PDA

View Full Version : Pop-up ads can land you in jail



Tex Arcana
02-22-2007, 06:14 PM
Pop-up ads can land you in jail

By Ryan Russell

If you find yourself the victim of pop-up ads on a computer, with children in the vicinity, you could face decades in prison.

I wish that I was exaggerating or being sensationalistic, but for Julie Amero this is far too real.

Meet Julie Amero, substitute teacher

There's a good chance that you've already heard something about Julie. She's perhaps better known as the Connecticut substitute schoolteacher who's been convicted of "child endangerment." She now faces a sentence of up to 40 years in prison because porn pop-ups appeared on a school computer.

For background on the case, you can read articles from the New York Times (http://windowssecrets.com/links/yfv5py2ew1yjd/123a72h/?url=www.nytimes.com%2F2007%2F02%2F14%2Fnyregion%2 F14teacher.html%3Fei%3D5090%26en%3D9e18a05a5f2e2de 3%26ex%3D1329109200%26adxnnl%3D1%26partner%3Drssus erland%26emc%3Drss%26adxnnlx%3D1171481393-PZ2abm9Sp2napgnyEloHcg), MSNBC (http://www.msnbc.msn.com/id/17134607/), or SecurityFocus. (http://windowssecrets.com/links/yfv5py2ew1yjd/dd9302h/?url=www.securityfocus.com%2Fcolumnists%2F434)(Ful l disclosure: WSN editorial director Brian Livingston is quoted in the New York Times piece supporting Julie. The article at the MSNBC site is also a good read, but I don't recommend the accompanying video, which starts out with a falsehood and goes downhill from there.)

Let me begin by saying that I'm biased when it comes to Julie's innocence. I'm doing my best to spread the word about her case, and have offered my technical skills to support her defense. I have access to some technical experts who are reviewing the trial transcripts and computer forensic evidence. I can't point to a public reference to support all of my positions yet, so you'll just have to take my word, for the time being.

There are many points I could make about what's wrong with her case. But I'll stick with my core competency and just point out some of the technical flaws.

Flawed technology condemns an educator

The key issues were set in motion before Julie ever arrived to substitute-teach on the day in October 2004 that the pop-ups occurred. The school district had allowed its Web-filtering software support contract to expire, preventing the software from receiving updates. The computer in question was running Windows 98, and the browser in use was IE 6.

According to evidence analysis performed by Alex Shipp, an independent malware researcher, the antivirus software was a trial version of Cheyenne Antivirus (CA). That product had been discontinued by Computer Associates on Mar. 17, 2004. It appears that CA issued a last courtesy update on June 30. Julie taught the class on Oct. 19. The computer had no antispyware software.

In other words, this computer had almost no protection and an unsecurable operating system. This is the machine Julie was given to use.

On the day in question, the regular teacher was there before class to log Julie into the computer. Substitutes didn't have their own accounts, and were ordered not to log out or shut down the computer. Julie left briefly and, when she returned, the regular teacher was gone. She found students, some of whom didn't even belong in the upcoming class, Web surfing on the teacher's computer.

Experts now analyzing the hard-drive image have confirmed that the computer had been infected with adware days before Julie's arrival. Unfortunately, in this case, that means that when a student tried to visit a hairstyle Web site, he or she was instead redirected to a different site that had adult products advertised. When Julie tried to close the site down, this started a pop-up cascade.

One thing I should mention about Julie: She's a total "computerphobe." She can perform basic computing functions, but that's about it.

So what did she do when she couldn't get rid of the pop-ups? She turned the screen away from the students. It was at the front of the room, where the students would have had to be essentially at the teacher's desk in order to see. She did her best to get rid of the images without making it obvious to the students that something was wrong. If a student approached, she reportedly chased them away.

During a break, Julie went for technical help to get rid of the pop-ups, which reappeared as fast as she tried to close them, but she received no help. No one would return to the classroom with her. She was told not to worry about it. However, she was worried about it, and it turns out she had reason to worry — she was later arrested for "child endangerment."

Legal system fails pop-up victim

When law enforcement became involved, sanity should have prevailed. Instead, the technical flubs continued, and the case sped downhill. A detective was assigned to take a forensic image of the computer and perform a technical analysis.

Let me briefly tell you what I know about taking a proper forensic image of a computer that will be involved in a criminal case. Keep in mind that I'm not a forensics expert; these standards are just common knowledge in the computer security field.

If you're going to image a drive for evidence, you have to use special write-blocking hardware that helps take a sector-by-sector image of the entire hard drive, including the "empty" space. The image is then hashed so that any tampering will be evident, and you always work from copies.

Typically, only software tools with support from existing case law are used. Otherwise, questions can arise over the soundness of the tools and techniques. The imaging tools that have case law behind them are EnCase and the Unix dd utility.

The detective in this case took an "image" of the hard drive with Norton Ghost. Norton Ghost is a tool used to back up a computer's hard drive in order to restore it to a known state after people have modified the configuration. It is often used on training or lab machines. There is nothing wrong with Ghost for what it does, but it is not a forensic tool.

So what did the detective use to examine the "image"? He used a program called ComputerCOP Pro. It appears that the program displays a version of the Internet Explorer history, which shows the URLs that were visited. At trial, this ended up translating to the prosecutor telling the jury that this means that Julie "physically clicked" those links. In fact, pop-ups show up in the history the same way as a link you click on.

In truth, the software also cannot tell you who was in front of the computer, who typed in a URL, or who saw the pictures displayed. It's clear that someone who lacks the technical background to properly interpret the results, and is not willing to put in the time to figure it out, can jump to some very wrong conclusions. The detective never even looked for spyware on the computer.

This is the kind of technical evidence on which Julie was convicted.

An innocent teacher awaits sentencing

Julie is now awaiting sentencing, which is scheduled for Mar. 2. I could discuss jail-time possibilities, but many of us are still refusing to accept any possibility other than someone coming to their senses and throwing the verdict out.

To that end, the experts I mentioned are frantically preparing their report on the technical information. The hope is that the prosecution or court will recognize that there has been a basic mistake in the facts presented at trial before a sentence is handed down.

Despite my bias that I told you about, do you have reasonable doubt about Julie's guilt? For more information, see the julieamero (http://windowssecrets.com/links/yfv5py2ew1yjd/6bc337h/?url=julieamer.blogspot.com) blog at Blogspot, which is largely maintained by Julie's husband. There's a PayPal button at the top of that blog so people can contribute to help pay Julie's defense costs, which are reported to be over $20,000 so far.


Cliff's:

1) School uses sh!tty Win98 computers with non-operative protection software;
2) Substitute teacher gets called in, regular teacher logs her into the computer;
3) kids start surfing with IE6, hit a website that spawns a sh!tload of porn pop-ups;
4) school refuses to help teacher, someone rats her out, she gets arrested for "child endangerment";
5) completely clueless cops can't find their own a55es with a road map and a head start, and still conclude she did it;
6) she goes to court, gets convicted by an equally clueless judge, is awaiting sentencing;
7) ...
8) no profit.

And before you guys say "she could've just turned it off", realize she's a complete n00b when it comes to computers and technology; and remember she went for help from the focking admins, who refused to help.

This is the sort of bullshit that makes my blood boil. :mad:

bluesvt
02-22-2007, 06:46 PM
Teachers already get enough sh*t and that just shows how ignorant people can be. This is f'ing rediculous and if she does get convicted thats gonna be sad to see an innocent person go down for something so minor and stupid. :flaming:

Silver_2000
02-22-2007, 08:23 PM
Think of the impact on technical learning in the future .. what teacher will EVER want to do that again ?

I sent her some $$ via Paypal and she sent back a nice note

Also told her to put Google ads on the blog - its free money...

Doug

Tex Arcana
02-23-2007, 01:19 PM
This is truly an indictment of the law enforcement system, the education system, and the state of personal computing. It angers me to no end that people allow things like this to happen without demanding some accountability from the people who supplied the software, and the people who implemented it.

meh. :( I contributed, as well. I really hope they can get the legal help they need.

mikelemoine
02-23-2007, 09:29 PM
My daughter got basically a death threat email from another kid who had already vandalized our cars several times and bragged about it on Myspace. The detectives who were helping us in Mesquite were nice guys but had absolutely no computer knowledge, they really didn't even know what Myspace was about. I opened it on their machine to show them the kid bragging about "f*cking Sh*t up" and he was in awe. He said "my daughter better not be into this sh*t", I think he went home that night to interrogate his kids! The station had very old 98 computers with word 97 and IE 5 on them. They said they do have people who can do that "puter stuff" but they don't mess with it much. What they did tell me was that they (Mesquite PD) have never successfully convicted anyone for online threats, emails, spam etc since "all you have to do is say someone stole your account, or your friends all use your computer" and no DA will bother to pursue. The police are grossly underfunded and lack training on the net, which is where so many crimes happen nowadays. Seems like it would be just as hard to convict this teacher since nobody saw her open these pages, and a bunch of kids were using the PC before it happened. Perhaps they should go after the companies who's porn ads popped up in front of the kids or who email "grow your d*ck pills" 100 times a day (I keep asking my wife if she signed me up??:d ). In closing, they did get the crazy chick to confess after they showed her the Myspace printouts. Sorry if I hijacked this a bit.

Tex Arcana
02-24-2007, 03:58 PM
Not really a hijack, Mike, it's pertinent to the discussion.

Something else we all need to be aware of: that the way the law is written, merely *having* an illegal image or video on your computer can land you in jail---even if it were the result of spam, or popups, and you didn't intentionally click anything. And since the pedophile laws as they are written have no defense, you're going to jail for 10 years, no matter what. :flaming:

WA 2 FST
02-24-2007, 04:44 PM
Not really a hijack, Mike, it's pertinent to the discussion.

Something else we all need to be aware of: that the way the law is written, merely *having* an illegal image or video on your computer can land you in jail---even if it were the result of spam, or popups, and you didn't intentionally click anything. And since the pedophile laws as they are written have no defense, you're going to jail for 10 years, no matter what. :flaming:

I'm so computer illiterate. Is there a way to check if there is crap on your PC? I have spyware software installed, and I typically refresh/delete my browser several times a week. I also have a pop-up blocker, but I still get 'em from time to time.

So is there a way to check if there are bad pics/videos on my PC besides just searching files (which I probably wouldn't know where they are stored anyway)?

Tex Arcana
02-24-2007, 09:04 PM
I'm so computer illiterate. Is there a way to check if there is crap on your PC? I have spyware software installed, and I typically refresh/delete my browser several times a week. I also have a pop-up blocker, but I still get 'em from time to time.

So is there a way to check if there are bad pics/videos on my PC besides just searching files (which I probably wouldn't know where they are stored anyway)?

You have "temporary internet files" and "history" folder(s), where most stuff like that are stored. There is a setting in both Internet Explorer and Firefox that allow you to clear both of those; and I think both have settings that can automatically clear them on a regular basis.

The key is to make sure certain things don't happen: if you use Outlook or Outlook Express, you need to turn off automatic opening and downloads; plus, you need a good spam filter (atop the one your ISP hopefully provides). If you use webmail (Yahoo, Hotmail, Gmail, Comcast, etc.), most of those have the spam filtering tools you need (and are pretty good--well, I know Yahoo is quite good). Plus, for both email types, you should turn off "HTML Images" in the body of emails, because spammers set up links in the body of emails back to their servers, so they *know*, the second the image loads, that that particular email is a good one, and then they not only inundate it with spam, they sell your "good" email to other spammers, who in turn get paid to deliver spam to good email addresses.

Personally, I employ AVG Antivirus, set to scan all files; Spybot Search&Destroy, a very good spyware blocker; Spywareguard, another type of blocker that is "aware" of S:S&G; and SpywareBlaster, another one that works from yet another direction, and is aware of both Spybot:S&G and SB. As long as I update them fairly regularly, they do the job (only the AVG antivirus is automatic; the others require manual updates).

I also use Firefox exclusively for my web browsing; if something requires IE, then it's not important enough for me to mess with opening it. I have a host of protection extensions installed (AdBlock Plus is excellent, because it blocks banner and popup ads based on a "whitelist" that is maintained by a series of individuals--open-source style--who have no other interests except to provide a good list; I also use FlashBlock, because alot of sites will embed Flash animations for ads, and they are just as annoying), and its built-in pop-up blocker is very good.

If you'd like to discuss this more, PM me, we'll do lunch or sumtin'. :tu:

WA 2 FST
02-24-2007, 10:17 PM
Sounds like I'm in good shape. I automatically (and know how to manually) delete the temp files/history and I employ AVG as well. I also have a good, quality adware/spyware software that I run manually every couple of days.

I have a good firewall as well.

I just didn't know if there was something else I needed to do.

Tex Arcana
02-25-2007, 04:44 PM
Sounds like I'm in good shape. I automatically (and know how to manually) delete the temp files/history and I employ AVG as well. I also have a good, quality adware/spyware software that I run manually every couple of days.

I have a good firewall as well.

I just didn't know if there was something else I needed to do.

Good job. It's not 100%, because of the temp files and the "persistent images" that remain when you delete them (meaning, the OS deletes the address of the image/program/etc. in the master file table, not the actual image); but there are nice freeware programs that will do waht amounts to DOD-level elimination of the "free" space left over, if you're REALLY paranoid. :tex (damn, that truly came in useful for a change. :tongue:)