0
ChasingBlueSky

Substitute Teacher Faces Jail Time (40 years) Over Spyware

By ChasingBlueSky, in Speakers Corner

Recommended Posts

ChasingBlueSky    0

ChasingBlueSky
http://blog.washingtonpost.com/securityfix/2007/01/substitute_teacher_faces_jail.html?nav=rss_blog

Substitute Teacher Faces Jail Time Over Spyware
A 40-year-old former substitute teacher from Connecticut is facing prison time following her conviction for endangering students by exposing them to pornographic material displayed on a classroom computer.

Local prosecutors charged that the teacher was caught red-handed surfing for porn in the presence of seventh graders. The defense claimed the graphic images were pop-up ads generated by spyware already present on the computer prior to the teacher's arrival. The jury sided with the prosecution and convicted her of four counts of endangering a child, a crime that brings a punishment of up to 10 years per count. She is due to be sentenced on March 2.

I had a chance this week to speak with the accused, Windham, Conn., resident Julie Amero. Amero described herself as the kind of person who can hardly find the power button on a computer, saying she often relies on written instructions from her husband explaining how to access e-mail, sign into instant messaging accounts and other relatively simple tasks.

On the morning of Oct 19, 2004, Amero said she reported for duty at a seventh grade classroom at Kelly Middle School in Norwich, Conn. After stepping out into the hall for a moment, Amero returned to find two students hovering over the computer at the teacher's desk. As supported by an analysis of her computer during the court proceedings, the site the children were looking at was a seemingly innocuous hairstyling site called "new-hair-styles.com." Amero said that shortly thereafter, she noticed a series of new Web browser windows opening up displaying pornographic images, and that no matter how quickly she closed each one out, another would pop up in its place.

"I went back to computer and found a bunch of pop-ups," Amero said. "They wouldn't go away. I mean, some of the sites stayed on there no matter how many times I clicked the red X, and others would just pop back up."

Amero said she panicked and ran down the hall to the teacher's lounge to ask for help. "I dared not turn the the computer off. The teacher had asked me not to sign him out" of the computer, she recalled. Amero said none of the teachers in the lounge moved to help her, and that another teacher later told her to ignore the ads, that they were a common annoyance. Later on, prosecutors would ask why she hadn't just thrown a coat or a sweater over monitor. On that day Amero hadn't worn either.

Several children told their parents about the incident, who in turn demanded answers from the school's principal. Three days later, school administrators told Amero she was not welcome back. Not long after that, local police arrested her on charges of risking injury to several students.

The case came to trial this month, and computer expert W. Herbert Horner testified for the defense that the images were the result of incessant pop-up ads served by spyware on the classroom computer. The prosecution's expert, a local police officer, said time-stamped logs on the machine showing adult-themed images and Web pages accessed by the Web browser at the time she was in the classroom proved that someone had intentionally visited the sites by clicking on a link or typing the address into the browser address bar.

An explanation for this is that Web browser logs will keep records of sites accessed whether they were generated by internal pop-up serving software or clicked on by a user. Also, try not to dwell on the fact that the judge in the case barred Horner from presenting technical evidence to back up his claims. Horner on Monday published a summary of the facts he would have presented were he allowed to at trial.

I checked out theInternet Archive's view of the site referenced in this case, and it is clear that the page was a gateway site for the type of products typically promoted by spam -- penis enlargement and hair loss drugs. A review of the site's source code shows that it also uses Javascript to launch at least one pop-up ad promoting various online dating and porn sites. When I clicked on one of the sites in that list -- "CoolSexx!" -- my anti-virus program alerted me that it was trying to drop a Trojan horse program on my machine (Trojans are generally used to download malicious software to your PC). The spyware was attempting to load itself onto my computer despite the fact that I was using Internet Explorer 7 and up-to-date anti-virus software.

Try also to ignore that the computer in question was a Microsoft Windows 98 machine running an outdated version of Internet Explorer Web browser (IE 5.0), or that the school's license for its firewall program expired prior to the date of the alleged incident. Likewise, the machine's anti-virus software (Cheyenne Software) was expired and it lacked any anti-spyware tools. In short, the Windows 98 computer was completely exposed to the Internet without any kind of protection.

Then there is the admission by the prosecution that it had failed to conduct even a rudimentary scan of the computer's hard drive with anti-spyware software. Amero's defense said that had it been allowed to present its full testimony, it would have shown the results of spyware software scans on the PC she used, which found two adware programs and at least one Trojan horse program. The logs showed that all of the unwanted programs had been installed weeks prior to the alleged incident, the defense claims.

Spyware and adware has long been the source of objectionable pop-up ads. In February 2006, I wrote about a young man who was earning thousands of dollars each month installing porn pop-up ad serving software on computers whose users had failed to equip the machines with security patches or firewall software. The adware this kid installed was a Web browser add-on that barraged victims with endless pop-ads for adult Web sites and services. I managed to track down several of his victims, including a technologically naive pastor in Memphis.

I spoke briefly with Amero's attorney, who said: "I sincerely believe that had we been allowed to present our testimony in full, Julie would not have been convicted. This is a grave miscarriage of justice." With no prior convictions or criminal history, Amero was eligible under state law for "auxiliary rehabilitation," meaning she could have the charges expunged by agreeing to a short probationary period (provided she didn't get arrested again during that period). But, insistent upon her innocence, she chose to fight the charges.

A number of blogs have recently spoken up on Amero's behalf. Also, a former Massachusetts school administrator recently called on the state governor to pardon Amero and expunge the conviction. Even the local paper, firmly convinced of Amero's guilt, called for lenience in her sentencing.

This may not have been an isolated incident in the Connecticut public school system. According to another former teacher in Amero's school, who spoke this week with Security Fix on condition of anonymity, the kids in the school had few restrictions on what sorts of content they could and did view on school computers. "You could look at any history in any computer and chances are you would see the children had [visited] inappropriate sites," the teacher said.

Update, 3:38 p.m. ET: I have corrected two factual errors in the above post, thanks to an eagle-eyed reader from Tennessee who sent me a note. Cheyenne Software was the name of the old anti-virus program (long ago bought up by Symantec), not the firewall software. Also, the weather on the October day of the alleged incident was in the 50s and rainy, so not exactly "balmy."
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

Fast    0

Fast
If it really was spyware which isn't hard to belive, this is retarded.

I think if anyone should be prosecuted for "risking injury" to children it should be the school for letting the firewall and content filtering to expire. Schools are required by law to have those things.
~D
Where troubles melt like lemon drops Away above the chimney tops That's where you'll find me.
Swooping is taking one last poke at the bear before escaping it's cave - davelepka

Share this post

Link to post
Share on other sites

gontleman    0

gontleman
Pay special attention to the part where they mention that the history/cookies/temp files (all of which were not allowed to be submitted for evidence due to an obscene act of ignorance on the judge's part) indicate that websites of that nature had been visited using the computer when SHE WASN'T EVEN WORKING THERE! It's no great leap of logic to assume that the regular teacher probably was responsible for the entire fiasco due to his browsing.

Any ad-ware/spyware was already installed on the machine prior to her arrival. So when the kids get on the internet and start browsing a website (what type of content doesnt matter for a lot of malicious browser software) the pop-ups start coming.

Not her fault outside of the kids having access to the machine. And even then... I challenge that it was the school's fault for allowing such a shoddy computer setup to be accessible at all to a student/teacher.

I would be ripping heads off if I was her family or friends. Especially if she gets jail-time. This whole story is just absurd.

Share this post

Link to post
Share on other sites

billvon    3,119

billvon
>I would be ripping heads off if I was her family or friends.

Unfortunately you would then likely be labeled a pedophile defender. Our society has no tolerance for such things, and this lack of tolerance often spills into gross over-reactions in situations such as this.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing