.

The Julie Amero Case: A Dangerous Farce

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Dec 01, 2008 2:49 pm

The Julie Amero Case: A Dangerous Farce

This write-up by Robert X. Cringely of InfoWorld is a great summary of the events with llinks to more info. After working at an educational institution albeit a university, I saw this kind of cluelessness daily. It's amazing how the technology of our brave new world is not in the least bit understood by the masses who use it. I'm not expecting people to be able to design a datacenter or manage an enterprise network, but knowing at least the big picture concepts is not too much to ask... or is it? All I know is that the same type of people who get in trouble, prosecute, try and judge cases et al are the same people who get so easily irritated when us in IT try to help them with a little understanding. Maybe more cases like this need to be in the headlines to help educate people. Or maybe all of this will continue to fall on deaf ears. I can't even say that I'm hopeful for the next generation and the common thought that all of this will eventually go away when a majority of users grew up with technology. Young kids in elementary school, HS and college (unless they are CS students) seem to be as uninformed as my Grandmother. See for yourself. Try it. Go to your daughter's, nephew's or whatever young family member's computer and see how much of it is riddled with spyware. Is there any hope? Should I not worry, because this keeps us (and as seen in the article even some completely inept techs) employed? Let the conversation begin:


The Julie Amero case may be over, but revelations about how it all happened have only just begun. And the truth is both stranger and uglier than you can imagine. Cringely has the 411.

Since I posted my screed last week about Julie Amero, the Connecticut middle school teacher who almost did hard time because a computer in her classroom was infected with malware, I heard from many Cringesters -- including a handful of people with intimate knowledge of the case. Whatever you thought of the Amero story before, the reality is far, far worse.

It was a perfect storm of almost farcical proportions. Almost anything that could go wrong, did go wrong: Kids who exaggerated what they saw on Julie Amero's screen. A school principal who overreacted and called the cops when an administrative rebuke would have been sufficient. An IT administrator who was dangerously out of touch. A DA who overreached in applying a felony charge to what was at worst a misdemeanor. A police computer forensics "expert" who was anything but, and a defense expert who was even worse. And Amero herself, more clueless about technology than the students she was supposed to teach.

Alex Shipp, a security researcher who volunteered to help Amero, says the school district's IT admin was:

...an ex-IBMer approaching retirement who appeared to know little about PCs and networks. He let his firewall subscription lapse. He was running a trial version of an anti-virus program (Cheyenne) which was bought out by Computer Associates and discontinued in favor of their product over 6 months earlier. He did not update signatures regularly anyway. From his trial comments, he know little about malware or adware. He knew nothing about pop-ups. To me, it looks like he threw Julie to the wolves to cover his failings.

Security wonks who volunteered to help Amero obtained a ghost image of the computer's hard drive but were inexplicably denied access to the full firewall logs. Still, that was enough to determine what images were on the PC (no hard-core porn, but a number of nude lesbian scenes) and the malware program that was delivering the pop-ups: NewDotNet. (The team published its findings here [PDF].)

On that fateful morning in October 2004, Amero was searching for new hairstyles on a Windows 98 PC described by another security wonk as a "pile of living dog **** with absolutely no protection on it" when the pop-up storm hit. Without the complete logs, it's impossible to know exactly what triggered the pop-ups. We do know she didn't turn off the machine, a point that was hammered home by the prosecutor throughout the case.

Meanwhile, Amero's defense counsel was suffering from severe health problems, which got worse as the trial dragged on. His own forensics "expert" who was little more than a guy who played with computers as a hobby and got shredded on the stand. Per Shipp:

I think the police were incompetent. They believed the stories told to them by people with ulterior motives, and made no attempt to look at the digital evidence to see if there was any conflicts.... The police expert witness was a dangerous buffoon. He sent threatening emails to people involved in the pro-bono work, and during the trial made elementary technical errors.

I've seen an e-mail sent by the police expert to a member of the security team, and it was troubling to say the least. Note to residents of Connecticut: Your tax dollars pay this man's salary. Just something to think about.

"This case was a total breakdown in jurisprudence," says Alex Eckleberry, the Sunbelt Software CEO who helped organize the team of security volunteers. "Nobody understood the technology."



Original story:
http://weblog.infoworld.com/robertxcrin ... amero.html

Don
CISSP, MCSE, CSTA, Security+ SME
<<

jimbob

Post Tue Dec 02, 2008 9:20 am

Re: The Julie Amero Case: A Dangerous Farce

I've got to say that this whole case makes my blood boil. I'm seriously bothered by the sheer lack of professionalism shown by many parties during this case. How the prosecution expert witness was allowed to practice is beyond me and how the defense were unable to shoot his testimony down in flames is beyond me.

I think this case was closed once someone found pictures of nekkid ladies, an attitude that seems to be alarmingly pervasive in such cases. There's the evidence, now go prosecute.

</rant>
Jimbob
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Dec 02, 2008 12:07 pm

Re: The Julie Amero Case: A Dangerous Farce

This ties in nicely to a previous thread about how forensics groups will basically expel you if you are ever caught working for the "dark side".  (ie. the defense)  This is the perfect example of where someone needed to stand up and tell the prosecution that their case was fatally flawed at all levels, especially their technical analysis.  The lead detective in this case also made one of the classic mistakes in law enforcement.  He stated that he did his work to "help the victims."  That is nice to say, but it isn't actually his job.  His job is to perform a neutral investigation which produces factual evidence.  If that evidence indicates that the "victim" might not be a "victim", then so be it.  As soon as you get into the mindset of being there to seek justice for victims, then you start sliding down that slippery slope of manipulating the facts to fit your theory rather than making a theory that fits the facts.  If you can't gather the necessary evidence to convict someone, well that sucks but it is what it is.  At some point you have to admit that the reason the evidence might not exist is because the person you are going after isn't the person that committed the crime.  In rare cases you might also find out that your victim isn't a victim.  In even more rare cases, like this one, the person you're trying to convict might actually be the victim.  The only feasible way to go is gather the facts and present them honestly.  Oh, but that doesn't work very well when you're a poorly trained, out of your league hack posing as an investigator who is supported by a prosecutor looking for headlines.  In that case maybe you should just do the honorable thing and drink yourself into a coma.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software