Is this the first time this has happened, or just the first time it's been noticed?
'Arkansas cops tried to hack me with malware-ridden hard drive'
A lawyer representing three police whistleblowers has claimed a hard drive sent to him with evidence for his case was deliberately infected with password-stealing malware. Matthew Campbell, a lawyer with the Pinnacle Law Firm in North Little Rock, Arkansas, is working on behalf of three past and present officers of the Fort …
COMMENTS
-
-
-
Thursday 16th April 2015 00:24 GMT Anonymous Coward
>I've nothing to back that up other than what I've read over the last 30 years or so in the news.
Goes back more than 40 at least with the Pentagon papers. Right wing (at least in US politics) usually implies enjoys sucking the phallus of the system so little surprise about the hostility towards whistle blower in the center right land of the "free". The only mild surprise is Obama has been even worse than Bush about it.
-
Thursday 16th April 2015 00:35 GMT Thorne
Whistle blowers are treated worse in Australia. The mandatory data retention scheme was introduced so reporters can be spied on to uncover their sources so they can be persecuted to the full extent of the law.
They even went so far as making this information available without a warrant. Any government employee can look up someone phone records, browsing history and email records just by asking the providers for them.
It's not like any government employee would ever abuse that. Just remember if you have nothing to hide then you have nothing to fear......
-
-
-
-
-
-
Thursday 16th April 2015 06:22 GMT Richard Jones 1
Re: trust
Yes, but you would have to be careful to cover your own backside in that event. Setting up a computer with some entirely fictitious names and locations would not quite work as it might be spotted - or are they that bright? I am guessing that using real people without their knowledge could also be an issue and with a person's knowledge could drop them into a pile of extra nasty.
Perhaps it would be best to simply fill the honey pot PC with lots of made up cases involving every sort of invented bad behaviour with all 'names' substituted, but carefully matched to possible roles in the department. Much the same way that consultants do when considering take over bids. So basic grade plods might be pawn 1 through to whatever and up through the range of chess pieces? Would the chief of police be a king or a queen?
-
-
-
Wednesday 15th April 2015 23:55 GMT mourner
What I have not seen stated in any of the various reports I have read on this matter, is what files (name / types) these nasties were found.
Typically these things slink around, hidden in .doc .pdf .xls etc. type files. It seems unlikely they would be in that particular folder named as trojan1.exe / trojan2.dll / trojan3.reg for example.
Could it not be that the plod in question created this "D:\Bales Court Order" directory on the external drive (which was supplied by the lawyer filing the suit if I recall correctly from other reports) and copied over the relevant documents they had in good faith without knowing they were already infected with nasties?
The plaintiff's case seems to be very much concentrated on the fact that they were found in the specific "Bales Court Order" directory, which they seem to claim means they must have been deliberately poisoned and put there.
The simpler explanation to me seems to be that the PC the files came from, or one the files had previously passed through had the clap which infected the files in question on the fly.
The devil is in the detail with this story and the detail is so far sadly lacking in both the filing and the reporting of this matter.
p.s. I do hope this lawyer's "software guy" followed correct chain of evidence procedure (no write lines active) when carrying out his examination.
-
Thursday 16th April 2015 00:32 GMT elDog
Agree with your line of reasoning
And also that even in the fine state of Arkansas (they have computers there?) it is unlikely that the perps would be so unwitting to put this type of stuff in a sub-folder and easily visible.
Secondly, unless my flagging knowledge of Windows is really gone, only autorun type files _might_ be executed when inserting a new disk (assume USB). And these would need to reside in the root folder of the drive.
Of course, the more nefarious vector is to actually change the drive firmware (ask the NSA for a guide) so any reads/writes can be intercepted. I doubt the PC xspurt would be able to detect this in any case.
-
-
Thursday 16th April 2015 01:20 GMT Anonymous Coward
Re: Agree with your line of reasoning
"Chances are the cops that wanted this had no idea how to do it and asked the local 12 year old script kiddy to help them"
Something along these lines sounds more probable to me than the drive just happening to be infected. The Old Bill's poor reputation for IT competence is a fairly recent thing; however their reputation for bumblingly incompetent fit ups, evidence tampering, surveillance etc goes back decades, as does their reputation for malice. The idea that they assumed their own IT skills were top notch against the reality certainly rings true.
-
-
-
Thursday 16th April 2015 00:53 GMT skeptical i
Possible, but shouldn't cops know better?
Hi, Mourner: Sure, it's possible that one of the machines between the files' creation(s) and the final hand-off was infected and the joy simply got passed along. However -- and maybe this is expecting too much -- shouldn't law enforcement types be MORE vigilant about malware than the average jimmy-joe-bob and thus less likely to pass the clap to someone else?
-
Thursday 16th April 2015 02:02 GMT mourner
Re: Possible, but shouldn't cops know better?
Hi skeptical i
Of course we would like to think the plod are more vigilant about these things. And according to other sources the PD in question has stated they have real-time AV running as a response to this filing.
On the other hand we are talking about under-funded, over-worked small town PDs. They're doing police work not spending every minute checking the PC they have to file reports on is free of contagion.
Then on the gripping hand, we have the bizarre nature by which rural US police forces are funded - small town by small town. I doubt there is much in that kind of setup leftover to employ an IT wizard.
I'm not setting down either side on this one, I just wanted to say I think there are far too many unknowns at this point to be blazing articles around that rigorously suggest the PD put the trojanistas on that drive.
I have no dog in the fight, I'm not in or of the US, I'm just observing. :)
-
Thursday 16th April 2015 06:29 GMT chivo243
Re: Possible, but shouldn't cops know better?
@ Skeptical I
"A Massachusetts police department paid $500 to free up town files that had been encrypted by CryptoLocker, the ransomware that locks down hard drives until the owners pay up."
"Backup on an external hard drive was corrupted, too"
Johnny Law aren't sys admins... especially in smaller cities and towns. Although their authority over the population may inflate their sense of intelligence.
-
Friday 17th April 2015 01:45 GMT Alan Brown
Re: Possible, but shouldn't cops know better?
"Shouldn't law enforcement types be MORE vigilant about malware than the average jimmy-joe-bob and thus less likely to pass the clap to someone else?"
The stories elsewhere on this site about cops paying off ransomware (presumably because they didn't have working backups, _in addition_ to the lax security policies) speaks volumes about the average police department's IT abilities.
-
-
Thursday 16th April 2015 05:14 GMT Franklin
Cycbot and Zbot are both executables, not malware that hide inside doc files. It seems likely that if there's an .exe sitting in a specific subdirectory on an external drive, it's because someone put it there, not because it copied itself there from an infected computer or hitched along with a Word file.
-
-
-
Thursday 16th April 2015 17:47 GMT Anonymous Coward
At least Chicago is upfront about it
Says right there on the door, "We serve and protect Chicago Police."
-
Thursday 16th April 2015 07:37 GMT JimmyPage
Whoa, whoa, whoa ....
What forensic computer security outfit would *ever* allow an examined drive to be in a position to execute code ? I would have thought even the keystone cops would have known that ?
The procedure AIUI is to get a bitwise *copy* of the target, and then perform all tests on that. You would never be able to boot off the drive anyway because that would change the contents.,
And you would never use a Windows machine either.
Something doesn't square up in this story .....
-
Thursday 16th April 2015 08:55 GMT SolidSquid
Re: Whoa, whoa, whoa ....
Where does it mention a forensic computer security outfit? This was a lawyer being provided with evidence by the police on an external drive, and the lawyer decided to get the drive checked before plugging it in. The drive itself wasn't an actual piece of evidence, just contained evidence for the lawyer to review
-
Thursday 16th April 2015 18:09 GMT ecofeco
Re: Whoa, whoa, whoa ....
You give WAY, WAY too much credit to law enforcement.
Many forensic "labs" in the US have been proven to falsify and constantly bungle results. Lots of civil lawsuits costing local governments lots of money because of this.
But solidsquid nails it. It was a drive provided by the cops to begin with.
-
Thursday 16th April 2015 11:02 GMT nematoad
Sigh
"Because the external hard drive is infected with these Trojans, however, Plaintiffs and their attorney are unable to safely access the materials on the drive..."
Now I know that this guy is a lawyer and his clients are, or were, police officers but did they get no advice from the security expert who scanned the HDD and found these nasties? If he was up to the job he could have pointed out that if the HDD had been read with a PC running Linux they would have been able to see what was on the drive. The malware on the HDD are as far as I know Windows only and would not have affected a Linux box.
On the other hand it would have knocked a big hole in their case.
-
Thursday 16th April 2015 16:01 GMT Tieger
Re: Sigh
and why should they do that?
why should they get themselves a linux machine just to compensate for someone elses illegal activity?
why should they assume that the trojans that they found were all there were?
anyway, once the police have proved they aren't acting in good faith, the whole things pointless - you can't trust a damn thing they've sent you - as the judge will hopefully have understood (though possibly not, since if he's a small town judge he's probably in the same peoples pockets as the police...).
-
-
Thursday 16th April 2015 16:00 GMT Rick Brasche
heh, this might be the first time ever
where the old saying about "never attribute to malice that which can be caused by incompetence" was ever more likely true.
As in, I bet the malware was already all over the place in the police systems.
I mean, come on. you cannot sit and talk about how "dumb" the police are always supposed to be and then give them the intelligence at the same time to do something clever. Cognitive dissonance, natch.
(whoops someone beat me to it)
-
Thursday 16th April 2015 22:13 GMT Number6
Cock-up or Conspiracy
At this point I'm quite prepared to believe that if one was to do an audit of the police department computers, most, if not all, of them would be found to be infected with the malware and the bigger question ought to be about who's stealing information from the police and what have they already got?
An interesting line of approach for the defence: "our client is incompetent, not malicious".