40 years for SPYWARE

http://sunbeltblog.blogspot.com/2007...ulie-amero-is-
guilty.html
Friday, January 12, 2007
Computerworld: Julie Amero is guilty, guilty, guilty! Justice
prevails!
You'll recall the case of Julie Amero, the hapless substitute teacher
who has been convicted for a porn spyware infestation on a classroom
computer and is now facing up to 40 years in prison (sentencing is on
March 2).

The tech community has, for the most part, been quite supportive of
Ms. Amero (some comment storms here and here). It's deservedly become
a cause celebre.

However, ComputerWorld blogger Preston Gralla feels quite differently.
In a posting today, he crows that "justice prevails":

Lawyers have come up with some novel defenses over the years,
including the "Twinkie defense" in which a lawyer argued that
defendant Dan White's eating of Twinkies and drinking Coca-Cola proved
that he was depressed, and so not responsible for his actions in
murdering San Francisco Mayor George Moscone and Supervisor Harvey
Milk in 1978. The defense was partially successful; White was
convicted of voluntary manslaughter rather than murder.


Luckily, it seems as if the spyware-made-me-do-it defense doesn't cut
it in court. For once, justice prevails.

Link here.
http://www.computerworld.com/blogs/node/4346

Preston makes a clever twist, mixing an obvious abuse of the court
system (the twinkie defense) with an arguably legitimate defense
(spyware), an argument ignored by an apparently computer-illiterate
court (and the defense lawyer admitted to me today that he also is
computer illiterate).

There is abuse in our justice system, with incessant victimization
which attempt to remove responsibility from the perpetrator. However,
we also suffer from a system of mores where armchair jurisprudence
creates instant "conclusions" and damnation of the convicted, often
based on emotional reaction, rather than a review of the evidence.
Having personally witnessed first-hand a genuine miscarriage of
justice, I tend to be a bit more cautious in my conclusions. As
surprising as it may sound to some, not everyone indicted or convicted
is guilty. Some are actually innocent.

In fact, this case shows that the evidence is not in favor of the
"justice prevails" argument, but quite the opposite.

My response to Preston:

Justice? No, the evidence to hand actually points to a miscarriage of
justice.

This case is so wrong on so many levels. Julie Amero is looking at 40
YEARS in prison. For a spyware infestation.

Every available piece of evidence known to the public indicates that
that Ms. Amero is quite likely _innocent_ of the charges.

The defense contends this was a case of spyware on the school machine
- a barrage of popups. And from what we know of the case, it certainly
looks like it was (if you want to see what a porn spyware infestation
actually looks like, Ben Edelman shows it he http://
www.benedelman.org/news/062206-1.html -- it's quite a real problem).

According to one article, "Computer expert W. Herbert Horner, who
performed a forensic examination of the computer for the defense, said
Amero may have been redirected to the sexually-oriented sites through
a hairstyling site accessed from the computer. He said the site
allowed spyware to be downloaded onto the computer which allowed the
pop-ups."

The detective in the investigation "admitted there was no search made
for adware, which can generate pop-up advertisements". It's incredible
that they never even _checked_ for spyware.

The court actions of the case were flawed as well. For example, one
source reports that the Trial Judge, Hillary Strackbein, "was seen
falling asleep during proceedings and made comments to the jury that
she wanted the case over by the end of the week. It was also reported
that Judge Strackbein attempted to pressure the defense into an
unwanted plea deal, in place of a trial. The defense attorney for
Amero, moved for a mistrial shortly before closing arguments Friday,
based on reports that jurors had discussed the case at a local
restaurant."

Finally, note that the school didn't even have active content
filtering in place (not that it would have probably made a
difference).

The fact that there were pornographic images on the computer means
nothing, because whenever a popup launches, the images in the popup
are stored on the computer. The fact that the logs indicated that she
"visited" the sites also means nothing, since when the porn popups
come through, they get logged as well.

The fact that the machine was never scanned for spyware by the
investigating authorities is outrageous. In fact, this alone should
have resulted in the case being dismissed, as the defense found a
major spyware infection by their expert forensic evidence.

Was justice done here? A bad spyware infestation can splatter a
machine full of porn popups and it's a bit unnerving to think that a
teacher could get hard prison time for something that was likely to
have been completely innocent.

We need far more evidence than what is available to come to the
conclusion that "justice was done". In fact, all the available
evidence shows quite the opposite -- that this might just be a grave
miscarriage of justice.

If you feel the same, post a comment on Preston's blog.

And, if you're wondering what a porno-spawning spyware infestation
looks like, here's some examples from Harvard researcher Ben Edelman:

http://www.benedelman.org/news/062206-1.html

I also should note that in a conversation with the defense attorney
today, he did tell me that his computer experts were not able to
provide all the evidence in court. For the appeals process, we have
made our own experts available to the defense on a pro-bono basis for
any analysis of the infected machine.

Alex Eckelberry


http://sunbeltblog.blogspot.com/2007...n-julie-amero-
case.html

Friday, January 19, 2007
Update on Julie Amero case
More information is coming out about the trial, and it's clear that we
have a miscarriage of justice here. I hope to write more today or over
the weekend as to some of the new information (short on time right
now).

However, Altnernet just posted an article which explains a lot more
about this case. It's generally accurate, based on the research I've
been doing:

When lax cybersecurity meets anti-porn hysteria, an innocent computer
infection can land you in jail. Just ask Julie Amero, a 40-year old
substitute teacher who maintains she's a victim of a malicious
software infestation that caused her computer to spawn porn
uncontrollably.

Alternet also spoke to the defense's forensic expert, Herb Horner.
I've spoken with Herb as well, and he's a good guy and is absolutely
devastated by what happened. He's quoted in the article:

"This whole trial was so unfair," Horner said. "When Julie was
convicted, I went home that night. I was eating dinner, and I started
crying. I just cried my eyes out. This was a total travesty of
justice."

He's right.

Alternet link here.
http://www.alternet.org/rights/46925/

Alex Eckelberry



http://www.alternet.org/rights/46925/

Questionable Conviction of Connecticut Teacher in Pop-up Porn Case
By Lindsay Beyerstein, AlterNet
Posted on January 19, 2007, Printed on January 28, 2007
http://www.alternet.org/story/46925/
Julie Amero, a 40-year-old substitute teacher from Connecticut is
facing up to 40 years in prison for exposing her seventh grade class
to a cascade of pornographic imagery. Amero maintains that she is a
victim of a malicious software infestation that caused her computer to
spawn porn uncontrollably.

Adware, spyware and other infectious software are known hazards to
security and privacy -- and when lax cybersecurity meets anti-porn
hysteria, a mailware infection can even land you in jail. Malicious
coders are getting more sophisticated all the time, but law
enforcement and the criminal justice system aren't keeping up. A
criminal conviction can hang on the difference between a deliberate
mouse click and an involuntary redirect on an infested computer. Too
often, even so-called experts can't tell the difference.

On the morning of Oct. 19, 2004, Julie Amero's life changed forever
when pornographic ads flooded her web browser during a class.
According to the prosecuting attorney, David Smith, Amero's computer
began displaying images of naked men and women, couples performing
sexual acts, and "bodily fluids."

Chances are, these kids had seen porn pop-ups before. Family Safe
Media estimates that boys 12 to 17 consume more internet porn than any
other group. The adults at Kelly Middle School, however, were shocked
and scandalized. The next week, the school sent home a notice telling
parents why Amero would never teach in the district again. She was
arrested shortly thereafter and charged with multiple felonies.

At trial, six of Amero's former students testified that they saw
pornographic images on her monitor, either from their seats, or when
they came up to her desk. One student told the court that Amero pushed
his face away from the screen when she saw him looking at the racy
ads.

Millions of PCs worldwide are infected with some form of malicious
software. An internal Microsoft report found that four million Windows
machines were infected with some form of malicious software
("malware") in mid-2006.

Spyware, adware, worms and viruses are parasitic programs that can
hijack web browsers, launch unsolicited pornographic ads, and even
report the inner workings of a computer to a remote observer. Users
routinely download these programs without realizing they've been
infected.

Amero's attorney, John F. Cocheo, argued that malware was responsible
for the pornographic images, not his client.

Detective Mark Lounsbury, a computer crimes officer at the Norwich
Police Department testified as an expert witness for the prosecution.
He maintained that Amero was intentionally surfing for pornography
while her seventh grade class busied itself with language arts.

Lounsbury told the court that Amero musts have "physically clicked" on
pornographic links during class time in order to unleash the
pornographic pictures. However, he admitted under cross-examination
that the prosecution never even checked the computer for malware.

Why didn't the police check for malicious software? According to
prosecutor David Smith, the police didn't check for malware because
the defense didn't raise the possibility of a malware attack during
the pretrial phase, as required by law. Defense attorney Cocheo could
not be reached for comment as of press time.

Herb Horner, the proprietor of the consulting firm Contemporary
Computing Consultants, testified as an expert witness for the defense.
His exhaustive independent forensic analysis of Amero's hard drive
showed that the machine had been infected with multiple pieces of
malicious software before she arrived at the school, and that these
hidden programs were responsible for the pornographic deluge.

Horner arrived in court with two laptops filled with the voluminous
records of his investigation. However, the judge only let him present
two slides. Prosecutor Smith objected because his team hadn't been
previously informed about the malware defense.

On Jan. 5, 2007, a Norwich jury found Amero guilty of four felony
counts of "injury or risk of injury to, or impairing morals of,
children." Each count carries a maximum sentence of 10 years and while
it is unlikely that Amero will receive the maximum penalty,
incarceration remains a very real possibility. Even if Amero avoids
jail, she will be stripped of her teaching credentials unless the
convictions are reversed.

News of the guilty verdict sparked widespread outrage, particularly in
the IT community. How could a 40-year-old woman with no prior criminal
record be facing such serious charges over a few pop-up ads?

"The fact that the machine was never scanned for spyware by the
investigating authorities is outrageous. In fact, this alone should
have resulted in the case being dismissed, as the defense found a
major spyware infection by their expert forensic evidence," wrote Alex
Eckelberry, the president of Sunbelt Software, a Florida-based firm
that makes anti-spyware products.

In fairness, nobody involved with the case seems happy about the
outcome, either.

Since the verdict, the Norwich Police Department has been bombarded
with irate calls and emails from readers who accusing them of
railroading an innocent person.

"We're getting pretty much everything short of death threats,"
detective Lounsbury said. "I'm getting thrashed," People read a news
article, and they think they know what's going on, but they're missing
99 percent of it."

According to Lounsbury, some of parents whose children were exposed to
the porn demanded an aggressive police response.

"You know what people need to understand?" Lounsbury continued. "These
were 12-year-olds. They reported [the porn] to their teachers, the
teachers went to the administrators who brought the complaints to the
network administrators. Of course, the kids told their parents.
Complaints were lodged with the police. This isn't China. This isn't
North Korea ... we're not Big Brother."

In the end, Amero's fate hinged on the dueling opinions of the two
expert witnesses. Unfortunately, the legal system was ill-equipped to
weigh their respective opinions.

The witness for the prosecution is a police officer who has to follow
a very simple investigative algorithm. By all accounts, he executed
his duties faithfully. Unfortunately, those responsible for evaluating
his reports weren't sufficiently tech-savvy to place his findings in
the proper context. ComputerCOP Pro, the software the police used to
audit Amero's computer, is an automated user-friendly tool search tool
designed for routine monitoring. It is not designed to definitively
distinguish between user-generated clicks and the effects of malware.

Furthermore, the defense's expert witness was not allowed to share
with the jury more of the evidence he had amassed. Herb Horner has 40
years of experience as a software engineer and an IT consultant. Over
the past few decades, Horner has traveled the world to investigate
computer glitches. His clients include a Swiss bank, a major airline
and a national chain of hardware stores.

"I like to get to the bottom of things," Horner told AlterNet. "If
there's a plane crash, I say don't just bury the bodies and take the
trash to the dump. Find out what happened."

If the defense had told the prosecution about Horner's findings
earlier, the prosecution might have been able to forestall problems by
choosing an expert witness who was qualified to address Horner's
testimony. Instead, the prosecution moved to suppress evidence that it
wasn't prepared to handle.

Compared to Horner, the prosecution's expert witness has little formal
IT training. Detective Lounsbury has completed two two-week FBI
training seminars on computer security and other continuing education
programs. He is also a certified user of the computer monitoring
software ComputerCOP Pro.

Allison Whitney, ComputerCOP's director of communications, explained
how her company certifies police officers to use the softwa

"They get a full hour of training, and then they're tested," Whitney
said. "A lot of these people don't have any kind of training. Their
[superior] officers may give them some kind of low-level training.
Most of the time we do the training over the phone."

ComputerCOP scans the hard drive and reports on when each file was
created or modified. Lounsbury says he is satisfied that Amero
intentionally viewed porn in class because the logs show that her
computer accessed various inappropriate sites while she was sitting at
the computer.

"I take that at face value," Lounsbury told Alternet. "It's evidence.
It speaks for itself. The pop-up defense is a Twinkie defense."

Lounsbury said that Amero must have navigated to pornographic sites in
order to have infected her computer with obscene popups. "You've got
to get that ball rolling," he said.

Horner's analysis of Amero's hard drive cast doubt on Lounsbury's
conclusions. Horner found that the computer had been infected with
malware before she arrived.

"She was set up days or weeks before she ever sat down," Horner said.

Here are just a few of the red flags Horner discovered in course of
his laborious forensic reconstruction: Anti-virus software triggered
security alerts as soon as he started copying the hard disk for
testing. The computer's Norton activity log showed that by the time
Amero came to Kelly, her computer was already infected with spyware
from notorious websites including marketscore.com and new.net.

One piece of spyware had been already been tracking the computer for
about a month.

Horner also discovered that someone, presumably the computer's regular
user, had been accessing eHarmony.com before Amero's visit. As he
noted, dating sites are notorious for spreading porn-related adware.

Another program called Pasco showed that malware had automatically
redirected Amero's browser. Horner stressed that this particular form
of hijacking is invisible to ComputerCOP Pro.

On Oct. 19, someone did an online job search shortly after 8:00 a.m.,
activating several different malware apps. At approximately 8:15 a.m.,
someone accessed www.hair-styles.org, Horner suspects student
involvement, in part because the next visit was to Crayola's homepage.
Over the next several minutes, still more malware came alive, most
likely triggered by the hair site.

The user kept surfing, and by this point, "crap was pouring into the
computer at the speed of electricity," Horner said. The real point of
no return was when the computer received a huge porn-filled Java file.
From that point on, the machine was locked in an endless porn loop.

Note that Amero's class started around 9 a.m. Neither the prosecutor
nor detective Lounsbury was able to tell AlterNet whether the room had
been locked before class, or exactly what time Amero sat down at her
desk.

At trial, it emerged that the school IT department offered no
protection against obscene content or invasive software. The Kelly
Middle School's firewall license had expired, leaving the whole system
unguarded. To make matters worse, Amero was working on a very old
Gateway PC running Windows 98, an extremely vulnerable setup.

"Anyone could send anything they wanted to any computer on the site,"
Horner said.

In the course of his investigation, Horner became convinced of Amero's
innocence. After she was convicted, he sent a letter to her attorney
offering his services pro bono for her upcoming appeal.

"This whole trial was so unfair," Horner said. "When Julie was
convicted, I went home that night. I was eating dinner, and I started
crying. I just cried my eyes out. This was a total travesty of
justice."

Lindsay Beyerstein is a New York writer blogging at
majikthise.typepad.com

© 2007 Independent Media Institute. All rights reserved.
View this story online at: http://www.alternet.org/story/46925/


http://antivirus.about.com/od/spywar...julieamero.htm
Julie Amero Case About Law, Not Adware From Mary Landesman,
January 16, 2006

Adware is at the center of debates over the Julie Amero case, in which
a 40-year old substitute teacher was convicted of four counts of risk
of injury to a minor, or impairing the morals of a child. More
specifically, Amero did not turn off a computer which was serving up
pornographic images in the classroom. Or, as she herself described it,
"The pop-ups never went away. They were continuous. The computer was
completely covered with pornography."

Supporters of Amero claim the computer was infested with adware. And
that's entirely plausible. The head of the school's IT department
admits the content filtering software wasn't functioning because the
school had failed to maintain the license.
And the year was 2004 - a period in which adware and spyware
infestations were particularly prevalent. But whether the computer was
or wasn't infested with adware is beside the point.
The fact remains that Amero did not turn off the computer.

Under Section 53-21 of Connecticut law, "Any person who . . . wilfully
or unlawfully causes or permits any child under the age of sixteen
years to be placed in such a situation that the life or limb of such
child is endangered, the health of such child is likely to be injured
or the morals of such child are likely to be impaired . . . shall be
punished. The intent of the statute is to protect the physical health,
morals and well-being of children." The law also provides that "the
state must prove the following elements beyond a reasonable doubt: (1)
that at the time of the incident, the alleged victim was under the age
of sixteen years; and (2) that the defendant wilfully or unlawfully
caused or permitted the victim to be placed in a situation that
endangered the child's life or limb, or was likely to injure his
health or impair his morals."

The kids in this case were 7th graders, so there is no doubt as to the
'under the age of sixteen years' mandate. And the law further
clarifies willful or unlawful behavior as "the conduct of a person
that is deliberately indifferent to, acquiesces in, or creates a
situation inimical to the child's moral or physical welfare". The
legal documents further define that "'Wilfully' means intentionally or
deliberately. 'Unlawfully' means without legal right or justification.
Causing or permitting a situation to arise within the meaning of this
statute requires conduct on the part of the defendant that brings
about or permits that situation to arise when the defendant had such
control or right of control over the child that the defendant might
have reasonably prevented it."

That last bit is pretty explicit: "conduct on the part of the
defendant that brings about or permits that situation to arise when
the defendant had such control or right of control over the child that
the defendant might have reasonably prevented it."

Remember, Amero did not make any attempt to turn off the computer,
even knowing that "the computer was completely covered with
pornography" and even knowing that the kids in the classroom could see
it.

As for the "likely to injure his health or impair his morals" part of
the law, this is further defined within the legal statute as
"'Likely'' means in all probability or probably. As used here,
''morals'' means good morals, living, acting and thinking in
accordance with those principles and precepts that are commonly
accepted among us as right and decent."

Amero did not respond in court when asked why she didn't turn off the
computer. But allegedly she had been told during substitute training
or at some other point prior to the incident that she was not to turn
off any equipment in the classroom. If a librarian had been told not
to remove books from the library, and then subsequently Larry Flint
dropped a truckload of Hustler magazines in the children's center,
shouldn't the librarian's good judgment prevail and the magazines be
removed? I think yes.

The Amero case isn't about adware. It's about poor judgement and doing
nothing when minors under her care were placed in harm's way. And in
Connecticut, that's against the law.

Sending a message, Greg?

Or an admission that our concern about attempted security attacks on
your system should not be taken as lightly as you were claiming.

0:-]


Greegor wrote:
http://sunbeltblog.blogspot.com/2007...ulie-amero-is-
guilty.html
Friday, January 12, 2007
Computerworld: Julie Amero is guilty, guilty, guilty! Justice
prevails!
You'll recall the case of Julie Amero, the hapless substitute teacher
who has been convicted for a porn spyware infestation on a classroom
computer and is now facing up to 40 years in prison (sentencing is on
March 2).

The tech community has, for the most part, been quite supportive of
Ms. Amero (some comment storms here and here). It's deservedly become
a cause celebre.

However, ComputerWorld blogger Preston Gralla feels quite differently.
In a posting today, he crows that "justice prevails":

Lawyers have come up with some novel defenses over the years,
including the "Twinkie defense" in which a lawyer argued that
defendant Dan White's eating of Twinkies and drinking Coca-Cola proved
that he was depressed, and so not responsible for his actions in
murdering San Francisco Mayor George Moscone and Supervisor Harvey
Milk in 1978. The defense was partially successful; White was
convicted of voluntary manslaughter rather than murder.


Luckily, it seems as if the spyware-made-me-do-it defense doesn't cut
it in court. For once, justice prevails.

Link here.
http://www.computerworld.com/blogs/node/4346

Preston makes a clever twist, mixing an obvious abuse of the court
system (the twinkie defense) with an arguably legitimate defense
(spyware), an argument ignored by an apparently computer-illiterate
court (and the defense lawyer admitted to me today that he also is
computer illiterate).

There is abuse in our justice system, with incessant victimization
which attempt to remove responsibility from the perpetrator. However,
we also suffer from a system of mores where armchair jurisprudence
creates instant "conclusions" and damnation of the convicted, often
based on emotional reaction, rather than a review of the evidence.
Having personally witnessed first-hand a genuine miscarriage of
justice, I tend to be a bit more cautious in my conclusions. As
surprising as it may sound to some, not everyone indicted or convicted
is guilty. Some are actually innocent.

In fact, this case shows that the evidence is not in favor of the
"justice prevails" argument, but quite the opposite.

My response to Preston:

Justice? No, the evidence to hand actually points to a miscarriage of
justice.

This case is so wrong on so many levels. Julie Amero is looking at 40
YEARS in prison. For a spyware infestation.

Every available piece of evidence known to the public indicates that
that Ms. Amero is quite likely _innocent_ of the charges.

The defense contends this was a case of spyware on the school machine
- a barrage of popups. And from what we know of the case, it certainly
looks like it was (if you want to see what a porn spyware infestation
actually looks like, Ben Edelman shows it he http://
www.benedelman.org/news/062206-1.html -- it's quite a real problem).

According to one article, "Computer expert W. Herbert Horner, who
performed a forensic examination of the computer for the defense, said
Amero may have been redirected to the sexually-oriented sites through
a hairstyling site accessed from the computer. He said the site
allowed spyware to be downloaded onto the computer which allowed the
pop-ups."

The detective in the investigation "admitted there was no search made
for adware, which can generate pop-up advertisements". It's incredible
that they never even _checked_ for spyware.

The court actions of the case were flawed as well. For example, one
source reports that the Trial Judge, Hillary Strackbein, "was seen
falling asleep during proceedings and made comments to the jury that
she wanted the case over by the end of the week. It was also reported
that Judge Strackbein attempted to pressure the defense into an
unwanted plea deal, in place of a trial. The defense attorney for
Amero, moved for a mistrial shortly before closing arguments Friday,
based on reports that jurors had discussed the case at a local
restaurant."

Finally, note that the school didn't even have active content
filtering in place (not that it would have probably made a
difference).

The fact that there were pornographic images on the computer means
nothing, because whenever a popup launches, the images in the popup
are stored on the computer. The fact that the logs indicated that she
"visited" the sites also means nothing, since when the porn popups
come through, they get logged as well.

The fact that the machine was never scanned for spyware by the
investigating authorities is outrageous. In fact, this alone should
have resulted in the case being dismissed, as the defense found a
major spyware infection by their expert forensic evidence.

Was justice done here? A bad spyware infestation can splatter a
machine full of porn popups and it's a bit unnerving to think that a
teacher could get hard prison time for something that was likely to
have been completely innocent.

We need far more evidence than what is available to come to the
conclusion that "justice was done". In fact, all the available
evidence shows quite the opposite -- that this might just be a grave
miscarriage of justice.

If you feel the same, post a comment on Preston's blog.

And, if you're wondering what a porno-spawning spyware infestation
looks like, here's some examples from Harvard researcher Ben Edelman:

http://www.benedelman.org/news/062206-1.html

I also should note that in a conversation with the defense attorney
today, he did tell me that his computer experts were not able to
provide all the evidence in court. For the appeals process, we have
made our own experts available to the defense on a pro-bono basis for
any analysis of the infected machine.

Alex Eckelberry


http://sunbeltblog.blogspot.com/2007...n-julie-amero-
case.html

Friday, January 19, 2007
Update on Julie Amero case
More information is coming out about the trial, and it's clear that we
have a miscarriage of justice here. I hope to write more today or over
the weekend as to some of the new information (short on time right
now).

However, Altnernet just posted an article which explains a lot more
about this case. It's generally accurate, based on the research I've
been doing:

When lax cybersecurity meets anti-porn hysteria, an innocent computer
infection can land you in jail. Just ask Julie Amero, a 40-year old
substitute teacher who maintains she's a victim of a malicious
software infestation that caused her computer to spawn porn
uncontrollably.

Alternet also spoke to the defense's forensic expert, Herb Horner.
I've spoken with Herb as well, and he's a good guy and is absolutely
devastated by what happened. He's quoted in the article:

"This whole trial was so unfair," Horner said. "When Julie was
convicted, I went home that night. I was eating dinner, and I started
crying. I just cried my eyes out. This was a total travesty of
justice."

He's right.

Alternet link here.
http://www.alternet.org/rights/46925/

Alex Eckelberry



http://www.alternet.org/rights/46925/

Questionable Conviction of Connecticut Teacher in Pop-up Porn Case
By Lindsay Beyerstein, AlterNet
Posted on January 19, 2007, Printed on January 28, 2007
http://www.alternet.org/story/46925/
Julie Amero, a 40-year-old substitute teacher from Connecticut is
facing up to 40 years in prison for exposing her seventh grade class
to a cascade of pornographic imagery. Amero maintains that she is a
victim of a malicious software infestation that caused her computer to
spawn porn uncontrollably.

Adware, spyware and other infectious software are known hazards to
security and privacy -- and when lax cybersecurity meets anti-porn
hysteria, a mailware infection can even land you in jail. Malicious
coders are getting more sophisticated all the time, but law
enforcement and the criminal justice system aren't keeping up. A
criminal conviction can hang on the difference between a deliberate
mouse click and an involuntary redirect on an infested computer. Too
often, even so-called experts can't tell the difference.

On the morning of Oct. 19, 2004, Julie Amero's life changed forever
when pornographic ads flooded her web browser during a class.
According to the prosecuting attorney, David Smith, Amero's computer
began displaying images of naked men and women, couples performing
sexual acts, and "bodily fluids."

Chances are, these kids had seen porn pop-ups before. Family Safe
Media estimates that boys 12 to 17 consume more internet porn than any
other group. The adults at Kelly Middle School, however, were shocked
and scandalized. The next week, the school sent home a notice telling
parents why Amero would never teach in the district again. She was
arrested shortly thereafter and charged with multiple felonies.

At trial, six of Amero's former students testified that they saw
pornographic images on her monitor, either from their seats, or when
they came up to her desk. One student told the court that Amero pushed
his face away from the screen when she saw him looking at the racy
ads.

Millions of PCs worldwide are infected with some form of malicious
software. An internal Microsoft report found that four million Windows
machines were infected with some form of malicious software
("malware") in mid-2006.

Spyware, adware, worms and viruses are parasitic programs that can
hijack web browsers, launch unsolicited pornographic ads, and even
report the inner workings of a computer to a remote observer. Users
routinely download these programs without realizing they've been
infected.

Amero's attorney, John F. Cocheo, argued that malware was responsible
for the pornographic images, not his client.

Detective Mark Lounsbury, a computer crimes officer at the Norwich
Police Department testified as an expert witness for the prosecution.
He maintained that Amero was intentionally surfing for pornography
while her seventh grade class busied itself with language arts.

Lounsbury told the court that Amero musts have "physically clicked" on
pornographic links during class time in order to unleash the
pornographic pictures. However, he admitted under cross-examination
that the prosecution never even checked the computer for malware.

Why didn't the police check for malicious software? According to
prosecutor David Smith, the police didn't check for malware because
the defense didn't raise the possibility of a malware attack during
the pretrial phase, as required by law. Defense attorney Cocheo could
not be reached for comment as of press time.

Herb Horner, the proprietor of the consulting firm Contemporary
Computing Consultants, testified as an expert witness for the defense.
His exhaustive independent forensic analysis of Amero's hard drive
showed that the machine had been infected with multiple pieces of
malicious software before she arrived at the school, and that these
hidden programs were responsible for the pornographic deluge.

Horner arrived in court with two laptops filled with the voluminous
records of his investigation. However, the judge only let him present
two slides. Prosecutor Smith objected because his team hadn't been
previously informed about the malware defense.

On Jan. 5, 2007, a Norwich jury found Amero guilty of four felony
counts of "injury or risk of injury to, or impairing morals of,
children." Each count carries a maximum sentence of 10 years and while
it is unlikely that Amero will receive the maximum penalty,
incarceration remains a very real possibility. Even if Amero avoids
jail, she will be stripped of her teaching credentials unless the
convictions are reversed.

News of the guilty verdict sparked widespread outrage, particularly in
the IT community. How could a 40-year-old woman with no prior criminal
record be facing such serious charges over a few pop-up ads?

"The fact that the machine was never scanned for spyware by the
investigating authorities is outrageous. In fact, this alone should
have resulted in the case being dismissed, as the defense found a
major spyware infection by their expert forensic evidence," wrote Alex
Eckelberry, the president of Sunbelt Software, a Florida-based firm
that makes anti-spyware products.

In fairness, nobody involved with the case seems happy about the
outcome, either.

Since the verdict, the Norwich Police Department has been bombarded
with irate calls and emails from readers who accusing them of
railroading an innocent person.

"We're getting pretty much everything short of death threats,"
detective Lounsbury said. "I'm getting thrashed," People read a news
article, and they think they know what's going on, but they're missing
99 percent of it."

According to Lounsbury, some of parents whose children were exposed to
the porn demanded an aggressive police response.

"You know what people need to understand?" Lounsbury continued. "These
were 12-year-olds. They reported [the porn] to their teachers, the
teachers went to the administrators who brought the complaints to the
network administrators. Of course, the kids told their parents.
Complaints were lodged with the police. This isn't China. This isn't
North Korea ... we're not Big Brother."

In the end, Amero's fate hinged on the dueling opinions of the two
expert witnesses. Unfortunately, the legal system was ill-equipped to
weigh their respective opinions.

The witness for the prosecution is a police officer who has to follow
a very simple investigative algorithm. By all accounts, he executed
his duties faithfully. Unfortunately, those responsible for evaluating
his reports weren't sufficiently tech-savvy to place his findings in
the proper context. ComputerCOP Pro, the software the police used to
audit Amero's computer, is an automated user-friendly tool search tool
designed for routine monitoring. It is not designed to definitively
distinguish between user-generated clicks and the effects of malware.

Furthermore, the defense's expert witness was not allowed to share
with the jury more of the evidence he had amassed. Herb Horner has 40
years of experience as a software engineer and an IT consultant. Over
the past few decades, Horner has traveled the world to investigate
computer glitches. His clients include a Swiss bank, a major airline
and a national chain of hardware stores.

"I like to get to the bottom of things," Horner told AlterNet. "If
there's a plane crash, I say don't just bury the bodies and take the
trash to the dump. Find out what happened."

If the defense had told the prosecution about Horner's findings
earlier, the prosecution might have been able to forestall problems by
choosing an expert witness who was qualified to address Horner's
testimony. Instead, the prosecution moved to suppress evidence that it
wasn't prepared to handle.

Compared to Horner, the prosecution's expert witness has little formal
IT training. Detective Lounsbury has completed two two-week FBI
training seminars on computer security and other continuing education
programs. He is also a certified user of the computer monitoring
software ComputerCOP Pro.

Allison Whitney, ComputerCOP's director of communications, explained
how her company certifies police officers to use the softwa

"They get a full hour of training, and then they're tested," Whitney
said. "A lot of these people don't have any kind of training. Their
[superior] officers may give them some kind of low-level training.
Most of the time we do the training over the phone."

ComputerCOP scans the hard drive and reports on when each file was
created or modified. Lounsbury says he is satisfied that Amero
intentionally viewed porn in class because the logs show that her
computer accessed various inappropriate sites while she was sitting at
the computer.

"I take that at face value," Lounsbury told Alternet. "It's evidence.
It speaks for itself. The pop-up defense is a Twinkie defense."

Lounsbury said that Amero must have navigated to pornographic sites in
order to have infected her computer with obscene popups. "You've got
to get that ball rolling," he said.

Horner's analysis of Amero's hard drive cast doubt on Lounsbury's
conclusions. Horner found that the computer had been infected with
malware before she arrived.

"She was set up days or weeks before she ever sat down," Horner said.

Here are just a few of the red flags Horner discovered in course of
his laborious forensic reconstruction: Anti-virus software triggered
security alerts as soon as he started copying the hard disk for
testing. The computer's Norton activity log showed that by the time
Amero came to Kelly, her computer was already infected with spyware
from notorious websites including marketscore.com and new.net.

One piece of spyware had been already been tracking the computer for
about a month.

Horner also discovered that someone, presumably the computer's regular
user, had been accessing eHarmony.com before Amero's visit. As he
noted, dating sites are notorious for spreading porn-related adware.

Another program called Pasco showed that malware had automatically
redirected Amero's browser. Horner stressed that this particular form
of hijacking is invisible to ComputerCOP Pro.

On Oct. 19, someone did an online job search shortly after 8:00 a.m.,
activating several different malware apps. At approximately 8:15 a.m.,
someone accessed www.hair-styles.org, Horner suspects student
involvement, in part because the next visit was to Crayola's homepage.
Over the next several minutes, still more malware came alive, most
likely triggered by the hair site.

The user kept surfing, and by this point, "crap was pouring into the
computer at the speed of electricity," Horner said. The real point of
no return was when the computer received a huge porn-filled Java file.
From that point on, the machine was locked in an endless porn loop.

Note that Amero's class started around 9 a.m. Neither the prosecutor
nor detective Lounsbury was able to tell AlterNet whether the room had
been locked before class, or exactly what time Amero sat down at her
desk.

At trial, it emerged that the school IT department offered no
protection against obscene content or invasive software. The Kelly
Middle School's firewall license had expired, leaving the whole system
unguarded. To make matters worse, Amero was working on a very old
Gateway PC running Windows 98, an extremely vulnerable setup.

"Anyone could send anything they wanted to any computer on the site,"
Horner said.

In the course of his investigation, Horner became convinced of Amero's
innocence. After she was convicted, he sent a letter to her attorney
offering his services pro bono for her upcoming appeal.

"This whole trial was so unfair," Horner said. "When Julie was
convicted, I went home that night. I was eating dinner, and I started
crying. I just cried my eyes out. This was a total travesty of
justice."

Lindsay Beyerstein is a New York writer blogging at
majikthise.typepad.com

© 2007 Independent Media Institute. All rights reserved.
View this story online at: http://www.alternet.org/story/46925/


http://antivirus.about.com/od/spywar...julieamero.htm
Julie Amero Case About Law, Not Adware From Mary Landesman,
January 16, 2006

Adware is at the center of debates over the Julie Amero case, in which
a 40-year old substitute teacher was convicted of four counts of risk
of injury to a minor, or impairing the morals of a child. More
specifically, Amero did not turn off a computer which was serving up
pornographic images in the classroom. Or, as she herself described it,
"The pop-ups never went away. They were continuous. The computer was
completely covered with pornography."

Supporters of Amero claim the computer was infested with adware. And
that's entirely plausible. The head of the school's IT department
admits the content filtering software wasn't functioning because the
school had failed to maintain the license.
And the year was 2004 - a period in which adware and spyware
infestations were particularly prevalent. But whether the computer was
or wasn't infested with adware is beside the point.
The fact remains that Amero did not turn off the computer.

Under Section 53-21 of Connecticut law, "Any person who . . . wilfully
or unlawfully causes or permits any child under the age of sixteen
years to be placed in such a situation that the life or limb of such
child is endangered, the health of such child is likely to be injured
or the morals of such child are likely to be impaired . . . shall be
punished. The intent of the statute is to protect the physical health,
morals and well-being of children." The law also provides that "the
state must prove the following elements beyond a reasonable doubt: (1)
that at the time of the incident, the alleged victim was under the age
of sixteen years; and (2) that the defendant wilfully or unlawfully
caused or permitted the victim to be placed in a situation that
endangered the child's life or limb, or was likely to injure his
health or impair his morals."

The kids in this case were 7th graders, so there is no doubt as to the
'under the age of sixteen years' mandate. And the law further
clarifies willful or unlawful behavior as "the conduct of a person
that is deliberately indifferent to, acquiesces in, or creates a
situation inimical to the child's moral or physical welfare". The
legal documents further define that "'Wilfully' means intentionally or
deliberately. 'Unlawfully' means without legal right or justification.
Causing or permitting a situation to arise within the meaning of this
statute requires conduct on the part of the defendant that brings
about or permits that situation to arise when the defendant had such
control or right of control over the child that the defendant might
have reasonably prevented it."

That last bit is pretty explicit: "conduct on the part of the
defendant that brings about or permits that situation to arise when
the defendant had such control or right of control over the child that
the defendant might have reasonably prevented it."

Remember, Amero did not make any attempt to turn off the computer,
even knowing that "the computer was completely covered with
pornography" and even knowing that the kids in the classroom could see
it.

As for the "likely to injure his health or impair his morals" part of
the law, this is further defined within the legal statute as
"'Likely'' means in all probability or probably. As used here,
''morals'' means good morals, living, acting and thinking in
accordance with those principles and precepts that are commonly
accepted among us as right and decent."

Amero did not respond in court when asked why she didn't turn off the
computer. But allegedly she had been told during substitute training
or at some other point prior to the incident that she was not to turn
off any equipment in the classroom. If a librarian had been told not
to remove books from the library, and then subsequently Larry Flint
dropped a truckload of Hustler magazines in the children's center,
shouldn't the librarian's good judgment prevail and the magazines be
removed? I think yes.

The Amero case isn't about adware. It's about poor judgement and doing
nothing when minors under her care were placed in harm's way. And in
Connecticut, that's against the law.

freedom wrote:
-----BEGIN PGP SIGNED MESSAGE-----

On 28 Jan 2007, "Greegor" wrote:
http://sunbeltblog.blogspot.com/2007...ulie-amero-is-
guilty.html
Friday, January 12, 2007
Computerworld: Julie Amero is guilty, guilty, guilty! Justice=20
prevails!
You'll recall the case of Julie Amero, the hapless substitute teacher=20
who has been convicted for a porn spyware infestation on a classroom=20
computer and is now facing up to 40 years in prison (sentencing is on=20
March 2).

LOL...for some reason, when I saw this title I thought spyware was
celebrating its 40th anniversary, or something.

ROFL!

Ah, then you understand Greg well.

By the way, did you see my withdrawal of the questions brought up about
Ken's posting history with hacker addies in the from fields?

It came from three posts up from him.

Because the poster and did an x no archive on it it wasn't available in
google. Noting that I checked another Usenet archive and found the top
of the thread and the original poster.

Other than possibly leaving them for effect, which I do not accuse him
of, it was a blind alley.

Now, of course, comes the other question that has plagued us.

None of us have reported the kind of concerned attacking going on before
that happened since Ken came aboard this newsgroup, ascps, and aps.

Some people are just unfortunate, I guess. Such things follow them
because that's the way it goes.

Poor Ken.

He won one sort of, with you and the "I was in Cuba and could not post"
argument. It was an impasse, and you said so and it appeared so to me
from all the evidence and lack of same to conclusively settle the matter.

Is there something askew that he doesn't recognize a win?

If I said to you I don't know if you were in New York, would come back
at me with NO proof that can be verified and insist that I was claiming
you weren't there and I had to admit you were?

You'd have won at least a reprieve by default. I can't prove one way or
the other. So I won't make claims to admit to or deny.

I just want to know why you couldn't get to New Jersey?

R R R R R RR R R R RR R

Or Santiago, and log on to the Internet.




http://www.aboutkenpangborn.com


-----BEGIN PGP SIGNATURE-----
Version: N/A

iQA/AwUBRb1U4gu6zDezw650EQL6nACfW9kw1hhI9WOBpZVT4xzLy4 N5AbYAn3FU
qbAOjBY82VN+ixHApJjTtxHC
=Naha
-----END PGP SIGNATURE-----

And yet you boast that you have tracked down the perp.

WHY don't you exhonerate people you FALSELY ACCUSED
then?

You made some public accusations about who sent you
a virus.

One lead went to SHAW CABLE of Canada.
But you implied (falsely I expect) that your virus was different.
You claimed that you had a special, tailored virus.

Now that you know WHO sent it to you, Why are you
keeping that a secret?

So far you have only implied that it's not the people
you accused at all, saying you want the culprit
to sweat. Don't you have an obligation to retract
your paranoid mental case accusations?


On Jan 29, 7:35 pm, "0:-" wrote:
Greegor wrote:
I know what state, what town, and what computer...by IT's IP addy.

And I see that it brings you SO MUCH JOY that you're announcing it!What indicated joy?

Oh...of course. The perp, if he's here, has to sweat just how close I
might be.

Why yes, Greg, that gives me joy.

What does it give you, whiny?

I'm finding ISPs more and more willing to put staff on connecting with
other ISPs to run down perps who abuse the ISP customers.

Every time they catch one, there PR goes up.

Used to be they didn't care much. Not today.

They see what's coming and that's the possibility of legal entanglements
for them.

Then of course, there are those ISPs that are just honest and
responsible for their own sakes.

You wouldn't understand that.