Attorney Representing Whistleblowing Cops Claims Police Department Dropped Spyware On His Hard Drive

from the RAT.EXE dept

This news is infuriating if true. And its chance of being true are pretty high, considering how little cops having the whistle blown on them care for those blowing the whistle. In this case, police officials didn’t just stonewall a court order to produce records. They also allegedly dropped backdoors and keyloggers onto the plaintiff’s hard drive.

An Arkansas lawyer representing current and former police officers in a contentious whistle-blower lawsuit is crying foul after finding three distinct pieces of malware on an external hard drive supplied by police department officials.

In response to a discovery request, the Fort Smith Police Department was ordered to turn over numerous items, including Word documents, PDFs and emails. Attorney Matt Campbell provided an external hard drive to the PD. When it was returned to him, it contained some of what he requested, along with three pieces of software he definitely didn’t request.

In a subfolder titled D:Bales Court Order, a computer security consultant for Campbell allegedly found three well-known trojans, including:

Win32:Zbot-AVH[Trj], a password logger and backdoor
NSIS:Downloader-CC[Trj], a program that connects to attacker-controlled servers and downloads and installs additional programs, and
Two instances of Win32Cycbot-NF[Trj], a backdoor

The police department claims it has no idea how these ended up on Campbell’s hard drive. It maintains its innocence despite acknowledging its computers have anti-virus software installed that should have prevented these from ending up on its drives, much less being copied to an external drive. Campbell isn’t buying these proclamations. In an affidavit submitted to the court, he alleges the PD added these trojans to take control of his computer and intercept his passwords and communications.

Campbell’s first attempt to have this apparent breach investigated went nowhere.

Last September, Arkansas State Police officials declined Campbell’s request that the agency’s criminal investigation division probe how the hard drive sent to Campbell came to be booby-trapped. “The allegations submitted for review appear to be limited to misdemeanor violations which do not rise to a threshold for assigning a case to the CID Special Investigations Unit,” the commander of the CID wrote in a September 29 letter declining the request.

So, even though CID stands for “Criminal Investigation Division” and a misdemeanor is, in fact, a criminal offense, the Arkansas State Police decided that it couldn’t be bothered to examine an incident that could have resulted in breaches of attorney-client privilege. “Don’t bother us until it’s a felony, ” is the message being sent here. Even if the CID had no interest in dealing with small-time (but not really, considering the implications) misdemeanors, it could have at least referred Campbell to authorities who would be interested in pursuing this. But it didn’t — which either means it had no interest in anyone pursuing this further or knew no other entity would be interested in pursuing an investigation of the Ft. Smith PD.

Perhaps the latter is more likely. Campbell took his complaint to the district’s prosecuting attorney and met similar non-results. The district attorney’s office claimed it didn’t have the resources to pursue this, suggesting that its limited resources will only be used to investigate those outside of the law enforcement sphere.

So, Campbell has asked the judge to hold the department in contempt of court and impose sanctions. Not only did the PD apparently drop malware on Campbell’s drive, but it also skirted many of the discovery order’s stipulations.

Defendants have failed to properly answer discovery requests in compliance with this Court’s Order, to wit:

a. Defendants have engaged in intentional spoliation of evidence by deleting entire email accounts without allowing Plaintiffs to search the emails;

b. Defendants have engaged in ongoing, intentional spoliation of evidence by failing to preserve and provide deleted emails that, by their own admissions, were recoverable;

c. Defendants have relied upon past AFOIA responses in answering Plaintiffs’ discovery requests, resulting in Defendants providing emails that have improper redactions; and

d. Defendants have failed to provide usable documents related to Capt. Alan Haney’s computer, inasmuch as the external hard drive supplied to Plaintiffs contained malicious software designed to hack into Plaintiffs’ counsel’s computer, rendering the hard drive unsafe for Plaintiffs’ use.

The affidavit goes into greater detail on all of these accusations. One of the most egregious abuses alleged is the apparently intentional deletion of the entire content of a PD official’s email account.

After receiving Defendants’ responses to Plaintiffs’ requests, Plaintiffs reviewed the produced documents and noted that few, if any, emails from most of the Defendants had been produced, aside from what had been previously produced in response to AFOIA requests. Accordingly, Plaintiffs’ counsel arranged with Defendants’ counsel to meet at the FSPD with Mr. Matlock, and that meeting was scheduled for August 5, 2014.


As this Court may recall, Defendants cancelled this scheduled meeting on August 1, 2014, via email to Plaintiffs’ counsel. Plaintiffs’ counsel contacted this Court on August 4, 2014, in an effort to have the August 5 meeting date honored. Defendants’ counsel responded on that same date, contending that there was nothing untoward or suspicious about the last-minute rescheduling and that Court intervention into the matter was not needed.

Except there was something suspicious about this last-minute rescheduling.

The meeting between Plaintiffs, Defendants, and Mr. Matlock was rescheduled for August 28, 2014. On August 5, 2014, however, Maj. Chris Boyd, Sr., retired from the FSPD. On August 28, when Plaintiffs’ counsel asked Mr. Matlock to pull up Maj. Boyd’s email account, Defendant Jarrard Copeland immediately asked Mr. Matlock whether Boyd still had an email account, to which Mr. Matlock replied that he did not. Mr. Matlock further informed Plaintiffs’ counsel that the emails had been deleted. When pressed on this issue, Mr. Matlock confirmed that they were deleted after Maj. Boyd’s retirement on August 5, 2014.

On top of that, Mr. Matlock was still telling other cops he would to be in town during the day he told the plaintiffs he wouldn’t be available (August 5), according to emails obtained by Campbell. Then, suddenly, he was completely unavailable.

That this was intentional spoliation is bolstered by the fact that, as late as 6:10 PM on August 4, 2014, Mr. Matlock was planning on being at the SPD ‘by lunch’ on August 5, 2015, and was communicating with other officers about doing specific tasks on the afternoon of August 5…

It was not until 9:06 AM on August 5, 2014 – the date originally scheduled for the meeting and four days after Defendants had cancelled the meeting that Mr. Matlock informed anyone that he was taking that entire day off as a ‘discretionary day.’ And it was not until on or about August 19, 2014, when Plaintiffs’ counsel requested Mr. Matlock’s payroll record for the period covering August 5, that the SPD Payroll Department was actually informed that Mr. Matlock had taken a discretionary day two weeks prior. Interestingly, this is the only discretionary day that Mr. Matlock has taken in the last three-plus years.

Given the amount of obstruction and non-compliance alleged in this affidavit, it’s really not that surprising that someone — with or without approval from superiors — loaded tainted software onto Campbell’s hard drive. Sure, there’s a case to be made for stupidity rather than malice, but with the other obfuscation detailed in Campbell’s affidavit, the scale is definitely leaning towards the latter.

Hopefully, the court will examine these accusations closely, considering no other entity that could hold the PD responsible for its alleged misconduct seems willing to move forward with an investigation.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Attorney Representing Whistleblowing Cops Claims Police Department Dropped Spyware On His Hard Drive”

Subscribe: RSS Leave a comment
John Fenderson (profile) says:

Re: Re:

This is what I was going to suggest, although if the spies are halfway competent, it will just end up talking to a server in a third party cloud rather than a location that is obviously incriminating.

But there’s a reasonable chance that the spies aren’t that competent, given that they installed malware that was easily discoverable.

Anonymous Coward says:

Two possibilities:

One, this is incompetence, in which case an investigation is sorely needed to determine how a well know virus got on the hard drive while in police custody.
Two, this is intentional, in which case an investigation is needed to determine who to fire and charge for the blatant criminal activity.
Either way, an investigation is needed.

Padpaw (profile) says:

Re: Re:

wanted to add. when the methods in place of a lawful society refuses to reign in rogue organizations like the police here.

That’s when people start taking the law into their own hands since the actual police refuse to and turn a blind eye to crime in their ranks.

If this keeps up, there will be a lot more cops getting shot by citizens that feel like they have no options for dealing with said criminals in their ranks

Rekrul says:

Any computer owner today who hasn’t disabled Autorun is an idiot. Autorun was the single most stupid idea Microsoft ever had and I’ve surprised that they never got sued over it. With Autorun disabled, malware on an external drive is a non-issue unless you’re actually dumb enough to double-click on it.

Even with Autorun enabled, if the drive didn’t contain an Autorun.inf file in the root directory, those programs would never be executed unless someone double-clicked on them.

tqk (profile) says:

Umm, no, considering extenuating circumstances, I'll put it down to inconclusive.

Sure, there’s a case to be made for stupidity rather than malice, but with the other obfuscation detailed in Campbell’s affidavit, the scale is definitely leaning towards the latter.

Yes, it’s messy. Yes, it’s damnably suspicious. Yes, the lawyer should pursue it. Yes, the cops could be doing something dastardly.

But really, this’s MS Windows. All it would take is someone (any someone) bringing in a personal laptop or USB key (infected) and plugging it in and anything it “spoke to” is now boned. I would not expect cops to understand how to secure the overall system. Do they even employ IT people? I’d doubt it.

An OS that sees “blah.jpg.exe” as “blah.jpg” to the user AND an executable to the OS is just asking for disaster. I’d look to the server logs for illumination, but if that’s Windows server, I’d go to the router, then ISP logs instead, and I wouldn’t be confident of finding a definitive answer.

That OS, in all its various forms, is a … Well, I’ll just say it’s not to be believed in any way, shape or form, to be polite. Yes, I’m an anti-Windows bigot. Sue me.

GEMont (profile) says:

If it quacks like a duck...

Can’t imagine why anyone would be surprised by any of the actions taken by the authorities in this situation.

It doesn’t even matter what the investigation was about.

All the police corruption is due entirely to the War on Drugs.

During the first prohibition, – booze – the cops were the most corrupt organization in America.

During the second prohibition – drugs – the cops are the most corrupt organization in America.

Without the War on Drugs, cops would have to go back to earning a barely subsistence level income.

With the benefits of the War on Drugs, cops, lawyers, judges, politicians, businessmen, can all reap hundreds of thousands of dollars in extra income yearly through graft, playing the mule, or by simply “looking the other way”.

When the cops are getting more income annually from the mob than from the public, they no longer work for the public.

This is obviously the case today.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...