On Monday, a Massachusetts court dismissed child-pornography charges against Michael Fiola, a state employee. It was alleged that the 53-year-old had accessed the illegal material at work, but an extensive forensic investigation (PDF) of his computer revealed that viruses and other malicious programs—25 of them, to be exact—were the culprits. Why would someone create a virus that downloads child pornography?
So other people could secretly view the porn. Fiola’s computer had been taken over remotely by “botnet” operators, who lowered its security protections and may have sold child-porn enthusiasts access to the machine. This enabled people to view illegal images and videos by storing them in Fiola’s Temporary Internet Files cache, as opposed to their own computers. Fiola remained oblivious to the tampering because the bot operators made sure they didn’t slow down the computer too much by consuming lots of memory.
However, not all of the porn on Fiola’s computer arrived as a result of human activity. According to the forensics report, his workstation was often processing 20 to 40 pornographic Web pages per minute, a rate no human could sustain. This suggests that Fiola’s computer was used as part of a larger “click fraud” scheme involving legal porn sites. Under a pay-per-click advertising arrangement, Web content providers profit whenever a user clicks an ad on their page. Unfortunately, this system isn’t too hard to manipulate: An unscrupulous webmaster can hire a botnet to make infected computers click on his advertisers’ links. The most lucrative click-fraud schemes are those that target the best-paying ads, many of which are pornographic. And because some bots are able to navigate the Web without first opening an Internet browser window, affected users are often oblivious to any misconduct.
It’s not impossible to catch a botnet in the act. The IT department in Fiola’s office suspected him of illegal downloading when they clocked his bandwidth at four times that of his colleagues. But Fiola’s computer lacked adequate virus protection—the software he used wasn’t functioning properly—so he could not have detected the activity on his own.
Got a question about today’s news? Ask the Explainer.
Explainer thanks Nick Chapman and Joe Stewart of SecureWorks, and Tami L. Loehrs of Law2000 Inc.
