I’ve written about Geek Squad in the past and how they have been caught doing things they shouldn’t be doing. Well, it’s happened again. Mark A. Rettenmaier lives in Orange County and is a prominent physician and surgeon. Except that he got nailed by the FBI for child porn. Here’s how it happened:
Unable to boot his HP Pavilion desktop computer, he sought the assistance of the store’s Geek Squad. At the time, nobody knew the company’s repair technicians routinely searched customers’ devices for files that could earn them $500 windfalls as FBI informants. This case produced that national revelation.
According to court records, Geek Squad technician John “Trey” Westphal, an FBI informant, reported he accidentally located on Rettenmaier’s computer an image of “a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck.” Westphal notified his boss, Justin Meade, also an FBI informant, who alerted colleague Randall Ratliff, another FBI informant at Best Buy, as well as the FBI. Claiming the image met the definition of child pornography and was tied to a series of illicit pictures known as the “Jenny” shots, agent Tracey Riley seized the hard drive.
I am not a lawyer, but this seems to me to be a blatant a case of unconstitutional search and seizure. On top of that, apparently The FBI conducted two additional searches of the computer without obtaining necessary warrants. Plus they apparently lied to trick a federal magistrate judge into authorizing a search warrant for his home, then tried to cover up all of this by initially hiding records.
But lets put that aside for a second. As bad as all of that is, I want to focus on one other thing. The defense that the doctor’s lawyers served up:
To convict someone of child-pornography charges, the government must prove the suspect knowingly possessed the image. But in Rettenmaier’s case, the alleged “Jenny” image was found on unallocated “trash” space, meaning it could only be retrieved by “carving” with costly, highly sophisticated forensics tools. In other words, it’s arguable a computer’s owner wouldn’t know of its existence. (For example, malware can secretly implant files.) Worse for the FBI, a federal appellate court unequivocally declared in February 2011 (USA v. Andrew Flyer) that pictures found on unallocated space did not constitute knowing possession because it is impossible to determine when, why or who downloaded them.
So let’s assume that the above is true. Why is Geek Squad running forensic software on this computer? That really sounds sketchy to me as there is no reason to do so in the course of repairing this computer. Unless of course you were looking to score some reward money from the FBI.
What does Best Buy think about this? Here’s what they said:
Jeff Haydock, a Best Buy vice president for communications, provided the Weekly a reaction. “Best Buy is required by law to report the discovery of certain illegal material to law enforcement, but being paid by authorities to do so would violate company policy,” Haydock said. “If these reports are true, it is purely poor individual judgement. If we discover child pornography in the normal course of servicing a computer, phone or tablet, we have an obligation to contact law enforcement. We believe this is the right thing to do, and we inform our customers before beginning any work that this is our policy.”
Strangely, I agree with what Best Buy is saying here. Except that as I mentioned above that they have a history of rooting through people’s computers that doesn’t exactly put them in the best light. Thus one has to wonder what they are going to do to put an end to this once and for all.
My advice. Avoid Geek Squad. Clearly, they cannot be trusted.
Browser Autofill Exploit Revealed…. Only Firefox Is Immune
Posted in Commentary with tags Security on January 11, 2017 by itnerdA Finnish hacker by the name of Viljami Kuosmanen has exposed a new type of phishing attack that utilizes a web browsers ability to autofill text fields to get personal information. The Guardian has details:
The phising attack is brutally simple. Kuosmanen discovered that when a user attempts to fill in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.
It means that when a user inputs seemingly innocent, basic information into a site, the autofill system could be giving away much more sensitive information at the same time should the user confirm the autofill. Chrome’s autofill system, which is switched on by default, stores data on email addresses, phone numbers, mailing addresses, organisations, credit card information and various other bits and pieces.
As it stands, the only web browser that can’t be exploited using this exploit is Mozilla Firefox. Pretty much every other browser out there is vulnerable. Also vulnerable are password managers such as LastPass which have plug ins that do the same sort of thing. There’s a site that demonstrates the exploit which you can visit so that you can see it in action, but you should disable the autofill function within your browser to protect yourself until this attack is fixed within the browser of your choice. Alternately, you can switch to Firefox to protect yourself.
Leave a comment »