Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday April 15 2015, @10:20AM   Printer-friendly
from the surveillance-stick dept.

ArsTechnica reports that Matt Campbell, a North Little Rock attorney who represents police department whistleblowers supplied an external hard drive to the Fort Smith Police Department for them to copy emails and other evidence. When it was returned, he discovered that it contained three well-known trojan viruses:

According to court documents filed last week in the case, Campbell provided police officials with an external hard drive for them to load with e-mail and other data responding to his discovery request. When he got it back, he found something he didn't request. In a subfolder titled D:\Bales Court Order, a computer security consultant for Campbell allegedly found three well-known trojans, including:

  • Win32:Zbot-AVH[Trj], a password logger and backdoor
  • NSIS:Downloader-CC[Trj], a program that connects to attacker-controlled servers and downloads and installs additional programs, and
  • Two instances of Win32Cycbot-NF[Trj], a backdoor

All three trojans are usually easily detected by antivirus software. In an affidavit filed in the whistle-blower case, Campbell's security consultant said it's unlikely the files were copied to the hard drive by accident, given claims by Fort Smith police that department systems ran real-time AV protection.

"Additionally, the placement of these trojans, all in the same sub-folder and not in the root directory, means that [t]he trojans were not already on the external hard drive that was sent to Mr. Campbell, and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell's computer while also stealing passwords to his accounts."

Will the Fort Smith Police Department be held accountable? Place your bets...

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by hemocyanin on Wednesday April 15 2015, @03:25PM

    by hemocyanin (186) on Wednesday April 15 2015, @03:25PM (#171004) Journal

    They're fucking TROJANS (if you don't know the difference between a trojan and a virus, then please stop adding ignorant comments). I don't know how the absence of them being in the "root directory" means anything about intent.

    Viruses are usually self replicating while trojans usually require some user interaction. One of the plaintiffs the lawyer represents was named "Don Bales". The trojans were found in a directory named "D:\Bales Court Order".

    There are some directories that can be assumed to exist on every computer system, and some that obviously are unique. Given that "Bales Court Order" is obviously unique, this directory is in the latter category. A virus would want to be in the root directory so it would be automatically executed when the drive was mounted and it would be hard for a super-clever non-root-dir virus writer to anticipate the directory name we have here (though it could also randomly pick a directory, but then it would have to replicate itself some time after mounting the drive or else the directory would not be found because it wouldn't exist when first mounted -- this is all beside the point if these trojans require planting and clicking).

    Anyway, placing the files in a unique subdir makes it look like they were hoping the lawyer would click on them and execute them while trying to read court orders related to Bales.

    So why don't you stop posting ignorant comments?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday April 15 2015, @07:57PM

    by Anonymous Coward on Wednesday April 15 2015, @07:57PM (#171167)

    Ignorant? So tell me what is supposed to happen next. When the lawyer clicks on the files and launches these old and well-known trojans, some time later his system is compromised by the trojan author. Since the police are OBVIOUSLY trying to break into his system, I suppose they simply contact the person in Russia or wherever that person lives who wrote the trojan to get access.

    OR, since they are obviously trying to break into the system, the police must be the authors of the trojans. To me, that is the bigger story, that a podunk police force writes and deploys trojans. And in fact, THIS POLICE FORCE MUST ACTUALLY BE THE SOURCE OF THESE TROJANS!!! Now THAT is the story. Norton and MacAfee and those guys can update their descriptions of these trojans because we now have DEFINITIVE PROOF for the source of these files.

    OR, perhaps they simply copied the files off of their virus-infested Windows 98 computer, or more likely, their virus-infested Windows XP computer that doesn't have AutoPlay disabled, thus infecting every thumb drive plugged into it.

    You guys really need to be hit with a clue-by-four. Do you really fucking believe this is an attempt of these police to break into the lawyer's computer? I can't imagine what you're like when you go to one of those web sites that pops up a window warning you that they detected a virus on your computer. But hey, who am I to ruin your post-apocalyptic police state fantasy.

    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @12:48AM

      by Anonymous Coward on Thursday April 16 2015, @12:48AM (#171263)

      Do you have the source code to these trojans? Why would the police hand them out to begin with?

      As said above, either they are ridiculously negligent (and no evidence from them can be trusted since any evidence could be tainted) or they are malicious. Neither possibility is good for them, or good for society.