Arkansas Police send malware-laden hard drive to lawyer representing whistleblowers
An Arkansas lawyer, Matt Campbell, who is representing some ex-cop whistleblowers, received his hard drive with three well known pieces of malware on it after he sent it to the police department. Mr. Campbell had handed his external hard drive to the Fort Smith police department for them to load it with e-mail and other data responding to his discovery request. The police returned it with the requested files but inspection revealed they had added something extra as well.
A folder filled with malware found on the portable hard drive
There was a subfolder on the drive named “Bales Court Order” containing multiple threats. A computer security consultant helped Campbell identify three well known trojans.
The following malicious files were placed in the folder:
- Win32:Zbot-AVH[Trj]: a keylogger and backdoor
- NSIS:Downloader-CC[Trj]: a program that connects to attacker-controlled servers and downloads and installs additional programs
- Two instances of Win32Cycbot-NF[Trj]: another backdoor
Act or Accident?
Since these trojans are well known and easily detected by antivirus/anti-malware it is unlikely that they had entered the hard drive by accident, especially since Fort Smith Police department claimed that their systems ran real-time AV protection. The placement of the files, all of them in a particular folder, and not in the root directory further suggests that they were put there intentionally, probably with the intention of spying on Mr Campbell’s computer and gaining unauthorized access to his accounts in order to steal information.
This would allow the department to have an unfair advantage over their legal opponents.
According to ArsTechnica:
In last week’s court filings, Campbell asked the judge hearing the suit to hold the plaintiffs in criminal contempt and impose other court sanctions. The request is under submission, and it’s not clear when the judge will rule on the motion.
So far, the Police have refused to comment on the matter. This incident however, highlights the fact that malware is now being widely used by several authorities for spying purposes. It is disappointing that the tools of cyber criminals are being used by the same authority that is supposed to prevent its use, the Police department.
Have a nice (spyware-free) day!
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trial