Police Department Loses Years Of Evidence In Ransomware Incident

Discussion in 'HardForum Tech News' started by Megalith, Jan 29, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    If you have recently submitted a public records request for some of the Cockrell Police Department’s evidence, you are probably out of luck, as the agency has lost practically all of their files stored digitally since 2009. This includes body camera video, in-car video, in-house surveillance video, photographs, Microsoft Office documents—you know, stuff that prosecutors and defendants may be interested in. Basically, someone at the agency clicked on the wrong link, and instead of paying up to have the files “unlocked,” the department just decided to wipe it all.

    …“none of this was critical information.” "Well, that depends on what side of the jail cell you're sitting," said J. Collin Beggs, a Dallas criminal defense lawyer who has a client charged in a Cockrell Hill felony evading case involving some of the lost video evidence. The lost evidence surfaced publicly Wednesday after Beggs questioned a Cockrell Hill police detective in a hearing convened before Criminal District Court Judge Dominique Collins to compel the department to explain why it had not turned over video evidence in his client's case. Beggs said he had been asking for it since the summer -- well before the hacking incident was discovered on Dec. 12. Beggs said the loss of video evidence is significant for his client and others charged in Cockrell Hill cases involving police video. "It makes it incredibly difficult if not impossible to confirm what's written in police reports if there's no video," Beggs said. "The playing field is already tilted in their favor enormously and this tilts it even more."
     
  2. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Messages:
    1,527
    Joined:
    Dec 14, 2011
  3. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,982
    Joined:
    Aug 16, 2013
    Tilted in whose favor?
     
  4. PhotoBobBarker

    PhotoBobBarker [H]Lite

    Messages:
    122
    Joined:
    Oct 20, 2011
    Sounds like a case of willful destruction of evidence to me. I don't know anything about the defendant, but unless he was convicted of something else major in relation to the "evading police" (in quotes because there is no longer any evidence of it) then they don't have much choice but to dismiss the charges.

    Tilted in the favor of the officers word. Always has been, always will be... Except where there is hard evidence to the contrary. That's why people talk about body cams "keeping police honest".
     
    buzzbomb, Revdarian and dgz like this.
  5. Willypants

    Willypants Limp Gawd

    Messages:
    141
    Joined:
    Sep 12, 2015
    Russians? Hell no...

    [​IMG]
     
    Revdarian, dgz, scojer and 1 other person like this.
  6. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,266
    Joined:
    Aug 16, 2010
    Seeing as there was no backup strategy set up, I would certainly treat it as such.
     
  7. And no password accessed cold storage tapes...JEBUS What the freek. Needless to say access to the internet by a evidence computer was just dumb. Somebody deserves to be fired over that.

    Well at least they did the smart thing and not pay the ransom.
     
    Deadly Ramon likes this.
  8. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Messages:
    1,527
    Joined:
    Dec 14, 2011
    I don't know how their IT is handled, but things like this shouldn't happen. If there's no backup, the IT is to be blamed, not the users.
     
  9. The users shouldn't be surfing the web on an evidence computer. There's multiple people at fault here. To be honest IT should have no only set up backups, but air gapped that sucker. An evidence computer with access to the internet? WTF were they thinking? Seriously!
     
    buzzbomb, lcpiper and Revdarian like this.
  10. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,949
    Joined:
    Aug 16, 2004
    Unless IT said they needed something and the bean counters said no.
     
  11. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,311
    Joined:
    Jan 21, 2005
    WTF? They don't back this shit up? Honestly, the criminals should just be let free. This gross incompetence should have consequences.
     
    auntjemima likes this.
  12. sir-gold

    sir-gold Gawd

    Messages:
    931
    Joined:
    Jan 19, 2006
    According to other articles about this, all of the data WAS automatically backed up...but not until AFTER it was already encrypted by the ransomware.

    As long as they didn't destroy the encrypted backup, there is still a chance it could be retrieved. If the police also deleted the encrypted backup though, that could be grounds for destruction of evidence.
     
  13. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,266
    Joined:
    Aug 16, 2010
    Well that's just terrible backup practice then.
     
  14. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,401
    Joined:
    Mar 4, 2013
    I am amazed that they only starting making backups AFTER they were infected. Hope the IT person has a good set of CYA emails that detail why there was no backup policy in place.
     
  15. DrLobotomy

    DrLobotomy [H]ardness Supreme

    Messages:
    5,486
    Joined:
    May 19, 2016
    "Not Guilty, Your Honor"

    Walks out.
     
  16. Krab

    Krab Limp Gawd

    Messages:
    231
    Joined:
    Sep 26, 2015
    Complete incompetence by the IT people there.
     
  17. drakken

    drakken [H]ard|Gawd

    Messages:
    1,196
    Joined:
    Aug 19, 2004
    actually once it was removed it was not even evidence anymore. If the municipal agent collects and it ends up some where else they have to collect new evidence. Once it is out of their control they can not say it has not changed. Through I have to wonder if cloud storage is even legal for evidence to being with.
     
  18. nutzo

    nutzo [H]ardness Supreme

    Messages:
    7,377
    Joined:
    Feb 15, 2004

    This.
    But if you are an IT person and they won't spend the money for a decent backup, you should probably be looking somewhere else for a job.

    When I started my current job years ago, the company was a lot smaller. They had a worthless IT person who was leaving.
    When I checked into the backups, the logs showed that they hadn't had a good backup for over 5 months.
    He had told the manager that backups where working fine.
    Tape drive in the changer was bad, so I had to get it repaired before I could get the backups going.
     
  19. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,413
    Joined:
    Apr 9, 2012
    um so....

    free everyone or just call them guilty because no evidence showing otherwise.

    also why didn't they pay the ransom?
     
  20. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,949
    Joined:
    Aug 16, 2004
    Yeah, I ended up in a similar situation where I work now.

    The previous person said they had backups but they had no backups whatsoever... well, they had some, but they were old tapes from years before.

    That got remedied really quickly.
     
  21. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    I work in a place with no backup solution. They won't give us the funding for it. We semi-worked around with snapshots of vdmks, replicating data between dfs servers, and shadow copies. It really only helps for when someone deletes something accidentally or the same as what happened with this ransomeware. We lose storage, we lose it all.

    So many times I wish we'd lose storage, so they'd actually give us the funding for a proper backup solution.
     
  22. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,311
    Joined:
    Jan 21, 2005
    Sounds like IT dept needs to walk up to the suits and say either fund a backup solution or we're all walking. It's hard to believe management is that short sighted...I mean management is normally short sighted, but what you describe is a whole new level of stupid.
     
  23. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    We just told them if shit hits the fan, we aren't responsible. We've only had a couple times where off sites lost data and told them they were SOL. Told them to talk with their management about it and not my issue. They still never gave us money for the backup solution.

    I'm also a government contractor. Walking out isn't an option, especially when your'e 5k miles away from the US.
     
    RogueTadhg likes this.
  24. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Messages:
    1,527
    Joined:
    Dec 14, 2011
    I know how you feel about not having the funding for Backing up files. In one instance this happened where I work where the files were lost. I told them that the files weren't recoverable, off-site IT told me their Batshit crazy & SOL (They told them: Not Recoverable). There's just a point where we have to go: Meh. Shrug our shoulders. We can ask for the money for a simple backup solution. Hell at this point I'm thinking about buying a couple of thumbdrives and write a bat script just to have something.

    But that's the problem with IT, it's not something that readily available and not really seen outside. It's best running when users don't have to interact with it, in my opinion. Security, for example is something that's so archaic that doesn't ring a bell for the majority of the public and never happens to us. Unless you can put it on a plaque and make it public news, most times, it's not worth the money.
     
  25. The_Heretic

    The_Heretic Certified [H]

    Messages:
    12,112
    Joined:
    Jun 22, 2001
    This is a police department with about 20 people total. Do you think they even really have a IT budget ?
     
  26. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    If I could spend $100 or less on a backup solution, I'd do it. Just for my own peace of mind and the fact that I can actually recover missing data for customers. Who have absolutely no say in what management decides. Sadly, no way I'd get something for less than a few thousand. So cheap, our last set of computer purchases had 2 GB of ram, so they can save like what? $5 a machine. Even though they waste more money on people sitting idle, waiting for the machine to do things.
     
  27. c3k

    c3k 2[H]4U

    Messages:
    2,088
    Joined:
    Sep 8, 2007
    A small police department should STILL have something for backup. "Innocent until proven guilty", should mean something. The BURDEN of proof rests on the State. Part of the BURDEN is protecting the EVIDENCE of criminal act... If there is a requirement to have a record, and that department cannot supply that record, then the only appropriate action is to dismiss all charges.

    That sucks...but it's better than the alternative: a police department which is able to levy charges and erase evidence of prosecutorial misconduct.

    The system (Constitution and Bill of Rights) is there to PROTECT the citizens, not make it easy for the State to imprison said citizens.

    They should use Macrium, a cloud-based solution, a second computer. Or archives with hard evidence and original media (memory chips, video tapes, audio logs, etc.)
     
  28. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,436
    Joined:
    Oct 31, 2004
    Anyone can buy a solution. If my IT told me this, I would fire them and use the money saved to pay for the solution. Being facetious, but IT is hired for a reason.
     
  29. NickJames

    NickJames [H]ardness Supreme

    Messages:
    6,597
    Joined:
    Apr 28, 2009
    The federal prosecutors office does have their own cloud based storage which is centralized for the entire country. Evidence does get backed up there for long periods of time, years even decades for really old digitized documents. Although this is against SOP and normally all digital evidence is backed up onto discs or a hard drive and stored in a file room locally to avoid cluttering the cloud. What gets admitted as a government exhibit is a copy on a disc or paper copies. Physical evidence is still up to the arresting organization, PD or FBI etc..
     
    Last edited: Jan 30, 2017
  30. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,949
    Joined:
    Aug 16, 2004
    Right, but when they can't get the purchase approved are they supposed to pay for it out of their own pocket?

    That is downright laughable.
     
  31. amddragonpc

    amddragonpc [H]ard|Gawd

    Messages:
    1,996
    Joined:
    Sep 20, 2012
    Wow, now that's an interesting way of getting rid of incriminating evidence.
     
  32. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,311
    Joined:
    Jan 21, 2005
    There are plenty of backup solutions that aren't insanely expensive for a small office. Bottom line is anyone that appeals, requests access to evidence and is denied because of this should be freed. It sucks that bad people will likely be let go, but there's no excuse for not backing up critical data. Even if they bought a sub back up like Crashplan's Business solution, it's only 900-1300/year for 12 seats (and if some employees share a computer with those working a different shift, it's less)
     
  33. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,475
    Joined:
    Jul 16, 2008

    Not necessarily.

    Sometimes IT knows they don't have a real backup capability and they ask for dollars and equipment just never gets purchased. We have this exact problem supporting an Army development network. Literally decades of data and no real back up solution. We tell the Government types who are the customer and they make noises and things take forever to get done. The first order was cancelled. The second order went through, over a year later the tape drives arrive. Now we are still waiting on licenses for NetBackUp and some other software to make the backup solution actually work.

    It is not always IT's faulty.
     
  34. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,475
    Joined:
    Jul 16, 2008
    Agree completely, this machine shouldn't have access to the internet.
     
    nilepez likes this.
  35. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,475
    Joined:
    Jul 16, 2008
    No no no. If evidence is gone it's gone. It's up to Prosecutors to do the right thing, case by case, and determine if they no longer have enough evidence to convict. If they push a case to trial without the evidence that's their career they are risking. Just because some evidence is missing doesn't mean everything needed for a conviction is gone or useless. There is no need to jump up and start clearing the docket, the process will work itself out just fine.
     
    drakken likes this.
  36. Terpfen

    Terpfen [H]ardness Supreme

    Messages:
    6,079
    Joined:
    Oct 29, 2004
    This is pure crap. This lawyer can now argue the state failed to produce evidence against his client in a timely manner, and has now admitted to destroying evidence. The average judge will toss the case out.
     
  37. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Messages:
    1,527
    Joined:
    Dec 14, 2011
    Let me just correct that last sentence for you, sir.
     
  38. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,475
    Joined:
    Jul 16, 2008
    Well, IT might get the blame, but fault and blame are not the same thing. Spend better than 30 years working for or under contract to the government and you'll gain a whole new understanding of these things.

    "Was it my fault, NO, did I get fired for it, so that my company has a scapegoat, so they don't have to piss off the contract officer by insisting it was the government's, (the customer's), fault? Yes"

    But that's OK, they helped me find another job.
     
    RogueTadhg likes this.
  39. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,266
    Joined:
    Aug 16, 2010
    The problem is the defense may now not have enough evidence for acquittal.
     
  40. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,475
    Joined:
    Jul 16, 2008
    Although evidence does sometimes show innocence, it usually is the other way around. Usually it is evidence that shows guilt and lack of evidence is normally cause for a DA to drop charges because they can no longer convict.

    Furthermore, the kind of evidence that proves innocence rarely ever is the kind that is stored by the cops. It normally is evidence that comes from other sources and the prosecution only finds out at the trial when the lawyers have to pony up their cards.

    I know you are thinking that maybe there would be some body cam evidence that would prove a cop was wrong. That evidence is usually known to the DA and in those cases the DA usually has the good sense to drop the charges. Those cases just make the news, not the court room. Not unless it's the reverse and the cops are the defendants usually in a civil suite for monetary damages. And in those cases, the evidence isn't just in the cops computers, the other side's lawyers already have it as well.
     
    drakken likes this.