The Julie Amero case may be over, but revelations about how it all happened have only just begun. And the truth is both stranger and uglier than you can imagine. Cringely has the 411.
Since I posted my screed last week about Julie Amero, the Connecticut middle school teacher who almost did hard time because a computer in her classroom was infected with malware, I heard from many Cringesters -- including a handful of people with intimate knowledge of the case. Whatever you thought of the Amero story before, the reality is far, far worse.
It was a perfect storm of almost farcical proportions. Almost anything that could go wrong, did go wrong: Kids who exaggerated what they saw on Julie Amero's screen. A school principal who overreacted and called the cops when an administrative rebuke would have been sufficient. An IT administrator who was dangerously out of touch. A DA who overreached in applying a felony charge to what was at worst a misdemeanor. A police computer forensics "expert" who was anything but, and a defense expert who was even worse. And Amero herself, more clueless about technology than the students she was supposed to teach.
Alex Shipp, a security researcher who volunteered to help Amero, says the school district's IT admin was:
...an ex-IBMer approaching retirement who appeared to know little about PCs and networks. He let his firewall subscription lapse. He was running a trial version of an anti-virus program (Cheyenne) which was bought out by Computer Associates and discontinued in favor of their product over 6 months earlier. He did not update signatures regularly anyway. From his trial comments, he know little about malware or adware. He knew nothing about pop-ups. To me, it looks like he threw Julie to the wolves to cover his failings.
Security wonks who volunteered to help Amero obtained a ghost image of the computer's hard drive but were inexplicably denied access to the full firewall logs. Still, that was enough to determine what images were on the PC (no hard-core porn, but a number of nude lesbian scenes) and the malware program that was delivering the pop-ups: NewDotNet. (The team published its findings here [PDF].)
On that fateful morning in October 2004, Amero was searching for new hairstyles on a Windows 98 PC described by another security wonk as a "pile of living dog **** with absolutely no protection on it" when the pop-up storm hit. Without the complete logs, it's impossible to know exactly what triggered the pop-ups. We do know she didn't turn off the machine, a point that was hammered home by the prosecutor throughout the case.
Meanwhile, Amero's defense counsel was suffering from severe health problems, which got worse as the trial dragged on. His own forensics "expert" who was little more than a guy who played with computers as a hobby and got shredded on the stand. Per Shipp:
I think the police were incompetent. They believed the stories told to them by people with ulterior motives, and made no attempt to look at the digital evidence to see if there was any conflicts.... The police expert witness was a dangerous buffoon. He sent threatening emails to people involved in the pro-bono work, and during the trial made elementary technical errors.
I've seen an e-mail sent by the police expert to a member of the security team, and it was troubling to say the least. Note to residents of Connecticut: Your tax dollars pay this man's salary. Just something to think about.
"This case was a total breakdown in jurisprudence," says Alex Eckleberry, the Sunbelt Software CEO who helped organize the team of security volunteers. "Nobody understood the technology."
http://weblog.infoworld.com/robertxcrin ... amero.html