"Two computer forensic experts hired by the prosecution came back with the same conclusion."

Plus at least one that he hired as well. So that's a minimum of 3 different people, 2 of which were hired to try and prove him guilty, and they all came to the same conclusion. Now sure, it IS possible that someone could plant the malware afterwards, but they'd have to be pretty clever to be able to hide it from at least 3 "experts".

And I doubt it's targeting him specifically, but apparently there were several viruses and trojans on there, meaning several available back-doors. Some trojans of course report back to an address, advertising the machine as compromised so that people can attack it directly.

Although saying all that, he must have downloaded some right shit onto the machine to get the viruses and malware in the first place (unless it was on the laptop before he got it) which in a lot of companies is a sackable offence in itself.

0
0

@RickyTheRiot

".... subsequent forensic investigation discovered that malware was responsible... Computer experts hired by both the defence and prosecution agreed with this analysis."

But you would prefer to believe he is guilty. You are happy to believe in his gulit without having seen that evidence but you are not prepared to believe in his innocence without seeing evidence of it. That is the crux of the child porn problem - it has become the new witchcraft. Once accused, the individual is guilty.

I have seen the results of trjoans and other malware that were considerably more complex than uploading load of pictures - and the users were always unaware that their systems were infected.

0
0

@RickyThe Riot

Dude, what part of forensic evidence don't you understand? Not only did the defence analysts but also the prosecution's analysts came back with the evidence that it wasn't him.

This guy's life has been destroyed by a compromised laptop. If I knew someone in that situation that was accused, I would stand by him until they came back with a verdict - Guilty, then I'm sorry I ever knew the guy, innocent then I'm sorry that his life has been made hell.

I believe that you are a fucking asshole that obviously would drop all your friends at the sniff of suspicion. Just because the guy knows how to type out a report of compensation fraud doesn't mean he knows how to program the OS that runs the computer.

The fact that the law allows the naming of suspects in these cases before it is proven is a gross breach of human rights because of the damage it causes. Everyone has heard of the accused teacher/football player of molesting some school girl only to turn around and say it was all made up. Life destroyed but the girl lives happily on without the consequences.

0
0
Linux

hmmmm !

Hmmm , let me guess the computer was using that yankee A-V crapware from a company that starts with an "N" and pays suppliers to install it's bloatware resource hogging rootkit software !

0
0

Where's Deep Freeze gone ?

It was really popular in a time - especially for use with computer illiterate users... Deep Freeze their system, except for an unprotected folder where they can save files and so on, set up all applications to save by default in that folder, so that the user doesn't lose documents when saving without checking, and that's it.

It's easier to control one folder once in a while, restart the system to clean all protected areas, and then check the folder for possible infections.

I'm actually thinking of putting this on my father's PC - it's getting really annoying to clean up his PC all the time, not to mention all these other risks.

0
0
Thumb Down

@RickyTheRiot

"targeting this person specifically"

Where in the story did you read that the 'malware' was doing this?

Personally, I'd like the fullest details of whatever 'malware' was involved in this. It's the LEAST amount of information that should come out of this case, as this crap could be infecting thousands of otherwise innocent people.

As for "fake such things to look like an arbitrary 3rd party is responsible". Sure, I imagine it's possible, but how many people could do that without leaving ANY kind of evidence? Could you?

Besides, if the pages were never accessed, then what'd be the point of doing all that, except to shit on someone from a VERY great height. This is currently the most 'heinous' crime in the eyes of the media (and therefor the mindless mob of 'humanity'), even more than mass murder. I'm not defending child p*rn in any way whatsoever, and those who ARE involved DO deserve to be put away for a very long time. What is wrong, however, is this worrying shift from "Innocent until proven Guilty" to, as Graham Marsden points out, "Guilty unless YOU can prove YOUR Innocence" Society is embarking on a very dark and dangerous path, of "lynch mob" 'justice', whipped up by a mass media frenzy.

0
0
Anonymous Coward

@ RickyTheRiot

@ All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically.

They never mentioned it was a virus targeting this person specifically - far more likely is a random attack through a known exploit with his computer being turned into a host for the files for others to access, or alternatively some malicious youths planting stuff on random peoples computers.

What would be interesting is to see any logs his computer has of people accessing the files, if any. Got IP? Can follow!

0
0
Anonymous Coward

Am I the only one a little suspicious?

"All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically."

That's the right attitude - think everyone's a deviant until you're personally able to inspect their computers for unsavory material.

0
0
Anonymous Coward

@ RickyTheRiot

So we're now going from innocent until proven guilty to guilty until proven innocent but then still possibly guilty? I bet you're fun to be on a jury with.

0
0
Boffin

Re: Am I the only one a little suspicious?

It does not need to be a virus targeting the person specifically.

Sounds like a P2P darknet using internet temporary file areas for in-transit storage. This also fits well with him getting a Verizon bill big enough to warrant an internal investigation (this is where all this started after all).

There is a LOT of that going on. The more interesting bit is how did it get onto there in the first place and whose head should be served on a plate in court.

0
0

@RickyTheRiot

I think the important thing here is that he got off. I think there could be a lot more to this than a virus. He could have been set up. However if he claimed that then he would have a lot more to prove to avoid conviction. On the other hand if his previous computer broke then perhaps that was also compromised.

Making a crime out of possesion of images is stretching the point anyway. Who was hurt by this? You could say the children in the photos, it's not nice if people hold such pictures of you. But it does not mean the person with the pictures caused any harm.

This is further true of paedo artwork which is fantasy and if it's not based on a real person, then how can you say there is a victim? This is also illegal to own.

I would say the law is more interested in making things illegal than prosecuting people who cause harm to others.

I seems to me that the creator of the virus was gaming the system to cause harm to people. If the laptop was being used as a porn server then they were just deflecting the law away from themselves.

0
0

@ RickyTheRiot

So your stance is "no smoke without fire"? Welcome to Salem.

0
0
Alert

What's in it for the virus?

OK, so skiddies get their kicks from owning servers and spreading their viral spawn far and wide, but what's the point of this one? It seems a very targeted bit of malware is at work here. It would appear from the story (not much to go on technically) that the "virus" would connect to a known server of kid smut and download it into the cache so that it looked as if the person had viewed it??? This seems like a lot of effort to go to for very little gain in kudos points for the author. Also if this is the level of effort, would it be that hard to forge the browser history too?

So presuming that kudos was not the motivation, what was? Getting some innocent person banged up? Perhaps I guess but I would hope that even the most nefarious of skiddies would draw a line somewhere (their defence is usually "I'm not hurting anyone" and this would clearly cross that line).

So again, how/why did this happen? Is someone out to get him. Is this a new bit of software that employers can install to quickly and easily boot out unwanted employees? Or is, as RickyTheRiot says, the unmistakable air of bullshit wafting through the courtroom?

Of course the article's thin tech background could just be masking the fact that the images in question were just used for popups etc. in the usual pay-per-click malware scam, but the way it was written, with particular emphasis on child porn and comments that there was "no sign that any user had viewed or attempted to access this content." (which would rule out popups....) seems to strongly suggest that something more sinister is going on.

0
0

@RickyTheRiot

Multiple experts for the prosecution and defense all came to the same conclusion independently. Are you suggesting that they should continue investigating until they come to the “right conclusion”???

0
0
IT Angle

You are the only one a little suspicious

@Rickytheriot Even as an IT professional of more years than I care to remember, I am not sure I could "fake" such things as to fool forensic investigators, especially if I was known as a computer illiterate. You seem to be suggesting a virus could not do this. It was not targeting that person specifically, it was targetting that laptop specifically.

0
0
Gates Horns

Nobody ever got fired for buying Microsoft?

Guess not anymore.

Open WinDos, lose your job.

0
0
Flame

Malware Removal

Of course, if he had at some stage used a malware removal tool then his "alibi" would have been lost while the offending material might well have been preserved.

All rational judgement seems to be suspended when one of the four NEW horsemen of the apocalypse rides by (Paedophiles, terrorists, asylum seekers, copyright infringers). For almost all peesee owners a higher standard of evidence is required than "we found this file on your machine". When you think of how "legitimate" software helps itself to your machine (iTunes, Real Player, Kontiki, etc), and how easy it is for a half knowledgeable user to partly cover their tracks, finding child pornography on someone's hard drive in the plain should be a pretty clear indicator of innocence. Or, at least, the need to credibly establish wilful action.

0
0
Thumb Up

I investigated a similar senario

I carried out an investiagtion on a machine a few years ago where images appeared under a particular profile and but were placed there by another profile.

It was interesting, even more so when a document which had only been printed (not saved) was presented to the suspect. Believing if the document was printed without saving it then closed Word there would no record. Enter Encase to re-create the document which (in this case) proved the suspect had placed the images under the other (his bosses) profile.

Great fun

0
0
(Written by Reg staff)

Re: @RickyTheRiot

Lots and lots (and lots) of you seem to be in accord on this one. I think Mr TheRiot has been well told, so no more replies to his ever so slightly provocative comments, ta.

0
0
Unhappy

Was he targeted?

If you reverse engineer some worms and bot control systems you may find bits that warrant a google search. just be careful with the pictures that you get back because some of the images will consist of a normal stupid web image of a border or logo or sad face yet the second half the image will never seen except by people doing forensic checks on your disk in which case they will find kiddy porn. Even some of the adult web sites that get hit by fusker like programs are starting to use that little trick.

0
0

Why not?

Why would it not be something targeting this person specifically? After all, he was investigating worker compensation fraud. That is bound to make him a few enemies and is all the more reason why his company should be sued for ruining his life without an adequate inquiry.

He simply is in a position whereby it would be reasonable to accomodate the possibility that he would be the victim of a targeted attack.

Also, tha laptop of an insurance invetigator should have been much more secure. The company is at fault on that front as well. It would contain a lot of very personal information about a lot of people.

0
0
kb
Flame

I can tell you how this works

As I have hung out with enough grey and black hats to tell you how it works. here is how it goes down: Joe is a hacker,and Joe infects your pc,either by getting you or a member of your family to go to a page where he hits the pc with a nice quiet driveby downloader. Joe is contacted by a child pr0nographer,Mr. Scumbag. He can make mad money selling access to his scummy pics but naturally doesn't want to get caught.

So Joe puts a nice little backdoor into your machine,and creates a share or folder someplace the average person never looks,like say,the cache folder. Joe then sends Mr. Scumbag the links so he can drop his sleaze onto you and Joe gets paid. The fact that he had four times the Internet usage is the tipoff. Usually a sleaze grabbing through a proxy will hit hard and fast-get in and get out,as it is less likely to leave traces.

The fact that the guy racked up that kind of a bill tells me that in all likelihood he had a backdoor planted on him and was being used as a server for somebody else's sleaze. Which is why folks shouldn't be "guilty until proven innocent",especially in these life destroying kind of cases. These sleazebags can make insane amount of money off this garbage,and as we have all seen with spambots and mass mailing trojans,anywhere there is big bucks to be made illegally you'll find someone who will try to get the cash while passing off the risk to someone else. But that is my 02c,YMMV

0
0
Pirate

@RickyTheRiot

"All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically."

Who mentioned it being targeted at him specifically?

The law is quite specific (and sometimes this is actually the way it pans out): you're innocent until found guilty beyond *reasonable doubt*. The presence of the malware was confirmed by at least two computer forensics experts (copy implies it was possibly three) *including* those hired by the prosecution, and they all concluded the same.

That's about as far beyond mere "reasonable doubt" as you can get.

-- Jon

0
0

@ Herby

The computer was probably clean when they gave it to him. Note that he is described as "computer-illiterate" - meaning he uses IE, has an antivirus program if the company installed it but he doesn't update it or apply security patches. And may visit dodgy porn sites. Not too hard to pick up a lot of malware if you try.

@ RickyTheRiot

Again, this guy is nowhere nearly skilled enough to fake it. The people who are able to are extremely unlikely to have multiple viruses running on their system. I think the precedent this sets will help more people prove their innocence than conceal their guilt.

0
0

Computer Illiterate

'Fiola, described by his wife as "computer-illiterate"'

If he truly is, then I can picture it. This guy goes to every website, clicks every link, and answers "Yes" to every pop-up box. (I'm sure we've all seen the results of this type of behavior before). That would very well explain how he got contracted this particular "infection", and easily distinguish him from the rest of the company lackeys who don't seem to be affected.

If he isn't computer illiterate, then the malware/virus would just be a clever way to cover up his activities.... but given that this all took place on a company laptop, I'm going to lean toward the former conclusion.

I wonder if there is malware out there that automatically downloads MP3's from ones favorite artists?

0
0
Gates Horns

Two computer forensic experts...

Wow, does this make me a computer forensic expert? (I could have checked his internet cache and said the same thing). What is worrying is that this is the first time I've heard of any such spyware/virus perpetrating such a heinous crime.

Still, if this is true, and the guys life was destroyed by a virus, then the world just got a little scarier. If not true a lot of paedo cases are suddenly going to have to 'prove' the guilt of the person involved - what's the betting police suddenly stop finding a lot of computer porn because it'll actually involve working to prove the stuff was downloaded purposely for viewing.

Well, here's to setting Firefox to daily clean my internet cache - just in case.

Evil BG because maybe IE should clear the cache (which should be held virtually) after each session by default, so that anything sneaking in by a backdoor would be eliminated.

0
0
Alert

A nightmare scenario...

...which I'm surprised hasn't been extensively used by the kiddy porn and malware industry yet. Release a trojan, virus or whatever that plants illegal images on victims' computers, or connects to a KP site, then phones home. Anonymously report the victims to law enforcement, then watch as they are hauled in.

The KPers win whatever happens. Investigators are tied up with huge numbers of reports, making it more likely that the real cases will slip through the net or fail for lack of resources. If a case gets to court and successfully uses the defence "malware planted the files on my computer", then that will make a precedent and anyone from then on will be able to claim that in their defence. The "evidence" in such cases is never made public, so the virus and anti-malware scanners will have no idea what to look for.

If I used a vulnerable system (i.e Windows), then I'd be very afraid.

0
0
Anonymous Coward

@RickyTheRiot

Glad you're not one of my mates.

I have acted as the expert witness for the defence in a similar type of case in the UK when the employer tried to sack a worker for viewing NSFW images based solely on the jpg filenames logged by M$ ISA. Two of the unsavoury images were credit card logos with joke names. At other times he was 25 miles away on site, but the output was taken as gospel by the employer who assumed that he was "probably guilty" as the "log proved it". The prosecution expert agreed with me, but stated it first and they had to strike the action from the disciplinary record, which P*d them off tremendously.

I had trained the other witness who told me initially that he thought it was an infection, but no one had paid any attention to him or investigated it properly.

the Black hoods were out until the chaps dad remembered me and asked me to help, at which point they had to take the evidence seriously.

My last company had a Salesman visit the US and against advice installed P2P to get his music. He got hit by virus and Trojan within a couple of hours. Luckily I spotted the extra Internet activity and sorted it out immediately before too much damage occurred.

I had a Firewall in the US office and the amount of hits it took constantly from US based ISPs was impressive,but even that paled into insignificance once he loaded his P2P. To the US ISPs credit they resolved every issue I reported to them unlike our UK laddies.

0
0

Page:

This topic is closed for new posts.