A lawyer representing three police whistleblowers has claimed a hard drive sent to him with evidence for his case was deliberately infected with password-stealing malware.
Matthew Campbell, a lawyer with the Pinnacle Law Firm in North Little Rock, Arkansas, is working on behalf of three past and present officers of the Fort Smith Police Department. The trio claim they were victimized after exposing fraud within the force, and are suing the department alleging mistreatment.
As part of that lawsuit, Campbell wrote to the department requesting an archive of internal emails, which arrived on an external hard drive sent via FedEx.
"Something didn't add up in the way they approached it, so I sent it to my software guy first," Campbell told the Northwest Arkansas Democrat Gazette. "I thought 'I'm not plugging that into my computer,' so I sent it to him to inspect."
An examination of the hard drive's filesystem found three types of Windows PC malware installed, all set to execute as soon as possible. There were a password stealer (Win32/Zbot), a tool that downloads more malicious files to run, and a software nasty (Win32/Cycbot) that opens a backdoor and grants an attacker free rein on the infected computer.
Background to the case
Don Paul Bales, Rick Entmeier, and Wendall Sampson Jr, sued the police department in 2014 using the Arkansas Whistle-Blower Act. Entmeier and Sampson are serving officers, although Bales was fired in October, Campbell said. Bales and Entmeier claim they were repeatedly investigated by their peers after warning their chief that a probationary officer was unfairly fired in 2013. Sampson alleges he was repeatedly investigated after it emerged he had reported another officer's wife, who worked as a civilian in the department, to internal affairs.
The investigator, infosec worker Geoff Mueller, found the malware in a specific folder, one named
D:\Bales Court Order.
Mueller concluded in an affidavit to the court that the software nasties "were more likely placed in that folder intentionally with the goal of taking command of Mr Campbell's computer while also stealing passwords to his accounts."
The court documents [PDF, Reg mirror] also accuse the police department of deleting swathes of emails related to the case. Campbell's discovery order called for all relevant internal emails to be stored and handed over – but instead many messages were missing and the backup files long since deleted, it's claimed.
Campbell has now asked the court to hold the police department and its lawyers in criminal contempt, and has asked for the presiding judge to rule in his clients' favor. "There are at least one Arkansas felony and as many as three federal felonies that stem from this," he said. ®