back to article Malware not man blamed in child abuse download case

A Department of Industrial Accidents investigator has been cleared of child porn possession charges after a forensic investigation revealed that malware was to blame for depraved smut on his company laptop. Michael Fiola, 53, of Rhode Island, went through a massive ordeal after images of child abuse were discovered on a …

COMMENTS

This topic is closed for new posts.
  1. Graham Marsden

    And so we see...

    ... Another victim of the "presumed guilty unless you can prove your innocence" mentality that the worldwide media have managed to whip up regarding child pornography.

    Luckily for him, unlike many who were baselessly accused during the Operation Ore fiasco and similar events, he *has* managed to show that it wasn't anything to do with him.

    Unfortunately it seems that his so-called friends were willing to assume the worst and his employers (who should certainly shoulder some of the responsibility for failing to adequately secure their computers) were willing to try to destroy his career and leave him penniless to cover their own backsides.

    I hope he gets a serious wodge of compensation and finds himself some new friends.

  2. Herby

    What needs to be done...

    Is prosecute the SUPPLIER of the laptop since they were the ones responsible for the distribution of the "bad stuff".

    What you should do when getting a "supplied" computer is a statement that the supplier warrants it to be "in good working order" (which given some suppliers of operating systems may well be impossible).

  3. Anonymous Coward
    Coat

    Boom!

    "Imagine this scenario: Your employer gives you a ticking time bomb full of child porn..."

    I suppose that's what they mean by a dirty bomb.

    Mine's the one making the ticking sound.

  4. Scott

    @Graham

    I think the employer was dumb not to have the laptop secured better, and I think they shouldn't fire people until their guilt is proven. However, it's the police who need to be scorched on this one. They had no business even thinking about naming this guy as a suspect (much less arresting him) without first conducting a thorough investigation as to whether the laptop was compromised by a virus or other badware.

    As for his friends, any "friend" who abandons you in difficult times was never really a friend in the first place.

  5. Eugene Goodrich

    They don't prosecute the guilty...

    ... they prosecute the practicable.

  6. Anonymous Coward
    Pirate

    Dirty images!!

    Do his employers use a corporate image for their PC's & laptops? If they do then they'd better check every one for porn.

  7. Anonymous Coward
    Anonymous Coward

    deniability

    it would be interesting to know whether the rise of peer-to-peer services (and malware) has caused a lot of this. I suspect it would be very convenient for others such as terrorists to have have a bunch of unsuspecting folks providing file servers for them...

  8. Alan Donaly
    Go

    Needs to be spread around.

    I wish this case were more mainstream media fare, the people reading The Register don't really count as we are all extremely paranoid already. Ignorance _can_ really bite you but then we already knew this. A little more knowledge might not have helped him, but I bet he wished he had it anyway.

  9. RickyTheRiot
    Boffin

    Am I the only one a little suspicious?

    Come on guys, we are all computer literate here and we all have a rough idea how this could have been done as the courts say, plus have an idea of how you could fake such things to look like an arbitrary 3rd party is responsible.

    I am not making a judgement either way, but all the comments on here so far seem to totally back up the courts ruling yet none of us have actually seen the actual evidence that acquitted the guy. (which granted the experts witness's did).

    All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically.

  10. Adam West

    @Ricky

    Experts testified in court that, in their expert opinion, the laptop had been compromised by viruses. Experts who, one would guess, have qualifications to back up the use of the term "experts".

    So either youre suggesting you know better than these experts, or youre saying that youre suspicious of the innocent verdict just because you havent read the specific details.

    Do you work for The Sun at all?

  11. Anonymous Coward
    Anonymous Coward

    Wrong even when theyre right?

    Ricky

    im pretty sure it said both the prosecutors and the defence came to the same conclusion that it was a virus. Im sure if there were any doubt they would have thrown the book at him in a long drawn out legal battle. prosecutors dont back down that easily, espcicially in cases of kiddie porn.

  12. Stephen Gray

    @RickyTheRiot

    "All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically." I'm not sure the report ever said he was targeted specifically, his machine was compromised according to the report. If the prosecution expert agrees then what is your point?

  13. Dangermouse

    @Ricky

    From your post you seem to be part of the rabid-string-em-all-up-by-the-nuts-cos-they-MUST-be-guilty-won't-somebody-think-of-the-children crowd. Yes we are mostly computer literate here, and so can also see that this could of been entirely innocent. I agree with you that we haven't seen the evidence, however don't forget that both the prosecution *and* the defence brought in experts, possibly people who you might think would be computer literate, and possibly even Reg readers themselves. And don't forget both of the experts agreed that this was caused by a third party.

    Tell me, do you disagree with every single criminal conviction because you haven't seen the evidence for yourself?

    Also, what gives you the right to judge somebody else, *without* seeing the evidence for yourself?

    I am not a malicious man, but seeing as I have a hangover this morning I shall allow myself to say that I hope something like this happens to you, that you lose your job and your friends, and that you don't have such a supportive partner. Perhaps then you might not be so judgemental of others.

  14. Kyle
    Alert

    Well done on missing the point, mate

    @RickyTheRiot:

    If a court's teams for defence AND prosecution have agreed that this is the most likely explanation, why then are you persisting with the "accusation = guilt" mentality? In the relevant legal system, the onus is on the accuser to provide the burden of proof. They have not done so. End of story. Keep your fearmongering "ZOMG THE PAEDOS ARE INVADING!" crap for the likes of the Daily Mail.

  15. Elmer Phud
    Boffin

    @ Ricky

    You're assuming that everyone that touches a computer knows what they are doing with them. This is so far from reality it could be a Fox News report. Most people don't have a clue and will click on anything they see. They don't have a clue about firewalls, anti-virus or anti-spam - just that they are given a machine which is supposed to be part of their normal office lives. They have no interest in how email works, what the internet is (or isn't) or even that you need to put oil in the shredder now and then. They have problems changing printer and fax cartridges and even setting an email signature.

    The notebook or desktop machine is just another bit of stuff you plug in that you are told you can't do your job without. They have no desire (nor should they) to know what is going on inside the thing.

    Most people wouldn't know about how ignition works on a car - they only drive the things.

  16. Anonymous Coward
    Anonymous Coward

    The Paedofinder General Strikes Again !!!

    Anyone remember Monkey Dust??

    http://www.youtube.com/watch?v=UvsoVdvtZC4

  17. Peter Leech Silver badge

    @ RickyTheRiot

    Yes, your the only person that's suspicious. You haven't seen the evidence from the prosecution either! He's been found to be innocent by a court of law. Trial by media and the court of public opinion is utterly irrelevant given that he has been found innocent in a real court with all the evidence.

    It would be a point of interest knowing exactly which virus or piece of malware caused this purely from a tech's point of view to see if systems we are responsible for are protected against it, but for that reason only. Not to start making our own judgements as to his guilt or innocence.

  18. Edward Rose

    @RickyTheRiot

    When prosecution say he's innocent (okay, I assume el'reg have read up), then it's safe to say he's innocent.

    Or, he has friends in many right places (doesn't sound like it, no decent friends bar one). Or prosecution were wholey inept. On a case like this? I again doubt it.

    You have a point of saying read the evidence for ourselves, but that is what defence and prosecution are for. If they both agree.....

  19. Jamie
    Linux

    @ Scott

    I don't know where you live Scott but I know that if you are accused of Child Porn or anything like that you are always guilty. The same as if you are accused of a sex related crime like rape, or assault.

    People will always look at you differently because there are those idiots who honestly believe that there is no smoke without fire.

  20. Steve
    Black Helicopters

    @Ricky

    Do you think that three expert witnesses were all fooled, including the one working for the prosecution?

    If so, I doubt that any of us would fair any better.

    even circumstance supports the guys defence, his mobile access bill didn't shoot up until he got the replacement laptop...

    @Grahame

    The police can't investigate something without grounds to do so. It's not unreasonable to identify the owner of a computer as a suspect if child porn is found.

    Maybe they should have held off on the prosecution though until their forensics had done an examination, could have saved everyone some time, grief and money.

  21. Allan Dyer
    Thumb Down

    @Alan Donaly

    Unfortunately, this sort of information is quite well-known among the child porn scumbugs, so friends in law enforcement tell me. The scumbags pass around instructions on how to infect their PCs with backdoors, trojans, etc., so they have deniability if they are ever caught.

    The forensics guys have to be good to tell the difference, which is what the line, "there was no sign that any user had viewed or attempted to access this content" alludes to.

    The two obvious scenarios in this case are, i) someone with a grudge against the victim; and ii) a conspiracy of paedophiles aiming to get more cases like this, so they are less likely to be convicted if they are caught.

  22. Dan White
    Paris Hilton

    @RickyTheRiot

    Yes, I think you are the only one a little suspicious. I'm also struggling to see what point you're trying to make.

    It sounds like you're saying, "Ok, computer experts for the defence AND the prosecution both agree that this was the result of a trojan infection. However, that's not good enough for me unless I see it myself."

    Arrogant much?

    "I am not making a judgement either way..."

    The courts will doubtless be relieved that you have chosen not to overrule them in this matter.

    Paris, because, well, work it out...

  23. Andy Worth

    @Alan Donaly

    "I wish this case were more mainstream media fare, the people reading The Register don't really count as we are all extremely paranoid already."

    Lol.......we're not paranoid (he says while adjusting his tinfoil hat)

    and @RickyTheRiot

    "Two computer forensic experts hired by the prosecution came back with the same conclusion."

    Plus at least one that he hired as well. So that's a minimum of 3 different people, 2 of which were hired to try and prove him guilty, and they all came to the same conclusion. Now sure, it IS possible that someone could plant the malware afterwards, but they'd have to be pretty clever to be able to hide it from at least 3 "experts".

    And I doubt it's targeting him specifically, but apparently there were several viruses and trojans on there, meaning several available back-doors. Some trojans of course report back to an address, advertising the machine as compromised so that people can attack it directly.

    Although saying all that, he must have downloaded some right shit onto the machine to get the viruses and malware in the first place (unless it was on the laptop before he got it) which in a lot of companies is a sackable offence in itself.

  24. JohnG

    @RickyTheRiot

    ".... subsequent forensic investigation discovered that malware was responsible... Computer experts hired by both the defence and prosecution agreed with this analysis."

    But you would prefer to believe he is guilty. You are happy to believe in his gulit without having seen that evidence but you are not prepared to believe in his innocence without seeing evidence of it. That is the crux of the child porn problem - it has become the new witchcraft. Once accused, the individual is guilty.

    I have seen the results of trjoans and other malware that were considerably more complex than uploading load of pictures - and the users were always unaware that their systems were infected.

  25. H5N1

    @RickyThe Riot

    Dude, what part of forensic evidence don't you understand? Not only did the defence analysts but also the prosecution's analysts came back with the evidence that it wasn't him.

    This guy's life has been destroyed by a compromised laptop. If I knew someone in that situation that was accused, I would stand by him until they came back with a verdict - Guilty, then I'm sorry I ever knew the guy, innocent then I'm sorry that his life has been made hell.

    I believe that you are a fucking asshole that obviously would drop all your friends at the sniff of suspicion. Just because the guy knows how to type out a report of compensation fraud doesn't mean he knows how to program the OS that runs the computer.

    The fact that the law allows the naming of suspects in these cases before it is proven is a gross breach of human rights because of the damage it causes. Everyone has heard of the accused teacher/football player of molesting some school girl only to turn around and say it was all made up. Life destroyed but the girl lives happily on without the consequences.

  26. heystoopid
    Linux

    hmmmm !

    Hmmm , let me guess the computer was using that yankee A-V crapware from a company that starts with an "N" and pays suppliers to install it's bloatware resource hogging rootkit software !

  27. Marius Poenar

    Where's Deep Freeze gone ?

    It was really popular in a time - especially for use with computer illiterate users... Deep Freeze their system, except for an unprotected folder where they can save files and so on, set up all applications to save by default in that folder, so that the user doesn't lose documents when saving without checking, and that's it.

    It's easier to control one folder once in a while, restart the system to clean all protected areas, and then check the folder for possible infections.

    I'm actually thinking of putting this on my father's PC - it's getting really annoying to clean up his PC all the time, not to mention all these other risks.

  28. dervheid
    Thumb Down

    @RickyTheRiot

    "targeting this person specifically"

    Where in the story did you read that the 'malware' was doing this?

    Personally, I'd like the fullest details of whatever 'malware' was involved in this. It's the LEAST amount of information that should come out of this case, as this crap could be infecting thousands of otherwise innocent people.

    As for "fake such things to look like an arbitrary 3rd party is responsible". Sure, I imagine it's possible, but how many people could do that without leaving ANY kind of evidence? Could you?

    Besides, if the pages were never accessed, then what'd be the point of doing all that, except to shit on someone from a VERY great height. This is currently the most 'heinous' crime in the eyes of the media (and therefor the mindless mob of 'humanity'), even more than mass murder. I'm not defending child p*rn in any way whatsoever, and those who ARE involved DO deserve to be put away for a very long time. What is wrong, however, is this worrying shift from "Innocent until proven Guilty" to, as Graham Marsden points out, "Guilty unless YOU can prove YOUR Innocence" Society is embarking on a very dark and dangerous path, of "lynch mob" 'justice', whipped up by a mass media frenzy.

  29. Anonymous Coward
    Anonymous Coward

    @ RickyTheRiot

    @ All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically.

    They never mentioned it was a virus targeting this person specifically - far more likely is a random attack through a known exploit with his computer being turned into a host for the files for others to access, or alternatively some malicious youths planting stuff on random peoples computers.

    What would be interesting is to see any logs his computer has of people accessing the files, if any. Got IP? Can follow!

  30. Anonymous Coward
    Anonymous Coward

    Am I the only one a little suspicious?

    "All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically."

    That's the right attitude - think everyone's a deviant until you're personally able to inspect their computers for unsavory material.

  31. Anonymous Coward
    Anonymous Coward

    @ RickyTheRiot

    So we're now going from innocent until proven guilty to guilty until proven innocent but then still possibly guilty? I bet you're fun to be on a jury with.

  32. Anton Ivanov
    Boffin

    Re: Am I the only one a little suspicious?

    It does not need to be a virus targeting the person specifically.

    Sounds like a P2P darknet using internet temporary file areas for in-transit storage. This also fits well with him getting a Verizon bill big enough to warrant an internal investigation (this is where all this started after all).

    There is a LOT of that going on. The more interesting bit is how did it get onto there in the first place and whose head should be served on a plate in court.

  33. Wayland Sothcott

    @RickyTheRiot

    I think the important thing here is that he got off. I think there could be a lot more to this than a virus. He could have been set up. However if he claimed that then he would have a lot more to prove to avoid conviction. On the other hand if his previous computer broke then perhaps that was also compromised.

    Making a crime out of possesion of images is stretching the point anyway. Who was hurt by this? You could say the children in the photos, it's not nice if people hold such pictures of you. But it does not mean the person with the pictures caused any harm.

    This is further true of paedo artwork which is fantasy and if it's not based on a real person, then how can you say there is a victim? This is also illegal to own.

    I would say the law is more interested in making things illegal than prosecuting people who cause harm to others.

    I seems to me that the creator of the virus was gaming the system to cause harm to people. If the laptop was being used as a porn server then they were just deflecting the law away from themselves.

  34. bluesxman

    @ RickyTheRiot

    So your stance is "no smoke without fire"? Welcome to Salem.

  35. Colin Guthrie
    Alert

    What's in it for the virus?

    OK, so skiddies get their kicks from owning servers and spreading their viral spawn far and wide, but what's the point of this one? It seems a very targeted bit of malware is at work here. It would appear from the story (not much to go on technically) that the "virus" would connect to a known server of kid smut and download it into the cache so that it looked as if the person had viewed it??? This seems like a lot of effort to go to for very little gain in kudos points for the author. Also if this is the level of effort, would it be that hard to forge the browser history too?

    So presuming that kudos was not the motivation, what was? Getting some innocent person banged up? Perhaps I guess but I would hope that even the most nefarious of skiddies would draw a line somewhere (their defence is usually "I'm not hurting anyone" and this would clearly cross that line).

    So again, how/why did this happen? Is someone out to get him. Is this a new bit of software that employers can install to quickly and easily boot out unwanted employees? Or is, as RickyTheRiot says, the unmistakable air of bullshit wafting through the courtroom?

    Of course the article's thin tech background could just be masking the fact that the images in question were just used for popups etc. in the usual pay-per-click malware scam, but the way it was written, with particular emphasis on child porn and comments that there was "no sign that any user had viewed or attempted to access this content." (which would rule out popups....) seems to strongly suggest that something more sinister is going on.

  36. Liam Johnson

    @RickyTheRiot

    Multiple experts for the prosecution and defense all came to the same conclusion independently. Are you suggesting that they should continue investigating until they come to the “right conclusion”???

  37. Clive Powell
    IT Angle

    You are the only one a little suspicious

    @Rickytheriot Even as an IT professional of more years than I care to remember, I am not sure I could "fake" such things as to fool forensic investigators, especially if I was known as a computer illiterate. You seem to be suggesting a virus could not do this. It was not targeting that person specifically, it was targetting that laptop specifically.

  38. Henry Cobb
    Gates Horns

    Nobody ever got fired for buying Microsoft?

    Guess not anymore.

    Open WinDos, lose your job.

  39. Dunstan Vavasour
    Flame

    Malware Removal

    Of course, if he had at some stage used a malware removal tool then his "alibi" would have been lost while the offending material might well have been preserved.

    All rational judgement seems to be suspended when one of the four NEW horsemen of the apocalypse rides by (Paedophiles, terrorists, asylum seekers, copyright infringers). For almost all peesee owners a higher standard of evidence is required than "we found this file on your machine". When you think of how "legitimate" software helps itself to your machine (iTunes, Real Player, Kontiki, etc), and how easy it is for a half knowledgeable user to partly cover their tracks, finding child pornography on someone's hard drive in the plain should be a pretty clear indicator of innocence. Or, at least, the need to credibly establish wilful action.

  40. Jeff Bennison
    Thumb Up

    I investigated a similar senario

    I carried out an investiagtion on a machine a few years ago where images appeared under a particular profile and but were placed there by another profile.

    It was interesting, even more so when a document which had only been printed (not saved) was presented to the suspect. Believing if the document was printed without saving it then closed Word there would no record. Enter Encase to re-create the document which (in this case) proved the suspect had placed the images under the other (his bosses) profile.

    Great fun

  41. Sarah Bee (Written by Reg staff)

    Re: @RickyTheRiot

    Lots and lots (and lots) of you seem to be in accord on this one. I think Mr TheRiot has been well told, so no more replies to his ever so slightly provocative comments, ta.

  42. Anonymous Coward
    Unhappy

    Was he targeted?

    If you reverse engineer some worms and bot control systems you may find bits that warrant a google search. just be careful with the pictures that you get back because some of the images will consist of a normal stupid web image of a border or logo or sad face yet the second half the image will never seen except by people doing forensic checks on your disk in which case they will find kiddy porn. Even some of the adult web sites that get hit by fusker like programs are starting to use that little trick.

  43. Chris

    Why not?

    Why would it not be something targeting this person specifically? After all, he was investigating worker compensation fraud. That is bound to make him a few enemies and is all the more reason why his company should be sued for ruining his life without an adequate inquiry.

    He simply is in a position whereby it would be reasonable to accomodate the possibility that he would be the victim of a targeted attack.

    Also, tha laptop of an insurance invetigator should have been much more secure. The company is at fault on that front as well. It would contain a lot of very personal information about a lot of people.

  44. kb
    Flame

    I can tell you how this works

    As I have hung out with enough grey and black hats to tell you how it works. here is how it goes down: Joe is a hacker,and Joe infects your pc,either by getting you or a member of your family to go to a page where he hits the pc with a nice quiet driveby downloader. Joe is contacted by a child pr0nographer,Mr. Scumbag. He can make mad money selling access to his scummy pics but naturally doesn't want to get caught.

    So Joe puts a nice little backdoor into your machine,and creates a share or folder someplace the average person never looks,like say,the cache folder. Joe then sends Mr. Scumbag the links so he can drop his sleaze onto you and Joe gets paid. The fact that he had four times the Internet usage is the tipoff. Usually a sleaze grabbing through a proxy will hit hard and fast-get in and get out,as it is less likely to leave traces.

    The fact that the guy racked up that kind of a bill tells me that in all likelihood he had a backdoor planted on him and was being used as a server for somebody else's sleaze. Which is why folks shouldn't be "guilty until proven innocent",especially in these life destroying kind of cases. These sleazebags can make insane amount of money off this garbage,and as we have all seen with spambots and mass mailing trojans,anywhere there is big bucks to be made illegally you'll find someone who will try to get the cash while passing off the risk to someone else. But that is my 02c,YMMV

  45. Jonathan McCulloch
    Pirate

    @RickyTheRiot

    "All I am saying is I would like to see that evidence for myself before believing it was a virus targeting this person specifically."

    Who mentioned it being targeted at him specifically?

    The law is quite specific (and sometimes this is actually the way it pans out): you're innocent until found guilty beyond *reasonable doubt*. The presence of the malware was confirmed by at least two computer forensics experts (copy implies it was possibly three) *including* those hired by the prosecution, and they all concluded the same.

    That's about as far beyond mere "reasonable doubt" as you can get.

    -- Jon

  46. Kanhef

    @ Herby

    The computer was probably clean when they gave it to him. Note that he is described as "computer-illiterate" - meaning he uses IE, has an antivirus program if the company installed it but he doesn't update it or apply security patches. And may visit dodgy porn sites. Not too hard to pick up a lot of malware if you try.

    @ RickyTheRiot

    Again, this guy is nowhere nearly skilled enough to fake it. The people who are able to are extremely unlikely to have multiple viruses running on their system. I think the precedent this sets will help more people prove their innocence than conceal their guilt.

  47. Scott

    Computer Illiterate

    'Fiola, described by his wife as "computer-illiterate"'

    If he truly is, then I can picture it. This guy goes to every website, clicks every link, and answers "Yes" to every pop-up box. (I'm sure we've all seen the results of this type of behavior before). That would very well explain how he got contracted this particular "infection", and easily distinguish him from the rest of the company lackeys who don't seem to be affected.

    If he isn't computer illiterate, then the malware/virus would just be a clever way to cover up his activities.... but given that this all took place on a company laptop, I'm going to lean toward the former conclusion.

    I wonder if there is malware out there that automatically downloads MP3's from ones favorite artists?

  48. Tony Paulazzo
    Gates Horns

    Two computer forensic experts...

    Wow, does this make me a computer forensic expert? (I could have checked his internet cache and said the same thing). What is worrying is that this is the first time I've heard of any such spyware/virus perpetrating such a heinous crime.

    Still, if this is true, and the guys life was destroyed by a virus, then the world just got a little scarier. If not true a lot of paedo cases are suddenly going to have to 'prove' the guilt of the person involved - what's the betting police suddenly stop finding a lot of computer porn because it'll actually involve working to prove the stuff was downloaded purposely for viewing.

    Well, here's to setting Firefox to daily clean my internet cache - just in case.

    Evil BG because maybe IE should clear the cache (which should be held virtually) after each session by default, so that anything sneaking in by a backdoor would be eliminated.

  49. James Marten
    Alert

    A nightmare scenario...

    ...which I'm surprised hasn't been extensively used by the kiddy porn and malware industry yet. Release a trojan, virus or whatever that plants illegal images on victims' computers, or connects to a KP site, then phones home. Anonymously report the victims to law enforcement, then watch as they are hauled in.

    The KPers win whatever happens. Investigators are tied up with huge numbers of reports, making it more likely that the real cases will slip through the net or fail for lack of resources. If a case gets to court and successfully uses the defence "malware planted the files on my computer", then that will make a precedent and anyone from then on will be able to claim that in their defence. The "evidence" in such cases is never made public, so the virus and anti-malware scanners will have no idea what to look for.

    If I used a vulnerable system (i.e Windows), then I'd be very afraid.

  50. Anonymous Coward
    Anonymous Coward

    @RickyTheRiot

    Glad you're not one of my mates.

    I have acted as the expert witness for the defence in a similar type of case in the UK when the employer tried to sack a worker for viewing NSFW images based solely on the jpg filenames logged by M$ ISA. Two of the unsavoury images were credit card logos with joke names. At other times he was 25 miles away on site, but the output was taken as gospel by the employer who assumed that he was "probably guilty" as the "log proved it". The prosecution expert agreed with me, but stated it first and they had to strike the action from the disciplinary record, which P*d them off tremendously.

    I had trained the other witness who told me initially that he thought it was an infection, but no one had paid any attention to him or investigated it properly.

    the Black hoods were out until the chaps dad remembered me and asked me to help, at which point they had to take the evidence seriously.

    My last company had a Salesman visit the US and against advice installed P2P to get his music. He got hit by virus and Trojan within a couple of hours. Luckily I spotted the extra Internet activity and sorted it out immediately before too much damage occurred.

    I had a Firewall in the US office and the amount of hits it took constantly from US based ISPs was impressive,but even that paled into insignificance once he loaded his P2P. To the US ISPs credit they resolved every issue I reported to them unlike our UK laddies.

  51. Charles King

    no sign that any user had viewed or attempted to access this content

    What does this mean, really? Did they just check that none of the images were listed in his MRU caches or is there some other method of determining this?

  52. Anonymous Coward
    Anonymous Coward

    Just in case anyone missed it

    > I can tell you how this works

    > By kb

    > Posted Tuesday 17th June 2008 03:55 GMT

    More or less nails the most likely way for this to work. Drive by the CP onto a machine that has a bareable upload speed, use it as a node to distrobute to your subscribers. Maybe via p2p, maybe via a drop ship website, maybe via xdcc.

    The main CP guys never going near a stash becouse it's all moving from satellite to satellite. The only people getting grabbed being the people used as a proxy, normally becouse all the guilt lands on them, then even if it didn't it isn't easy to find the origonators.

  53. Anonymous Coward
    Thumb Down

    This is a very serious problem

    I used to report any time I stumbled upon child porn on the internet. I'd locate the country of the IP address and find somebody appropriate to inform. In recent years I have become scared to do this and will instead respond to child porn by ignoring it and running xargs/shred on my webcache in case the authorities decide to go for the easy prosecution, me, instead of chasing the people who are raping children.

  54. Anonymous Coward
    Anonymous Coward

    UPDATE - Ricky's PC seized

    Ricky has been arrested, and his PC and all media have been seized for investigation.

    Personally I think he's guilty - whatever the experts say

  55. Anonymous Coward
    Anonymous Coward

    Ive seen this before

    Over several years i seen this and simalar scam pulled on unsuspecting EUs.

    I agree the problem excistmainly between keyboard and chair but some people are gobshites are dont know what thye are clicking.

    THe most alarming case i saw was back in 2001 a mans laptop was comprimised with KP and they pics were in the background the strup and all over the place. He paniced and tried to clean them off by deleting anything he didnt understand. Needless to say it was a cluster F**k.

    Then We received email demanding a lot of cash to be wired to a russian bank or they would grass him up to the boss and the cops. How ever this man was th eboss and knew a lot of russian cops.

    But i was amazed at how they had done it. He had been profiled and tracked by his use of normal maiden aunt type websites. Then something was injected from a resturant guide website in .RU and slowley when he wasnt using th pc the changes were made.

    This guy was terrified.Scary.

  56. nematodirus
    Thumb Up

    Lucky man.........

    .....to have such a supportive partner. That must have helped make the whole ordeal somewhat more bearable; without that support, he may have ended up as one more suicide statistic chalked up as a victory in the Great Crusade.

    I wish them both well. And his friends who assumed the worst of him ? Better off without them.

  57. Anonymous Coward
    Anonymous Coward

    Movie rights??

    Apart from a whopping payout this guy should get, I reckon this would make a perfect Daytime TV Movie.

    It's got everything; happy life destroyed by some external force, lots of tears, fight through adversity, loss of all hope (except 1 true friend - there always has to be a true friend) - then all comes good at the end.

    Will never happen of course, "just in case he really was a pedo".

  58. Writebaby
    Paris Hilton

    Far too much excitement for one day

    I noticed that one assumption here is the guy was some dumb@$$ who clicked on everything in site, visited P2P sites etc. Haven't you read the latest articles on driveby downloads? It's not just the bad boy sites which are hacked with malware anymore, a lot of innocent sites are too......

    ... sorry just got interrupted by some Quicktime software wanting to automatically download on my PC. I am sure the GUI looked different last time they did this. Oh well, it must be alright, I've heard of them...

    .... so point is, anyone could be caught by this stuff and btw no firewall or antivirus will guarantee its stoppage.

    So the real problem is employer education as to what does and does not constitute valid computer evidence.

  59. Law
    Coat

    RE: Re: @RickyTheRiot

    Sarah's right - I haven't seen this sort of mobbing since some loveable Ranger's fans came to Manchester for a quiet pint and the match.

    Mines the one with Norton 360 in the pocket

  60. Jonathan McCulloch
    Flame

    @nematodirus

    "I wish them both well. And his friends who assumed the worst of him ? Better off without them."

    Amen to that.

    Some 4 or 5 years ago one of my friends was caught up in Operation Ore and not many people stood by him (I'm pleased to say I was one of them. When he told me he'd been charged, I asked him if he was guilty, he said "NO!",and that was good enough for me).

    Then some 18 months after his initial arrrest, after telling him it would be "easier" for him to admit it, Plod and the CPS waltz into court to plead "no evidence". Plod, the CPS, and Yea the givernment are not your friend and they're not here to help.

    This guy's runs his own business -- but almost lost everything after regularly seeing his name in the local rag with all the accusations. He's STILL recovering from it.

    Mr Riot -- I really hope nothing like that happens to you.

    -- Jon

  61. Anonymous Coward
    Anonymous Coward

    Ok, Leaving aside his guilt or innocence

    I wonder if his company keeps track of who had / used the laptop before him. It would appear that they have some questions to answer as the malware seems to have been on the system when it was handed over to the victim. I doubt whether they loaded it on purpose, it's probably as KB said, a drive by, but they must have been somewhere off the usual Internet track to cop for it as it isn't that common as far as I can work out.

  62. Anonymous Coward
    Anonymous Coward

    Where's Deep Freeze gone ?

    Forget toys, use a real computer like Apple or Linux and you won't get 'malware'. Boot from a live CD and you're totally safe ...

  63. Anonymous Coward
    Anonymous Coward

    hee hee hee...

    I love the idea that someone is savvy enough to fake all of this, yet not savvy enough to NOT DO IT ON HIS COMPANY LAPTOP AND PHONE BILL.

    lordy... second guessing legal verdicts is one thing, but assuming someone is simultaneously the least and most knowledgeable user is just funny.

  64. Mike Moyle
    Boffin

    Just to put the issue to rest...

    For anyone who doesn't know the area, the Boston Herald is the conservative tabloid competitor to the more liberal broadsheet Boston Globe. Formerly owned by Hearst, then Murdoch, it is now owned by an ex- News Corp. exec but pretty much maintains its "Fox News"-like slant.

    If THEY'RE saying that an accused KP-er was declared innocent without using words like "defense shenanigans", "sham" or "miscarriage of justice", then you can be pretty damned sure that he WAS innocent!

  65. kb
    Flame

    In Response

    To Colin Guthrie; I don't know how it is there in the UK,but here in the Southern USA we had to put these giant cages around overpass walkways because jerks were killing people by throwing bricks off of them onto passing cars. Never underestimate someone's desire to do anonymous evil. There are some truly vicious people out there that love the idea they might be destroying someone's life "just for kicks".

    That said,I have worked in PC and network repair since the days of DOS and can tell you that putting a backdoor so they can serve their KP filth without risk is more common than you think. That is why when I am presented with a serious infection I always warn the customer about that risk and suggest nuking it WITHOUT checking to make sure,because by US law if I was to actually find any I would have to report it. And as we have seen here the "guilty until YOU can prove YOUR innocent" is just too big a risk to take. But I can tell you from my experience it happens a lot more than you think.

    I have actually helped my state police crime lab a few times with such investigations and believe me it is quite easy to tell the difference. The pervs will almost always save it in REALLY dumb places like the "My Documents" folder while trying to hide it by burying it several folders deep. I even saw one who had saved in a folder in my pictures and then forgot and turned on the XP My Pictures screensaver! Whereas the driveby downloaders will put in a shared folder,usually in the webcache or system32 folders. One even had it pretty well hidden using the old "administrative shares" trick.

    My friend in the investigative branch told me a single website they were after was making $99 USD a month per user hiding 3Gb of this garbage in this manner and that they believed that website had over 8000 subscribers! Now that is nearly $800K USD a month. With that kind of profit to be had you are going to find plenty of scumbags who will take the money while passing on the risk to the uneducated users out there. Lets get real here: people have been tortured to death for a WHOLE lot less money than 800K tax free a month. Do you really think the kind of people who traffic in this kind of garbage would really care that they destroyed an innocent man's life and career? And I do apologize for the length,but I thought it would be prudent to share that this is a VERY real and sadly all too common occurrence with modern infections,which are almost always about profit from illegal activities anymore.

  66. John Dougald McCallum
    Joke

    The spit roasting of Ricky the Riot

    I think you can take the spike out now he will be well toasted by now(mmmm long pig YUMMMM)

  67. Robin Fiola

    To Mr. Ricky

    I am Mr. Fiola's wife. Let me clear up a few misconceptions. The media misquoted me a bit. My husband is not "computer illiterate." He knew how to use the computer for his job, but that was it. He was not the member of any chat groups, never dowloaded any files, didn't fiddle around with software. He'd rather read or watch sports on tv.

    Secondly, he never looked at ANY remotely pornographic on his laptop. Never. He did his job and he looked up weather forecasts and traffic reports. There were no stored images on his computers, just websites that a virus was driving his browser to, unbeknownst to him, and then storing those sites in a temporary internet folder. The anti virus protection that was installed by his IT dept (and over which he had NO say whatsoever) was improperly configured and never worked. Why the IT dept didn't notice this, I do not know. But I think it's a question that deserves anwsering. There were NO stored files or images, no subscriptions, chat rooms, NOTHING that indicated he had any knowledge of this back door activity.

    Mr. Ricky, if you would like to read the report, it is available online. I assume you must be a computer forensic expert with impeccable credentials, so I look forward to your review and opinion. Robert McMillian somehow found the report and put it online. Since you are obviously a very important and extremely knowledgeable expert about computers and the internet, I will leave it up to you to find it (I've give you enough info to track it down.)

    Now. If I may...a final word. My husband, a former volunteer fire fighter for over 10 years, park ranger, and Life Scout, had never been in a trouble a day in his life. He is the most honest, God-fearing person I know. To even suggest or hint that he was complicit in ANY of this is absurd. For the past fifteen months, our lives have been nothing short of hell. We have lost everything; our retirement account, life savings, assets, everything. You Mr, Ricky, have the luxury of sitting on your giant arse and passing judgment on people you have never met, and on a case of which you know nothing about. I pray that some day, you don't find yourself in a similar position to ours. But if you do, I hope you will be treated to a fairer brand of judgment than you have laid upon my husband.

    -Robin Fiola

  68. Ermie Mercer

    He should sue his employer

    My son-in-law has worked for insurance companies in various capacities. His company-issued laptops were always restricted in what he was able to do with them. They had a standard company image installed, and he was unable to install software of any kind and unable to browse the Internet.

    Reading the article, It looks to me like the IT department of Mr. Fiola's employer was unbelievably negligent.

  69. Ermie Mercer

    P.S.

    Or unbelievably incompetent...

  70. John F***ing Stepp

    Hey Robin

    I salute you.

    Next time you get a used laptop have some one format the crap out of it.

    Mine (this one) came equipped with the blaster worm; but I am slightly l33t and got rid of it within an hour.

    Use firefox; make certain you have a firewall running and turn off all that useless (aol hp dell micro-shaft) automatic updates.

    Again, I salute you.

    My wife would have probably shot me.

  71. Jess

    @ Mrs Fiola

    I hope your husband successfully sues someone big time.

    (Ideally it would be Microsoft for their Swiss cheese approach to security, but that would never succeed. The employers chose to such an insecure system and they failed to take the steps needed to properly secure it.)

    Good luck.

    I hope to see an article in the reg in a few months reporting a several million dollar settlement.

  72. Wendy

    Please stop...

    PLEASE stop referring to child abuse as child porn. There is no such thing as child porn.

  73. Adam West

    @Wendy

    Why do I get the impression you are one of these people who also comes out with complete rubbish like "there is no such word as can't"?

  74. zcat
    Unhappy

    not just porn and wares sites, I can assure you..

    Earlier today my wife ended up on a website that insisted she needed to update Windows Media Player (a dead give-away since we use Ubuntu) and would not let her navigate away from the page until she accepted the download. This was while searching for knitting patterns, honest-to-God! She's had a quick lesson in the use of 'xkill' and knows how to escape such nonsense in the future. Elsewhere in the world it's likely a few hundred would-be knitters using MSIE and Windows are now hosting a nasty bit of malware, and probably don't even realise it.

  75. Peter Sommer
    Alert

    Here's the defence expert's report

    Some-one has very kindly posted the defence expert's report on to the web. I now look forward to Facebook videos showing hats being eaten...

    http://blogs.csoonline.com/files/Forensic%20Report.pdf

  76. Brian

    Now I know...

    So when I want to view porn on my company laptop, I just have to keep it in temp directories and reset it to appear unviewed, and Im golden.

  77. Anonymous Coward
    Flame

    A life ruined

    I wouldn't be surprised if this poor guy kills himself after all this.

    His life savings, any equity he had in his house, all his investments -- all gone to feed the sharks - er, lawyers - who feed off all this. If he sues, it'll probably take years and the state will claim immunity. Then more lawyers will queue up for whatever come out of THAT one. All because some piece of shit decided to route kiddy porn through his computer. This is scary stuff indeed, and it could happen to ANYONE.

    BTW, in the original newspaper article, he was described as a model employee and had just received a very good performance appraisal.

    Poor bugger was in the wrong place at the wrong time.

  78. paul carrington
    Flame

    Worrying

    Now imagine that instead of the US, this was in the UK.

    Now imagine that instead of kiddie porn, it was some terrorist material.

    Hope you dont support 42 days detention without charge.

    Flames cos im bound to get flamed - mines the asbestos coated one.

  79. Charles Tsang
    Joke

    @RickyTheRiot

    LOL, is Ricky still reading this?

    Cos the next stage of this guilty until proven innocent has already been demonstrated in the Middle East.

    You could easily substitute WMDs in there for the child porn images.

    The fact that we are all IT literate (plenty of logs at El Reg to show this) and have no evidence of Child Porn on our computers is evidence of our nefarious behaviour and our expertise in hiding them!

    In fact Ricky probably wants to know if either of the investigators was any relation to Hans Blick.

  80. Anonymous Coward
    Anonymous Coward

    @Wendy

    "PLEASE stop referring to child abuse as child porn. There is no such thing as child porn."

    Yes, there is. Child porn is a quantafiable thing. If you look at a photograph, and if a subject of that photograph is a child, and if the portrayal of that child is sexually obscene ... then it is child porn.

    Period.

    "Child abuse" is a broad term. It applies to many forms of abuse, many non-sexual.

    "Child porn" is just one possible form of "child abuse" in turn.

    "Child abuse" therefore is not always "child porn."

    See? Basic reasoning isn't so hard.

    Unfortunately, there is a move underway to erase from the public's mind the narrowly-defined notion of "child porn" and make the broad notion of "child abuse" indistinguishable from it. This is dangerous. Under such "logic," anyone slapped with the "child abuse" label would be presumed to be involved in the worst possible form of it -- the sexual kind. Even the very sound of the phrase "child abuse" would elicit the mob-like reactions that the term "child pornography" now conjures up. Child porn has become as much a sexual epidemic as a witch hunt epidemic, and we already have a society where people are charged with "child abuse" for such comparatively trivial "offenses" as forgetting to properly buckle child safety seats. Do we honestly need something that almost anyone can be charged with becoming socially synonymous with something that only the worst people are capable of?

    Read 1984. See the bits about corrupting language to the extent that exculpatory concepts are eliminated outright or re-defined to mean the inverse.

    Frankly, in general, I'm becoming excruciatingly tired of the kiddie porn witch hunt. I'm sick of even hearing about the subject itself. Already, efforts to fight child pornography are being thwarted by the terror of even being associated closely enough with it to merely report it. In my mind, the kiddie porn hunters have become as obscene and repugnant as the kiddie pornographers. How is destroying some kid's childhood through sexual exploitation MORE vulgar than destroying an adult's entire family, life, and career because of photos of bathing infants, home videos of gymnastics recitals, and common malware infections? I dare say they're exactly as bad. In fact, I say the "won't SOMEBODY PUHLEASE think of the CHILDREN?!!?" screechers should all commit suicide. Children aren't the only people who's lives have value.

    "The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation." --Adolf Hitler, Mein Kampf

  81. Anonymous Coward
    Anonymous Coward

    forensic report

    hmm its worthwhile reading that report,it would seem pretty clear that Mr Fiola is innocent and Mr Glennon is rather incompetent indeed, i would be suing the crap out of him.

    also the report states that all different types of images were found on the laptop not just child porn, but its cp that grabs the headlines i guess..

This topic is closed for new posts.