Well, It's over. The self proclaimed "popular" substitute teacher has plead GUILTY to Disorderly Conduct and has accepted being stripped of her teaching license for, as the media put it, being the victim of a deluge of unrequested, pornographic pop-ups which appeared on the computer terminal in her classroom at the
Following her first conviction, being found guilty by a jury of her peers of committing four counts of Risk of Injury to a Minor, the Norwich Bulletin, one of very few journalistic newspapers in the USA, ran the story noting that the maximum, possible sentence associated with her crimes totaled 40 years, not that she was sentenced to 40 years. That would be absurd. Apparently, it was not absurd to the prolific number of reporters who populate this planet, writing erroneous accounts of events they know nothing about. My favorite reporter is the one and only Rick Green of the Hartford Courant. His "CT Confidential" tale of Amero's plight is Pulitzer Prize winning fictional material. Too bad he erroneously subtitles his fiction with the phrase "What's really happening." In his latest and, hopefully, final chapter, following Ms. Amero's admission of culpability, he spins a tale of vindication. Confidential? . The best quote is:
"But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made -- even after computer experts from around the country demonstrated that Amero's computer had been infected by "spyware.""
"Spyware", I think Mr. Green means "malware". That's the stuff which infects your computer, usually after you visit those free Porn sites. Besides, the issue was not about "spyware". It was about determining the manner in which the Porn found its way to Amero's computer terminal. Was the porn requested or did it pop-up? Unfortunately the "computer experts" who include the likes of one Alex Eckelberry demonstrated nothing. None of the "computer experts" appeared or testified at Amero's sentencing hearing, prior to that event, or since that event. None of the "computer experts" have presented, published, or posted any evidence that Amero was the victim of a storm of creamy porn filled pop-ups.
The only person who testified on Amero's behalf was Mr. Herb Horner . This was during the original trial only. His testimony was limited as the defense attorney failed to disclose to the prosecution the "evidence" in Mr. Horner's possession which was collected over the course of one year. Why was there no disclosure? Why didn't Mr. Horner present the "evidence" at the sentencing hearing? He did speak of "spyware" and "adware" on the Network Performance Daily site, not "malware", however. Read it here: Attack of the Google Ad Banner and the Mysterious Curly Hairstyle Script .
Mr. Eckelberry writes of great doings, claiming responsibility for overturning the first conviction and for organizing an army of great people who did great things: The Mob Rules But, neither he nor anyone of his expert examiners ever testified in court. They would have been required to testify in order to present any evidence. Mr. Eckelberry still hasn't presented evidence. He has evidence. He wrote me concerning this document, one of many documents which make up the www.orgasm-mystery.com website, a document which was requested by clicking a link:
From: Crime Prevention [mailto:crimeprevention@norwichpolice.org]
Sent:
To: Alex Eckelberry
Subject: Re: Follow-up
Alex,
Is it a pop-up? Is it a malware generated pop-up? Or, is it a document within a site to which someone navigated? It does make a difference. Isn't the original claim that a never ending, deluge of pornographic pop-ups were launched by some nefarious script. That's the story written at Network Performance Daily.
Is the font tag for the link in the homepage source code? Is the link always red. You're right. It doesn't make a difference. It doesn't change the fact that you have one of the documents which answers the question of intent:
Click or Pop?
Mark
From:
"Alex Eckelberry" <AlexE@sunbelt-software.com>
To:
"Crime Prevention" <crimeprevention@norwichpolice.org>
Ok -- then let's seperate this out:
I guess we all agree that red means nothing as a link color, because regardless of link color, relative links, etc., the browser was set to display links in green. Any link she would have clicked on would have been green, not red. So hopefully we can put that to rest.
Now, click vs. popups? That we can discuss at length, but I'm not comfortable in any discussion until I have a forensically valid copy of that drive and the firewall logs for that day. Can you help us get this? I'm happy to fly someone up there for the day to work on the drive transfer, using a write blocker and using the correct utilities.
Alex
From: Crime Prevention [mailto:crimeprevention@norwichpolice.org]
Sent:
To: Alex Eckelberry
Subject: Re: Follow-up
OK,
As I said from the start I'm sticking with the data recovered by ComputerCop Pro until there is contrary data recovered by a more universally accepted tool. I also maintain that any such recovered data, if presented to me, will be forwarded to the prosecution without delay.
My position on the font tag usage is based on the data recovered by the software. As I said, that tag would have to be present in the source code for not only the document associated with the link but also every other document on the site. The use of the tag denotes a change in link color from the default link color. So, if you set your default links color to blue and you wanted one of those links to always be red you'd have to add the font color tag to every document containing that particular link. Well, enough of that.
Concerning the firewall logs. I have not looked at the case at all. I did not investigate this complaint. I just stepped up to the plate in the bottom of the ninth and took a fastball to the head. No good deed goes unpunished. I have read, in several blogs and news articles, that the school had no firewall (hardware and/or software) in place.? I'm sure the investigating officer's complete report has everything including any firewall logs. The defense attorney should have them already but, I will check records and will get back to you in any case. I take it that Mr. Horner has prodded the Ghosted hard drive in a less than sterile manner.
I do have a copy of FTK's Imager and would be happy to create an image for you. I do think a new request to the judge would need to be submitted by the attorney first. Another option would be for me to provide you with an exported copy of ComputerCop Pro's data. You could contact the company and inquire about their software to determine whether or not it is acceptable to you.
Mark
From:
"Alex Eckelberry" <AlexE@sunbelt-software.com>
To:
"Crime Prevention" <crimeprevention@norwichpolice.org>
It had no desktop firewall on the machine, but it did have a Raptor firewall in place. What was expired was the content filter -- WebNot from Symantec.
I'll check with the attnys.
Alex
That was the last I heard from Mr. Eckelberry. It has been close to two years. He never bothered to obtain the firewall logs OR obtain his own mirrored image of the subject drive. No one ever showed up. The document in question was http://orgasm-mystery.com/viagra-cream-for-woman.htm. It was a relative link click from the home page. The link color on the home page for this document was blue. The same link on this particular document was red. As I said in court, the link color did change. As I said, several documents from this website were requested by relative link. Most contained pornographic images. The website is still up. Go to the home page and click the blue link for "female sex enhancers" in the "Female Orgasm" link tree. This is the web document Mr. Eckelberry and I were discussing. Notice the link color is red. Why was Mr. Eckelberry not comfortable discussing the fact the document was requested, not a pop-up? Again, why did he not obtain the firewall logs and a mirrored image of the subject drive?
More evidence can be found in Mr. Eckelberry's own "Technical review of the Trial Testimony State of Connecticut vs Julie Amero", dated March 21, 2007. First, note the date. It was published 15 days after our last email exchange, the email exchange concerning the requested web document at www.orgasm-mystery.com. Secondly, he writes in his technical review:
"Hence, we are unable to complete a full forensic examination on the drive in question without having a bit-for-bit copy of the hard drive, as well as the complete firewall logs for that day (or at least for the morning of
Really, you saw the emails. The offer was made. Mr. Eckelberry had the opportunity to obtain a bit-for-bit copy of the drive in question and the firewall logs. Why did he neglect to get them so he could complete his full forensic examination and view the firewall logs? Read it for yourself at Technical Testimony .
The days browsing didn't stop or start at www.orgasm-mystery.com. It continued for the entire school day. The firewall logs exist and are available for all to see. Request your copy by contacting the Norwich Police Department's Records Division. You can also get your own copy of the case report. It contains tons of evidence which includes the following excerpt:
Evidence documents recovered include a number of document pages from the orgasm-mystery.com web site which were created on
The firewall logs show the request. Here they are:
Oct 19 10:39:18.250 cofirewall httpd[282]: 121 Statistics: duration=4.51 id=WDPwC sent=497 rcvd=26500 srcif=Vpn6 src=10.2.19.252/3629 dstif=Vpn5 dst=38.113.198.192/80 op=
Oct 19 10:39:22.033 cofirewall httpd[77]: 121 Statistics: duration=0.16 id=WDNMH sent=416 rcvd=144 srcif=Vpn6 src=10.2.19.252/3666 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/images/eb3_42.gif result="304 Not Modified" proto=http rule=2
Oct 19 10:39:52.594 cofirewall httpd[282]: 121 Statistics: duration=0.55 id=WDPyr sent=337 rcvd=25233 srcif=Vpn6 src=10.2.19.252/3668 dstif=Vpn5 dst=66.28.207.155/80 op=
Interestingly enough the http://www.orgasm-mystery.com/oral-sex-technique.htm hasn't changed much, if at all, in the past five years. Visit it for yourself and notice the LINKS for the http://www.cheatinglesbians.com/t2/pps=mystery/tour1.htm porn filled document still exists. Click on one of the links (YOU HAVE TO AS IT"S NOT A POP-UP) and note that it's chock filled with large sized adult pornographic images, so many you'll need to SCROLL down the page to see them all. Just as one of the victim children testified in court, saying Amero was "SCROLLING"....
Something happened to the previous blog. Let's try this again:
ReplyDeleteDetective, I wonder if you still consider yourself competent to serve as an expert witness for computer forensics in court, and if you plan to do so in the future?
Hey numb nutz - you messed up when you doctored the filter's log files in your blog. The second entry shows the wrong number of bytes received. In fact its the same number as the third entry. Which by the way the time on the third entry does not correspond to the computer that Julie Amero had access to.
ReplyDeleteMark, what a sick and lonely man you must be. Your actions and incompetence are a disgrace to law enforcement.
Any why the automatic weapon in your profile picture? Do yo plan on using it? Do you plan on "checking out" soon? Or is it just your substitute for a big stick.
Aah, you sick little man. I wonder - did Smith know what kind of liability you would be to "his' case ... or were you untested goods?
HAH! What a numb nutz you really are. I just realized how badly you doctored the log files above. The second entry is actually the beginning of one and the end of another.
ReplyDeleteFIRST PART OF SECOND ENTRY
(1st half of one log entry)
---------------------------
Oct 19 10:39:22.033 cofirewall httpd[77]: 121 Statistics: duration=0.16 iDPyr sent=337 rcvd=25233 srcif=Vpn6 src=10.2.19.252/3668 dstif=Vpn5 dst
SECOND PART OF SECOND ENTRY
(2nd half of another log entry)
-------------------------------
d=WDNMH sent=416 rcvd=144 srcif=Vpn6 src=10.2.19.252/3666 dstif=Vpn5 dst=38.113.198.192/80 op=GET arg=http://www.orgasm-mystery.com/images/eb3_42.gif result="304 Not Modified" proto=http rule 594
So now the size of 144 is appropriate for the response for a GIF that had already been received.
We just don't know all the details because you mashed to log entries together.
Numb Nutz, do you realize how stupid you appear when you do things like that?
Hey, numb nutz (or do you prefer super-sleuth or maybe the dark knight?),
ReplyDeleteI've been thinking about this all day now and maybe I've been a little harsh - you know implying you're stupid - being that you slammed two separate log entries together and apparently don't know the first thing about log files in order to do a proper job of doctoring.
But I just saw where you were caught a number of years ago driving around some underage bimbo in a van (or was it the batmobile?) and drinking while supposedly trying to scam stores into selling alcohol to a minor....and your partner got her to lift up her shirt so he could photograph her boobies to show she wasn't wired.
HAH! So anyhow, you're still on the force and he got canned. Smooth. Maybe you're not so stupid after all ... or was that when you acquired that automatic weapon you're holding in that picture? is it loaded?
Pit, The firewall log time and computer terminal time were not synched. They differed by 10 minutes. As I said, get a copy of the logs for yourself. You'll see I haven't tampered with them. Also, I had nothing to do w/ the "boobies" picture taking. I drank a beer while on duty. As for my profile pic, I put it up in 2006 when I set up my blog account>> September 6, 2006 http://markonospoofo.blogspot.com Get your facts straight.
ReplyDeleteLounsbury, you ignoramus -- get YOUR facts straight. The firewall logs only show that the sites were fetched from the computer. They would look the same whether Amero clicked on a link, she typed in the URL (you DO know what that is, don't you?J), or malware fetched it.
ReplyDeleteAnd malware can come from non-porn sites as well. The bad guys are ready to hack any site they can.
Stop trying to pretend you understand computers and the Internet.
oh numb nutz - I guess you are a little doofus.
ReplyDelete1st off, the third entry is not off by 10 minutes ... it's waaay off.
Second, I can't believe you are leaving the second entry in your example in the blog..even after I pointed out to you that it is two entries smooshed together. Even the most basic novice, or even computer illiterate can see that it has two different rcvd amounts. It's one entry, it can't receive it twice.
OK - So people are going to see what I wrote - look at your example above - and say - "Pit is telling the TRUTH! Mark is a doofus that doesn't know squat about log files"
Really, even when faced with the FACTS, you choose to ignore them and live in your own little reality. (you really should change that second entry)
tch tch, so sad.
oh, you forgot to answer my question - "is it loaded?"
pit, the firewall time is 10 minutes slower than the computer's time. I'll fix the log error.
ReplyDeletepit, She's guilty. She admitted it. That's the FACT of the matter. Amazing how you are so afraid of the truth. Mr. Russell I never said I was an expert. Mr. Kimball, the firewall logs AND the recovered web documents prove she either clicked the link or, yes, typed the URL.
ReplyDeleteTom Coleman, Tulia
ReplyDeleteLook it up Det Lounsbury
In the PIT vs NOJF back and forth above, inconsistencies in the firewall log entries were pointed out by PIT. The blog was then updated without notation.
ReplyDeleteFor a breakdown of the before and after firewall entries, contrasting the Jan 30, 2009 version with the Feb 2, 2009 current version, please see
http://blog.state-v-amero.com/2009/02/02/changing-log-entries-from-prosecution-expert-witness.aspx. I tried to post the comparison here, but the interface allows very little HTML to be posted, and the red color makes it easier to see differences.
"None of the "computer experts" have presented, published, or posted any evidence that Amero was the victim of a storm of creamy porn filled pop-ups."
ReplyDeleteNobody had to do that. The only thing anyone needed to do was show that Amero COULD WELL HAVE BEEN the victim of pop-ups. That's the "reasonable doubt" standard you may have heard of.
Your behavior is unprofessional and sickening. You've already ruined Amero's career; what's the point in bragging about it? If you really think it enhances your professional reputation to brag about it, at least hire an editor. The stuff on your blog makes you sound like a nutjob.
Well, Mark
ReplyDeleteIt's time for me to go now. You won't be hearing from me again.
Before I go, I did want to apologize for my earlier rudeness, it really is not my style. But it was important fro me to make sure that you will never ever be responsible for another "Julie Amero". You were in a position of responsibility - an officer of the law - and a position in which I hold in the highest esteem.
However, I felt I needed to point out your apparent disregard for the truth wherever it might lead. The results of my prior comments were to have you admit that the original evidence posted to your blog was in error. But you went further and showed that you would doctor that evidence further to cover the original errors.
Regardless, of what you do to this blog from this point forward, copies of it will always be available to attorneys that will use the information on this blog to discredit you on the witness stand and neutralize any testimony you might be willing to give or fabricate. Any State's Attorney would be a fool to call you to testify. You sir, are damaged goods.
Of course this means that your usefulness as a law enforcement officer has also been neutralized. Arrests and investigations may be rendered moot if you can't testify.
So, as I take my leave, I wish you well in your future endeavors outside law enforcement. Perhaps there might be a position available at Home Depot or perhaps as a hall monitor at Kelly Middle School.
Verum Vacuus Ventus
How dare you do this to Julie. Just what are you getting out of it? There MUST be a reason you did this. Like the same reason you became a cop: Small penis.
ReplyDeleteAll I can say is thank God you don't live and work in Michigan! Hypocrite. Also, I guess it's one thing for a civilian to drink and drive but a cop who drinks and drives would NEVER have an accident! Right? And when you catch adult civilians with minors, you arrest them but it's ok for YOU? And to get them drunk and have them show you their boobs? You are truly wretched and certainly not deserving of the badge you wear. PERVERT! I grew up around cops all my life and I KNOW FIRST HAND how they are when not being watched. Scum.
Hey there Mark,
ReplyDeleteSorry to see that you have gotten so much grief over some of the circumstances that have surrounded the conviction of Julie Amero.
But I would like to say a few things, don't give into all of these people, they are offended by your use of the first amendment, you have not said anything that is privilaged, or gone beyond the law, you have stated your opinion, and it really doesn't matter what any of these folks think.
You did your job, good for you, if you lose it in connection to this, I'll pay for you to move to Atlanta, and hire you.
She did something wrong, if she had not, she would not have plead guilt.
I do have one negative criticism, you shouldn't have taken down the picture of your rifle, someone being scared, or intimidated by a picture, with no captioning or related artice that contains a threat of something is an absolute imbecile.
Have a good one fella,
El Sid, A Conservative Contractor
elsidblog.blogspot.com
Hey Mark,
ReplyDeleteYou may be in a position to shed some light on some of the unanswered questions in the Amero case. Please help, if you can.
It is my understanding that you became involved with the case shortly before the case went to trial and that you were _not_ involved in the initial investigation which resulted in Ms.Amero being charged.
Officer Michael Belair seems to have conducted the bulk of the initial investigation.
Is Officer Belair still with the NPD?
If he is, could you please ask him if he was ever told of Amero seeking help with the computer from four other teachers? Also ask him if he knew at the time that Amero actually reported the incident on October 19th, 2004 to Kate O'Boyle, assistant principal for Kelly Middle school. This information came out during the trial, but David Smith appeared to have been unaware of it.
Officer Belair and the other NPD officers did a pretty good job of looking into certain aspects of the case. The principal, IT director, and the students, were all interviewed and their response well documented, but there is no record of interviews with any of the teachers or the vice principal who had firsthand knowledge of Amero seeking help with the computer.
Why didn't the officers interview the vice principal, music teacher, and computer teacher during the investigative phase? Did they think it irrelevant, or did they just not know about Amero seeking help?
There have been a lot of questions as to why the incident was not handled internally in by school system and how it ever morphed into a criminal prosecution. Scott Fain is quoted in an interview to the Associated Press that he "was surprised that the case was prosecuted".
The question of whether the police were ever told that Amero sought help with the computer is very important and remains to be answered.
Can you help?