Months after an investigator with the Massachusetts Department of Industrial Accidents (DIA) was arrested for having child pornography images on his state issued lap-top, prosecutors dropped the charges when a defense-sponsored forensic investigation showed that his poorly configured laptop that had become riddled with malware was to blame.

Michael Fiola’s troubles began when he was given a badly configured replacement laptop running Windows XP with SP2 in November 2006. He was fired from his job in early 2007 when his IT department found the illegal pornographic images on his hard drive. After he was charged in August of last year, Fiola lost his friends and family; his wife however stood by his side.

Tami Loehrs, a forensic investigator hired by Fiola’s lawyers and president of Law2000, said that Microsoft’s Systems Management Server (SMS) software on the laptop was the first red flag that should have been noticed by DIA’s IT team.

“When they gave him this laptop, it had belonged to another user, and they changed the user name for him,” Loehrs explained.

“In the SMS software, they forgot to change the user name, so SMS was trying to connect to a user that no longer existed. So the day he walked out with the laptop, the SMS logs were red. If the IT department would have taken a single look at it, they would have seen that it was red and wasn’t connecting to the server. It was set up to do all of its security updates via the server, and none of that was happening because he was out in the field,” she added.

Fiola used a Verizon wireless card that was constantly, connected wirelessly to the Internet, set up for him by DIA. With undermined security, the laptop was letting all sorts of malware and infections to continue operating - including some that could literally take over the computer’s behavior without the user knowing.

“What I found is, he would log in to the state’s Web site, he’d be on for five or 10 minutes and during the exact same time that he’s filling out a form, an image shows up, out of nowhere. No typed [Uniform Resource Locator], no search, no Web site activity, just bam, a cached image shows up on his computer,” Loehrs said. The offending images were located in the laptop’s browser cache directory.

“He’d have 40 Web sites hitting his computer in a minute — who’s the IT guy who looked at this and said, “Wow, this guy is pretty active on the Internet?’” Loehrs said. “It’s physically impossible!”

Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. “And once you get into some of these foreign sites, you’ll get all kinds of stuff you don’t want to see.

“Actually, the child pornography was just a very small portion of it. The majority was just bizarre porn. He was being hit with everything,” she added.

It does raise pretty big concerns about government security. Why a state-run IT department has the neither the care nor inability to ensure their own equipment is secure – what can he average home computer user do to protect themselves.

“All of the technical people know you can get spammed with pornography; viruses can bring up stuff you don’t want. And while people want to think you can’t possibly be hacked, of course there are Trojans and ways for people to get into your computer,” Loehrs said.

“Trojans are written by tech-savvy people. What’s the first thing they are going to do? They’re going to disable the protection,” she added, noting that Fiola’s Symantec-based logs were missing from the compromised laptop.

“Clearly, something went in and whacked the virus protection. So, if you’re not a technically savvy person, how do you even know that it’s working? I don’t know - from what I’ve seen, how anyone can really protect themselves,” she noted.