Employee charged with hacking computer with porn
It happened one day last year, as more than a dozen board members of a Baltimore substance abuse center had gathered around a conference room. The CEO was giving a PowerPoint presentation on his accomplishments.
Suddenly, his computer shut down, then restarted, replacing the latest slide with an image of a naked woman onto a 64-inch screen. The board members include city officials and foundation heads and is chaired by Baltimore's health commissioner.
Today, Baltimore's State's Attorney's Office announced a grand jury had indicted Walter Powell, 51, with hacking into the computer system. They described him as a disgruntled worker who allegedly used his home computer to access the system, distribute confidential emails from his boss and break into the presentation.
The CEO of the Baltimore Substance Abuse System Inc., which distributes public funds to more than 50 substance abuse programs helping thousands of people, told me the attack cost $80,000 -- mostly to rebuild the system, replace software and upgrade security measures.
The CEO, Greg Warren, said no confidential information leaked out.
Here is a statement from prosecutors with more information:
Powell is Former MIS Head at Baltimore Substance Abuse System, Inc. and Allegedly Loaded Pornographic Photo into PowerPoint Presentation
“Cybercrime” Indictment Filed by State’s Attorney’s Office
Forensic Investigations Unit
Baltimore, MD – September 9, 2010 – State’s Attorney Patricia C. Jessamy announced today that the Baltimore City Grand Jury indicted Walter Powell, 51, of Frankford Avenue with numerous counts of computer network intrusion. The indictments charged Powell with one count of gaining unauthorized access to a computer network, four counts of gaining unauthorized access to a computer network with the intent to interrupt the operation of the network, and five counts of unauthorized possession of a computer pass code.
Powell turned himself in this afternoon and he is being processed at the Central Intake and Booking Facility. Powell is expected to have a bail review hearing before Judge Barry G. Williams at 10:30AM tomorrow.
Today’s indictments follows a joint nine month investigation that began in November 2009 and was conducted by detectives with the Baltimore City Police Department’s Cyber and Electronic Crimes Unit and the prosecutors in the State’s Attorney’s Office’s Forensic Investigations Unit. It is the first “cybercrime” indictment filed by the Forensic Investigations Unit of the Baltimore City State’s Attorney’s Office. An indictment is not a finding of guilt. An individual charged by indictment is presumed innocent unless and until proven guilty at some later criminal proceeding. Assistant State’s Attorney Michael E. Leedy of the Forensic Investigations Unit has been involved with this investigation from its inception and will prosecute this case.
The Grand Jury indicted Powell under Annotated Code of Maryland § 7-302 Unauthorized access to computers and related material. If convicted, Powell faces three years on unauthorized access count, five years on each unauthorized access with intent count and five years on each unauthorized possession of a pass code count for a total possible prison term of 48 years.
Powell is a former employee of Baltimore Substance Abuse Systems, Inc. (BSAS), where he was director of Management Information Systems until September 2009. Prosecutors allege that within weeks of his departure, Powell began accessing the BSAS computer network from his home computer. It’s further alleged that he remotely installed keystroke logging software on various computer workstations. That software could record every single key pressed by any user and then e-mail a record of those keystrokes to Powell. In this manner he was able to obtain the network passwords of at least five employees of BSAS. Over the course of 32 days, Powell accessed – or attempted to access – the BSAS network more than 100 times using the passwords of those employees.
Powell is also alleged to have remotely gained control of a computer used by BSAS CEO Greg Warren during a presentation to the BSAS Board of Directors. During the presentation Powell caused the presentation computer to shut down, restart, and then display a pornographic image. Powell is further alleged to have repeatedly accessed the e-mail account of Warren. During that time he forwarded confidential e-mails to others, and composed a fictitious e-mail message that was sent to a BSAS e-mail distribution list.
Detectives executed a search and seizure warrant in April with the intent of seizing any evidence relating to the network intrusions inside Powell’s residence. Detectives discovered materials used to make silencers for guns in his possession. Federal agents of the Bureau of Alcohol, Tobacco, and Firearms responded to the scene and took Powell into custody. A federal grand jury indicted Powell in April for possession of silencers and his federal case is pending.
FORENSIC UNIT HISTORY
In May 2007 State’s Attorney Patricia C. Jessamy appointed Assistant State’s Attorney Sharon R. Holback to the position of Director of Forensic Science Investigations for the Baltimore City State’s Attorney’s Office. Since that time Holback and Assistant State’s Attorney Michael E. Leedy have developed policies, procedures and agency protocols in forensic science disciplines, and the application of forensic science to criminal investigations and the cross-examination of forensic experts at trial. The scope of their work encompasses a wide variety of fields including physical medicine, psychiatry, DNA, cell phone tower site data, gunshot residue, firearms identification, trace evidence, latent print examinations and computer forensic i.e. “cybercrime.” Holback and Leedy serve as a resource to prosecutors to improve the investigation and prosecution of serious crimes involving forensic evidence.
“I have established a highly trained forensic team to look at the very detailed and complex prosecution of cases involving high degrees of technology,” State’s Attorney Jessamy said. “We need to be proactive and the Forensics Unit will assure that the search and seizure of communication devices and computers, and the information obtained, is done in accordance of the law and presented to jurors in an easily understood way.”
Nationally, in 2009, the Internet Crime Complaint Center Web site (www.ic3.gov) received 336,655 complaint submissions, a 22.3% increase as compared to 2008 when 275,284 complaints were received. Of the 336,655 complaints submitted to IC3 146,663 were referred to local, state and federal law enforcement agencies. The dollar loss from all referred cases was $559.7 million. The full report can be accessed here: http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf .
Powell is scheduled to be arraigned October 6, 2010 before Judge Barry G. Williams.