Police force using malware in investigation is not an unheard-of situation but, according to an affidavit filed in a whistle-blower case against the Fort Smith Police Department (Arkansas), the department tried to use backdoors and keyloggers to spy on a lawyer that represents three police officers that work or worked for the department.
The three officers blew the lid on overtime pay practices and they are suing the department for wrongful termination of employment. The court ordered the police department to produce emails and other documentation that could serve as evidence in the case.
In the affidavit, attorney Matthew Campbell claims that apart from deleting entire email accounts and “failing to preserve and provide deleted emails that, by their own admission, were recoverable,” the department tried to spy on the Campbell by planting malware on the external hard drive on which they were instructed to put the aforementioned documents.
Ars Technica reports that the malware in question – a variant of the Zbot info-stealerTrojan, the NSIS downloader Trojan, and two instances of the Cycbot backoor – was located in a subfolder titled D:\Bales Court Order.
A security consultant working for the attorney has pointed out that the malware seems to have been placed there intentionally, as they were all in the same subfolder and not in the root directory. Also, as the police department claims to use real-time AV protection, they would have been detected before the disk was returned to Campbell.
As the Arkansas State Police declined to investigate this particular matter, and so did the prosecuting attorney for Arkansas’ 12th Judicial District, who cited lack of technical resources as the reason. Whether or not the attorney will petition the Department of Justice to do so remains to be seen.