Hellish Ordeal Ends for State Worker Caught in Child Porn Malware Snare

Months after arresting a man for having child pornography images on a state-issued laptop, prosecutors dropped the charges when a defense-sponsored forensic investigation showed that a poorly configured laptop that had become riddled with malware was to blame.

The victim (besides the children in the images) was Michael Fiola, a former investigator with the Massachusetts Department of Industrial Accidents (DIA). After he was given a sloppily configured replacement laptop running Windows XP with SP2 in November of 2006, he was fired in early 2007 when his IT department found the illegal pornographic images on his hard drive. After being criminally charged in August of last year, Fiola reportedly lost more than his job — apparently, friends and family shunned him, though his wife did stand by his side.

Tami Loehrs, a forensic investigator hired by Fiola’s attorneys and president of Law2000, told TechNewsWorld that Microsoft Systems Management Server (SMS) software on the laptop was the first red flag that should have been noticed by DIA’s IT team.

“When they gave him this laptop, it had belonged to another user, and they changed the user name for him,” Loehrs explained.

“In the SMS software, they forgot to change the user name, so SMS was trying to connect to a user that no longer existed. So the day he walked out with the laptop, the SMS logs were red. If the IT department would have taken a single look at it, they would have seen that it was red and wasn’t connecting to the server. It was set up to do all of its security updates via the server, and none of that was happening because he was out in the field,” she added.

Fiola used a Verizon wireless card that had a constant, wireless Internet connection, set up for him by DIA. With undermined security, the laptop would allow all sorts of malware and infections to continue operating — including some that could literally take over the computer’s behavior without the user knowing. It’s unclear at what point the laptop became infected with the malware that landed Fiola in hot water.

40 Sites in 60 Seconds

“What I found is, he would log in to the state’s Web site, he’d be on for five or 10 minutes and during the exact same time that he’s filling out a form, an image shows up, out of nowhere. No typed [Uniform Resource Locator], no search, no Web site activity, just bam, a cached image shows up on his computer,” Loehrs said. The offending images were located in the laptop’s browser cache directory.

“He’d have 40 Web sites hitting his computer in a minute — who’s the IT guy who looked at this and said, “Wow, this guy is pretty active on the Internet?’” Loehrs said. “It’s physically impossible!”

Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. “And once you get into some of these foreign sites, you’ll get all kinds of stuff you don’t want to see.

“Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything,” she added.

Still, it took prosecutors months to drop the charges — largely due to Loehrs uncovering the true nature of the images.

Configuration Counts

Fiola’s case raises serious questions about government security. If a state-run IT department can’t configure a laptop properly, what can a person do to protect themselves from rogue malware? Of course, security software should be able to catch most problems, but what if it’s misconfigured?

“All of the technical people know you can get spammed with pornography; viruses can bring up stuff you don’t want. And while people want to think you can’t possibly be hacked, of course there are Trojans and ways for people to get into your computer,” Loehrs said.

“Trojans are written by tech-savvy people. What’s the first thing they are going to do? They’re going to disable the protection,” she added, noting that Fiola’s Symantec-based logs were missing from the compromised laptop.

“Clearly, something went in and whacked the virus protection. So, if you’re not a technically savvy person, how do you even know that it’s working? I don’t know — from what I’ve seen, how anyone can really protect themselves,” she noted.

‘Senses Go Out the Window’

The Fiola case brings up some troubling questions. What if a person actually did realize that his PC was compromised with child porn? How could someone safely remove it? If an innocent user took it to the company’s IT department, he or she might get fired. A computer repair shop would probably alert the authorities, and there’s a good chance the police would seize the computer, arrest the user and start the prosecution process. Is the answer to pour gasoline on a compromised laptop, light it on fire, and get a new one?

“The only answer I can give you is what I’ve seen in the industry: As soon as you mention the words ‘child pornography,’ everybody’s senses go out the window and you are just guilty. Period,” Loehrs said.

“They don’t want to stand back and look at the situation — they don’t want to look at the evidence. They find images and they freak out and go full force. They do that on every single case,” she added. Loehrs hopes people will begin to respond to these issues more responsibly as they become more aware of the issues.