Monday, February 25, 2019

Massachusetts man is issued work computer that is crawling with viruses, leading to child-porn charges that cost him his job and $250,000 in legal fees

Michael and Robin Fiola
Can a computer virus actually make you the unwitting recipient of child pornography? Can that cause government investigators to track you down, leading to criminal charges that threaten your freedom, sanity, and financial well-being? Just ask Michael Fiola, a former resident of Boston, Massachusetts.

In the pending Missouri case of U.S. v. Scott J. Wells, charging documents indicate prosecutors have spent little or no time considering all the ways suspect images could have arrived on Wells' computer without his knowledge.

As for Michael Fiola, he was issued a Dell laptop in 2006 for his job as an investigator with the Massachusetts Department of Industrial Accidents. Unknown to Fiola, the computer was infested with viruses, leading to criminal charges that almost ruined his life. From an ABC News report, titled "A Misconfigured Laptop, a Wrecked Life":

When the Commonwealth of Massachusetts issued Michael Fiola a Dell Latitude in November 2006, it set off a chain of events that would cost him his job, his friends and about a year of his life, as he fought criminal charges that he had downloaded child pornography onto the laptop. Last week, prosecutors dropped their year-old case after a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files.

An initial state investigation had come to the opposite conclusion, and authorities took a second look at Fiola's case only after he hired a forensic investigator to look at his laptop. What she found was scary, given the gravity of the charges against him: The Microsoft SMS (Systems Management Server) software used to keep his laptop up to date was not functional. Neither was its antivirus protection. And the laptop was crawling with malicious programs that were most likely responsible for the files on his PC.

Fiola had been an investigator with the state's Department of Industrial Accidents, examining businesses to see whether they had worker's compensation plans. . . . He's become a spokesman for people who have had their lives ruined by malicious software. He now works as an insurance salesman in North Scituate, Rhode Island.

A 2009 Associated Press report asked the question: "Could a computer virus frame you for child pornography?" The answer, as Michael Fiola knows, is yes:

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography. Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it’s your reputation that’s stolen.

Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they’ll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.

If you are like me, that segment contains some of the scariest information you've seen in a while. An enemy, a prankster, a true pedophile can invade your computer via a virus and remotely fill it up with unlawful child-porn images. Sheesh. Fiola, in fact, hardly is alone in facing such a nightmare, as AP reports:
An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.

Their situations are complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement.

“It’s an example of the old ‘dog ate my homework’ excuse,” says Phil Malone, director of the Cyberlaw Clinic at Harvard’s Berkman Center for Internet and Society. “The problem is, sometimes the dog does eat your homework.”

What exactly happened in the Fiola case? AP explains:

In 2007, Fiola’s bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4½ times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online.

Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends.

Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.

An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.

Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.

The damage, however, was done -- and it might be irreparable:

The Fiolas say they have health problems from the stress of the case. They say they’ve talked to dozens of lawyers but can’t get one to sue the state, because of a cap on the amount they can recover.

“It ruined my life, my wife’s life and my family’s life,” he says.

The Massachusetts attorney general’s office, which charged Fiola, declined interview requests
Here is information that should make all of us rest easy at night:

Pedophiles can tap viruses in several ways. The simplest is to force someone else’s computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online.

“They’re kind of like locusts that descend on a cornfield: They eat up everything in sight and they move on to the next cornfield,” says Eric Goldman, academic director of the High Tech Law Institute at Santa Clara University. Goldman has represented Web companies that discovered child pornographers were abusing their legitimate services.

But pedophiles need not be involved: Child porn can land on a computer in a sick prank or an attempt to frame the PC’s owner.

The inconvenient truth? The modern computer world is like "The Wild, Wild West," with all sorts of potential danger lurking under those keyboards:

“Computers are not to be trusted,” says Jeremiah Grossman, founder of WhiteHat Security Inc. He describes it as “painfully simple” to get a computer to download something the owner doesn’t want — whether it’s a program that displays ads or one that stores illegal pictures.

It’s possible, Grossman says, that more illicit material is waiting to be discovered.

“Just because it’s there doesn’t mean the person intended for it to be there — whatever it is, child porn included.”

No comments: