Suspicious lawyer finds malware on external hard drive supplied by police lawyer in discovery
Image from Shutterstock.
An Arkansas lawyer is seeking sanctions after his computer expert found malware on an external hard drive supplied in response to a discovery request.
Lawyer Matthew Campbell of North Little Rock says he became suspicious when he received the hard drive by Federal Express in June 2014 from a lawyer for the Fort Smith Police Department, the Northwest Arkansas Democrat Gazette reports. Previous evidence in the police whistleblower case had been provided by email or a cloud-based Internet storage service, or had been shipped through the U.S. Postal Service.
“I thought, ‘I’m not plugging that into my computer,’ ” Campbell told the Northwest Arkansas Democrat Gazette. “Something didn’t add up in the way they approached it, so I sent it to my software guy first.”
The technology expert found four Trojans on the hard drive. “These Trojans were designed to steal passwords, install malicious software and give someone else command and control of the infected computer,” Campbell says in a brief supporting his motion for sanctions (PDF).
The security expert said in an affidavit that the Trojans were in a subfolder rather than the root directory, indicating they were “more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell’s computer while also stealing passwords to his account.”
Campbell says he doesn’t know who placed the malware on the hard drive, according to the Democrat Gazette. He represents three current and former police officers who contended they were subjected to multiple investigations after revealing improprieties in the department.
The motion for sanctions says malware is not the only discovery problem. Campbell alleges entire email accounts were deleted, emails that could have been recovered were purged from the system, and emails that were previously provided in response to freedom of information requests had improper deletions.
The sanctions brief adds that the police department’s information technology specialist attended a convention 10 days after the court granted Campbell’s motion to compel evidence. The expert took classes on secure data deletion, whistleblower investigation and monitoring employee activity, Campbell wrote. He did not take classes offered on e-discovery and preservation of evidence, Campbell said.
Campbell is asking that a default judgment be entered in favor of his clients and that other appropriate sanctions be imposed.
Second to the last paragraph corrected at 7:20 p.m. to state that the IT specialist attended the convention 10 days after (rather than before) the court granted the motion to compel.