back to article 'Arkansas cops tried to hack me with malware-ridden hard drive'

A lawyer representing three police whistleblowers has claimed a hard drive sent to him with evidence for his case was deliberately infected with password-stealing malware. Matthew Campbell, a lawyer with the Pinnacle Law Firm in North Little Rock, Arkansas, is working on behalf of three past and present officers of the Fort …

  1. Christoph

    Is this the first time this has happened, or just the first time it's been noticed?

    1. Mark 85

      Probably "first time it's been reported" I would imagine. Seems whistleblowers are not treated well anywhere in the States even though there are protection laws.

      I've nothing to back that up other than what I've read over the last 30 years or so in the news.

      1. Anonymous Coward
        Anonymous Coward

        >I've nothing to back that up other than what I've read over the last 30 years or so in the news.

        Goes back more than 40 at least with the Pentagon papers. Right wing (at least in US politics) usually implies enjoys sucking the phallus of the system so little surprise about the hostility towards whistle blower in the center right land of the "free". The only mild surprise is Obama has been even worse than Bush about it.

      2. Thorne

        Whistle blowers are treated worse in Australia. The mandatory data retention scheme was introduced so reporters can be spied on to uncover their sources so they can be persecuted to the full extent of the law.

        They even went so far as making this information available without a warrant. Any government employee can look up someone phone records, browsing history and email records just by asking the providers for them.

        It's not like any government employee would ever abuse that. Just remember if you have nothing to hide then you have nothing to fear......

        1. Anonymous Coward
          Anonymous Coward

          >Whistle blowers are treated worse in Australia.

          Proving my point as Australia is just about the only developed western country in the same league right wing wise as the US.

        2. Anonymous Coward
          Anonymous Coward

          Explains a lot

          > Just remember if you have nothing to hide then you have nothing to fear......

          That explains why governments hide so much from their citizens.

    2. Cpt Blue Bear

      "Is this the first time this has happened, or just the first time it's been noticed?"

      Close to my first thought, which was: is this sort of thing getting reported more or has law enforcement in general become more actively hostile?

    3. SolidSquid

      Good chance it's the first time a lawyer has been computer savvy enough to consider it a risk and get the drive checked

  2. Ole Juul

    trust

    So if the Fort Smith Police Department thinks it's OK to break the law in this way, I wonder how many other ways they think it's OK.

    1. Antonymous Coward
      Big Brother

      Re: trust

      Well, fraud would seem to have a place on that list.

      It seems that in "the new world order" laws are for us not them.

    2. Thorne

      Re: trust

      I'd been tempted to set up a computer with false information so they could screw themselves

      1. Richard Jones 1
        Happy

        Re: trust

        Yes, but you would have to be careful to cover your own backside in that event. Setting up a computer with some entirely fictitious names and locations would not quite work as it might be spotted - or are they that bright? I am guessing that using real people without their knowledge could also be an issue and with a person's knowledge could drop them into a pile of extra nasty.

        Perhaps it would be best to simply fill the honey pot PC with lots of made up cases involving every sort of invented bad behaviour with all 'names' substituted, but carefully matched to possible roles in the department. Much the same way that consultants do when considering take over bids. So basic grade plods might be pawn 1 through to whatever and up through the range of chess pieces? Would the chief of police be a king or a queen?

  3. mourner

    What I have not seen stated in any of the various reports I have read on this matter, is what files (name / types) these nasties were found.

    Typically these things slink around, hidden in .doc .pdf .xls etc. type files. It seems unlikely they would be in that particular folder named as trojan1.exe / trojan2.dll / trojan3.reg for example.

    Could it not be that the plod in question created this "D:\Bales Court Order" directory on the external drive (which was supplied by the lawyer filing the suit if I recall correctly from other reports) and copied over the relevant documents they had in good faith without knowing they were already infected with nasties?

    The plaintiff's case seems to be very much concentrated on the fact that they were found in the specific "Bales Court Order" directory, which they seem to claim means they must have been deliberately poisoned and put there.

    The simpler explanation to me seems to be that the PC the files came from, or one the files had previously passed through had the clap which infected the files in question on the fly.

    The devil is in the detail with this story and the detail is so far sadly lacking in both the filing and the reporting of this matter.

    p.s. I do hope this lawyer's "software guy" followed correct chain of evidence procedure (no write lines active) when carrying out his examination.

    1. elDog

      Agree with your line of reasoning

      And also that even in the fine state of Arkansas (they have computers there?) it is unlikely that the perps would be so unwitting to put this type of stuff in a sub-folder and easily visible.

      Secondly, unless my flagging knowledge of Windows is really gone, only autorun type files _might_ be executed when inserting a new disk (assume USB). And these would need to reside in the root folder of the drive.

      Of course, the more nefarious vector is to actually change the drive firmware (ask the NSA for a guide) so any reads/writes can be intercepted. I doubt the PC xspurt would be able to detect this in any case.

      1. Thorne

        Re: Agree with your line of reasoning

        Chances are the cops that wanted this had no idea how to do it and asked the local 12 year old script kiddy to help them

        1. Anonymous Coward
          Anonymous Coward

          Re: Agree with your line of reasoning

          "Chances are the cops that wanted this had no idea how to do it and asked the local 12 year old script kiddy to help them"

          Something along these lines sounds more probable to me than the drive just happening to be infected. The Old Bill's poor reputation for IT competence is a fairly recent thing; however their reputation for bumblingly incompetent fit ups, evidence tampering, surveillance etc goes back decades, as does their reputation for malice. The idea that they assumed their own IT skills were top notch against the reality certainly rings true.

        2. ecofeco Silver badge

          Re: Agree with your line of reasoning

          "Chances are the cops that wanted this had no idea how to do it and asked the local 12 year old script kiddy to help them"

          This is the way I would bet.

    2. skeptical i
      Meh

      Possible, but shouldn't cops know better?

      Hi, Mourner: Sure, it's possible that one of the machines between the files' creation(s) and the final hand-off was infected and the joy simply got passed along. However -- and maybe this is expecting too much -- shouldn't law enforcement types be MORE vigilant about malware than the average jimmy-joe-bob and thus less likely to pass the clap to someone else?

      1. mourner

        Re: Possible, but shouldn't cops know better?

        Hi skeptical i

        Of course we would like to think the plod are more vigilant about these things. And according to other sources the PD in question has stated they have real-time AV running as a response to this filing.

        On the other hand we are talking about under-funded, over-worked small town PDs. They're doing police work not spending every minute checking the PC they have to file reports on is free of contagion.

        Then on the gripping hand, we have the bizarre nature by which rural US police forces are funded - small town by small town. I doubt there is much in that kind of setup leftover to employ an IT wizard.

        I'm not setting down either side on this one, I just wanted to say I think there are far too many unknowns at this point to be blazing articles around that rigorously suggest the PD put the trojanistas on that drive.

        I have no dog in the fight, I'm not in or of the US, I'm just observing. :)

      2. chivo243 Silver badge

        Re: Possible, but shouldn't cops know better?

        @ Skeptical I

        "A Massachusetts police department paid $500 to free up town files that had been encrypted by CryptoLocker, the ransomware that locks down hard drives until the owners pay up."

        "Backup on an external hard drive was corrupted, too"

        Johnny Law aren't sys admins... especially in smaller cities and towns. Although their authority over the population may inflate their sense of intelligence.

        1. Oninoshiko

          Re: Possible, but shouldn't cops know better?

          Then they should employ someone who is or face the consequences.

          Ignorance of the law is no excuse.

      3. Alan Brown Silver badge

        Re: Possible, but shouldn't cops know better?

        "Shouldn't law enforcement types be MORE vigilant about malware than the average jimmy-joe-bob and thus less likely to pass the clap to someone else?"

        The stories elsewhere on this site about cops paying off ransomware (presumably because they didn't have working backups, _in addition_ to the lax security policies) speaks volumes about the average police department's IT abilities.

    3. Franklin

      Cycbot and Zbot are both executables, not malware that hide inside doc files. It seems likely that if there's an .exe sitting in a specific subdirectory on an external drive, it's because someone put it there, not because it copied itself there from an infected computer or hitched along with a Word file.

  4. cd

    To Protect the rich and Serve warrants on the poor.

    1. asdf
      Trollface

      To be fair in many parts of the US its to protect the upper middle class as well. Also to be fair if the attitude in your neighborhood is snitches get stitches you probably aren't counting on retiring with the equity in your real estate.

    2. Anonymous Coward
      Anonymous Coward

      At least Chicago is upfront about it

      Says right there on the door, "We serve and protect Chicago Police."

  5. asdf

    to be fair to Arkansas

    And though its very easy to rip on 3rd world Arkansas and their history of colorful governors I will at least add the Fort Smith area is prettier than anything in the ass pit that is Oklahoma.

    1. Anonymous Coward
      Anonymous Coward

      Re: to be fair to Arkansas

      Christ, that really is damnation by faint praise.

  6. Anonymous Coward
    Anonymous Coward

    A Federal Case

    It's a felony, and a federal one at that. If the executive, legislative and judicial branches weren't so soft on crime, law enforcement officers wouldn't be so quick to break the law.

  7. JimmyPage Silver badge
    WTF?

    Whoa, whoa, whoa ....

    What forensic computer security outfit would *ever* allow an examined drive to be in a position to execute code ? I would have thought even the keystone cops would have known that ?

    The procedure AIUI is to get a bitwise *copy* of the target, and then perform all tests on that. You would never be able to boot off the drive anyway because that would change the contents.,

    And you would never use a Windows machine either.

    Something doesn't square up in this story .....

    1. Robin

      Re: Whoa, whoa, whoa ....

      Something doesn't square up in this story .....

      And you'll get to the bottom of it, even if those fat cats up at City Hall take your badge?

    2. SolidSquid

      Re: Whoa, whoa, whoa ....

      Where does it mention a forensic computer security outfit? This was a lawyer being provided with evidence by the police on an external drive, and the lawyer decided to get the drive checked before plugging it in. The drive itself wasn't an actual piece of evidence, just contained evidence for the lawyer to review

    3. ecofeco Silver badge

      Re: Whoa, whoa, whoa ....

      You give WAY, WAY too much credit to law enforcement.

      Many forensic "labs" in the US have been proven to falsify and constantly bungle results. Lots of civil lawsuits costing local governments lots of money because of this.

      But solidsquid nails it. It was a drive provided by the cops to begin with.

  8. nematoad
    FAIL

    Sigh

    "Because the external hard drive is infected with these Trojans, however, Plaintiffs and their attorney are unable to safely access the materials on the drive..."

    Now I know that this guy is a lawyer and his clients are, or were, police officers but did they get no advice from the security expert who scanned the HDD and found these nasties? If he was up to the job he could have pointed out that if the HDD had been read with a PC running Linux they would have been able to see what was on the drive. The malware on the HDD are as far as I know Windows only and would not have affected a Linux box.

    On the other hand it would have knocked a big hole in their case.

    1. Tieger

      Re: Sigh

      and why should they do that?

      why should they get themselves a linux machine just to compensate for someone elses illegal activity?

      why should they assume that the trojans that they found were all there were?

      anyway, once the police have proved they aren't acting in good faith, the whole things pointless - you can't trust a damn thing they've sent you - as the judge will hopefully have understood (though possibly not, since if he's a small town judge he's probably in the same peoples pockets as the police...).

  9. Wombling_Free

    Occams razor

    Never assume malice when the event can be explained by stupidity.

    It was a hard drive from a police station after all.

    1. ecofeco Silver badge

      Re: Occams razor

      With cops, ALWAYS assume malice.

    2. Dan Paul

      Re: Occams razor @Wombling_Free

      I agree, cops usually are not smart enough to be that devious.

      Who's to say that the disk drive was not already infected with malware before it came out of the PC?

  10. Rick Brasche

    heh, this might be the first time ever

    where the old saying about "never attribute to malice that which can be caused by incompetence" was ever more likely true.

    As in, I bet the malware was already all over the place in the police systems.

    I mean, come on. you cannot sit and talk about how "dumb" the police are always supposed to be and then give them the intelligence at the same time to do something clever. Cognitive dissonance, natch.

    (whoops someone beat me to it)

  11. ecofeco Silver badge

    Would not surprise me

    This would not surprise me at all. America is all about being "all up in yo bidness."

    Privacy? Rights? Maybe in Russia.

  12. Number6

    Cock-up or Conspiracy

    At this point I'm quite prepared to believe that if one was to do an audit of the police department computers, most, if not all, of them would be found to be infected with the malware and the bigger question ought to be about who's stealing information from the police and what have they already got?

    An interesting line of approach for the defence: "our client is incompetent, not malicious".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like