Malware Planted on Hard Disk Given to Whistleblowers’ Lawyer

police lawyer plants trojan on whistleblower's hard drive

When it comes to matters of justice, we’d all like to think that we can trust a lawyer, but an interesting case in Arkansas suggests that may not be such a wise idea:

When Matthew Campbell of the Pinnacle Law Firm in North Little Rock – currently representing three police whistleblowers – received an external hard drive via Federal Express from a law enforcement attorney, he claims he found an unusual surprise on the device – malware.

“Something didn’t add up in the way they approached it, so I sent it to my software guy first,” Campbell said to the Northwest Arkansas Democrat Gazette. “I thought ‘I’m not plugging that into my computer,’ so I sent it to [a software expert] to inspect.”

When consultant Geoff Mueller, manager of information security at the Lower Colorado River Authority, looked at the hard drive he discovered four Trojans, one of which was a duplicate:

  • Win32:Zbot-AVH[Trj] – designed to steal Campbell’s passwords and install a backdoor
  • NSIS:Downloader-CC[Trj] – A downloader capable of introducing additional malware to the system
  • Two instances of Win32Cycbot-NF[Trj] – Another backdoor designed to give an attacker a access to the system

According to an affidavit filed in the Circuit Court of Sebastian County, Arkansas, there was no way that the malware could have been copied to the hard drive by accident – the Fort Smith police force claims it runs real-time antivirus protection that would have discovered all four Trojans with ease.

The court filing adds further clarification:

“Additionally, the placement of these trojans, all in the same sub-folder and not in the root directory, means that [t]he trojans were not already on the external hard drive that was sent to Mr. Campbell, and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell’s computer while also stealing passwords to his accounts.”

Beyond the alleged introduction of malware to the hard drive, Campbell also says the police department deleted a large number of emails that were crucial to the case which surrounds claims by the officers that they were repeatedly and unfairly investigated by their superiors.

According to a motion for sanctions, relevant internal email communications could have easily been recovered but were instead removed from the system, despite being subject to freedom of information requests. Not only that, backups containing the emails were also purged, according to the discovery order.

Campbell’s submission to the court asks the judge to hold the Fort Smith Police Department in contempt and asks for further court sanctions, with Campbell saying that “There are at least one Arkansas felony and as many as three federal felonies that stem from this”.

That request is currently being considered and there is no word as yet on when the judge will make a ruling.


Featured image: Petr Kratochvil / Public Domain