RSOL of Virginia
Reform Sex Offender Laws
Seeking Justice and Safety for all Virginians

 

 

 

 

 

Today is
This Site was last updated Sunday, November 29, 2009

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Posting #165 Framed for Child Porn- by a PC Virus

Date: 11/ 08/2009

http://abcnews.go.com/Technology/wireStory?id=9028516

By JORDAN ROBERTSON AP Technology Writer

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.

Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it's your reputation that's stolen.
Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they'll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.

An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.

Their situations are complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement.
"It's an example of the old `dog ate my homework' excuse," says Phil Malone, director of the Cyberlaw Clinic at Harvard's Berkman Center for Internet & Society. "The problem is, sometimes the dog does eat your homework."

The AP's investigation included interviewing people who had been found with child porn on their computers. The AP reviewed court records and spoke to prosecutors, police and computer examiners.
One case involved Michael Fiola, a former investigator with the Massachusetts agency that oversees workers' compensation.

In 2007, Fiola's bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4 1/2 times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online.

Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends.
Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.

An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.
Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.

The Fiolas say they have health problems from the stress of the case. They say they've talked to dozens of lawyers but can't get one to sue the state, because of a cap on the amount they can recover.
"It ruined my life, my wife's life and my family's life," he says.
The Massachusetts attorney general's office, which charged Fiola, declined interview requests.
At any moment, about 20 million of the estimated 1 billion Internet-connected PCs worldwide are infected with viruses that could give hackers full control, according to security software maker F-Secure Corp. Computers often get infected when people open e-mail attachments from unknown sources or visit a malicious Web page.

Pedophiles can tap viruses in several ways. The simplest is to force someone else's computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online.

"They're kind of like locusts that descend on a cornfield: They eat up everything in sight and they move on to the next cornfield," says Eric Goldman, academic director of the High Tech Law Institute at Santa Clara University. Goldman has represented Web companies that discovered child pornographers were abusing their legitimate services.

But pedophiles need not be involved: Child porn can land on a computer in a sick prank or an attempt to frame the PC's owner.

In the first publicly known cases of individuals being victimized, two men in the United Kingdom were cleared in 2003 after viruses were shown to have been responsible for the child porn on their PCs.
In one case, an infected e-mail or pop-up ad poisoned a defense contractor's PC and downloaded the offensive pictures.

In the other, a virus changed the home page on a man's Web browser to display child porn, a discovery made by his 7-year-old daughter. The man spent more than a week in jail and three months in a halfway house, and lost custody of his daughter.

Chris Watts, a computer examiner in Britain, says he helped clear a hotel manager whose co-workers found child porn on the PC they shared with him.
Watts found that while surfing the Internet for ways to play computer games without paying for them, the manager had visited a site for pirated software. It redirected visitors to child porn sites if they were inactive for a certain period.

In all these cases, the central evidence wasn't in dispute: Pornography was on a computer. But proving how it got there was difficult.

Tami Loehrs, who inspected Fiola's computer, recalls a case in Arizona in which a computer was so "extensively infected" that it would be "virtually impossible" to prove what an indictment alleged: that a 16-year-old who used the PC had uploaded child pornography to a Yahoo group.

Prosecutors dropped the charge and let the boy plead guilty to a separate crime that kept him out of jail, though they say they did it only because of his age and lack of a criminal record.

Many prosecutors say blaming a computer virus for child porn is a new version of an old ploy.
"We call it the SODDI defense: Some Other Dude Did It," says James Anderson, a federal prosecutor in Wyoming.

However, forensic examiners say it would be hard for a pedophile to get away with his crime by using a bogus virus defense.

"I personally would feel more comfortable investing my retirement in the lottery before trying to defend myself with that," says forensics specialist Jeff Fischbach.

Even careful child porn collectors tend to leave incriminating e-mails, DVDs or other clues. Virus defenses are no match for such evidence, says Damon King, trial attorney for the U.S. Justice Department's Child Exploitation and Obscenity Section.
But while the virus defense does not appear to be letting real pedophiles out of trouble, there have been cases in which forensic examiners insist that legitimate claims did not get completely aired.
Loehrs points to Ned Solon of Casper, Wyo., who is serving six years for child porn found in a folder used by a file-sharing program on his computer.

Solon admits he used the program to download video games and adult porn — but not child porn. So what could explain that material?

Loehrs testified that Solon's antivirus software wasn't working properly and appeared to have shut off for long stretches, a sign of an infection. She found no evidence the five child porn videos on Solon's computer had been viewed or downloaded fully. The porn was in a folder the file-sharing program labeled as "incomplete" because the downloads were canceled or generated an error.

This defense was curtailed, however, when Loehrs ended her investigation in a dispute with the judge over her fees. Computer exams can cost tens of thousands of dollars. Defendants can ask the courts to pay, but sometimes judges balk at the price. Although Loehrs stopped working for Solon, she argues he is innocent.

"I don't think it was him, I really don't," Loehrs says. "There was too much evidence that it wasn't him."
The prosecution's forensics expert, Randy Huff, maintains that Solon's antivirus software was working properly. And he says he ran other antivirus programs on the computer and didn't find an infection — although security experts say antivirus scans frequently miss things.

"He actually had a very clean computer compared to some of the other cases I do," Huff says.
The jury took two hours to convict Solon.

"Everybody feels they're innocent in prison. Nobody believes me because that's what everybody says," says Solon, whose case is being appealed. "All I know is I did not do it. I never put the stuff on there. I never saw the stuff on there. I can only hope that someday the truth will come out."

But can it? It can be impossible to tell with certainty how a file got onto a PC.

"Computers are not to be trusted," says Jeremiah Grossman, founder of WhiteHat Security Inc. He describes it as "painfully simple" to get a computer to download something the owner doesn't want — whether it's a program that displays ads or one that stores illegal pictures.

It's possible, Grossman says, that more illicit material is waiting to be discovered.
"Just because it's there doesn't mean the person intended for it to be there — whatever it is, child porn included."

 

Here is an older article on the same topic. The person in this article is now an RSOL state affiliate.

Browser Hijackers Ruining Lives
http://www.wired.com/techbiz/it/news/2004/05/63391

By: Michelle Delio
May 11, 2004

Browser hijackers are doing more than just changing homepages. They are also changing some peoples' lives for the worse.

Browser hijackers are malicious programs that change browser settings, usually altering designated default start and search pages. But some, such as CWS, also produce pop-up ads for pornography, add dozens of bookmarks -- some for extremely hard-core pornography websites -- to Internet Explorer's Favorites folder, and can redirect users to porn websites when they mistype URLs.

Traces of browsed sites can remain on computers, and it's difficult to tell from those traces whether a user willingly or mistakenly viewed a website. When those traces connect to borderline-criminal websites, people may have a hard time believing that their employee or significant other hasn't been spending an awful lot of time cruising adult sites.

In response to a recent Wired News story about the CWS browser hijacker, famed for peddling porn, several dozen readers sent e-mails in which they claimed to have lost or almost lost jobs, relationships and their good reputations when their computers were found to harbor traces of pornography that they insist were placed on their computers by a browser hijacker.

In one case a man claims that a browser hijacker sent him to jail after compromising images of children were found on his work computer by an employer, who then reported him to law enforcement authorities.

"The police raided my house on Sept. 17, 2002," said "Jack," who came to the United States from the former Soviet Union as a political refugee, and has requested that his name not be published. "Nobody gave me a chance to explain. I was told by judge and prosecutor that I will get years in prison if I go to trial. After negotiations through my lawyer I got 180 days in an adult correctional facility. I was imprisoned for 20 days and then released under the Electronic Home Monitoring scheme. I now have a felony sex-criminal record, and the court ordered me to register as a predatory sex offender for 10 years."

Jack originally believed that the images found on his computer were from a previous owner -- he'd bought the machine on an eBay auction. But he now thinks a browser hijacker may have been responsible.

"When I used search engines, sometimes I got a lot of porn pop-ups," Jack said. "Sometimes I was sent to illegal porn sites. When I tried to close one, another five would be opened without my will. They changed my start page, wrote a lot of illegal porn links in favorites. The only way to stop this was turn the (computer's) power off. But when I dialed up to my server again, I started with illegal site, then got the same pop-ups. There were illegal pictures in pop-ups."

Several of the URLs that CWS injects into Internet Explorer's favorites list also appear in the arrest warrant and other materials from Jack's hearing. CWS works as Jack described -- changing start pages, adding to favorites, popping up porn. But CWS was first spotted several months after Jack's arrest, so it seems unlikely that this particular hijacker is the cause of his problems.

Security experts who were asked to review Jack's claims said it is possible that a browser hijacker could have been the reason porn images were found on Jack's computer. But they also pointed out some discrepancies in the story.

Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.

Brian Rothery, a former IBM systems engineer who has been researching Jack's claims, pointed out that a significant portion of the images and URLs cited in the arrest papers are from fairly tame nudist sites, as well as adult sites that do not contain illegal materials.

He said that however the pornography arrived on Jack's computer, "the evidence wasn't handled properly, and his lawyer did not do his job."

Jack said he opted not to fight the charge because his lawyer told him he would probably receive a harsher sentence if he went to trial.

"They are very eager to get conviction," Jack said. "Nobody can fight those powers. I could hardly stay in jail two weeks. The cell is very small, the food is very bad. They let prisoners out only every other day for 3 hours. I do not know how people can stay in prison for years."

If the pornography was placed on Jack's machine by a browser hijacker, he's suffered far more than most victims of malicious software. Others who blame browser hijackers for placing porn on their computers have been luckier.

"I was almost fired after some sort of content-monitoring system that my ex-employer used on the network found several dozen dirty photos on my laptop," said Matthew Cortella, a sales representative based in Illinois. "I had no idea how that stuff got on my machine; I thought it'd been hacked.
"Eventually, thank God, IT found some program on there that they said could have caused the problem. But for eight days I was sure I'd be fired, and I was terrified. I have a family to support. Jobs aren't easy to come by these days."

"My wife and I separated for a time because she thought I was looking at porno," said Fred McFarlane, a store owner in Georgia. "We are religious people. She just couldn't be with me after she saw the pictures that were in our computer. I don't blame her. Even now, I know it's real hard for her to understand it was the computer that did it, not me."

Telling people that "the computer" is downloading pornography on its own often provokes smirks and disbelief.

"I have to say it's like insisting the dog ate your homework," said Jeff Bertram, a systems administrator in New York City. "Are you going to admit that you downloaded porn to your pissed-off spouse or employer? Or to a judge? Hell no, your honor, it wasn't me. The browser did it."
Jack said he would like to appeal his conviction, but knows it will be difficult to convince people that he didn't download the pornography found on his machine.

"The police found nothing in my house, you know, not even a Playboy magazine," he said. "Only in the computer. But most people do not understand that such a thing is possible, that the computer could have made this happen. Plus, with child pornography, people's reaction is only emotions and no thinking."

"I advise Internet users to be very, very careful," Jack added. "Committing a felony is very easy; it just takes one click."