Best Buy tech finds 'child abuse' wallpaper on broken PC A man allegedly caught using child abuse images as a desktop wallpaper faces a string of charges after he took in the malfunctioning machine for repair. Daniel J Wagner of Sheboygan, Wisconsin reportedly took the laptop into his local Best Buy store in order to clean up a malware infection around a fortnight ago. The …
I used to be a workshop tech in a workshop for one of the workds leading laptop makers, and once i had a repair in which during a soak test randomly playing recent files through media player, when after about an hour some of this sick shit came up.
as a survivor of this kind of treatment myself, it was deeply disturbing, so i informed my line manager, and immediately the police were called.
said animal was arested, and as a foreign national deported and met by the FBI upon his arrival in the US. and placed on the nonces register in the UK and the US.
after that i dont know or care what happened to the degenerate.
all that is needed is to investigate the time stamps on the files. besides the offence for which the scum are charged is the posession of images... nothing there about how it got there, or why... just the posession.
if you are totally innocent then maybe a defence could be mounted. but having said material in the MRU of an app or as wallpaper for gods sake. then the 'I dont know nuffin abaht nuffin' defence if more than a bit thin.
fuck him
and fuck all like him
If he has a good lawyer he could equally argue that the best buy tech's had ample time with the machine to put the pictures on and falsify logs. It's very hard to provide an uncorrupted chain of evidence with PC's.
Lawyer: So how did you discover the pictures were on the laptop?
Tech: I turned it on.
Lawyer: No more questions your honour.
Expert witness: The boot process has altered the contents of the hard disk.
Lawyer: The evidence has been tampered with, I move that exhibit A is inadmissible.
The judge will most likely not be failure with how computers work but he will know how evidence works and have to drop it.
Or, more tellingly, can the tech prove beyond all reasonable doubt that the machine could not have been accessed by anyone between the time that the man submitted it for repair and the discovery of the images? An investigation into the boot process would be able to reasonably prove that turning it on didn't alter the contents of the machines such as to load child porn. But it would be VERY reasonable to suggest that some store employee could be getting his jollies with customer machines and altering the clock (and thus timestamps on files) to hide his activity.
I'm undecided. Would someone be stupid enough to hand in a laptop that had an illegal image as his wallpaper?
Going by the small number of images, is it possible that they're images made by the man? In which case it's a simple test: "is the guy in the photos the same guy who handed the laptop in?"
/fail tag because the article doesn't have enough details
If he is a kiddie-fiddler then tough luck, he's a dumb-plank and deserves all he gets. However, he needs to prove it was not a stitch-up, perhaps Police contacting the guy's ISP, asking for logs on where he has been going recently, search of his home, I suspect has already happened. Fair chance if he prized the stuff, he would have had some kind of backup somewhere on discs, USB sticks or whatever.
If he is found guilty after a fair trial then yes, tough luck.
However there are a few stages between now and then, and it is a shame that we default to assuming anyone implicated in a kiddie porn episode is automatically guilty without need for further investigation.
"However, he needs to prove it was not a stitch-up"
There might be a typo here but the innocent person doesnt need to prove anything. The police / District Attorney or however it works in the US, need to prove that it is his rather than something a malicious Best Buy employee slapped on him or something the Malware "gifted" him.
How quaint. Yes, that's how it's supposed to work. However, child abuse/porn is such an emotionally charged issue that it's a rare DA who can approach such a case without bias or a politically-motivated agenda, and a rare investigator who will go to much effort to unearth evidence that might cast doubt on the obvious guilt of the perp.
No, if this guy is actually innocent, he'd better get a good lawyer to start an investigation of his own before the entire trail of evidence is destroyed.
All cases prosicuted are polliticly motivated. As a DA one of the things that tends to get you higher seats (govener, senitor, congrassman, etc.) is your how many people you lock up. While the "kiddyfiddler" number sperated probibly wouldn't hurt, the "common drug dealer" and "petty shoplifter" numbers are also helpful.
Additionally the US has an adverserial system. It isn't the job of the DA to find the truth, his job is to prove his case. In (the US) theory he SHOULD be biased. That is why the US dictates that everyone who wants one gets a defence attorney (if you cannot afford one, one will be supplied by the court). The defence attorney's job is to rase doubt about the state's case.
Finally, think about it a moment, what evidence is there to find? I accuse you have being a kiddyfiddler, if your not, prove it. Obviously, there is no evidence I have against you, but you cannot disprove the statement, because there is nothing you can provide that will ever make it impossible for you to be one.
In this man's case there is some evidance that he is, but there is doubt about it (could have been put there by malware, the malware HE TOOK IT IN TO GET FIXED). What was on his computer is not enough to prove beyond a reasonble doubt (threshold for a conviction), but it is enough for probable cause (threshold for a search warrent). They will need to issue warrents and find other corobberating evidance.
the charge is possesion..
is this your computer...
are there illegal images on there...
that establishes the case, now you try and wriggle out of it.
turning the machine on or off will alter the contents of the disk, but mru's? wallpaper??? ISP records.
if you really want to go that way, fine
10 years
It doesn't say it was *set* as a wallpaer, it says they "were used as a desktop background". To me, that sounds like he's changed the desktop background, but the images were still in the list of recent backgorunds (Or elsewhere, depending on version of windows!)
Or maybe I'm overthinking it!
If this was the case, that only strengthens the view of the guy's innocence...
I *was* a Best Buy tech, and I don't think I was *ever* bored enough to try to view the HISTORY of set desk top wallpapers! If the tech was doing this then (1) they were not following company policy (2008) that respected the privacy of the client - don't get into personal files or internet history because it brings HUGE liability to Best Buy, and (b) the tech becomes more of a target for accusations of malice through boredom or perceived slight from the customer (was the parent of a [girl/guy/household pet] I wanted to date years ago but he said no).
Either way, this is pointing to something really off. If the guy had an abuse image as a wallpaper, then this could be too obvious... especially if he states that he took it to Best Buy to get rid of the virus that was changing his wallpaper and throwing up odd images in pop-ups, eh?
Of course that then raises the question of "what was the tech doing looking at recent wallpaper images?"
He was probably looking for stuff to add to his own collection.
Considering the stories I've heard about the techs at Best Buy I'm surprised the plods don't use this as an excuse to seize the servers used by the techs. After all, the tech may have copied all the pictures before calling the cops.
Something similar to this once happened at a small repair shop I used to work at. Our procedure went something like this for non-trivial infections: Back up customer files to our server over the network using a linux boot CD, wipe machine, install OS + basic stuff, copy files back. Another tech discovered the offending images after I'd performed the backup, (tsk...mental scarring is probably a reasonable punishment for looking at customer files though) but since I was the one to do it, I asked the cops if I was going to have to testify if and when it went to court.
The cop's response was interesting: (paraphrased) "You probably don't have to worry about it. A substantial portion of these cases don't actually go to court, because the perpetrator commits suicide rather than stand trial and have their offense known."
I didn't have much reason to doubt him at the time. I suppose I only have one cop's word for it, but I never did get asked to bear witness.
How much worse is it when you're framed for paedo stuff you really didn't do, in this day and age ?
I mean okay, maybe he IS a scumbag lowlife getting his kicks out of the suffering and mental scarring of helpless children.
But maybe he actually isn't. There seems to be a few scenarios in which the guy could actually have nothing to do with the problem.
Either way, his name is posted on these here Intarwebs, along with the crime he has not yet been found guilty for.
I'm not one to protect a paedo, hell I'd be just as happy to watch one hang as the rest of you, but this guy is not yet tried and found guilty by law - yet his life is already harder because, in the years to come, his name will forever be associated with paedo pics.
And if he's innocent, and there is yet a chance he is, that is a terrible burden to bear.
So, next time El Reg, even if other sites are not so delicate, could you please refrain from editorially condemning a possibly innocent person of the currently abject crime of kiddy-fiddling before a judge has officially said "have at him, this useless piece of shite paedo is guilty" ?
A number of applications have the option to "save image" positioned either close to or right next to "save image as wallpaper" / "set image as desktop background" whatever.
It is easy to hit the wrong one and glaringly obvious when this has happened.
What might have been less obvious to this guy (who may not be the sharpest tool in the box), is that when one changes or resets the background wallpaper image, the unwanted image remains in the default folder.
If the filesystem is FAT based, it's probably not possible to tell what has and hasn't happend on it in which order, but with NTFS it's timestamped, there is a transaction log and loads of metadata. Even if the machine was at a shop and may have been tampered with there, it'd be pretty obvious to an expert in computer forensics*. There is also the burden of proof, which isn't "is there an almost infinitely small chance that the data has been changed" but "is there a reasonable doubt that it hasn't been changed."
*You could change the time, but I'm pretty sure that is logged by the system, also it will almost certainly show up in the journal or metadata that a file had been written after certain file system operations had taken place, but the timestamp was before these.
Regarding the possibility of undetectable tampering with files on a hard disk ..
I have a bootable Linux CD which can shrink an NTFS partition on my hard disk.
In order to do this, the Linux CD accesses the hard disk without using any Windows code. It also moves around blocks in the NTFS partition while preserving all the references to them in the metadata, transaction log and so on.
Given the existence of this tool, I don't find it too hard to imagine a similar tool which can convincingly add files to an NTFS system in such a way that it appears they were added some time ago.
It's possible, but the sort of tool you describe will always leave fingerprints, I'm personally not aware of a tool that can add files to an NTFS filesystem and conceal what it has done. That doesn't mean to say there isn't one, but looking for that sort of tool will be part of the police investigation, and I would hope that they'll be looking at the possibility of a set-up, or they aren't investigating the incident properly.
I think it's a little too early to post this article. As many others have said above, we still do not know if he actually downloaded these images himself or not. For all we know, the malware he had on his machine might be the thing downloading the child porn! (I know he's a bit dumb to have taken it to be repared, personally I would have done my best to destroy the hard drive and then throw it in a lake or something).
If we find out he is guilty, then he's fair game. Until then, lets wait and see.
If you follow the local report link, the arrest report summary reads like the technician tampered with evidence by attempting to replace the wallpaper before searching for and finding more images, then reported the images to his manager. I don't know about anyone else but if I found even 1 image of a child being abused I'd close the lid, stop getting my fingerprints all over the machine, and call the police. I'd tell my manager but only to report progress, not ask permission. I certainly wouldn't try changing the desktop settings while the store's copper-friendly CCTV cameras record me, for accessory-after-the-facty goodness.
As for "How stupid do you have to be to take your kiddie-pr0n-o-tr0n in for repairs?", do we *really* have to keep asking? Nearly 7bn peeps on the Earth, plenty of them are going to be way, way down on the bad side of the Bell curve.
It is incorrect to call the efforts of the tech "tampering". Tampering is *deliberately* affecting evidence, but the tech didn't start out with teh expectation of finding child porn, and when he found it I think he was legally obliged to stop and report (even as a decent CYA exercise).
It will be interesting to see how this pans out, because I'm not sure the evidence stands up (apologies for the unintentional pun). There is indeed a 3rd party access to the system (bonus question: how do we know the Best Buy environment is virus free?). What could happen is house searches - if this guy has been entertaining himself in this fashion for some time there will be other things around, and at that point I hope they find enough to lock him up.
Keep an eye on this one - it isn't over yet..
Maybe I'm being a little too soft here, but are there any privacy laws protecting what I have on my pc? If I ask someone to check for malware do I automatically give them carte blanche to trawl through my hard-drive in the hope of finding something juicy?? Will they claim that they need to intrinsically check EVERY file, regardless of file-type, in case it's a virus?? If so I'm reverting to pen and paper...
When you give over you PC the T&C's will tell you that the techs may need to access files as part of a diagnostic analysis.
If you don't agree to the T&C's then they can't accept your machine. It's the customers choice.
If they did find illegal material such as Child or Extreme pornography they have to inform the authorities.
External Hard Drives. Or Flash drives.
If you know enough to be worried by the vagueness of these laws, you can spot solutions. Heck, British Child Porn laws only need the performer to appear to be under 18. In the USA, proof of the person's age it a defence. Now we have Extreme Porn, the Furries are nervous.
Trouble is, reasonable care to keep your private life to yourself can be taken as an attempt to hide something. And even something involving a fictional entity of obvious unreality can be targeted under current laws.
When PC boots, go into bios and change date/time,
Boot off a linux cd, disk or usb drive,
check date/time is sufficiently in the past,
copy the files to wherever you please, c:\windows normally for desktop backgrounds, the desktop itself, 'my pictures' or 'temp' or whatever,
restart pc and reset bios date/time,
remember to take out the boot cd, disk or usb.
hmm - what have I forgotten?
ttfn
EXIF only contains info about the image, time/date picture taken, camera and some settings. As long as the time stamp of the file is after the EXIF time/date you have nothing to worry about.
And you can tweak the EXIF data without having to mess with the system date/time.
For the record, I don't think the best buy tech is smart enough to do all this. He was likely looking for porn to add to his private collection and found images of questionable legality. Going to all the trouble of planting evidence would require motive on the techs part.
How the images got on the computer in the first place is a completely different matter.
What have you forgotten:
That PC time will update from the network?
That it will log if it can't update the time?
That it will refuse to update the time if it's more than X hours out?
That the logs will start logging dates and times before the last time?
To know anything about NTFS before commenting? (see my post above)
Other than that, spot on, what you say will work fine.
Hope to Hell he is guilty because his life is now as FUBAR as his face is in that picture.
Also, further to Sub's point about the idiocy, the fact is that you will only hear about the idiots who are dumb enough to get snagged. How the hell are you going to hear about the smart ones who don't get caught? Victims don't have a voice due to the circumstances and the offenders rarely advertise. The only methods for active detection are profiling or entrapment. While no legal expert, I'm pretty damn sure they're both illegal. Unfortunately.
Child abuse is something we live with because there isn't enough money in preventing it to get the measures enacted to stop it. And by stopping, I don't mean post facto, I mean identifying and treating the offenders before they commit serious offences, rather than treating their early low level sexual offences as minor errors of judgement , rather than early indicators of serious underlying mental health issues that will lead to some poor kid getting raped in the future.
Bear in mind we only see a minority of the actual offences reported in the media. The vast majority go undetected, unreported or unpunished, even when the offenders don't have the Catholic Church to shield them.
@ Nux Vomica, I totally agree with almost everything there. If he isnt guilty a lot of news outlets should be made to pay for destroying his life.
However:
"And by stopping, I don't mean post facto, I mean identifying and treating the offenders before they commit serious offences, rather than treating their early low level sexual offences as minor errors of judgement , rather than early indicators of serious underlying mental health issues that will lead to some poor kid getting raped in the future."
This is a variation of pre-crime. It creates the argument that because 90% of people who do X go on to do Y, so we should treat all of them as if they have done Y. Indicators are by their very nature not definite proof that the person will go on to rape and kill (or what ever).
The problem with predictive measures is that innocent people are effectively punished because they *may* commit a crime. Taken to its extreme would people be happy with chemically castrating all men from working class backgrounds because they have a high chance of being a rapist at some point in later life?
How about arresting everyone who watches porn because it means they might become a sex offender? Oh actually that one is already on the way....
I understand your point, and suspect I didn't explain my own clearly enough. I wouldn't recommend early intervention comprising of punishment for crimes other than those that sex offenders are convicted of.
I would like to see low level sexual offences treated as indicators of a predilection and result in treatment and close monitoring of offenders for a substantial period after (sex offenders register doesn't mean jack). Yes it does have civil liberties implications, but then so does virtually every form of punishment. In cases where the crime is an good indicator of future behaviour of sufficient gravity, I think this needs to be discussed.
Definite proof no, but then virtually all legal decisions are taken on a less than 100% proof basis. No I don't think this should be a legal basis for all crimes, but sex crimes in general and paedophilia specifically are very much more predictable (in terms of the offender profile) and very much more serious in their impact than property or even violent crimes in general.
With 95% of reported adult rapes failing to get a conviction who knows how many child rapes go unreported. I think a measure of this nature would have the potential to prevent a lot of harm, and adversely impact only those who have commited a crime already.
One caveat, keep anyone one with a financial interest out of this. The moment that the News of the World start a "Hang a Paedo" campaign or rogue psychologists start uncovering forgotten "memories", it's finished. Those bastards are just as bad as the offenders because they reduce credibility and facilitate the crimes they profess to abhor.
I didn't see him mentioned in the story once... so am I to assume that this type of "owned" repair is now known as a Gary Glitter??
I'm quite against the crime - but you have to wonder, if somebody is able to dig around the seedy underbelly of the internet to find these things, I'm guessing forums and repositories like usenet, then surely he knows how to simply google "spyware cleaner", or eventually, can put in a cd, select C drive, and click "install windows".
He's probably innocent... I recently cleaned up my brothers virus infested laptop he bought from a friend, googling a couple of rogue processes actually ended up bringing up sites that attempted to install even more crap and executed a billion popups from seedy sites....
Perfect job for a kiddy fiddler, or pervert of any kind = PC Repair Technican.
Scenario:
1. Laptop comes in for repair, pop it on the shelf
2. Laptop gets sneakily taken home by a technician or used after work when everyone else has gone
3. Laptop is used to download illegal porn, probably via an unsecured residential network (sit in your car outside or something) and is then taken home and further 'abused' by the technician
4. Laptop is returned to shop where a colleague (or offender) "discovers" the porn
5. Customer is blamed
6. Fingerprints of technician all over the laptop not even questioned, it was in his shop after all...
Customers life is in tatters, that's the kind of mud that sticks too well.
There are also (only rumors, mind) of technicians routinely copying anything and everything with *.gif, *.jpg, *.zip, *.tiff, etc, etc, etc. off for personal perusal at home or later date.
Surprisingly, most shops back then didn't have CCTV in the room, as the large window showed the tech's actions. This saved them money keeping an eye on inventory, but usually neglected to see the screen. And as it was usually an automated process off of CD, it would just be another "cmd" screen running "diagnostics" anyway...
I doubt the tech planted them - this is more likely scenario:
Tech looks for home-made pr0n on customer PC (which they invariably do)
Tech finds disturbing pics.
Tech needs excuse for how he found said disturbing pics
Tech sets one as wallpaper.
Tech says "oh my eyes!" and reports to manager.
Technical repair lawyers.
Think of it: bar-admitted lawyers being trained in technical issues like computer repair.
People bringing in computers to the lawyer-computer-repair firm would be clients of the lawyers, creating attorney-client privilege with respect to anything on the machine.
It would be quicker and cheaper to be ordained in the Church of the Holy Data, in which computer repair is a sacrament. Also invokes privilege, and doesn't involve going to law school. Further, I'm not sure (IANAL) that attorney-client privilege would apply-as repairing a PC is not a legal service-but if it's a sacrament, it is-like confession-privileged, and the state can't tell a church what is and is not a sacrament.
Mine's the one with the O'Reilly Guide to C in the pocket - it's our Holy Writ.
I think the point is that regardless of the outcome of police and other authority investigations. Regardless of innocence or guilt, this person's life is now f***ed!
There is no way in the UK or US (don't know anything about other countries cultures and laws) that an ex-suspected pedophile can resume a normal life within those societies.
The guy wouldn't be charged without a forensic examination being done on the PC, there a numerous ways to identify if the guy is guilty or not, file time stamps, index.dat files (holding URL information), Registry entries that identify things like URL's visited etc etc etc. The fact is that he will if he has any brains get a defence expert to take a look at the prosecution findings and get his own forensics report done, if he isn't guilty they will find out how the pictures got onto the machine.
I've not actually come across any trojans (yet) that download CP, so if anyone has any info on any please do put up a link!
Cheers All.
Just two things, while I've never had to bring in a unit for malware issues, I always remove the HD from the unit, it simply isn't anyone's business what's on my pc's and sometimes, it's client data, so I have to protect it.. Second, when I've been asked to help someone fix something there's often jpgs that seem to trigger the software scans, and Windows likes thumbnails when you open the folder so, I'm always amazed at what people are in to, 'you're into that?'
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
