Friday, November 11, 2011

Stupid US Attorney Trick #43: Slipping viruses into discovery material. A public service announcement of SSI and the R. A. Bear Detective Agency.


Warning to criminal defense attorneys in federal cases involving the ATF & FBI:

In this computer age, discovery consists of CD-Roms packed full of files, some of them correctly labeled, some not. Names of snitches are almost all redacted, but names of subjects of investigation, such as Andreas Carl Strassmeier in the OKC bombing case, are often deliberately misspelled so they cannot be easily found in a search. J.D. Cash once told me that there were almost a dozen permutations of the spelling of Strassmeier in the OKC discovery material -- far too many to be accidental. But the latest dirty shyster shitbag trick that federal LEOs and US Attorneys resort to is the virus inserted into files.

This happened in the Freisen case, I am told, but it bounced back on the government when it turned out that Freisen and his attorney never opened a federal discovery file on their own computers but rather handed them off to an IT guy with a stand-alone cheap computer used only for opening fed files that might contain booby traps.

Oops. The IT guy thoroughly documented the virus as well as the fact that it could not have happened by accident. Oops, indeed.

I hear that this is a continual problem and has even happened in a certain prominent current ATF case of note.

So, all you tyro federal criminal defense attorneys, take a tip and don't open your discovery materials on your own computer. Use a cheap stand-alone that you don't mind losing, and immediately consult an IT professional when the whole shebang locks up. It ain't no accident.

This has been a public service announcement of Sipsey Street Irregulars and the Ramsey A. Bear Detective Agency, LLC.



DOJ U.S. Attorney Training Manual illustration, Chapter 12, "How to skunk a defense attorney when you're about to be caught at spoliation of evidence."

11 comments:

Dedicated_Dad said...

Wow.

Just when you thought they couldn't get any lower...

Word to the wise: Google "rootkit" and learn. It's simply STAGGERING what can be done to your PC without your knowledge, and the results can't be found by ANY standard "antivirus" program running under your installed OS.
Such programs can accomplish all sorts of things - from logging all your keystrokes, screenshots, website visits and so-on, transferring all your files (including those created above) to some internet honey-pot, and even bringing stuff down ONTO your PC!

You say you're not into child-porn? Well how do you explain these THOUSANDS of images on your computer, huh? HUH??!!

Of course, no matter HOW careful you are, it only takes SECONDS to install such malware on your PC - all it takes is physical access. You don't carry your PC with you everywhere you go? Huh... Imagine that...

Even if it is offline, locked up tight, it's STILL vulnerable to infection if anything is ever plugged into a USB port or CD/DVD/Etc drive...

Bottom line? WATCH YOUR BACK! Treat ALL "foreign media" or devices as suspect!

Anonymous said...

Dutifully noted and archived for future reference, when nobody can find it on the net anymore.

God these people are truly something.

KBCraig said...

Now, if they received such a trojan horse, they'd file charges against whomever sent it.

Seems fair and balanced, right?

J. Travis said...

Fuckweasels!

Anonymous said...

Look at using virtual machines (Vmware, Xen, etc).

Getting a resettable virtual machine infected is NBD.

The next civil war will include a computer/network component. Make sure someone on your team knows how to protect your cyber-assets, and how to hack the enemy's.

ParaPacem said...

But what about the spiders in their coveralls?

Anonymous said...

Isn't what they did a criminal offense? And easily proven as well? Everything leaves a trail. Even viruses. Or so I'm told.

Kevin Patrick said...

Linux is your friend, in that regard.

Dedicated_Dad said...

Anon (11/11/11@17:15) gives GREAT advice. "Virtual machines" ("VMs") are a GREAT resource, and not NEARLY so difficult to manage as you might think...

For the uninitiated, you install some software (the VMWare version is FREE for private use!) on your PC and tell it to create a new "Virtual PC" (VM), which will appear to "boot" like a real PC but run in a window like other programs. You then set up Windows (or other OS of your choice).

It's all saved to a file, so you can simply mark your "bare-bones"/CLEAN file "Read-only" (or better yet, burn it to a non-writable media like CD/DVD).

Henceforth, you need simply copy the "clean" "virtual PC" file to a "working" copy, fire it up and do whatever you need to do. When finished, you can just delete the file and - along with it - any garbage that it may have picked up along the way!

Now...

More Words to the wise: There ARE malware programs out there which look for and attack virtual machines and their enabling software. All "rules" of online safety still apply!

Even so, the risk *IS* greatly minimized using VM methodology!

HTH!!

DD

Dedicated_Dad said...

Kevin: Sorry, but Linux actually has MORE malware aimed at it on a per-capita basis. You still must follow good system-administration and security practices, run under the least-necessary privileges, stay on top of security patches, run AV software, etc - all of which is MUCH more complex under Linux than under Windows or MacOs!

Most folks don't have the desire to mess with it or the time for the learning-curve involved...

I'm not trying to discourage - far from it - just trying to be real! I actually agree with the recommendation, because when properly configured the security in Linux is superior -- but (as always) it's that "when properly configured" qualifier that comes back to bite!

Anonymous said...

Where can we find out more about this?