Lawyer representing police whistleblowers finds trojans on department-provided drive
April 15, 2015
A lawyer representing multiple law enforcement whistleblowers in Arkansas discovered surveillance malware after receiving an external hard drive from his clients’ department.
After requesting internal emails for the case, North Little Rock lawyer Matthew Campbell became suspicious when the Fort Smith Police Department decided to place the files on a hard drive and send them through Federal Express.
Campbell, who normally receives files via email, told the Northwest Arkansas Democrat Gazette  that the department’s decision immediately raised red flags.
“Something didn’t add up in the way they approached it, so I sent it to my software guy first,” Campbell said. “I thought ‘I’m not plugging that into my computer,’ so I sent it to [a software expert] to inspect.”
After carefully inspecting the hard drive, security consultant Geoff Mueller discovered well known malware, capable of implanting backdoors and logging passwords.
“One would have kept my Internet active even if I tried to turn it off, one would have stolen any passwords that I entered in, and the other would have allowed the installation of other malicious software,” Campbell told the Arkansas Online .
“It’s not like these are my only clients, either. I’ve got all my client files in my computer. I don’t know what they were looking for, but just the fact that they would do it is pretty scary.”
- A d v e r t i s e m e n t
According to Mueller’s examination, the malicious files were placed on the drive at the same time as the requested documents.
“…the placement of these trojans, all in the same sub-folder and not in the root directory, means that [t]he trojans were not already on the external hard drive that was sent to Mr. Campbell, and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell’s computer while also stealing passwords to his accounts,” the consultant noted.
Campbell, who has already begun preparing a new lawsuit over the incident, is now demanding the defendants be held in contempt of court.
The department is not only being accused of attempting to infect Campbell’s computer with malware, but of deleting pertinent emails regarding the case as well.
“Defendants have engaged in intentional spoilation of evidence by deleting entire email accounts without [allowing] plaintiffs to search the emails,” the affidavit  states.
When confronted on the allegations, Police Chief Kevin D. Lindsey remained relatively tight-lipped.
“We’re going to let the courts speak on that when the time comes,” Lindsey said. “We’ll let the courts get this worked out and let the disposition speak for itself.”