Attorney Representing Whistleblowing Cops Claims Police Department Dropped Spyware On His Hard Drive
from the RAT.EXE dept
This news is infuriating if true. And its chance of being true are pretty high, considering how little cops having the whistle blown on them care for those blowing the whistle. In this case, police officials didn't just stonewall a court order to produce records. They also allegedly dropped backdoors and keyloggers onto the plaintiff's hard drive.
An Arkansas lawyer representing current and former police officers in a contentious whistle-blower lawsuit is crying foul after finding three distinct pieces of malware on an external hard drive supplied by police department officials.In response to a discovery request, the Fort Smith Police Department was ordered to turn over numerous items, including Word documents, PDFs and emails. Attorney Matt Campbell provided an external hard drive to the PD. When it was returned to him, it contained some of what he requested, along with three pieces of software he definitely didn't request.
In a subfolder titled D:\Bales Court Order, a computer security consultant for Campbell allegedly found three well-known trojans, including:The police department claims it has no idea how these ended up on Campbell's hard drive. It maintains its innocence despite acknowledging its computers have anti-virus software installed that should have prevented these from ending up on its drives, much less being copied to an external drive. Campbell isn't buying these proclamations. In an affidavit submitted to the court, he alleges the PD added these trojans to take control of his computer and intercept his passwords and communications.
Win32:Zbot-AVH[Trj], a password logger and backdoor
NSIS:Downloader-CC[Trj], a program that connects to attacker-controlled servers and downloads and installs additional programs, and
Two instances of Win32Cycbot-NF[Trj], a backdoor
Campbell's first attempt to have this apparent breach investigated went nowhere.
Last September, Arkansas State Police officials declined Campbell's request that the agency's criminal investigation division probe how the hard drive sent to Campbell came to be booby-trapped. "The allegations submitted for review appear to be limited to misdemeanor violations which do not rise to a threshold for assigning a case to the CID Special Investigations Unit," the commander of the CID wrote in a September 29 letter declining the request.So, even though CID stands for "Criminal Investigation Division" and a misdemeanor is, in fact, a criminal offense, the Arkansas State Police decided that it couldn't be bothered to examine an incident that could have resulted in breaches of attorney-client privilege. "Don't bother us until it's a felony, " is the message being sent here. Even if the CID had no interest in dealing with small-time (but not really, considering the implications) misdemeanors, it could have at least referred Campbell to authorities who would be interested in pursuing this. But it didn't -- which either means it had no interest in anyone pursuing this further or knew no other entity would be interested in pursuing an investigation of the Ft. Smith PD.
Perhaps the latter is more likely. Campbell took his complaint to the district's prosecuting attorney and met similar non-results. The district attorney's office claimed it didn't have the resources to pursue this, suggesting that its limited resources will only be used to investigate those outside of the law enforcement sphere.
So, Campbell has asked the judge to hold the department in contempt of court and impose sanctions. Not only did the PD apparently drop malware on Campbell's drive, but it also skirted many of the discovery order's stipulations.
Defendants have failed to properly answer discovery requests in compliance with this Court's Order, to wit:The affidavit goes into greater detail on all of these accusations. One of the most egregious abuses alleged is the apparently intentional deletion of the entire content of a PD official's email account.
a. Defendants have engaged in intentional spoliation of evidence by deleting entire email accounts without allowing Plaintiffs to search the emails;
b. Defendants have engaged in ongoing, intentional spoliation of evidence by failing to preserve and provide deleted emails that, by their own admissions, were recoverable;
c. Defendants have relied upon past AFOIA responses in answering Plaintiffs' discovery requests, resulting in Defendants providing emails that have improper redactions; and
d. Defendants have failed to provide usable documents related to Capt. Alan Haney's computer, inasmuch as the external hard drive supplied to Plaintiffs contained malicious software designed to hack into Plaintiffs' counsel's computer, rendering the hard drive unsafe for Plaintiffs' use.
After receiving Defendants' responses to Plaintiffs' requests, Plaintiffs reviewed the produced documents and noted that few, if any, emails from most of the Defendants had been produced, aside from what had been previously produced in response to AFOIA requests. Accordingly, Plaintiffs' counsel arranged with Defendants' counsel to meet at the FSPD with Mr. Matlock, and that meeting was scheduled for August 5, 2014.Except there was something suspicious about this last-minute rescheduling.
[...]
As this Court may recall, Defendants cancelled this scheduled meeting on August 1, 2014, via email to Plaintiffs' counsel. Plaintiffs' counsel contacted this Court on August 4, 2014, in an effort to have the August 5 meeting date honored. Defendants' counsel responded on that same date, contending that there was nothing untoward or suspicious about the last-minute rescheduling and that Court intervention into the matter was not needed.
The meeting between Plaintiffs, Defendants, and Mr. Matlock was rescheduled for August 28, 2014. On August 5, 2014, however, Maj. Chris Boyd, Sr., retired from the FSPD. On August 28, when Plaintiffs' counsel asked Mr. Matlock to pull up Maj. Boyd's email account, Defendant Jarrard Copeland immediately asked Mr. Matlock whether Boyd still had an email account, to which Mr. Matlock replied that he did not. Mr. Matlock further informed Plaintiffs' counsel that the emails had been deleted. When pressed on this issue, Mr. Matlock confirmed that they were deleted after Maj. Boyd's retirement on August 5, 2014.On top of that, Mr. Matlock was still telling other cops he would to be in town during the day he told the plaintiffs he wouldn't be available (August 5), according to emails obtained by Campbell. Then, suddenly, he was completely unavailable.
That this was intentional spoliation is bolstered by the fact that, as late as 6:10 PM on August 4, 2014, Mr. Matlock was planning on being at the SPD 'by lunch' on August 5, 2015, and was communicating with other officers about doing specific tasks on the afternoon of August 5…Given the amount of obstruction and non-compliance alleged in this affidavit, it's really not that surprising that someone -- with or without approval from superiors -- loaded tainted software onto Campbell's hard drive. Sure, there's a case to be made for stupidity rather than malice, but with the other obfuscation detailed in Campbell's affidavit, the scale is definitely leaning towards the latter.
It was not until 9:06 AM on August 5, 2014 - the date originally scheduled for the meeting and four days after Defendants had cancelled the meeting that Mr. Matlock informed anyone that he was taking that entire day off as a 'discretionary day.' And it was not until on or about August 19, 2014, when Plaintiffs' counsel requested Mr. Matlock's payroll record for the period covering August 5, that the SPD Payroll Department was actually informed that Mr. Matlock had taken a discretionary day two weeks prior. Interestingly, this is the only discretionary day that Mr. Matlock has taken in the last three-plus years.
Hopefully, the court will examine these accusations closely, considering no other entity that could hold the PD responsible for its alleged misconduct seems willing to move forward with an investigation.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fort smith police department, law enforcement, police, spyware, surveillance, whistleblowers
Reader Comments
Subscribe: RSS
View by: Time | Thread
Just another day at the P.D.
[ link to this | view in thread ]
[ link to this | view in thread ]
Two possibilities:
Two, this is intentional, in which case an investigation is needed to determine who to fire and charge for the blatant criminal activity.
Either way, an investigation is needed.
[ link to this | view in thread ]
Getting real tired of this
[ link to this | view in thread ]
[ link to this | view in thread ]
Which is the computer security tech in the employ of the P.D. also went to a conference and attended classes on dealing with whistleblowers and leaks just a little bit before the drive was sent .
This is pure preplanned coordinated malice .
[ link to this | view in thread ]
That's what the CFAA is for!
[ link to this | view in thread ]
Re: Two possibilities:
The police are supposed to keep the peace, not keep the peace to whatever standard we want, because fuck you, that's why.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
That's when people start taking the law into their own hands since the actual police refuse to and turn a blind eye to crime in their ranks.
If this keeps up, there will be a lot more cops getting shot by citizens that feel like they have no options for dealing with said criminals in their ranks
[ link to this | view in thread ]
Misdemeanor? WTF?
[ link to this | view in thread ]
If handing over contaminated evidence is common, lawyers would have to decon everything coming from the pd.
Allergens/pollutants on files and letters or some blankets courtesy of old 'Poxy down in evidence.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
But there's a reasonable chance that the spies aren't that competent, given that they installed malware that was easily discoverable.
[ link to this | view in thread ]
Fact: Pigs lie... All the time, for fun and profit
Time for a pig hunt.
[ link to this | view in thread ]
Even with Autorun enabled, if the drive didn't contain an Autorun.inf file in the root directory, those programs would never be executed unless someone double-clicked on them.
[ link to this | view in thread ]
Umm, no, considering extenuating circumstances, I'll put it down to inconclusive.
Yes, it's messy. Yes, it's damnably suspicious. Yes, the lawyer should pursue it. Yes, the cops could be doing something dastardly.
But really, this's MS Windows. All it would take is someone (any someone) bringing in a personal laptop or USB key (infected) and plugging it in and anything it "spoke to" is now boned. I would not expect cops to understand how to secure the overall system. Do they even employ IT people? I'd doubt it.
An OS that sees "blah.jpg.exe" as "blah.jpg" to the user AND an executable to the OS is just asking for disaster. I'd look to the server logs for illumination, but if that's Windows server, I'd go to the router, then ISP logs instead, and I wouldn't be confident of finding a definitive answer.
That OS, in all its various forms, is a ... Well, I'll just say it's not to be believed in any way, shape or form, to be polite. Yes, I'm an anti-Windows bigot. Sue me.
[ link to this | view in thread ]
If it quacks like a duck...
It doesn't even matter what the investigation was about.
All the police corruption is due entirely to the War on Drugs.
During the first prohibition, - booze - the cops were the most corrupt organization in America.
During the second prohibition - drugs - the cops are the most corrupt organization in America.
Without the War on Drugs, cops would have to go back to earning a barely subsistence level income.
With the benefits of the War on Drugs, cops, lawyers, judges, politicians, businessmen, can all reap hundreds of thousands of dollars in extra income yearly through graft, playing the mule, or by simply "looking the other way".
When the cops are getting more income annually from the mob than from the public, they no longer work for the public.
This is obviously the case today.
---
[ link to this | view in thread ]