Parents Sue Expert Witness Who Made Fake Child-Porn of Their Kids

Dean Boland

An Ohio lawyer who serves as an expert witness in child pornography cases might be on the hook for hundreds of thousands of dollars in civil damages for Photoshopping courtroom exhibits of children having sex.

Attorney Dean Boland purchased innocent pictures of four juvenile girls from a Canadian stock-image website, and then digitally modified them to make it appear as if the children were engaged in sexual conduct. Boland was an expert witness for the defense in half-a-dozen child porn cases, and he made the mock-ups to punctuate his argument that child pornography laws are unconstitutionally overbroad because they could be applied to faked photos.

In 2007, the tactic made Boland the defendant of a deferred federal child-porn prosecution in Ohio even though his exhibits helped clear at least one client of child-porn-related allegations. Now, a federal appeals court decision (.pdf) is reinstating a civil lawsuit by the parents of two of the girls, potentially putting Boland on the hook for a minimum $300,000 plus legal costs.

Boland, a former state prosecutor, had argued he was immune from such a lawsuit because, among other reasons, he’d created the images for use in court. That argument had already failed in his own criminal case, and was no more successful with the Cincinnati-based 6th U.S. Circuit Court of Appeals.

“[N]o constitutional principle … allows a criminal defendant to defend one criminal charge by urging his lawyer or witness to commit another,” wrote the three-judge panel, in an unanimous ruling Wednesday. “Otherwise, an individual on trial for a murder-by-stabbing charge could try to prove that the knife was not long enough to kill someone by using it to stab someone else in the middle of the trial.”

Boland said in a telephone interview Thursday, “I was hired as an expert witness. This was not like, let’s start a website of this crap.”

Wednesday’s ruling reverses a lower court’s dismissal of the civil lawsuit (.pdf) that the parents lodged against Boland in 2007. Under the 1986 Child Abuse Victims’ Rights Act, each victim is entitled to a minimum $150,000 in damages if Borland loses at trial.

“This is a complete scam,” Boland said.

Boland said the avalanche of legal trouble started when he was an expert witness in a local Ohio child-porn prosecution in 2004, in which his testimony and morphed images helped convince a judge to drop the pornography-related charges in a rape case.

He had used the morphed pictures as exhibits in a nuanced legal defense.

Given that the law prohibited “knowingly” accessing child pornography, Boland argued, it violated the First Amendment on “vagueness and over-breadth grounds” because a defendant could not know whether what he was viewing was an actual or virtual image of a child having sex.

The parents learned of the photo morphing from the FBI, according to the girls’ attorney. They’re suing over Boland transforming a picture of a 5-year-old girl eating a doghnut into one of her having oral sex. Another photo was of a 6-year-old girl’s face placed on the body of an adult woman having sex with two men. Boland purchased the pictures from iStockPhoto, according to court records.

The appeals court noted that Boland could have attempted to make his legal defense without creating or possessing child pornography.

“Boland could have illustrated the difficulty of discerning real from virtual images by combining two innocent pictures into another innocent picture,” the court wrote. It added that once Boland modified the images of the minors, “he crossed the line between possessing lawful images and violating the statute.”

Still, the appeals court said Boland could try to convince the judge presiding over the girls’ civil lawsuit that the children are not entitled to damages. That’s because the law requires them to have suffered “personal injury.” In this case, the children don’t know about the pictures, so they haven’t suffered any psychological harm, he said.

The parents are “insisting I owe them hundreds of thousands of dollars for harm these children don’t even know is going on,” Boland said.

But the parents’ attorney, Jonathan Rosenbaum, said the harm was real enough. The pictures, he said in a telephone interview Thursday, were distributed in disc format to an untold number of “defense lawyers and different clerks of courts.”

“Their faces have been abused and misappropriated in the most disgusting manner,” Rosenbaum said. “How would you like this to happen to your children?”

Photo: Courtesy of Dean Boland

See Also:

Father-Son Spy Drama Ends With Dad’s 8-Year Sentence

Nathan Nicholson, left, walks out with his defense attorney Thomas E. Price following an interview Dec. 7, 2010, in Portland, Oregon. Rick Bowmer/AP. Inset: Harold Nicholson, Dec. 18, 1996. Central Intelligence Agency handout/AP.

A disgraced CIA agent serving 23 years for being a Russian spy was handed eight more years Tuesday for hiring his son to collect overdue bills linked to the father’s nefarious espionage activities.

The 59-year-old father, Harold Nicholson, had enlisted his now-26-year-old son, the youngest of three children, to collect his unpaid bills from the Russians. The son flew from Portland, Oregon, to numerous destinations, including San Francisco, Mexico City, Peru and Cyprus — bringing back tens of thousands of dollars in cash. The money was disbursed to family members.

It was the first U.S. spy case (.pdf) in which a jailed spy was convicted again of espionage involving the same country.

“Harold Nicholson betrayed his country, and he betrayed his family — and stooped so low as to involve his son in his corrupt scheme to collect money for his spying,” Dwight C. Holton, the Oregon U.S. attorney, said in a statement.

At one point, according to the authorities, the son returned to the United States from Peru in possession of a small notebook containing “clandestine communication instructions” on how to communicate in code via an internet e-mail account about future meetings with the Russians. The notebook also contained coded messages to be used by the son, Nathaniel Nicholson, when he met with the Russian Federation to confirm his identity, according to court documents.

The younger Nicholson pleaded guilty to espionage-related charges in 2009, a year after his arrest, and was sentenced to five years of probation in exchange for his cooperation against his father. The elder Nicholson eventually pleaded guilty to conspiracy to commit international money laundering and conspiracy to act as an agent of a foreign government.

U.S. District Judge Anna Brown of Portland noted that the father could have been released in 2017 at age 66. But with the latest conviction, he is not likely to leave prison until 2025, the Associated Press reported.

The father, nicknamed “Batman,” was already serving 23 years in an Oregon prison after pleading guilty a decade ago to furnishing the Russians “documents, photographic negatives and information relating to the national defense of the United States, with the intent and reason to believe that the same would be used to the injury of the United States and to the advantage of the Russian Federation,” according to an FBI affidavit (.pdf). As part of that plea deal, he admitted that during his 16-year tenure, he received $300,000 from Russia (and earlier, the Soviet Union) for supplying the identity of CIA operatives in Moscow, including their code names.

Prison authorities became suspicious of the father after an inmate at the federal penitentiary in Sheridan, Oregon, tipped off the authorities that the convicted CIA agent was trying to contact the Russians. The authorities began to eavesdrop on the son’s cell phone, internet searches and e-mail, court records show. The son often visited his father in prison.

See Also:

Two Charged in AT&T Hack of iPad Customer Data

Two suspects have been charged with federal crimes for allegedly hacking AT&T’s website last year to obtain the personal data of more than 100,000 iPad owners.

Daniel Spitler, 26, of San Francisco, California, was charged in New Jersey on Tuesday with one count of identity fraud and one count of conspiracy to access a computer without authorization. Andrew Auernheimer, 25, of Fayetteville, Arkansas, was charged in Arkansas for the same crimes.

Last summer the two allegedly contacted Gawker to report that a hole in AT&T’s website allowed anyone to access data on iPad owners, including government and military officials, corporate CEOs and media executives who purchased iPads.

The personal data included e-mail addresses and ICC-IDs – a unique identifier that’s used to authenticate the SIM card in a customer’s iPad to AT&T’s network.

The leak snagged the details of dozens of elite iPad early adopters such as New York Mayor Michael Bloomberg, anchorwoman Diane Sawyer of ABC News, New York Times CEO Janet Robinson and Col. William Eldredge, commander of the 28th Operations Group at Ellsworth Air Force Base in South Dakota.

White House Chief of Staff Rahm Emanuel also appeared to be among the victims, Gawker reported, as were dozens of people at NASA, the Justice Department, the Defense Department, the Department of Homeland Security and other government offices.

The iPad was released by Apple in January 2010. AT&T provided internet access for some iPad owners through its 3G wireless network. Customers had to provide AT&T with personal data when they opened their accounts, including their e-mail address, billing address and password.

Gawker reported at the time that the website vulnerability, which AT&T fixed, was discovered by a group calling itself Goatse Security, which authorities say included Spitler and Auernheimer.

The two allegedly wrote a script to harvest the data from AT&T’s website and apparently shared their script with others before AT&T patched the vulnerability.

AT&T maintained that the two did not contact it about the vulnerability, which legitimate security researchers often do prior to publicly disclosing a vulnerability. Instead, AT&T learned of the problem from a “business customer.”

According to the complaint filed by the Justice Department (.pdf) against the two suspects, the script they allegedly wrote spoofed the behavior of an iPad to AT&T’s server to harvest data on about 120,000 customers:

a. The Account Slurper was designed to mimic the behavior of an iPad 30 so that AT&T’s servers were fooled into believing that they were communicating with an actual iPad 30 and wrongly granted the Account Slurper access to AT&T’s servers.

b. Once deployed, the Account Slurper utilized a process known as a “brute force” attack — an iterative process used to obtain information from a computer system — against AT&T’s servers. Specifically, the Account Slurper randomly guessed at ranges of ICC-IDs. An incorrect guess was met with no additional information, while a correct guess was rewarded with an ICC-IDle-mail pairing for a specific, identifiable iPad 30 user.

After disclosing the hack to Gawker, the two did little to hide their identity. Auernheimer, who goes by the handle “Weev,” bragged about the attention the breach was getting on his blog, authorities say.

Oh hey, my security consulting group just found a privacy breach at AT&T[. ] . . . [T]his story has been broken for 15 minutes, twitter is blowing the fuck up, we are on the forntpage of google news and we are on drudge report (the big headline)[.]

Last November, he also allegedly sent an e-mail to the U.S. attorney’s office in New Jersey, discussing the data breach. “AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders,” Auernheimer allegedly wrote. ”I advise you to discuss this matter with your family, your friends, victims of crimes you have prosecuted, and your teachers for they are the people who would have been harmed had AT&T been allowed to silently bury their negligent endangerment of United States infrastructure.”

The opinionated hacker also gave an interview to The New York Times on August 3, 2008 in which he stated: “I hack, I ruin, I make piles of money. I make people afraid for their lives. Trolling is basically internet eugenics. I want everyone off the internet. Bloggers are filth. They need to be destroyed. Blogging gives the illusion of participation to a bunch of retards…. We need to put these people in the oven!”

According to the criminal complaint, a confidential informant helped federal authorities make their case against the two defendants by providing them with 150 pages of chat logs from an IRC channel where Spitler and Auernheimer allegedly admitted conducting the breach to tarnish AT&T’s reputation and promote themselves and Goatse Security.

Spitler: I just harvested 197 email addresses of iPad 3G subscribers there should be many more … weev: did you see my new project?

Auernheimer: no

Spitler: I’m stepping through iPad SIM ICCIDs to harvest email addresses if you use someones ICCID on the ipad service site it gives you their address

Auernheimer: loooool thats hilarious HILARIOUS oh man now this is big media news … is it scriptable? arent there SIM that spoof iccid?

Spitler: I wrote a script to generate valid iccids and it loads the site and pulls an email

Auernheimer: this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails

Spitler: I hit fucking oil

Auernheimer: loooool nice

Spitler: If I can get a couple thousand out of this set where can we drop this for max lols?

Auernheimer: dunno i would collect as much data as possible the minute its dropped, itll be fixed BUT valleywag i have all the gawker media people on my facecrook friends after goin to a gawker party

At one point the two discussed the legal risks of what they were allegedly doing:

Spitler: sry dunno how legal this is or if they could sue for damages

Auernheimer: absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck

At the same time, others on the IRC chat allegedly discussed the possibility of shorting AT&T’s stock.

Pynchon: hey, just an idea delay this outing for a couple days tommorrow short some at&t stock then out them on tuesday then fill your short and profit

Rucas: LOL

Auernheimer: well i will say this it would be against the law … for ME to short the att stock but if you want to do it go nuts

Spitler: I dont have any money to invest in ATT

Auernheimer: if you short ATT dont let me know about it

Spitler: IM TAKIN YOU ALL DOWN WITH ME SNITCH HIGH EVERYDAY

In the wake of news stories about the breach, they allegedly discussed their failure to report the vulnerability to a “full disclosure” mailing list, as well as the opportunity to push their Goetse Security business as a result of the breach:

Nstyr: you should’ve uploaded the list to full disclosure maybe you still can

Auernheimer: no no that is potentially criminal at this point we won

Nstyr: ah

Auernheimer: we dropepd the stock price

Auernheimer: lets not like do anything else we fucking win and i get to like spin us as a legitimate security organization

Photo: Jim Merithew/Wired.com

See also:

Security Researcher, Cybercrime Foe Goes Missing

A well-known security researcher and cybercrime foe appears to have gone missing in Bulgaria and is feared harmed, according to a news organization that hosts a blog the researcher co-writes.

Bulgarian researcher Dancho Danchev, who writes for ZDNet’s Zero Day blog, is an independent security consultant who’s garnered the enmity of cybercriminals for his work tracking and exposing their malicious activity. He has often provided insightful analysis of East European criminal activity and online scams.

His last blog entry was a compilation of his research into the cyberjihad activity of terrorist groups. He was also particularly focused on monitoring the group believed to be behind the Koobface worm, which targets users of Facebook and other social networking sites.

Danchev has reportedly been missing since at least September, when he sent a mysterious letter to a friend in the malware-research community revealing concerns that his apartment was being bugged by Bulgarian law enforcement and intelligence services.

The letter, sent to the friend as “insurance in case things get ugly, ” included photos that Danchev purportedly took of a device that he believed was planted in his bathroom by government agents to monitor him. The device appears to be a transformer.

The letter said:

I’m attaching you photos of the “current situation in my bathroom”, courtesy of Bulgarian Law enforcement+intell services who’ve been building a case trying to damage my reputation, for 1.5 years due to my clear pro-Western views+the fact that a few months ago, the FBI Attache in Sofia, Bulgaria recommended me as an expert to Bulgarian CERT -> clearly you can see how they say “You’re Welcome”.

ZDNet, which has been trying unsuccessfully to contact Danchev since August, published the letter and photos Friday in the hope that someone with information about Danchev’s whereabouts would come forward.

ZDNet blogger Ryan Naraine, who blogs at Zero Day with Danchev, reported that Danchev had contributed his last blog entry Aug. 18 and that his personal blog was last updated Sept. 11. The letter Danchev apparently sent to his friend about the surveillance on him was received Sept. 9.

Subsequent attempts to contact Danchev by phone, e-mail and postal mail have been unsuccessful, ZDNet reports. A knock on the door at his residence in Bulgaria also went unanswered.

“Last month, we finally got a mysterious message from a local source in Bulgaria that ‘Dancho’s alive but he’s in a lot of trouble,’” Naraine wrote. “We were told that he’s in the kind of trouble to keep him away from a computer and telephone, so it would be impossible to make contact with him.”

Naraine told Threat Level that Danchev was an active participant on a mailing list where ZDNet’s bloggers discuss their stories and would generally contact editors and fellow bloggers once a week to let them know what he was working on. That communication stopped in August. Naraine said that he also hasn’t seen Danchev logged into his Skype, Google Talk or instant messaging account for months.

“I’ve been hearing from a lot of people on private lists saying that Dancho is alive,” Naraine said. “But no one can say where he is or why he has disappeared off the grid. He was not the kind of guy to just disappear.”