ArsTechnica reports that Matt Campbell, a North Little Rock attorney who represents police department whistleblowers supplied an external hard drive to the Fort Smith Police Department for them to copy emails and other evidence. When it was returned, he discovered that it contained three well-known trojan viruses:
According to court documents filed last week in the case, Campbell provided police officials with an external hard drive for them to load with e-mail and other data responding to his discovery request. When he got it back, he found something he didn't request. In a subfolder titled D:\Bales Court Order, a computer security consultant for Campbell allegedly found three well-known trojans, including:
- Win32:Zbot-AVH[Trj], a password logger and backdoor
- NSIS:Downloader-CC[Trj], a program that connects to attacker-controlled servers and downloads and installs additional programs, and
- Two instances of Win32Cycbot-NF[Trj], a backdoor
All three trojans are usually easily detected by antivirus software. In an affidavit filed in the whistle-blower case, Campbell's security consultant said it's unlikely the files were copied to the hard drive by accident, given claims by Fort Smith police that department systems ran real-time AV protection.
"Additionally, the placement of these trojans, all in the same sub-folder and not in the root directory, means that [t]he trojans were not already on the external hard drive that was sent to Mr. Campbell, and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell's computer while also stealing passwords to his accounts."
Will the Fort Smith Police Department be held accountable? Place your bets...
(Score: 5, Insightful) by Justin Case on Wednesday April 15 2015, @10:47AM
> Will the Fort Smith Police Department be held accountable?
Good heavens no! We're just cops. Too stupid to do something like that. Must have been a mistake.
But we're still smart enough to enforce laws against all sorts of cyber-crime, like cyber-linking your cyber-webpage to a cyber-pirate who has a list of cyber-goods he cyber-stole.
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @11:35AM
It was an accident. They didn't know it was "loaded".
(Score: 4, Funny) by ticho on Wednesday April 15 2015, @11:48AM
It was a cyber-accident. They didn't cyber-know it was "cyber-loaded". There, fixed with up-to-date cyber-lingo.
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @11:40AM
So, the cops, especially ones from small jurisdictions like this, are inept and dumb and ignorant of technology when their systems [kfor.com] are compromised. We laugh at them [pressherald.com] because they deserve our derision. They sit around, feet up, eating donuts, and talking in a backwoods drawl (even if they are in the north). BUT, in a case like this, they are fucking l33t hackers, operating in the shadows, breaking into hardened systems. They probably have a special ops section that dresses in cool looking black outfits and operate out of a secret room that is always only lit with the glow of wall full of computer screens.
Man, this site is close to jumping the shark.
(Score: 5, Insightful) by Ryuugami on Wednesday April 15 2015, @12:01PM
I don't know about you, but to me putting a few pieces of easily-detected malware on an external hard drive seems more "script kiddies" than "l33t hackers, operating in the shadows, breaking into hardened systems".
Being inept doesn't excuse them from accountability.
If a shit storm's on the horizon, it's good to know far enough ahead you can at least bring along an umbrella. - D.Weber
(Score: 1, Troll) by bob_super on Wednesday April 15 2015, @03:33PM
At last check of TFS, we have a lawyer with a hard drive that has files on it.
Not having RTFA, I can't tell if he didn't put the files for publicity...
(Score: 4, Informative) by arashi no garou on Wednesday April 15 2015, @02:04PM
Depending on the size of the agency, there's room for both. I once worked for an agency that had mostly hayseeds working patrol, but they had a couple of detectives who could have had careers in network security but for their love of having arrest powers to go along with their information security chops. To them, apart from the pay it was the best of both worlds: Work on what they loved while getting to play cops 'n' robbers.
(Score: 3, Insightful) by tathra on Wednesday April 15 2015, @03:47PM
any moron can run winnuke on an IP or install sub7 or backorifice on a drive they have in their possession. nothing about this story even suggests the cops are "l337 h4x0rz".
(Score: 2) by Bot on Wednesday April 15 2015, @10:51AM
All it takes is one careless operator to end up with this. If the guy tried framing the police by, say, accessing some fake sensitive data and see who reacted (the police vs some virus writer), then we'd have something. But the guy would probabily end up in jail because trolling police is likely a crime. Sad times we live in.
Account abandoned.
(Score: 5, Insightful) by q.kontinuum on Wednesday April 15 2015, @11:07AM
but I bet they find something to charge the attorney with. Maybe cyber-civil disorder because he didn't install the viruses?
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 4, Insightful) by FatPhil on Wednesday April 15 2015, @11:15AM
And therefore I think you've got a bloody good chance of being right.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Justin Case on Wednesday April 15 2015, @11:28AM
Don't you suppose those viruses are covered by the DMCA? Does he have a license for them?
Your honor, we caught him in possession of weapons of mass cyber-terrorism.
(Score: 2) by choose another one on Wednesday April 15 2015, @11:54AM
My guess - Interfering with an investigation.
Same as the risk if you remove / destroy a bug or gps tacker or similar (or stick the tracker on another car etc.).
Of course there is a tiny problem in this case - they targeted a lawyer, and they are not supposed to be able to "investigate" stuff that is attorney-client privileged...
(Score: 5, Insightful) by tathra on Wednesday April 15 2015, @05:45PM
this would be a good time for lawyers to attack parallel construction. [wikipedia.org] the cops don't care that they couldn't use the evidence "legally" because they were simply going to create a 'legitimate' source for the evidence. once they laundered the illegally-obtained evidence such that it could be used to get a warrant, they would then use the warrant to get all the rest of the evidence that they already had so they could use it in the courts.
the DEA, in their never-ending quest to destroy America and the constitution, has managed to completely destroy any trust that remained in the legal system by consistently using illegal and unconstitutional methods to enforce unconstitutional laws. thanks to their pride and joy, parallel construction, it must be assumed that all evidence was obtained illegally and then laundered, because law enforcement has every incentive to do it and zero reasons not to, and no punishments for it even if they get caught.
(Score: 2, Insightful) by Anonymous Coward on Thursday April 16 2015, @12:56AM
I'm disappointed that the lawyers didn't load the trojans onto a honeypot system and then use it to access 'bait' privileged information on extensively logged servers. Then they'd have a devastating civil case, and the threat of state or federal criminal charges as leverage.
(Score: 2) by c0lo on Wednesday April 15 2015, @02:53PM
Nah, they (the PD) "forgot" to put in the README.1st and the .NFO files, can't accuse the receiver for the breach of protocol.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Insightful) by Anonymous Coward on Wednesday April 15 2015, @11:31AM
I think this may actually turn around and hurt the cops. , nothing to severe I'm sure, and it's not like I give it a high chance of actually happening. But I'm more positive about this case then the rest of the commenters here appear to be.
The reason is not that they did this particular act, but that they did it against a lawyer, and the judge is also a lawyer who will feel more sympathy for the lawyer than for the cops.
(Score: 2, Interesting) by Anonymous Coward on Wednesday April 15 2015, @10:22PM
Bwahaha, Arkansas has elected judges. The chief requirement there is raising the most money and being tough on crime. In fact, many candidates in election states have said that being a lawyer is actually a liability for the job. So in actuality, it is a complete toss up. You could get a lawyer, a former LEO or some random guy who ran because no one else did to fill that vacancy.
(Score: 3, Insightful) by kaszz on Wednesday April 15 2015, @11:43AM
Connect the drive to a honeypot computer. Then plant all kinds of documents and viruses that the would be backdoor operator can't resist to look at and make them do really bad mistakes. And you have good denyability because they can't be officially leaked.
(Score: 2) by takyon on Wednesday April 15 2015, @11:53AM
I'd buy that if he had shared it with the FBI and they decided on that course of action. But he has revealed the scheme and made it onto at least Ars Technica, RT, and Arkansas news, so there will be some scrutiny of the PD.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by kaszz on Wednesday April 15 2015, @11:58AM
Why share it? Just write some document on the infected computer that there's huge stash of bad stuff at some abandoned site. Which is really full of people with big guns and short temper? or something else that makes them do stupid things.
(Score: -1, Troll) by Anonymous Coward on Wednesday April 15 2015, @11:55AM
Whadda ya know? Another hyperventilating article, complete with overblown editorial comments, from our resident over-reactionary Phoenix.
Lawyer sends cops a thumbdrive. Cops copy files to drive. Lawyer and his IT "expert" find trojans in the copied directory. They were placed there because the files were not put in the "root" directory of the drive. They're fucking TROJANS (if you don't know the difference between a trojan and a virus, then please stop adding ignorant comments). I don't know how the absence of them being in the "root directory" means anything about intent. The other bit of "damning" evidence is that the police say they run a secure network, implying that these trojans would have been discovered, so obviously they were put there on purpose. For all of you who don't live in your parent's basement and actually work, what is the likelihood that a podunk department runs a secure locked-down system? I've been at companies with real IT staff that don't have their systems locked down.
It makes for nice lawyer-ese arguments in their laundry list of complaints thrown at the wall to see what sticks, but color me underwhelmed. But it is the perfect kind of story to sell here so I do understand why it makes the cut as it is the perfect blown out of proportion story that elicits the now common uninformed outrage here.
(Score: 5, Touché) by rondon on Wednesday April 15 2015, @12:14PM
I feel like I need to make a meme of Dorothy and her friends skipping along the yellow brick road. Except, instead of Dorothy I will name her "Ad Hominem," instead of the Cowardly Lion I will name him "False Dichotomy," and instead of the Tin Man I will name him "Circular Logic."
The Strawman gets to keep his name.
Then I will post this meme on all the posts on Soylent that spew their righteous rage while using every single one of these false arguments.
(Score: 1, Informative) by Anonymous Coward on Wednesday April 15 2015, @01:24PM
You forgot toto the k-9 equivocation.
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @07:18PM
So many people here like to shut down arguments with accusations of ad hominem and other terms that they pick up on Wiki. But it is clear that they don't really know how to use those words.
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @12:43AM
It's clear that you don't know how to put forth an actual counterargument, rather than just saying that someone is wrong about something.
And whether they looked something up on "Wiki" or not is utterly inconsequential to whether or not it is correct. There's also the fact that, being strangers on the Internet, you have absolutely no idea where they came across the knowledge.
(Score: 2) by quadrox on Friday April 17 2015, @06:17AM
It is difficult,s ometimes even impossible, to prove a negative. GGP makes accusations about various logical fallacies without pointing out exactly where these fallacies have occured. Given the fact that the accusation is entirely baseless, should GP have quoted every single sentence with a statement "this is not an ad-hominem, nor circular logic, nor a strawman, nor ..."? That's just dump.
Instead, the burden of proof lies with GGP, and since he has not seen fit to provide any so far, we may assume it does not exist.
(Score: 2) by quadrox on Friday April 17 2015, @06:18AM
Yes yes goddamnit I should have previewed, but when will we get an edit button? Those spelling errors are atrociuous.
(Score: 1) by rondon on Thursday April 16 2015, @12:04PM
Is this performance art? Did you just use an ad hominem attack with the word ad hominem in it? I do not have the capacity to tell if this is high level satire or you don't have a clue wtf you are talking about.
Either way, I applaud you good person. You are either incredibly clever or... something else all together, I suppose. Would it be terribly meta if I now accused you of stupidity, or being a troll?
(Score: 1, Informative) by Anonymous Coward on Wednesday April 15 2015, @01:59PM
Ahh, Señor Douche Nozzle Troll, I'll bite ...
This guy is a lawyer. Handling a very public case that already involves the police department. Anything and everything he does regarding this case will be scrutinized by the PD, the judge(s), Attorney General, perhaps other state and/or federal agencies, and let's not forget the the press (those bastions of credibility and accuracy that they are). If he's going to make this kind of accusation he'd better make sure he has a shit-ton of documentation & evidence, or he's going to be sacrificed by everyone who sticks their nose into this.
My bet is on the lawyer. Not that I like (or even trust) lawyers. But the police in our country have already established them selves as untrustworthy in so many ways that I wouldn't trust them enough to ask them the time of day. Remember, they now refer to the citizens of their communities as "civilians" and have marked us the "enemy" with regard to their militarization practices. I'm taking the police at face value, which isn't good at all.
(Score: 3, Insightful) by wantkitteh on Wednesday April 15 2015, @02:38PM
1) Blank drive goes to cops.
2) Cops put data on drive.
3) Cops return drive.
4) Virus found in a sub-directory that didn't exist before 2 happened.
5) Cops claim they have secure system.
Result - cops are either ignorant about the true security of their system, or their malicious and did it deliberately. I don't really care for the "either" or the "or". At least the either only affects this case, the or has pretty terrifying connotations.
(Score: 3, Insightful) by sjames on Wednesday April 15 2015, @07:21PM
Actually, the 'either' isn't so good either. It implies that their sloppy handling of computer security routinely taints evidence with who knows what.
The or implies that they do it deliberately and are trying to spy on defense attorneys.
(Score: 2) by wantkitteh on Thursday April 16 2015, @08:21AM
*nods* True, nothing about this situation is good.
(Score: 2) by hemocyanin on Wednesday April 15 2015, @03:25PM
Viruses are usually self replicating while trojans usually require some user interaction. One of the plaintiffs the lawyer represents was named "Don Bales". The trojans were found in a directory named "D:\Bales Court Order".
There are some directories that can be assumed to exist on every computer system, and some that obviously are unique. Given that "Bales Court Order" is obviously unique, this directory is in the latter category. A virus would want to be in the root directory so it would be automatically executed when the drive was mounted and it would be hard for a super-clever non-root-dir virus writer to anticipate the directory name we have here (though it could also randomly pick a directory, but then it would have to replicate itself some time after mounting the drive or else the directory would not be found because it wouldn't exist when first mounted -- this is all beside the point if these trojans require planting and clicking).
Anyway, placing the files in a unique subdir makes it look like they were hoping the lawyer would click on them and execute them while trying to read court orders related to Bales.
So why don't you stop posting ignorant comments?
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @07:57PM
Ignorant? So tell me what is supposed to happen next. When the lawyer clicks on the files and launches these old and well-known trojans, some time later his system is compromised by the trojan author. Since the police are OBVIOUSLY trying to break into his system, I suppose they simply contact the person in Russia or wherever that person lives who wrote the trojan to get access.
OR, since they are obviously trying to break into the system, the police must be the authors of the trojans. To me, that is the bigger story, that a podunk police force writes and deploys trojans. And in fact, THIS POLICE FORCE MUST ACTUALLY BE THE SOURCE OF THESE TROJANS!!! Now THAT is the story. Norton and MacAfee and those guys can update their descriptions of these trojans because we now have DEFINITIVE PROOF for the source of these files.
OR, perhaps they simply copied the files off of their virus-infested Windows 98 computer, or more likely, their virus-infested Windows XP computer that doesn't have AutoPlay disabled, thus infecting every thumb drive plugged into it.
You guys really need to be hit with a clue-by-four. Do you really fucking believe this is an attempt of these police to break into the lawyer's computer? I can't imagine what you're like when you go to one of those web sites that pops up a window warning you that they detected a virus on your computer. But hey, who am I to ruin your post-apocalyptic police state fantasy.
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @12:48AM
Do you have the source code to these trojans? Why would the police hand them out to begin with?
As said above, either they are ridiculously negligent (and no evidence from them can be trusted since any evidence could be tainted) or they are malicious. Neither possibility is good for them, or good for society.
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @03:37PM
A Trojan is an inhabitant of Troja, and a virus is a specific type of pathogen. A Trojan virus is therefore a pathogen that is endemic in Troia.
SCNR
(Score: 1) by GeorgeScuttles on Wednesday April 15 2015, @12:37PM
IANAL, but it seems in a sane world, if this had been done by the PD (and only if it can be reasonably proved to be so), the case would be thrown out for violation of procedures. The only way that might not occur is if the computer evidence had nothing to do with the charge and was only peripheral (e.g., the defendant was accused of something like trespassing, and the computer was seized). That all being said, I have a tough time understanding how one can quantifiably prove that trojans or command-control software was placed on the drive by the police (or some TLA). Unless a third-party holding company handled the transfer, along with images of the incoming/outgoing, it won't hold much ground.
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @01:27PM
Depending on how sophisticated the trojans are:
1. Let someone connect to the trojans. Log IP.
2. Let trojans open a connection. Log IP.
The time to collect evidence may have passed as soon as the lawyer opened his mouth.
(Score: 2) by urza9814 on Wednesday April 15 2015, @04:49PM
I think you've misunderstood the circumstances a bit. The drive itself isn't evidence. The drive was merely being used to transport files in response to a subpoena. So yes, this specific drive where the virus was found has nothing to do with the charges, and can't be thrown out as evidence because it's not really evidence to begin with, it's merely a copy of evidence.
Of course, if they find out that these viruses were originally planted not on the drive but on the original copy...*then* it might screw up the case. Otherwise it's just new evidence of a new crime -- this one likely committed by the police themselves. Depending on the judge I imagine that could go anywhere from being basically ignored to having the police station raided by the FBI. Wouldn't be the first time...
(Score: 1) by khallow on Wednesday April 15 2015, @12:44PM
Instead, this appears like standard mishandling of evidence.
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 15 2015, @01:17PM
> If it was a deliberate plant, then why did the police put three pieces of malware on there instead of just one piece of malware?
Of course that's bad logic. As if criminals who only half-understand their circumstances would be smart enough to restrain themselves from doing something stupid.
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @01:29PM
Redundancy. Odds are good AV software will detect and remove any given piece of malware. More variety = higher chance of success.
(Score: 1) by khallow on Wednesday April 15 2015, @10:26PM
(Score: 3, Insightful) by wantkitteh on Wednesday April 15 2015, @02:31PM
Timestamps? Not exactly admissible, but hey, this doesn't smell like pro.
(Score: 3, Interesting) by sjames on Wednesday April 15 2015, @07:15PM
Easy. If they are dumb as a brick when it comes to computers (a well founded stereotype), they would likely conclude that if 1 is good, three is better. There might have been more if they could have gotten more from the script kiddee site.
(Score: 3, Insightful) by lentilla on Wednesday April 15 2015, @07:32PM
I would expect that many police departments have special software just for that, probably named with scary words like "Remote Assistance and Penetration Evidence". Somebody will have marketed this software to the department implying that the most difficult thing about the software is keeping the donut crumbs off the keyboard whilst installing leet hacks.
In many ways, this special software is a bit like spam. Spammers don't care how effective their product is, only that they made a sale. It's the ultimate bromide for department heads - they've been sold a dream.
Mind you, never under-estimate how often a simple hack like this might work...
(Score: 1) by khallow on Thursday April 16 2015, @12:43PM
Somebody will have marketed this software to the department implying that the most difficult thing about the software is keeping the donut crumbs off the keyboard whilst installing leet hacks.
Who? We don't even have evidence that it is anything other than a dumb accident in the first place. Now, the accusation has morphed to a product marketed to the police department.
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 15 2015, @02:01PM
In any justice system...
... The judge would note that the prosecution (which the police works with) tried to tamper with the case, and all evidence presented by the prosecution must be considered likely to have been tampered with or planted, and the prosecution be assumed to be lying.
Once all the evidence has been thrown out, the prosecution would be reprimanded for bringing a case with absolutely no merit (since there is no evidence).
Now, let's see if there is such a thing as a justice system involved.
(Not that it's any better over here. We don't even throw out questionable evidence, the police just get told not to do it again).
(Score: 5, Insightful) by Geezer on Wednesday April 15 2015, @02:26PM
We do not have a justice system. We have a legal system. Big difference.
(Score: 3, Insightful) by HiThere on Wednesday April 15 2015, @07:32PM
I'm sorry, but while this is reasonable circumstantial evidence, it doesn't appear to me to rise to the level of proof. The police could just say "it wasn't us, he must have done it to falsely accuse us.". Possibly there is evidence mentioned that I didn't notice, but to me it looks like an accusation that cannot rise to the level of proof. Plausible, yes. Believable, yes. Certain...no. I'm not even sure I'd decide in his favor in a civil suit, were it to arise.
Yes, many police departments seem to have an abusive pattern of behavior. But it's also true that most of the people they deal with are *also* not to be trusted. I no longer believe spokesmen of the police, I no longer consider their unsupported statements (or statement based on evidence under their control) to be better than 50% likely. But this doesn't mean I trust those they are in confrontation with.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1, Insightful) by Anonymous Coward on Thursday April 16 2015, @12:50AM
I trust those they are in confrontation with more than the police, however. Especially since we have things such as unconstitutional mass surveillance, as it shows the government will gladly shred the constitution if it inconveniences them.
(Score: 2) by Fnord666 on Wednesday April 15 2015, @11:56PM