Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Lax security leads to child-porn charges
Published: 2008-06-17

Child-pornography charges against a "computer-illiterate" man were dismissed last week, after a forensics investigation of his work laptop found that his employer's poor security led to his computer being thoroughly compromised.

The case garnered attention from security professionals this week, when the Boston Herald reported that the charges were dismissed because both the forensic investigator for the defense and two security specialists for the prosecution agreed that the man's laptop had been compromised by malicious programs that were automatically downloading images from the Internet. The man -- Michael Fiola, an investigator for the Department of Industrial Accidents -- had received the laptop from his employer in November 2006 without properly functioning security software, according to the Herald. Fiola was "computer-illiterate," the Herald quoted his wife as saying.

Fiola's attorney slammed the prosecution for releasing the man's name.

"Imagine this scenario: Your employer gives you a ticking time bomb full of child porn, and then you get fired, and then you get prosecuted as some kind of freak,” defense attorney Timothy Bradl said, according to the Herald, which first reported the story. "Anybody who has a work laptop, this could happen to. Mike Fiola is a hunt-and-peck kind of computer guy. He can barely get on the Internet."

The case drew parallels to the prosecution of Julie Amero, a former Connecticut substitute schoolteacher, whose classroom computer had apparently been compromised with spyware, displaying pornographic pop-up ads in front of her students. The Julie Group, a collection of legal experts and security professionals who rallied to Amero's aid and provided a full forensics report after the prosecution failed to investigate the evidence itself, managed to get the charges dismissed a year ago, but the prosecution still has not said whether it will retry the case. The group stressed that prosecutors need to be more careful in charging suspects with possession of child pornography.

"In far too many cases, employers, police, and crazed fellow citizens are quick to assume that the people accused of possessing unlawful images must be guilty of something far more nefarious no matter what the evidence, their peer relationship, or common sense might indicate to the contrary," the group said in a statement on Monday. "The combination of manufactured and magnified fear, a relentless and mindless moral extremism, and poorly drafted laws that eliminate common sense are creating an ethical nightmare that threatens the very rule of law and guarantee to a fair trial for those falsely accused."

In the latest case, the Department of Industrial Accidents investigated the laptop after Fiola's wireless-broadband bill surged to more than four times the average, according to the forensics report, prepared by Law2000. On March 13, 2007, the laptop was taken from Fiola and investigators found child pornography in his temporary Internet cache. The next day, Fiola was fired from his job.

The forensics report in the Fiola case is available online from CSO.com.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus