Do you want your life ruined? Thought not.

This story popped up on my news feed this evening, and its contents were sobering, and yet not at all surprising. If anything, I’m surprised it doesn’t happen more often.

A simple plan to ruin your boss: plant child porn on his PC

A disgruntled maintenance worker at a UK secondary school has been accused of planting child pornography on his boss’ computer in order to have his boss fired and to ruin the man’s life.

The perpetrator allegedly mailed a CD containing child pornography to the police, claiming that it came from his boss’ computer. He also planted child porn on his boss’ laptop and then phoned in an anonymous tip to the police, who seized the laptop and arrested the victim.

(More)

Let me make a few things clear:

  1. THIS IS WHY YOU HAVE A PASSWORD.
  2. This is why you don’t tell ANYONE your password. NOT EVEN ME.
  3. This is why you don’t walk away from your workstation without locking it or logging off.
  4. Lastly, this is why you are in a union.

For school workers in particular, a false accusation like this can easily destroy your career and your life. Don’t make it easy for someone by being an idiot.

About The Angry Technician

The Angry Technician is an experienced IT professional in the UK education sector. Normally found in various states of annoyance on his blog. All views are those of his imaginary pet dog, Howard.

10 responses to “Do you want your life ruined? Thought not.”

  1. Lukas Beeler says :

    How will locking your computer prevent a determined person with proper(!) knowledge of IT prevent them from doing this?

    If you have admin rights, this is fairly trivial – use the C$ share to copy files over, then change their owner. This will work easily, unless your environment uses file auditing on the clients (which i’ve never seen).

    Without admin rights, it gets more complicated. You’ll need to wait until the coworker has left, then boot the machine from USB or CD (or remove the hard drive, but this might be more suspicious). Copy files over, make sure the owner of the files is correct, make sure the timestamps match a time and date where he was working. Both of these tamperings can be prevented (Encrypted hard drive, BIOS password to avoid booting from other media, case tampering detection), but you won’t find these on all desktops in smaller environments.

    • AngryTechnician says :

      No, it wouldn’t stop someone with admin rights and the right knowledge… but I would expect it to stop the average Joe from site maintenance. From the press coverage, the guy accused of this didn’t seem like a computer genius – just someone with motive and an opportunity. Too many people leave that opportunity open with lax security precautions.

  2. Andy says :

    Unfortunately where there is a will, there is a way. This poor sod will not be let free from this for a very long time.

    There are more devious methods which thankfully haven’t come to light yet but all of them highlight the failure and witch hunt mentality going on in todays society.

    Brass Eye tried to bring it to the front and in some ways managed it.

  3. Dale says :

    It’s not very easy to plant this kind of evidence, but I’m sure it can be done.

    The real stigma is even when found innocent, it’s the “nudge nudge wink wink, sure he was found innocent but …” slurs he’d live with forever more.

    As far as encrypted hard drives, you can get around them as well:
    http://blog.wisefaq.com/2010/04/09/truecrypt-not-as-secure-as-i-thought/

    Joining a union??? I regard it as cheap insurance. And in Australia, it’s tax deductable.

    • Andy says :

      It’s trivial to plant any kind of evidence really – the worst thing is, he;ll be on what they call ‘list 98’ .. ‘list 99’ is the offenders register and 98 is the ‘suspected’ list.

      He stays there regardless of being proven innocent.

      • Dale says :

        Perhaps I should have said “while it is easy to plant this kind of evidence, doing it so it would stand up to forensic analysis would not be easy.”.

        It’s not as simple as using a Linux CD to drop the files onto a Windows PC.

  4. Spark says :

    Surely the point of not giving your password to anyone is an audit trail? If you copy files to a domain computer it will have your details stamped to it, (e.g file owner) you can’t falsely attach such details without using the persons account. This means knowing their password or resetting it (in which case said person would know that something fishy had occurred when they can’t login) I’m always telling users NOT to tell me their password, I don’t want to get accused of doing things with their accounts!

    • AngryTechnician says :

      Indeed, though again, it’s worth noting that an admin can reassign file ownership arbitrarily without knowing account credentials.

      To be honest, there is so much an administrator can do without the password that the biggest reasons I tell users not to give me their password are 1. to drill into them that they shouldn’t tell anyone their password, and 2. because they probably use the same password for their non-work accounts too (despite me telling them not to). I don’t want to be one day accused of robbing their online banking after they fall victim to a phishing scam because “AT knows the password, it could have been him.”

      Sometimes just having the policy can be more important than anything else. I was once accused by a member of staff going through disciplinary of knowing their password, as they attempted to deny certain things they had done using their computer logon out of hours, which had been recorded on the proxy logs and local security event log (two things that I can’t fake as an administrator without the account credentials). The accusation was almost immediately dismissed by the disciplinary panel because they knew full well that I always insisted on never knowing anyone else’s password.

  5. Spark says :

    Actually I didn’t realise that, it was a bad assumption, but it has prompting me to think about auditing.
    You can set auditing policies in group policy to track changes to files and folders. Something to play around with at some point…. http://technet.microsoft.com/en-us/library/bb727008.aspx

  6. Jeff jeff de jeff says :

    I once worked in school IT where someone was sacked for downloading porn over the, then high speed 128kbps ISDN connection.

    Nothing too disturbing but still. He’d planted files all over the network storage of colleagues, including me. Fortunately for the rest of us he’d used the domain administrator account, which he jealously guarded, so it came back to him. But for a time the entire IT department were looked upon as deeply suspicious, that lasted some time and was quite a while before this current paranoia over pedophiles.