back to article What do you get when you allegedly mix Wireshark, a gumshoe child molester, and a court PC? A judge facing hacking charges

A judge in the US state of Georgia is facing hacking charges after she allegedly hired private investigators to look into what she believed was a spyware infection on her office computer. Lawyers for Judge Kathryn Schrader are challenging a September indictment of three counts of computer trespass against herself and three …

  1. JohnFen Silver badge

    Nuance

    Regarding the network intrusion claim, I'd think it would depend on how Wireshark was used. If it was putting the network adapters into promiscuous mode, then yes, there is meat to the charge. If not, then WIreshark would only be seeing the packets that are going to and from that particular machine. It would be hard to argue that's actually intruding into the network at large.

    1. Olivier2553 Silver badge

      Re: Nuance

      I tend to disagree. Even in promiscuous mode, packets that reached her machine was likely to be read by her machine, being destined to her address or broadcasted.

      Unless there is a major flaw on the network, times are gone when a machine could see packets that were not for itself.

      1. revenant Silver badge

        Re: 'times are gone'

        I agree with your observation, assuming times have indeed gone in the courthouse.

        If the network was ancient enough to still be using hubs instead of switches, though, promiscuous mode would have exposed everything.

        I miss network hubs.

      2. DougS Silver badge

        Re: Nuance

        Maybe, maybe not. Depends on what the "private investigator" did. If he changed her PC's MAC address to the DA's PC's MAC address and received traffic destined for the judge's computer then it would be very much illegal. Yes, it can be prevented if the switch is set up to be secure and only allow certain MAC addresses on certain ports, but that's doubtful here.

        Regardless, the PC isn't her property, she's not free to install packet sniffing software on it, let alone allow a third party access to her work PC. She deserves to be in trouble, regardless of the details.

        1. steviebuk Silver badge

          Re: Nuance

          The article at the end said the PC/laptop was hers

        2. Roland6 Silver badge

          Re: Nuance

          > the PC isn't her property, she's not free to install packet sniffing software on it,

          Well, to install packet sniffing software you need at least local admin privileges, so unless her contract and IT use policy explicitly prohibits the installation of packet sniffing software...

          But yes, as it seems to be a work PC and thus property of the court, she does deserve to be in trouble for letting unvetted/unapproved people have access to her PC.

          1. david1024

            Re: Nuance

            She is "the court". Everything belongs to her... That's what a judge is. Until she's replaced and then someone else is the court... She's not the employee. (Close to an executive type--still subject to some rules, but not many.... Which is why the PC keeps getting described as hers)

            1. Roland6 Silver badge

              Re: Nuance

              >She is "the court"

              Thanks for that, one of the differences between UK and US court services.

      3. Anonymous Coward
        Anonymous Coward

        Re: Nuance

        It would appear that Mr Kramer is only interested in small packets, not full-sized ones.

      4. Michael Wojcik Silver badge

        Re: Nuance

        Even if the network is hub-based and the NICs were in promiscuous mode, I'd consider this a case of overhearing rather than spying. If the court's IT department can't secure their network properly, that's their fault, not the judge's or the investigators'.

        Circa 2002, I moved house and got cable Internet service. I was investigating a problem with my work VPN and had done some tcpdump tracing on a machine connected directly to the cable modem. I was talking with a network engineer about some of the traffic I was seeing, and he got all bent out of shape: "You can't look at packets on my network!".

        Well, as it happens, I can. If you don't want me to, don't send them to my device, buddy.

        Fortunately that cable company went bankrupt and was bought by one that employed adults.

        1. Cav

          Re: Nuance

          "If the court's IT department can't secure their network properly, that's their fault, not the judge's or the investigators'." If you leave your door unlocked and someone walks in an steals your belongings then your insurance company may not pay up but the perp will still be arrested for burglary. Carelessness is not a permit to do what you want.

    2. big_D Silver badge

      Re: Nuance

      On the other hand, it isn't her PC or her network, it is a PC provided by the court/county/state and she probably has no right to do such an investigation on her own.

      Certainly here, it would come under the equivalent of the UK Computer Misuse Act, if an employee started using Wireshark or any unathorized hardware or software in our company network or on company devices.

      Surely her first stop should have been the court's IT department. They should be capable of scanning the device for spyware. If not, they would be able to authorize an external specialist.

      It seems naive of her to have got her own investigator in, without informing those responsible for the PC and the network. Certainly here, she'd have been out on her tail, if she had tried something like that.

      1. LDS Silver badge

        Re: Nuance

        The problem here is she feared an internal probe or the like - for some reasons not explained here. She then probably decided she couldn't trust anyone internal, or even the police, so she hired a private investigator - and it looks without any good screening...

      2. iron Silver badge

        Re: Nuance

        > Surely her first stop should have been the court's IT department.

        Unless they are the people she suspects of planting the spyware. After all, who else has regular access to do so?

        1. Pascal Monett Silver badge

          She did not suspect the IT department, she suspected a District Attorny.

          So yeah, she should have gone through the IT department.

          Looks like we have a judge who has been watching too many police shows on TV.

          1. Doctor Syntax Silver badge

            That doesn't preclude the DA having instructed the court IT staff to do that. I wouldn't have thought he'd be entitled to do that but maybe the reality is different. She should have issued a warrant to the investigator and made it official.

            1. big_D Silver badge

              Shirely he'd need to get the Judge to sign off on a warrant to install the spyware, before he could order the IT staff to install it?

            2. Michael Wojcik Silver badge

              Or if one or more IT staff members were colluding with Porter. Some of the commentators here seem to have a peculiar belief in the trustworthiness, not to mention competence, of the IT staff at the Gwinnett County Superior Court.

              Personally, I suspect asking the Gwinnett County IT to look for spyware on a machine is likely an exercise in futility. Just a guess based on my experience with IT departments of other public institutions.

              Schrader's real error, in my opinion, was in hiring Ward, who apparently wasn't diligent or wise enough to avoid hiring Kramer. Kramer is the real source of the defendants' troubles here.

              1. big_D Silver badge

                That trust in IT people comes from 39 years working in IT...

    3. bombastic bob Silver badge
      Meh

      Re: Nuance

      promiscuous mode on the computer (not the routers) doesn't mean SQUAT.

      Unless, of course, they're 30 years behind in net tech and are using HUBS instead of SWITCHES for their ethernet...

      Unless you place a switch into permanent 'learning' mode or program it to be promiscuous, it will filter out any packets on the network that are NOT yours. Upstream routers will do the same thing.

      It is EXTREMELY unlikely that Wireshark could capture ANY network traffic on this network of any consequence, other than the occasional "Who has this IP address" ARP packet (and other similar housekeeping traffic that's broadcast or multicast).

      A properly designed network wouldn't have problems with this.

      They are just being ANAL RETENTIVE ASSHATS. It's like going after security researchers for "cracking" an encryption algorithm when they're actually just verifying that it's a good one.

      1. Michael Wojcik Silver badge

        Re: Nuance

        I agree; but in a fight between a judge and a DA, you have to expect that legal weapons, however inappropriate, will be deployed.

        It may be worth noting that according to various sources Schrader was suspended specifically for (indirectly) giving a felon access to the court IT system - not for letting someone run Wireshark. As I wrote in another post, I believe her real mistake was in employing Ward, who clearly wasn't sufficiently careful in choosing his subcontractors.

    4. David Shaw

      Wireshark with lasers

      as a tiny step towards preventing malware I always install Wireshark on all friends and family 'puters.

      Also throw in a few virtualisation tools, such that any self-respecting spyware will notice its environment and possobly self-delete, just in case it is being tested in a VM.

      I still haven't worked out why those "Russian Hackers" from Glos. managed to grow/gift me a 3.1GB single cookie file from a .co.uk website, so don't actually listen to me for security stuff....

  2. Mike 16 Silver badge

    "Her computer"?

    How many here work for firms (or government agencies) that consider the computer you were issued and which is maintained and updated by the I.T. department, to be _your_ computer?

    Most folks have to content themselves with being "reasonably comfortable" with some corp/office nerd harvesting contacts and passwords or turning on the web-cam and microphone for giggles.

    1. veti Silver badge

      Re: "Her computer"?

      A lot of people buy and use their own computers - with the cooperation of their work IT teams, obviously - even on a corporate work environment. We don't know whether the judge was such a case, but it's possible, and the "my computer" defence suggests it.

      1. juul

        Re: "Her computer"?

        Shadow IT in an government agency, Sound like a recipe for disaster.

    2. big_D Silver badge

      Re: "Her computer"?

      I agree with the first sentence, not with the second.

      Surely there was an IT department, and they would be responsible, in the first instance, for searching the PC for spyware? And they would have to be informed, before she or her gumshoe, put any unauthorized hardware or software on the network.

      Certainly she would have been dismissed and prosecuted, had she tried that at my employer.

      1. A.P. Veening Silver badge

        Re: "Her computer"?

        Surely there was an IT department, and they would be responsible, in the first instance, for searching the PC for spyware? And they would have to be informed, before she or her gumshoe, put any unauthorized hardware or software on the network.

        Unless she suspected (someone in) the IT department had gone to the rogue, in which case her actions are completely understandable.

        1. big_D Silver badge

          Re: "Her computer"?

          She suspected a District Attorney had installed the spyware.

          1. A.P. Veening Silver badge

            Re: "Her computer"?

            Without help from (someone in) the IT department???

            1. Michael Wojcik Silver badge

              Re: "Her computer"?

              Without help from (someone in) the IT department???

              Certainly conceivable. It's not difficult. Parents put spyware on their kids' machines all the time. Abusers do it to spouses and other victims. It's trivial for someone to purchase spyware and get instructions on how to install it. There are plenty of vectors for non-privileged attackers to do so, such as social engineering and hardware keystroke loggers.

              Or, if Schrader's suspicions are correct, Porter could have co-opted someone in the IT department. Or someone with the requisite skills to gain unauthorized access in the Gwinnett County Superior Court network, which I bet is not tremendously secure.

              But conversely there's plenty of reason to be suspicious of the IT department in this situation, even if you have some reason to believe that they'd be at all useful in finding spyware in the first place.

              1. MachDiamond Silver badge

                Re: "Her computer"?

                "Parents put spyware on their kids' machines all the time"

                Yes, but parents have physical access to their children's computers. If this is a personal computer (laptop) of the judge or one that lives in the judge's office, it would be very unusual for the DA to have access. For the DA to be in the judge's chambers without the judge present could cast doubt on the proceedings underway in the same way that a defendent's attorney in the judges chamber alone would be problematic.

                I didn't get any take on why the judge felt as if it were the DA that had installed the spyware or caused the spyware to be installed. I do see it as entirely possible that a member of the IT staff could have done it with or without their knowledge. Both the DA and the Judge are likely served by the same IT department.

            2. big_D Silver badge

              Re: "Her computer"?

              If you are doing something illegal, like installing spyware on somebody's PC, the last thing you want to do is rope somebody else in on the crime, unless you absolutely have to - and then you probably wouldn't want to use the internal IT staff, they'd probably report them.

              1. John Brown (no body) Silver badge

                Re: "Her computer"?

                "and then you probably wouldn't want to use the internal IT staff, they'd probably report them."

                Let's say it's a junior IT staff member and it's the District Attorney telling them to do it.

    3. A.P. Veening Silver badge

      Re: "Her computer"?

      How many here work for firms (or government agencies) that consider the computer you were issued and which is maintained and updated by the I.T. department, to be _your_ computer?

      Semantics, it is a lot shorter (and thus clearer) than saying something like "the computer my/our employer assigned to me to use for work". I'd say you are also referring to "your desk" at your place of employment.

    4. steviebuk Silver badge

      Re: "Her computer"?

      Sounds to me like it was a bring your own device deal. So if so she has every right to have her machine checked. Sounds like its a bullshit charge in an attempt to maybe get her off certain "Cases" shes refused to take brown envelopes for, maybe.

      1. Cav

        Re: "Her computer"?

        "Sounds to me like it was a bring your own device deal. " Very possibly. That is the case where I work.

        "So if so she has every right to have her machine checked." If she had it checked outside of work, yes.

        "Sounds like its a bullshit charge in an attempt to maybe get her off certain "Cases" shes refused to take brown envelopes for, maybe." Pure speculation.

  3. llaryllama

    Jeez

    I would really hope that a judge or someone else in such a position would put some effort into making sure that their computer really is secure and not being monitored for nefarious reasons. She should be commended for looking after sensitive data. There has to be more going on behind the scenes that isn't being reported, a judge on judge conflict with the other side just having more strings to pull?

    1. Black Betty

      Re: Jeez

      Problem is not what she did, but how she went about it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Jeez

        You say that like there was a 'correct' way to do it? So say she goes to the local court IT people and says she suspects spyware. They go to her office to grab the PC and it's gone, with the D.A. smirking out in the hallway. She announces she had imaged the hard disk to capture the evidence. He arrests her for ... hacking.

        1. Anonymous Coward Silver badge
          Holmes

          Re: Jeez

          Or if you're that suspicious of your own establishment's staff, go to a neighbouring district's court IT people. You know, people who have been suitably vetted and understand the system and implications.

          Don't just look for a random PI and give him access to privileged data.

        2. Fatman Silver badge

          Re: Jeez

          <quote>You say that like there was a 'correct' way to do it?</quote>

          Actually, there is. Especially, in her case, after all, she is a judge. And, that way is to contact the FBI, and let the Feds handle it. IF the DA is spying on her without the backing of a court order, then (s)he (the DA) is in a lot of hot water, and could face Federal charges.

          1. Anonymous Coward
            Anonymous Coward

            Re: Jeez

            The flaw with that idea is that the judge is probably not a terrorist therefore the FBI would not be interested in spending time / budget on this.

      2. Michael Wojcik Silver badge

        Re: Jeez

        The problem is that the person she hired subcontracted to a felon who had just allegedly violated the terms of his release. That's what got the police involved in the first place, and that's why the Judicial Qualifications Commission suspended her.

        Of course, picking a fight with a DA - even if you're a judge - is problematic. Prosecutors in the US generally have way too much power and too little oversight. Though the same can generally be said of judges (many of whom don't even have legal training).

    2. big_D Silver badge

      Re: Jeez

      You are partially correct, but she should have approached the IT department in the first instance and when there was no satisfaction, then she should have gained authorization to perform her own investigation. Covering her arse.

      As a judge, she should have known that.

      1. raving angry loony

        Re: Jeez

        Not necessarily. Sadly, the USA elects judges. This one was elected in 2012, and re-elected in 2016. There is no indication how much training a newly elected judge gets on the arcane intricacies of I.T.

        Admittedly, she is/was a lawyer, and did serve as a municipal judge prior, so maybe there is. I find the whole idea judges chosen by popularity rather than competence to be... very odd. And worrisome.

        1. stiine Silver badge

          Re: Jeez

          Actually, we only elect judges in some courts, others are appointed by the governor or the president.

          1. lglethal Silver badge
            Stop

            Re: Jeez

            You say that like that's a good thing.

            So rather then being appointed for being popular, they're appointed for what they can do for the people in power. Both are bloody awful concepts...

  4. Anonymous Coward
    Anonymous Coward

    Who judges the Judges

    but the Judges themselves.

    1. hplasm Silver badge
      Terminator

      Re: Who judges the Judges

      "Who judges the Judges"

      Judge Death!

      1. Loyal Commenter Silver badge

        Re: Who judges the Judges

        ...and in the absence of a convenient D-Jump to go and fetch the Dark Judges, it's the SJS...

      2. batfink Silver badge

        Re: Who judges the Judges

        Judge Dredd surely...

  5. Anonymous Coward
    Anonymous Coward

    Oh come on...

    We already have to dance around wondering if simple things like port scans are legal or not and WiFi packet capture. Now we have to worry about packet analysis?

    Pentesting is going to become a joke if every one of the methods used for reconnaissance becomes a grey area and requires specific permission and disclosure to execute.

    Pentester: *sneaks into office building, spends a while navigating the building and observing, finally reached target PC*

    Pentester: Hello Sue in accounts. I am here to perform a penetration test to gauge the level of security on your company network. Please sign this form to give me permission to attempt to access your PC. I will also be plugging in a USB keylogger and ethernet wiretap that you should find suspicious, they look like this. I will be assessing to see whether you notice them and report them in accordance with the IT security policy.

    I may also send you phishing emails and attempt to social engineer you into handing over credentials without due care. The telephone number I will call from is 555-123455 the email address the phishing attack will arrive from is 1337_phishing@gmail.com.

    Please sign here if you agree to be tested, and sign here to confirm that you will at least try and work normally now that you know you're under attack and specifically how I am going to attack you.

    Thanks.

    Cop: FREEZE! GET DOWN IN THE FLOOR AND PUT YOUR HANDS ON YOUR HEAD.

    Pentester: Dude, I've been hired to test this company.

    Cop: All your methods are illegal!!!!

    1. big_D Silver badge

      Re: Oh come on...

      An authorized pentester has a contract that stipulates exactly what is and isn't in scope. Exactly what thex can and can't do. They have a letter of authorization and they have a list of contacts who can verify they are working legally - unless you are in Dallas County, Iowa, it seems.

      In this case, she did not get authorization, she did it off her own hat, bypassed the IT department and didn't inform her superiors that she was performing an illegitimate analysis of the PC and the court network. That would be a sacking offence here.

      1. Intractable Potsherd Silver badge

        Re: Oh come on...

        What would be a sacking offence in your company is completely irrelevant, yet you keep saying it as if it matters. In some cases, going through the "correct channels" is the incorrect thing to do, and justice demands that the rules are inadequate. However, there is seemingly more to this story than we have access to at the moment, so I'll wait for developments.

      2. Anonymous Coward
        Anonymous Coward

        Re: Oh come on...

        So it's perfectly legitimate for a firm to secretly hire someone to test the firm's security and practices to protect the firm, but it's not cool for an employee to hire someone to test whether their confidentiality is being breached by their employer / colleagues etc?

        Oh...ok then.

        An employee usually has to sign some sort of IT Policy framework that outlines what they can and can't do on company equipment and outlines how the company will monitor equipment, maintain the policy and so on.

        A company can hire someone to test the IT Policy and check to make sure everyone is in line with the policy (as outlined in the policy)...all good.

        But if an employee suspects that the policy is being breached, they're not allowed to perform their own independent checks on the employer to ensure they're holding up their side of the policy.

        Sounds fair.

        How is an employee supposed to detect and report malicious behaviour of an employer if they can't use their own independent means of investigation?

        1. big_D Silver badge

          Re: Oh come on...

          Usually not, because it isn't their equipment or network and doing an investigation would break company policy.

          If the employee thinks the company is illegally spying on them, they should contact their union rep, if there is one, the police, an employment lawyer or the data protection authorities etc. there are a lot of legitimate avenues open to them.

          1. Anonymous Coward
            Anonymous Coward

            Re: Oh come on...

            None of which will take you seriously without evidence. You'd need to prove something otherwise you'll just come off as a paranoid lunatic.

        2. Wellyboot Silver badge

          Re: Oh come on...

          I'd think the FBI would take her seriously if she'd gone to them about spyware worries on a court computer.

        3. Cav

          Re: Oh come on...

          "So it's perfectly legitimate for a firm to secretly hire someone to test the firm's security and practices to protect the firm, but it's not cool for an employee to hire someone to test whether their confidentiality is being breached by their employer / colleagues etc?" Yes, because they own the equipment!

          Your logic is bizarre.

          IF the network connected device is your own then yes, you can take it home and analyze it. What you don't have a right to do is connect it to the network owned by your employer and monitor that network in any way!

          1. Roland6 Silver badge

            Re: Oh come on...

            >What you don't have a right to do is connect it to the network owned by your employer and monitor that network in any way!

            That is the case only if the IT usage policy explicitly prohibits such access. I've yet to see such a clause in an IT usage policy ...

      3. mmccul

        Re: Oh come on...

        And most pentesters I've cleaned up after ignore the statement of work and agreed upon scope, definition of critical system assets, rules of engagement and do whatever they feel like anyway.

    2. Cav

      Re: Oh come on...

      What ridiculous hyperbole. The owning company can give you permission to access any machine in any necessary fashion without the need to inform the target.

    3. David Shaw

      Re: Oh come on...

      @AC 4-days ago: didn't Germany rule *nix distros as "being illegal" (due the inbuilt or easily added pentest tools)

  6. Anonymous Coward
    Anonymous Coward

    To add to the fun, the cops are investigating child pornography they found on Kramer's computer when investigating this case. It's disappointing but not surprising that the sci-fi world seems utterly unconcerned by his long history of molesting young boys.

  7. Anonymous Coward
    Anonymous Coward

    re: the gwinnett DA

    Ah, Danny Porter, Gwinnett's Mr. Corruption since 1992. I could say more, but I'd like to live through the weekend.

  8. batfink Silver badge

    This report is missing the most crucial part

    Was there actually any spyware on her computer?

  9. Mahhn

    She hired a security company, wouldn't have been a legal issue if their IT team was part of the investigation to at least know what is going on with their systems. I doubt most "support only" IT depts. can even use Wireshark effectively. There is clearly much more going on here though I don't doubt her concerns are real, but this was all her opponents needed to get rid of her.

  10. NonSSL-Login

    I would like to know..

    ..which medical conditions meant you are not fit for jail but are fit enough to do IT work like laptop forensic analysis?

    Sounds like a magic get out of jail card condition he has.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019