Fort Smith fires back against allegation of planting bad software
In a response filed Monday (April 27), the city of Fort Smith countered allegations that Fort Smith police attempted to infect the computer of a Little Rock attorney. The 11-page retort said harmful computer software “is exceedingly commonplace,” and questioned why the attorney took almost 10 months to make the allegation.
Little Rock attorney Matt Campbell has alleged in a lawsuit that an officer with the Fort Smith Police Department attempted to place “malicious software” on his law office computer. Campbell is the attorney representing former Fort Smith police officer Don Paul Bales in his lawsuit against the police department.
In a “Motion for Sanctions” action filed April 10, Campbell alleges that certain members of the FSPD “engaged in intentional spoliation of evidence,” provided emails with “improper redactions” and, in responding to a documents request, supplied Campbell with an external hard drive that “contained malicious software designed to hack into Plaintiffs’ counsel’s computer, rendering the hard drive unsafe for Plaintiffs’ use.”
The filing by Campbell includes an affidavit from Geoff Mueller, manager of information security at the Lower Colorado River Authority. Mueller said he found four “Trojans” designed to open Campbell’s computer up to outside control. The Trojans included a password stealer, malicious software installer and “control and command of infected computer,” according to Mueller’s report.
Mueller said his review of the hard drive and its contents indicated that the bad software “were not already on the external hard drive that was sent to Mr. Campbell, and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell’s computer while also stealing passwords to his accounts.”
The city recently contracted with CyberEvidence, a computer forensics firm based in Texas, to defend against the malicious software allegation.
FORT SMITH RESPONSE
Filed in Sebastian County Circuit Court, the response from attorney Doug Carson, with the city’s legal firm Daily & Woods, said Campbell’s motion “contains no showing beyond vague and conclusory allegations that there was some kind of act by some unspecified person acting in some unspecified manner. … Clearly, Plaintiffs’ vague allegations are without merit and should be denied.”
Carson also said any bad software on a hard drive sent to Campbell was unintentional.
“Malicious computer software such as Trojans or other malware is exceedingly commonplace. It is also possible that the device became infected after it was delivered to Plaintiffs’ counsel,” Carson noted in the response.
He also questions why Campbell never “raised any issue concerning this allegedly ‘infected’ external hard drive” from when it was sent in June 2014 to when Campbell’s allegation surfaced on April 10, 2015.
Carson also notes that during a meeting on Aug. 28, 2014, Campbell used his cell phone to review data from the alleged infected hard drive. An affidavit by Alvey Matlock, senior network administrator with the Fort Smith Police Department, Matlock wrote that during the meeting “it was clear to me that he (Campbell) and in fact accessed, made copies, and moved that data to Internet-based cloud storage of his copy of the external hard drive” prior to the meeting.
Matlock also said the manner in which the bad software may have been placed on the hard drive “cannot be verified” without an independent examination of the hard drive that Campbell still possesses.
The response also pushes back against Campbell’s claims that the city has not provided all the information requested.
“Plaintiffs have been furnished more than 10,000 pages of Fort Smith Police Department (“FSPD”) documents, have been furnished video recordings, and have been given those documents in the format their attorney requested.”
Link here for a PDF of Carson’s response.
CAMPBELL RESPONSE
Campbell told The City Wire on Thursday (April 30) that indeed it did take more than nine months to formally respond. However, he said some of that time was first spent working with a forensics expert – Geoff Mueller – to determine the scope of the problem. After that, about three months was spent in a process that included working with Sebastian County Prosecuting Attorney Dan Shue on a possible investigation. It was October when Campbell was informed the Arkansas State Police declined to investigate the software allegation.
Campbell said there also were other procedural efforts and reviews of possible routes of investigation.
“It takes time,” Campbell said, adding that he wanted to be careful about making such an allegation.
Also, Campbell said during the Aug. 28, 2014, meeting, he was using his cell phone to access “screen shots” of data sent him by Mueller.
“Those were images he sent. … I was not accessing that (hard driver),” Campbell said.
As for what Campbell plans to do with the hard drive, he said that will be answered in a response he plans to file next week.