Child porn "epidemic" among Pentagon officials and US government employees Puppet Masters
Friday, September 5, 2014
Child porn "epidemic" among Pentagon officials and US government employees Puppet Masters
© Associated Press Last week the IRS decided to award Bradley Birkenfeld his $104 million dollar share for helping bust UBS bank. Senator Charles Grassley (R-Iowa) and his staff were instrumental. Senator Grassley vowed to delay pending Department of Treasury nominations if the IRS Whistleblower Program, he wrote the legislation in 2006, continued to be mismanaged.
This powerful voice from Iowa has been a beacon in the storm during an Obama Administration that has targeted whistleblowers and prevented accountability as never before. The Pentagon is also under Senator Grassley's fire for failing to examine 1,700 of the 5,200 reports of employees doing child porn. The Pentagon claimed it "wasn't a priority." Senator Grassley and his staff have made it one. The closed investigation into wide-spread use of child porn at the Pentagon is now re-opened.
There is a national crisis of federal employees engaged in the child porn industryand a related epidemic at the state level. I've documented two states,Vermont and Maine, that appear to be running state protected child trafficking rings with evidence of cops, judges, lawyers, clergy and government employees covering for each other. This kind of racketeering creates powerful, and extremely profitable, pedophile rings.
Money drives the crime. It is estimated that a criminal willing to molest a child in front of a live webcam can earn $1,000 a night. In Kittery Maine, at the "Danish Health Club," one bust yielded $6.1 million in "door fees" over a five year period with "prostitutes" earning $12 million. Pimps' earnings were not reported. The "door man" was a retired police officer whose wife worked in back. This bust happened because of one hard-working IRS agent, Rod Giguere.
An estimated $1.4 billion has been collected by the IRS's Whistleblower program since 2006; $464 million collected in 2010 but only $48 million in 2011. Half of all global child porn is produced in America. Ten new images of children are posted daily. Estimates of the global profits from child porn range from $3-20 billion. Imagine what the IRS Whistleblower program could collect if they focused on child trafficking as Agent Rod Giguere did in Maine.
The Department of Justice (DOJ)'s Child Exploitation and Obscenities unit has been, by many accounts, totally disabled under US Attorney General Eric Holder. Mr. Holder even refused to prosecute his own Assistant United States Attorney caught doing child porn on DOJ computers. The IRS wants 4,000 new agents and a $300 million budget to enforce ObamaCare. Instead, these resources should be allocated, entirely, for an IRS Child Exploitation & Trafficking Unit.
With so many police, judges, clergy, state and federal employees across America involved in the child porn industry Americans should be able to turn to the IRS's Whistleblower program. Richard Weber, Chief of IRS's Criminal Division inWashington DC, is one point of contact. Apparently, the IRS cares about trafficked children. That's good news because America's Attorney General, Eric Holder, does not.
Child trafficking and porn are the fastest growing crimes in America. With billions being laundered in black money it makes solid economic sense for the IRS to focus on the child porn industry. Eric Holder's Department of Justicehas demonstrated they have no interest in prosecuting pedophiles, not even their own. The IRS should be given substantial resources to compensate for DOJ's disgraceful failure. American tax-payers, not to mention America's children, will reap huge rewards.
Perhaps Senator Grassley will raise his powerful voice in support.
Lori Handrahan, Ph.D., is a professor at American University's School of International Service researching the national and international security ramifications of America's child porn industry. She can be reached at email@example.com
Waste, fraud, abuse -- and porn -- not just EPA problems by Robin Bravender, E&E reporter Greenwire: June, 2014
Some delinquent staffers have given U.S. EPA employees a bad rap.
First came the outlandish case of fake spy John Beale, a movie-worthy drama about a high-ranking EPA official who fooled co-workers for years and swindled the government out of hundreds of thousands of dollars. And then came news of misconduct and management bungling with employees watching pornography on the job, a political appointee accepting a trip on a private jet from a lobbyist and an office losing hundreds of passports.
It's all been embarrassing for the agency that's already a lightning rod for political rage. Incredulous lawmakers have used EPA problems to further vilify the agency as they grilled top officials on Capitol Hill and questioned whether EPA can be trusted to do its job.
It turns out EPA isn't the only agency where staffers break the rules.
"It happens everywhere," said Earl Devaney, the now-retired stimulus watchdog who spent decades in top government oversight posts. "I don't think you've got a particularly unusual situation in terms of activity at EPA. You may have one or two very unusual cases. The CIA spy case is, I think, just a mind-blowing one, but there have been others like it."
As the Interior Department's inspector general, Devaney uncovered the scandal that led to George W. Bush administration Deputy Secretary J. Steven Griles going to prison for lying to Congress and his ties to the lobbyist Jack Abramoff. Devaney also led an investigation finding that employees at the now-defunct Minerals Management Service had accepted gifts from and had sex with oil industry officials they were supposed to be regulating.
There are plenty of more recent examples of employee bad behavior. Agency watchdogs' regular reports to Congress are rife with tales of misconduct.
Take Marcellina Tohonnie -- an employee in Interior's Bureau of Indian Education -- who was convicted last year of embezzling cash from a nonprofit that assists needy children. She stole more than $23,000 from accounts for nearly 50 American Indian students attending an Arizona boarding school, according to a recent report from Interior's IG. Tohonnie spent the stolen cash on clothes, salon visits and a trip to Las Vegas. She was fired early this year.
And EPA staffers aren't the only ones watching porn on the job. It seems to happen across government.
EPA deputy chief Bob Perciasepe has appeared on Capitol Hill several times recently to defend the agency’s personnel management. Photo courtesy of the House Oversight and Government Reform Committee.
A former Lawrence Berkeley National Laboratory employee was recently sentenced to prison for downloading and viewing child pornography on his Energy Department-issued computer, according to the DOE inspector general's most recent report to Congress.
The Interior IG found that Bureau of Reclamation employee Timothy Casey had used his government computer to visit child pornography sites -- tracing about 2,800 child pornography images and videos to his government-issued computer. He resigned from his position.
Cases of misconduct often include offensive behavior, theft and lies.
At the Defense Department, a rear admiral sent a racially offensive email to members of his command, according to the agency's latest OIG report. The Social Security Administration's watchdog found that a former staff information technology specialist sold marijuana on agency property and stole and sold SSA computer equipment. And at the Commerce Department, the IG's office found that a Patent and Trademark Office employee improperly claimed to be working and got overtime while on vacation in a foreign country.
'Why don't you fire that man?'
All told, agency watchdogs count thousands of personnel actions among their accomplishments every year, including reprimands, suspensions, demotions or terminations of government employees or contractors. In 2012, inspectors general across government reported 3,432 personnel actions triggered by OIG's work.
"I don't think that there's any particular reason to think that EPA is any worse [than other agencies] or that, in fact, the government agencies are any worse than any other place where this is happening," said Don Kettl, dean of the School of Public Policy at the University of Maryland and a fellow at the Brookings Institution.
But the private sector and the public sector manage those cases differently, Kettl added.
"If it happens at Apple or IBM or at Merrill Lynch or at any one of a number of other companies, there aren't inspectors general who are making reports that are made public," he said. "And they can just fire them quietly or tell them not to do it again and we'll be keeping an eye on you."
In the public sector, firing misbehaving staffers isn't so simple.
"Every time I hear it I sort of cringe: 'Why don't you fire that man?'" Devaney said. "Unfortunately in the civil service you just don't fire somebody. It would be nice."
EPA Deputy Administrator Bob Perciasepe heard just that at a recent House hearing where employee misconduct took center stage.
"Fire him. Fire him," Rep. Jason Chaffetz (R-Utah) told Perciasepe last month, referring to an EPA employee who admitted to spending an average of two to six hours per day viewing pornography at work. The investigation had been accepted by the Justice Department for prosecution, but meanwhile, the GS-14 employee -- who earns roughly $120,000 each year -- was still on the job.
Perciasepe defended the agency's actions, noting that terminating agency employees can't be done without the required administrative or criminal procedures.
In 2013, only 10 employees were fired from EPA -- an agency with about 16,000 employees -- due to discipline or performance problems, according to data from the Office of Personnel Management. Only 110 employees have been terminated or removed for those reasons since 2008.
The fact that some of EPA's problems are not unique hasn't deterred the agency's critics on Capitol Hill.
Sen. David Vitter, the top Republican on the Environment and Public Works Committee, has been an outspoken critic of EPA's management in light of the recent misconduct revelations.
Last week, Vitter sent out a scathing critique of the agency ticking off some of the recent examples of waste, fraud and abuse that investigators have uncovered. "EPA's lax internal controls and substandard management allow agency employees to regularly take advantage of the system and benefit themselves at taxpayer expense," Vitter's office said in a press release.
House Oversight Committee Chairman Darrell Issa (left) with longtime government watchdog Earl Devaney at a 2011 hearing. Photo courtesy of the House Oversight and Government Reform Committee.
He isn't the only Republican lawmaker who's faulted EPA management in the wake of the Beale scandal and others.
"There's a three-ring circus going on in EPA, and it's quite embarrassing," Rep. John Mica (R-Fla.) said at the recent House hearing.
House Oversight Chairman Darrell Issa (R-Calif.) accused EPA of developing "a well-earned reputation for waste and mismanagement of taxpayers' funds." EPA "is one of the most powerful and far-reaching agencies, but it has offered too little accountability for how its employees are using their time," he said.
Part of the recent attention on EPA's problems is due to the outrage surrounding the Beale case -- and the new leads it drummed up for the IG's office as referrals came flooding in.
"When you start looking at an incident you undoubtedly find other things. It's sort of like you could have all along had you just chosen that to look at," Devaney said. He added, "Once an IG gets in a fishing hole where he's catching good fish, he stays there."
And misbehavior is always fodder for the administration's political opponents, Devaney said, no matter which side of the aisle they're on.
"The environment is one of those hot-button issues, something that always is causing rancor," he said. "So opponents will use things like the spy" and other personnel problems "for political purposes as much as they can."
He added, "In an election year it's worse."
'Very politicized agency'
Some EPA staffers have watched with dismay as critics have hammered EPA employees.
"We are a very politicized agency, we all know it. Is it fair? No, but it is a reality, we understand it," said Silvia Saracco, head of a union chapter that represents EPA employees in Research Triangle Park, N.C. "We know we're all in the public spotlight."
Saracco said she, too, wants to see EPA's management address bad behavior. But she thinks rank-and-file workers' behavior often gets punished while higher-ranking staffers' indiscretions go unpunished. "There's a fraternity, a culture of entitlement at the highest levels," she said.
EPA management, meanwhile, has said the attention paid to a few bad actors is a distraction from the good work being done by the thousands of employees who aren't misbehaving.
"The overwhelming majority of hard-working 16,000 EPA employees are dedicated, hard-working, professional and public servants," Perciasepe told the House at the heated hearing last month.
Still, the high-profile scandals could be taking a toll on EPA's public image just as the agency hunkers down to finalize new rules that form the centerpiece of the president's climate change agenda.
"To the extent that these stories influence to any significant degree, public opinion about you, it's damaging," said Peter Robertson, who was EPA's acting deputy administrator and chief of staff during the Clinton administration.
Robertson, now a senior vice president of corporate affairs at the Pebble Partnership, said he suspects that "these latest troubles have had some measurable impact among some small group of people."
"But any group -- no matter how small -- is still significant."
How is Child Porn being spread on the internet???? BY the pedophiles that make the child porn LAW; that's how!!!!
Horrific Child Porn Charges Brought Against Lawmaker Who Fought for Kids by Jenny Erikson April 2014
Horrific Child Porn Charges Brought Against Lawmaker Who Fought for Kids by Jenny Erikson April 2014
A former Illinois politician has been charged with using both personal and state-owned computers to trade hundreds of pictures and videos depicting child pornography, and engaging in online chats with others to brag about molesting children as young as six.
State Rep. Keith Farnham, 66, resigned abruptly in March, citing health concerns, but apparently his computer was seized from his state office by the authorities the week before, so dude had to know what was up. They found two videos on that computer of children, along with chat records including messages like, "12 is about as old as i can handle ... i love them at 6 7 8."
I can't even handle the sick. Perhaps the most disturbing part of this is the fact that Farnham has twice co-sponsored bills in the House to combat child pornography by making the penalties tougher. I wonder if the same government computer that had the videos was used to go over that legislation?
Did he not think it would apply to him? Was he trying to cover his tracks? Who knows, but it's scary to think that someone who is supposed to be a leader and role model is engaging in such a despicable manner. We trust public servants more than the average citizen, and you know, I think it's just commonly understood that they're not supposed to be using government property to commit vile acts against children! Or committing any criminal acts against children. Or anyone else, for that matter. I guess some people need it spelled out.
Farnham was the guy no one suspected of a crime this heinous. He was a Navy vet before running for office in 2009, and those who know him were shocked to hear of the charges. Rep. Mary Flowers is holding out hope that she won't have to accept it, saying, "I don’t want to cast him off as being guilty until he’s been found guilty," and Ed Schock, another politician who worked closely with Farnham said it was "almost beyond comprehension."
Homeland security agents started investigating after getting a tip from the Cyber Crimes Center about an email address being used to trade child pornography, and chat online about sexual preferences. Authorities were eventually able to trace it to Farnham's home Comcast account.
If convicted, he faces up to ten years in prison, which hardly seems like enough, until you consider the reception that's likely to await him. Prisoners notoriously consider child abusers the lowest of the low. After all, a lot of those guys have kids on the outside, and they are not pleased with people that might hurt them.
Do you think ten years is enough for this kind of crime?
Free Child Pornography for All
July 2014 Mark Rasch
The goal of the federal child pornography laws is to reduce the creation of child pornography. To do that, the federal government makes it illegal to possess, transfer, or knowingly store or keep child pornography.
The theory is, by making it illegal to create or transmit child pornography, this will reduce the demand for child pornography, and therefore decrease the chances of its creation. Unlike other forms of obscene material, the goal of regulating child pornography and criminalizing it is to reduce the amount of child pornography created. Its goal is to protect children.
When Congress passed the communications decency act, it required Internet service providers and certain other kinds of entities to scan incoming and outgoing traffic for child pornography. To facilitate this, Congress required law-enforcement agents and others to submit MD5 hashes, message-digest algorithms, of the child pornography that they had found to the National Center for Missing & Exploited Children.
The National Center for Missing & Exploited Children is a nonprofit entity, but not a government entity. Thus, this non-profit corporation maintains the most up-to-date database of the MD5 hashes of all the child pornography. This does not mean that they actually hold pornography themselves, rather they hold an algorithm for matching unknown files found on someone's computer work being transmitted through an Internet provider to compare against for known child pornography.
So let's say there's a cop in Kansas City. He seizes a computer of a suspected owner, or transmitter of child pornography. The cop scans the computer using the number of software tools, looking for files that match the MD5 hash of the database held by the National Center for Missing & Exploited Children. If there is a hit, he has probable cause to seize the computer, or can use that fact as evidence against the pornographer. Pretty cool stuff.
But there's a problem.
The database, which contains the most up-to-date file listing of known child pornography is closed. And it's held very tightly by the national center. It's made available only to select law-enforcement agencies, and specific Internet service providers. It's not public.
And that's a bad thing.
Because the database is not publicly available, corporations can't scan the computers of their employees, vendors, suppliers, or others for known child pornography. Because the database is not publicly available, colleges, universities, hospitals or others cannot scan their files for child pornography. Because the database is not public, smaller Internet providers cannot scan files going through their ISP for known child pornography. Because the database is not public, email providers cannot scan email for child pornography, unless the national center deems them worthy of sharing the information with. It also means that there's very little international cooperation, as the database is not shared with companies, or private enterprises.
So what would happen if the database of child pornography, or more accurately of the MD5 hash of the child pornography is made available publicly to everyone?
Given the database was publicly available and could be "pinged" against, private companies could develop tools to help facilitate the scanning of, and therefore the elimination of child pornography. They could make it more difficult for people to possess it, to transfer it, and even ultimately to create it.
I thought that was a good thing.
Of course, child pornographers themselves might be able to use the database to determine whether or not files they had were "known" to law enforcement. They can also convert MD5 hashes of the files they have on the computer to new MD5 hashes, subverting the whole process. But, of course, they can do that now anyway.
All told, making the hash of child pornography available broadly and to everyone, and allowing others to keep it updated with validated and verified files is a good thing. Allowing commercial entities to create commercial products to facilitate the searching for and removal of child pornography is a good thing too. So let's open the database up. Let's make it publicly available. And let's get rid of child pornography by forcing little sunshine.
Operation Torpedo: Fed Tactics on Trial in Porn Case
The FBI is on trial, caught in the middle of allegations that it stepped out of bounds by sending what was essentially a virus to unsuspecting computer users. Operation Torpedo originated out of computers in Bellevue.
One of the targeted websites had 10,000 images of child pornography. It had 5,600 members and 24,000 postings on the message boards with categories that include babies and teenage girls.
At issue in the suppression hearing is how the government collected the IP addresses and whether the rules of search warrants were followed.
Over the course of the day, 17 attorneys for 14 defendants filed into a courtroom as local FBI representatives explained how the Bureau tracked down dozens of child pornography suspects.
It's a case that has spanned the globe. Servers were seized in the Netherlands and dozens of arrests were made in the United States.
Law enforcement tracked down people online who, investigators say, had done their homework in trying to remain anonymous.
The FBI identified 25 users from Utah to Pennsylvania and states all over the country.
The key break in the case started in Sarpy County - in Bellevue. In November of 2012, FBI agents in Omaha arrested Aaron McGrath. From a server farm in Bellevue, he served as administrator of three websites that advertised and distributed child pornography.
The sites were only available through an anonymous network called TOR, where it was easy for users to cover their tracks online.
After his arrest, the FBI kept Aaron McGrath's child porn websites running and planted their own computer code, like a virus. The feds had never used this technique before the Bellevue case.
When someone clicked the link to those websites, the virus would navigate the layers of secrecy and anonymity so the FBI could trace and pinpoint the specific computers where child pornography was accessed. That search warrant process is under fire in federal court.
Glenn Shapiro represents a child porn suspect from Utah and Shapiro said, “It doesn't matter if it's jaywalking, murder, child porn or anything in between. It’s for protection of all society that the rules are followed by everybody."
New world technology has met old world rules. Federal Judge Thomas Thalken will decide if the FBI met the rules of law when it came to sending the virus to those computers. If not, any evidence collected from the search warrants would be inadmissible.
While the government operated the Bellevue child porn sites for three weeks in 2012, the actual raids of people's homes and seizure of computers didn't happen until four months later -- April 2013.
Attorneys are questioning whether the feds followed what's known as the 30-day standard of notification.
Aaron McGrath, the Omaha man who administered the websites, is serving a 20-year sentence in federal prison.
Distribution of Child Porn Conviction Rejected by Court by Gina Passarella, The Legal Intelligencer
The Third Circuit has overturned the conviction of a man found guilty of distribution of child pornography because the images he placed in a folder on a file-sharing network were never viewed by anyone else.
"The issue we address is whether the mere act of placing child pornography materials in a shared computer folder, available to other users of a file-sharing network, constitutes distribution of child pornography," said Judge Julio M. Fuentes of the U.S. Court of Appeals of the Third Circuit in United States v. Husmann. "We conclude it does not. A conviction for distributing child pornography cannot be sustained without evidence that another person actually downloaded or obtained the images stored in the shared folder."
Defendant David George Husmann was convicted of three counts of distributing child pornography based on evidence he placed various images in a shared computer folder connected to a file-sharing network, Fuentes said. The government did not present any evidence that anyone had downloaded or obtained the materials, the judge said. Husmann was also convicted of one count of possession of child pornography, according to the opinion, which noted he was sentenced to a 240-month term on each count, to be served concurrently.
Fuentes vacated the conviction as to the distribution counts and remanded the case for resentencing.
Fuentes was joined on the panel by Senior Judge Morton I. Greenberg. Senior Judge Franklin S. Van Antwerpen dissented, noting he couldn't join in the "narrow definition" of "distribution" adopted by the majority.
Husmann was on supervised release for a child pornography conviction when the U.S. Probation Office received a software alert indicating Husmann's computer accessed pornographic websites. A probation officer visited Husmann's house and found him in the act of viewing an image of a girl between the ages of 6 and 8, Fuentes said in the majority opinion.
The agent thought the image originated from a flash drive in Husmann's DVD player and seized that drive and three others. Other images were found on the drives and the case was referred to the FBI. According to the opinion, Husmann admitted to the FBI that he downloaded, saved and viewed all of the images stored on the flash drives.
In explaining file-sharing programs, Fuentes noted that peer-to-peer file-sharing programs enable computer users to share and receive electronic files with a network of users through the individual computers "communicating" with one another as opposed to the data going through a central server. Files can be made accessible to other users by being placed into a designated folder that is available to the network of users, the judge said.
Because the communications between computers connected to the network don't go through a central server, placing the files in the shared folder does not automatically transmit them to another computer. The shared files don't leave a user's computer until another program user downloads them, Fuentes said.
On appeal of his conviction, Husmann argued he didn't distribute the images given no one else was shown to have accessed them. But the government argued distribution should be defined as encompassing the act of sharing a file by making it available to other users, according to the opinion.
The statute under which Husmann was convicted, 18 U.S.C. Section 2252(a)(2), does not define distribution. Fuentes therefore looked to dictionary definitions as well as case law and the definition of distribute used in the criminal context regarding controlled substances.
"The statutory context confirms that 'distribute' in Section 2252(a)(2) means to apportion, give out or deliver and that distribution necessarily involves the transfer of materials to another person," Fuentes said.
The judge cited other circuits that have addressed the issue, but in those cases the images were shown to have been actually downloaded by another user or a police officer, according to the opinion and Husmann's appellate attorney, Theodore C. Forrence Jr. of Philadelphia.
Forrence said this case was one of first impression because similar cases only addressed the issue as dicta or involved cases in which FBI agents were able to download the images from the shared folder. The only cases Forrence said he was able to find that squarely addressed the issue involved cases in military courts of appeal.
Fuentes said Van Antwerpen relied on the 2007 decision in United States v. Shaffer from the Tenth Circuit to show that making files accessible is enough to constitute distribution, but Fuentes said Van Antwerpen failed to note that inShaffer an FBI agent had actually downloaded images from the defendant's computer.
"To be clear, no circuit has held that a defendant can be convicted of distribution under Section 2252 in the absence of a download or transfer of materials by another person," Fuentes said.
The prosecution argued on appeal that the court should adopt the definition of distribution used in the distribution enhancement under the sentencing guidelines. But Fuentes said that definition has no bearing on the meaning of the term under Section 2252. While several circuits have held that placing child pornography in a shared folder on a file-sharing network warrants application of a distribution enhancement under the sentencing guidelines, Fuentes said, no circuit has relied on the sentencing guidelines definition to interpret the meaning of Section 2252(a)(2).
"Of course, knowingly placing child pornography in a shared folder on a file-sharing network remains a criminal offense," Fuentes said. "It just isn't distribution. In the end, our interpretation of 'distribute' in Section 2252(a)(2) might affect the government's charging decisions, but it does not handicap the government's ability to prosecute child pornography offenses."
In his dissent, Van Antwerpen said that, under the majority's definition of "distribution," the crime would not be complete unless a police officer downloaded the image. He said while that isn't a strict requirement of the majority's definition, because of an inability to search third-party computers, these cases are typically brought after a police officer downloads an image from the defendant.
A spokesperson for the U.S. Attorney's Office for the Eastern District of Pennsylvania said the office declined to comment on the case. Michelle Rotella handled the matter at trial and Robert Zauzmer handled it on appeal for the office.
Kenneth C. Edelin Jr. represented Husmann at trial.
Rise in Anti-Child Porn Spam Protection Ransomware infections
Started by decrypterfixer , Aug 2014
Over the last 2 months I have had different users contact me about an infection that turns their files into .EXE's. Unfortunately, none of these users ever had a dropper (Original Infecting application) or a ransom note to help me identify what the infection was. That all changed yesterday when yet another victim contacted me. After walking the user through the files I needed, it quickly became apparent that what was sent to me was a new version of ACCDFISA, or Anti-Child Porn Spam Protection, Ransomware. This variant is similar to the older ACCDFISA variant but with some adjustments to keep the detection rate low among other things. The description of what it does is still the same as what Grinler posted in the above post:
This ransomware pretends to be from a legitimate government organization that states that the infected computer is sending out SPAM that contains links to child pornography sites. The ransom program then states that in order protect yourself, and others, it has encrypted your data using Advanced Encryption Standards, or AES, encryption. Just like the Malware Protectionand the ACCDFISA Protection Program variants, these files are not actually encrypted but are password protected RAR files.
ScreenLocker window for ACCDFISA v2.0, There is actually a few different version of this as you will see with the
Image of the HTML file below.
Click to see Full Screen of Anti-Child Porn Spam Protection - 2.0
ACCDFISA v2.0 HTML file, These can be worded slightly different, and can have
different emails to message the virus creator.
Click to see Full Screen of ACCDFISA v2.0 HTML File
There seems to be either a leak of the ACCDFISA v2.0 source, or the creator is mixing up the layout of Ransom Note, Screen Locker, and even the internal code. So far I have found 3 different version of ACCDFISA v2.0 with different contact emails, Ransom Notes, Code, and what is worse is even the method of delivery. The previous ACCDFISA v2.0 mostly only affected servers with RDP enabled with weak security. But the last 2 victims I have been messaging had neither a server or RDP enabled, and claimed to have gotten it either by email or a malicious or hacked site. This makes this older modified infection another top placer for worst encrypting infections because the key is unrecoverable, Restore Points are wiped, the computer is locked down, services are mangled, free space and deleted files are wiped with SDelete, and of course files are encrypted with WinRar SFX AES exe's.
For informational purposes, the 2 virus creator emails I have found with these variants are firstname.lastname@example.org and Dextreme88@gmail.com.
When first run, this program will scan your computer for data files and convert them to password protected RAR .exe files. These password protected data files will be named in a format similar to test.txt(!! to decrypt email id <id> to <Email>@gmail.com !!).exe. It will then use Sysinternal's SDelete to delete the original files in such a way that they cannot be undeleted using file recovery tools. It will also set a Windows Registry Run entry to start c:\<Random Number>\svchost.exe when your computer starts. This program is launched immediately when you logon and blocks access to your Windows environment. If you boot your computer using SafeMode, Windows Recovery disk, or another offline recovery CD, you can delete or rename the c:\<Random Number>\svchost.exe file in order to regain access to your Windows Desktop. This "lockout" screen will also prompt you to send the hackers the ransom in order to get a passcode for the system lockout screen and for your password protected files.
This variant took 3 hours to completely finish on my VM. I was able to access the key file, and decrypt nearly all files and back them up before shutdown. So if you are lucky enough to see this happening, you should immediately backup the key file on the desktop / in the ProgramData folder.
Sadly, just like the past variants, files cannot be decrypted either without the key, or a backup. If you are reading this infection free I have one question, Have you backed up today?. If not, you better get to it as these types of computer infections are on the rise and definitely here to stay!
The files that this infection creates when it is installed are:
c:\<Random>\svchost.exe - ScreenLocker / Decrypter
c:\<Random>\howtodecryptaesfiles.htm - RansomNote that all RansomNotes lnk's point to
c:\ProgramData\fdst<Random>\lsassw86s.exe Encrypter / Main dropper
c:\ProgramData\<Random>\<Random>.dll - Different Numbers and Hashes used by the infection / Also where Temp Key is kept, But removed after completion
c:\ProgramData\<Random>\<Random>.DLLS List of files to be infected by WinRar
c:\ProgramData\<Random>\svchost.exe - WinRar CUI renamed
c:\ProgramData\<Random>\svchost.exe - Sdelete Renamed
c:\ProgramData\svcfnmainstvestvs\stppthmainfv.dll - List of Numbers used by the infection
c:\ProgramData\svtstcrs\stppthmainfv.dll - List of Numbers used by the infection
c:\Windows\System32\backgrounds2.bmp - Renamed ScreenLocker / Decrypter, Used to replace the one in ProgramData if deleted
c:\Windows\System32\lsassw86s.exe - Renamed Encrypter / Main dropper, Used to replace the one in ProgramData if deleted
c:\Windows\System32\scsvserv.exe - Used to complete mangle / disable services to further lock down computer
c:\Windows\System32\lsassvrtdbks.exe - Assists with encryption
c:\Windows\System32\session455.txt - Temp Storage used with .BAT file to logoff user account
c:\Windows\System32\decryptaesfiles.html - Used to copy to ProgramData
c:\Windows\System32\Sdelete.dll - Used to copy Sdelete to ProgramData
c:\Windows\System32\kblockdll.dll - Used to Lock desktop
c:\Windows\System32\btlogoffusrsmtv.bat - Used to log user off
c:\Windows\System32\default2.sfx - Used with winrar to encrypt files
c:\Windows\System32\cfwin32.dll - WinRar CUI renamed
%Desktop%\<Random>.Txt - Also contains Decrypt Key, But removed after completion
HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe - Launches ScreenLocker
HKCU\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe - Launches ScreenLocker
HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\<Random>\svchost.exe - Launches ScreenLocker
Have you performed a routine backup today?
Most USB thumb drives can be reprogrammed to infect computersBy Lucian Constantin | IDG News Service
The firmware in such devices is unprotected and can be easily overwritten by malware, researchers from Security Research Labs said
Most USB devices have a fundamental security weakness that can be exploited to infect computers with malware in a way that cannot easily be prevented or detected, security researchers found.
The problem is that the majority of USB thumb drives, and likely other USB peripherals available on the market, do not protect their firmware -- the software that runs on the microcontroller inside them, said Karsten Nohl, the founder and chief scientist of Berlin-based Security Research Labs.
This means that a malware program can replace the firmware on a USB device like a thumb drive by using secret SCSI (Small Computer System Interface) commands and make it act like some other type of device, for example, a keyboard, Nohl said.
The spoofed keyboard could then be used to emulate key presses and send commands to download and execute a malware program. That malware could reprogram other USB thumb drives inserted into the infected computer, essentially becoming a self-replicating virus, the researcher said.
Researchers from Security Research Labs have developed several proof-of-concept attacks that they plan to present at the Black Hat security conference in Las Vegas next week.
One of the attacks involves a USB stick that acts as three separate devices -- two thumb drives and a keyboard. When the device is first plugged into a computer and is detected by the OS, it acts as a regular storage device. However, when the computer is restarted and the device detects that it's talking to the BIOS, it switches on the hidden storage device and also emulates the keyboard, Nohl said.
Acting as a keyboard, the device sends the necessary button presses to bring up the boot menu and boots a minimal Linux system from the hidden thumb drive. The Linux system then infects the bootloader of the computer's hard disk drive, essentially acting like a boot virus, he said.
Another proof-of-concept attack developed by Security Research Labs involves reprogramming a USB drive to act as a fast Gigabit network card.
As Nohl explained, OSes prefer a wired network controller over a wireless one and a Gigabit ethernet controller over a slower one. This means the OS will use the new spoofed Gigabit controller as the default network card.
The USB device also emulates a DHCP (Dynamic Host Configuration Protocol) server that automatically assigns a DNS (Domain Name System) server to the spoofed controller, but not a gateway address. In this case, the OS will continue to use the gateway specified by the real network card -- so the Internet connection will not be disrupted -- but the DNS server from the spoofed controller, Nohl said. By controlling the DNS server, which translates domain names into IP (Internet Protocol) addresses, an attacker can hijack the Internet traffic, he said.
To show that this attack is not only possible with USB thumb drives, the researchers will also use an Android phone connected to the computer to emulate a rogue network card.
Any USB connection can turn evil, Nohl said. If you let someone connect a USB thumb drive or charge a phone on your computer you essentially trust them to type commands on your computer, he said.
The attacks developed by Security Research Labs underline the difficulty of having both the versatility of the USB standard and security at the same time. The greatest feature of USB -- its plug-and-play capability -- turns out to be its greatest vulnerability as well, according to Nohl.
Unfortunately, there's no easy fix for this problem. The Security Research Labs researchers have identified several ways to address this issue, but none of them solve the problem completely or in a timely manner.
One place where the issue could be fixed is in the USB specification by requiring that a secure pairing process is used when adding new USB devices to a computer, similar to the one used for Bluetooth devices. However, even if the USB specification is changed, it could take years before the new standard is adopted and new devices replace the old ones.
OSes could also ask users to confirm the addition of new USB devices to their computers and then remember the approved devices -- a sort of USB firewall. However, this might not even be possible because many USB devices use a string of zeros for their serial number and there's no way for the OS to distinguish between them, Nohl said. Also, this doesn't solve the attack vector where the USB device infects the boot sector from outside the OS.
An obvious place to fix the issue would be in the USB microcontrollers themselves by requiring firmware updates to be digitally signed or by implementing some sort of hardware locking mechanism that prevents overwriting the firmware once the device leaves the factory. Nohl said that he and his team haven't seen such protections in any of the USB thumb drives they tested.
Even if manufacturers start implementing such protections there would have to be a way to tell new USB thumb drives apart from old, insecure ones, so that users can make an informed decision about which devices they connect to their computers.
Finally, a more short-term solution would be for users to start understanding the risks and be cautions about which USB devices they plug into their computers, Nohl said. For the purpose of exchanging files with other people an SD (Secure Digital) memory card would be a safer choice than a USB thumb drive, he said.
Australia: Article on possession of child pornography and the internet Article by Bill Doogue
Good News, Pedophiles: FSPD Reserve Officer Can Help You Beat Child Porn Charges!
August 27, 2014By Matt Campbell
He wears a number of hats, though (admittedly) not in that photo.1 Most of the time, he is the Fort Smith Police Department’s resident computer nerd IT specialist, where, among other things, it falls to him to locate and preserve potential evidence on the FSPD computers.
He is also a reserve police officer in the FSPD, which means that he’s gone through some amount of police training and, at times, actually gets to function as a real police officer. For a tech geek IT specialist, that must be like how a corgi feels when someone dresses it up as a dragon for Halloween.
Pictured: Adorable Metaphor
But that’s only part of the story. Alvey also has a third gig that is . . . interesting. He owns and operates a computer forensics consulting company, Guardian Forensics & Data Recovery, LLC. The interesting thing about Guardian, however, is what it offers. Specifically, this:
Guardian provides forensics services for Attorneys, Law firms, corporate, private, public sector, and individuals. Our consultants are experts at gathering, analyzing, and uncovering any type of digital evidence from all types of documents, Internet history, computer log files and email.
-Criminal Cases -Civil Litigation
-Expert Witness & Testimony -Digital Evidence Acquisition
-Picture & Video File Review -Cell Phone Forensics
-Internet History Reconstruction -Computer Timeline Analysis
-Keyword Searching -Password & Data Recovery
-Metadata Extraction/Analysis -Fraud
-Email & Chat Recovery/Analysis -Live Host & RAM Analysis
-Social media Forensics -Murders
-Child Pornography -Email investigations
-Divorce -Employee misconduct
-wrongful death -intellectual property
-software infringement Corporate Internal Investigations
-Theft of Intellectual Property -Mass Deletions & System Wiping
-Social Media Forensics
Does anyone else see something odd there (beyond Alvey’s near-sociopathic use of various font faces, colors, and capitalization)? No? Well, maybe if we include this, it will become more clear:
Alvey has been employed with the Fort Smith Police Department since 2006 as their Network Manager, overseeing and supporting Public Safety technology, which includes the 911 Communications Center and Regional Mobile Data. He also serves as a member of the Cyber Investigations unit, working numerous digital forensic cases involving peer-to-peer, child pornography, financial crimes, narcotics and theft for several local, state and federal agencies. Alvey is a member of the Internet Crimes Against Children (ICAC) task force and also participates as a reserve office [sic] the Fort Smith Police Department.
Yup. A guy who is employed by the FSPD and receives ongoing training in law-enforcement-related computer forensics, is running a side business where he specifically advertises that he can help the defense in criminal cases, including child pornography and murder. More to the point, a person who is employed by the FSPD serves as a member of the Internet Crimes Against Children task force is specifically telling people charged with Internet crimes against children that he can help their defense. And, given that the FSPD website specifically brags about how their Cyber Investigations Unit works with the Center for Missing & Exploited Children, I wonder how the Center would feel about Alvey’s side-job helping people who are accused of exploiting children?2
Paging Dr. O’Interest. Dr. Conflict O’Interest….
Oooh, look. There’s even a part where he suggests that the police might be setting people up for child porn charges!
Been accused of some pretty nasty things on your computer? Guardian Forensics works with Criminal Defense attorneys to provide a second opinion to what the police offer as digital evidence. Do you think you’ve been set up? That what the police claim on your computer isn’t true? That a virus planted the evidence? That someone else was using your computer? We can provide expert witness testimony in court about these things and examine your computer without the attitude that you’re already guilty.
Review and comment on any search warrant, affidavit to support search warrants, witness statements, indictment and police reports, and court transcripts of the prosecutions pre-trial testimony of the evidence.
Review the methods used by Law Enforcement in the collection, acquisition, handling, analysis, and preservation of evidence to ensure it is within accepted practices and the Law Enforcement Department’s Forensics Lab Standard Operating Procedures.
Provide Expert Witness testimony in court and depositions, as well as creating exhibits to support testimony in court.
Examine time stamps to provide doubt that you were at the computer at the time of the occurrence and that it could have been someone else at the computer (Child Pornography, Hacking, Financial Crimes…)
Create a profile of your normal computer use habits and compare it to the time of the occurrence to provide doubt it was you and could have been someone else. (Child Pornography, Hacking…)
Malware Analysis to see if it is possible that a virus could have been the source of the illegal content (Child Pornography, Torrented or Illegally Downloaded Media…)
We will look at your whole computer and put that piece of evidence in context to help you. Contact us today and tell your attorney so that we can get started on your case today.
You might be wondering, isn’t it improper for a police officer — even a reserve officer/civilian employee — to run a business that presents such an absurdly obvious conflict of interest with his police duties?
Yes. Yes, it is.
Officers are prohibited from participating in any other vocation or business activity which might conflict or interfere with their responsibilities to the Department. Officers must receive permission from the Office of the Chief of Police before engaging in off-duty employment or business activities.
Then, Rules 507 and 508 state:
Except for official police duties, no officer shall knowingly align or associate themselves with persons whose criminal convictions or activities create a potential damage to the officer’s credibility. This does not exclude an officer from associating with immediate members of his/her family if they fall within the aforementioned category.
Officers shall not permit their name or photograph to be used to endorse any product or service which is in any way connected with law enforcement without permission from the Office of the Chief of Police. Officers shall not, without permission from the Office of the Chief of Police, allow their name or photograph to be used in any commercial testimonial or endorsement which alludes to their position or employment with the Department.
It doesn’t get any better if you consider Alvey a city employee, rather than a police officer, either. Rule III(L) of the Fort Smith City Employee Handbook states:
Holding a second job or conducting a business activity while employed by the City may be permissible with the prior approval of the department director and the Director of Human Resources. However, employment with the City must be primary, and any secondary employment or business activity must not be in a business area, trade, occupation or profession which would interfere with the employee’s City job duties, working or hours or would represent a conflict of interest.
But, hey…I got my start in criminal defense. On some level, maybe I can find a way to justify what he is doing; I mean, it’s not like he’s doing this job Monday through Friday, 8am to 6pm, where it might directly conflict with his FSPD schedule and duties, right?
Oh. Well…that’s a problem. Though, perhaps predictably, it’s not even the most problematic piece of information on that picture. Nope, that award would have to go to the address that’s listed: 100 S. 10th St., Fort Smith, AR 72901.
AKA, this building:
How can Alvey’s Dork Inc. Guardian Forensics be located at the Fort Smith Police Department and conduct business from 8am to 6pm, M-F? Well, while I eagerly await an “explanation” from Sgt. Daniel Grubbs or some other sycophant about how Alvey’s business doesn’t actually operate at the time and place that Alvey put on his own Google+ page, I have a theory. Alvey is running his “side” business as part and parcel of doing his actual City/FSPD job.
Which makes sense, really; running the business out of the PD means that Alvey can use all those great programs and hardware devices that the PD has purchased for police business, which makes his ability to recover his customers’ deleted emails and deleted documents much easier.3 Is it disconcerting to think that the same guy who might be helping the FSPD build a child-porn case against one suspect is using the same training and (I assume) equipment and office space to help some other person build a defense against identical charges? It is to me, but, then, I’m not the kind of person who just turns a blind eye to obviously egregious behavior in order to better justify my own failings as a leader.
Of course, the people of Fort Smith are very fond of their municipal leaders these days, and they are not at all distrusting of things that don’t pass the smell test. So, I’m sure no one in Fort Smith would object to Alvey Matlock making some extra money for himself, while on the City dime, by using the latest in forensic computer training and equipment, all of which was paid for by the taxpayers. Right?