Of all the sinister things that internet viruses do, this might be the worst: they can make people unsuspecting collectors of child pornography.
Pictures and videos can be deposited on personal computers by viruses - the malicious software better known for swiping your credit-card numbers. In this twist, it's your reputation - and perhaps liberty - that's stolen. Paedophiles can exploit infected PCs to remotely store and view pictures without fear of arrest.
About 20 million of the estimated one billion internet-connected PCs worldwide are infected with viruses that could give hackers full control, according to security software maker F-Secure Corp. Computers often get infected when people open e-mail attachments from unknown sources or visit a webpage compromised by malicious software.
An investigation by news agency Associated Press has found cases in which innocent people have been branded paedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC via a virus. It can be a costly exercise for victims to prove their innocence.
Their situations are complicated by the fact that actual paedophiles often blame viruses - a defence viewed with scepticism by law enforcement.
"It's an example of the old 'dog ate my homework' excuse," says Phil Malone, director of the Cyberlaw Clinic at Harvard University's Berkman Centre for Internet & Society, in the United States. "The problem is, sometimes the dog does eat your homework."
The investigation included interviewing people who had been found with child porn on their computers. Court records were reviewed and prosecutors, police and computer analysts were interviewed.
One case involved Michael Fiola, a former investigator with an agency that oversees workers' compensation in the US. In 2007, Fiola's bosses became suspicious after the internet bill for his state-issued laptop showed he used 4-1/2 times more data than his colleagues. A technician found child porn in the PC folder that stored images viewed online.
Fiola was fired and charged with possession of child porn, which carries a sentence of up to five years in prison. He endured death threats, his car tyres were slashed and he was shunned by friends. He and his wife fought the case, spending US$250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.
An inspection for his defence revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute - an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on and porn flowed in for an hour and a half. Prosecutors performed another test and confirmed the defence findings. The charge was dropped - 11 months after it had been filed.
Fiola and his wife say they have health problems from the stress of the case. They've talked to dozens of lawyers but can't get one to sue the state, because of a cap on the amount they can recover.
"It ruined my life, my wife's life and my family's life," says Fiola. The Massachusetts attorney general's office declined interview requests for this article.
Paedophiles can tap viruses in several ways. The simplest is to force someone else's computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online.
"They're kind of like locusts that descend on a cornfield: they eat up everything in sight and they move on to the next cornfield," says Eric Goldman, academic director of the High Tech Law Institute at Santa Clara University, in the US. Goldman has represented Web companies that discovered child pornographers were abusing their legitimate services.
However, paedophiles need not be involved: child porn can land on a computer in a prank or an attempt to frame the PC's owner. In the first public cases of this, two men in Britain were cleared in 2003 after viruses were shown to have been responsible for the child porn on their PCs.
In one case, an infected e-mail or pop-up advertisement poisoned a defence contractor's PC and downloaded offensive pictures. In the other, a virus changed the homepage on a man's Web browser to display child porn, a discovery made by his seven-year-old daughter. The man spent more than a week in jail and three months in a halfway house and lost custody of his daughter.
Chris Watts, a computer examiner in Britain, says he helped clear a hotel manager whose co-workers found child porn on the PC they shared with him. Watts found that while surfing the internet for ways to play computer games without paying for them, the manager had visited a site for pirated software. It redirected visitors to child porn sites if they were inactive for a certain period.
In all these cases, the central evidence wasn't in dispute: pornography was on a computer. But proving how it got there was difficult.
"Even if users have updated security software they should be active in removing unwanted files in their computer's temporary files folder," says Roy Ko Wai-tak, manager of Hong Kong's Computer Emergency Response Team Co-ordination Centre. "This folder can store images you may have picked up from sites you visited or pages you inadvertently clicked on, like what happens with spam."
Although no such dumping has yet come to light in Hong Kong, 94.5 per cent of all e-mails sent to the territory's users last month were identified as nuisance or junk messages, according to a survey by e-mail security group MessageLabs.
Many prosecutors say blaming a computer virus for child porn is a new version of an old ploy.
"We call it the `Soddi' defence: some other dude did it," says James Anderson, a federal prosecutor in the US.
Forensic experts, however, say it would be hard for a paedophile to escape justice using such a defence.
"I personally would feel more comfortable investing my retirement [money] in the lottery before trying to defend myself with that," says forensics specialist Jeff Fischbach.
Even careful child-porn collectors leave incriminating e-mails, DVDs or other clues. Virus defences are no match for that kind of evidence, says Damon King, trial attorney for the US Justice Department's Child Exploitation and Obscenity Section.
But while the virus defence does not appear to be getting real paedophiles out of trouble, there have been cases in which forensic examiners insist legitimate claims have not been completely aired.
Tami Loehrs, who inspected Fiola's computer, cites Wyoming resident Ned Solon, who is serving six years for child porn found in a folder used by a file-sharing program on his computer. Solon admits he used the program to download video games and adult porn - but not child porn.
Loehrs testified that Solon's anti-virus software wasn't working properly and appeared to have shut off for long stretches, a sign of an infection. She found no evidence the five child porn videos on Solon's computer had been viewed or downloaded fully. The porn was in a folder the file-sharing program labelled as "incomplete" because the downloads were cancelled or generated an error.
That defence, however, was curtailed when Loehrs ended her investigation in a dispute with the judge over her fees. Computer examinations can cost tens of thousands of dollars. Defendants can ask the courts to pay, but sometimes judges baulk at the price. Although Loehrs stopped working for Solon, she argues his innocence: "There was too much evidence that it wasn't him."
The prosecution's forensics expert, Randy Huff, maintains Solon's anti-virus software was working properly. And he says he ran other anti-virus programs on the computer and didn't find an infection - although anti-virus scans frequently miss such things.
"He actually had a very clean computer compared to some of the other cases," Huff says. The jury took two hours to convict Solon.
"Computers are not to be trusted," says Jeremiah Grossman, founder of WhiteHat Security. He describes it as "painfully simple" to get a computer to download something the owner doesn't want.
Grossman says: "Just because it's there doesn't mean the person intended for it to be there, whatever it is, child porn included."
Associated Press
