Incident: Insecure Internet Network at Wholesale Motorcars Leads to Child Pornography Incident

Published Date: 2021-12-07

Postmortem Analysis
Timeline 1. The software failure incident happened in May 2019 [Article 121983].
System 1. Internet network security setting at Wholesale Motorcars - 'universal plug and play' setting [121983] 2. Lack of proper security measures on the internet network, leaving it vulnerable to a 'hit and run' attack [121983] 3. Failure to have a secure internet router [121983] 4. Potential failure of the Linux side of the computer to prevent unauthorized access [121983] 5. Failure to have basic system logs or router logs to track unauthorized access [121983]
Responsible Organization 1. The software failure incident in this case was caused by hackers who potentially accessed Josh Duggar's computer remotely to download child pornography due to the low security setting on the internet network at Wholesale Motorcars [121983].
Impacted Organization 1. Josh Duggar's internet network at Wholesale Motorcars was impacted by the software failure incident, making it vulnerable to a potential 'hit and run' attack by hackers [121983].
Software Causes 1. The internet network at Wholesale Motorcars was on a low security setting called 'universal plug and play', making it extremely vulnerable to a 'hit and run' attack [121983]. 2. The HP desktop at Wholesale Motorcars had a Linux partition installed with the password intel1988, which contained the illicit material [121983]. 3. Duggar allegedly used encrypted 'peer-to-peer' uTorrent software to download and view child pornography [121983].
Non-software Causes 1. Lack of proper internet network security settings at Wholesale Motorcars, making the network vulnerable to attacks [121983]. 2. Failure to seize the internet router by the FBI, hindering the forensic investigation [121983]. 3. Lack of system logs and basic information due to overwriting, impacting the ability to determine the source of the child porn streaming [121983]. 4. Failure to have a definite list of machines linked to the router, making it impossible to pinpoint the exact source of the illicit activities [121983].
Impacts 1. The software failure incident involving Josh Duggar's internet network being insecure and vulnerable to hackers led to the discovery of child pornography images traced to the IP address of his now-defunct used car dealership, Wholesale Motorcars, in Springdale [121983]. 2. The incident resulted in the seizure of Duggar's office HP desktop, iPhone, and MacBook by investigators [121983]. 3. The failure of the software security settings allowed for the potential remote access to Duggar's computer, leading to the possibility of someone remotely downloading and streaming child pornography without detection [121983]. 4. The software failure incident had legal implications, as Duggar faced charges of downloading and possessing child pornography, pleading not guilty and potentially facing up to 20 years in prison and fines of up to $250,000 on each count if convicted [121983]. 5. The incident led to the cancellation of the reality show "19 Kids and Counting" in 2015 after revelations of Duggar's past molestation scandal and the subsequent discovery of the child pornography images [121983].
Preventions 1. Implementing strong cybersecurity measures such as using secure internet settings and regularly updating security protocols could have prevented the vulnerability that allowed for remote access to Josh Duggar's computer network [121983]. 2. Utilizing secure and encrypted communication channels for sensitive data transmission could have prevented unauthorized access to child pornography files [121983]. 3. Properly securing and monitoring internet routers and devices connected to the network could have helped in identifying and preventing unauthorized access and activities [121983].
Fixes 1. Implementing a higher level of security settings on the internet network at Wholesale Motorcars to prevent vulnerabilities that could be exploited by hackers [121983]. 2. Regularly updating and patching software and systems to address any known security flaws or weaknesses [121983]. 3. Conducting thorough security audits and assessments to identify and address any potential security risks or loopholes in the network infrastructure [121983]. 4. Enhancing monitoring and logging capabilities to track and trace any suspicious or unauthorized activities on the network [121983]. 5. Educating employees and users on best practices for cybersecurity and safe internet usage to prevent unauthorized access and potential security breaches [121983].
References 1. Computer forensics expert Michele Bush, who testified in court [121983] 2. Prosecution witness Bobye Holt, who provided emotional testimony in court [121983] 3. Former police detective Daniel Wilcox, who assisted in the FBI raid on Wholesale Motorcars [121983] 4. Former intelligence worker Jim Holt, who overheard Josh Duggar asking about setting up a Linux partition [121983] 5. Cybersecurity expert Clinton Branham, who recalled a conversation with Josh Duggar about Linux partition [121983]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the vulnerability of the internet network at Wholesale Motorcars, owned by Josh Duggar, can be considered as having happened again within the same organization. The incident involved the internet network being on a low security setting called 'universal plug and play', which made it extremely vulnerable to a 'hit and run' attack by hackers [121983]. (b) There is no specific information in the provided article indicating that a similar software failure incident has happened at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the article where it is mentioned that the internet network at Wholesale Motorcars, owned by Josh Duggar, was on a low security setting called 'universal plug and play', which made it extremely vulnerable to a 'hit and run' attack by hackers [121983]. This vulnerability in the design of the network allowed for potential remote access and misuse by unauthorized users. (b) The software failure incident related to the operation phase is evident in the article where it is discussed that investigators traced child porn images to the IP address of Duggar's car dealership, Wholesale Motorcars, and seized his office HP desktop and iPhone in April. However, without having the internet router, which the FBI never seized, and a definite list of machines that linked to it, it was impossible to determine for certain who streamed the illicit material and from where, highlighting operational challenges in investigating and tracking the source of the illegal activities [121983].
Boundary (Internal/External) within_system, outside_system (a) The software failure incident in the article is primarily within_system. The failure was related to the low security setting of the internet at Wholesale Motorcars, which made it vulnerable to hackers. The setup allowed for a 'hit and run' attack where a remote user could potentially log on, perform malicious activities, and log off without the account holder knowing [121983]. The incident involved issues with the security configuration and potential unauthorized access within the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: - The software failure incident in the article was related to the vulnerability of Josh Duggar's internet network at Wholesale Motorcars, which was on a low security setting called 'universal plug and play', allowing for a 'hit and run' attack by a remote user or hacker [121983]. - Investigators traced child porn images to the IP address of Duggar's now-defunct used car dealership, Wholesale Motorcars, in Springdale, indicating a breach or unauthorized access to the system [121983]. (b) The software failure incident occurring due to human actions: - The defense witness, Michele Bush, disagreed with the government's case and suggested that someone may have accessed the Linux side of the computer remotely to download porn, indicating potential human involvement in accessing and downloading the illicit material [121983]. - The prosecution argued that Duggar downloaded and viewed images and videos of child pornography using encrypted 'peer-to-peer' uTorrent software, suggesting direct human actions in obtaining and viewing the illegal content [121983].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The article mentions that investigators traced child porn images to the IP address of Duggar's now-defunct used car dealership, Wholesale Motorcars, in Springdale, and seized his office HP desktop and iPhone in April [121983]. - It is noted that forensic computers found that someone had installed a Linux partition on the HP desktop, which could only be accessed by rebooting the computer and hitting F9 [121983]. - The article also states that the vile stash of porn was found behind that partition, which could only be accessed by the password intel1988 – the same password Duggar used for his internet banking and the Duggar family Instagram and Twitter accounts [121983]. (b) The software failure incident occurring due to software: - The article mentions that the setup of the internet at Wholesale Motorcars was on a low security setting called 'universal plug and play', which made it extremely vulnerable to what was described as a 'hit and run' attack [121983]. - It is highlighted that the defense witness, Michele Bush, disagreed with the government's case that a desktop could not be rebooted remotely and suggested that someone may have accessed the Linux side of the computer remotely to download porn [121983]. - The article also discusses how the prosecution argued that Duggar downloaded and viewed images and videos of prepubescent girls using encrypted 'peer-to-peer' uTorrent software over the dark web [121983].
Objective (Malicious/Non-malicious) malicious, non-malicious (a) The software failure incident in this case is malicious. The incident involved the downloading and possession of child pornography by Josh Duggar, which was traced back to his office HP desktop at Wholesale Motorcars. Investigators found that someone had installed a Linux partition on the computer, which contained the illicit material. Additionally, the password used to access this partition was the same as Duggar's internet banking password and the passwords for the Duggar family's social media accounts. This indicates a deliberate attempt to hide and access the illegal content [121983]. (b) The software failure incident can also be considered non-malicious to some extent. Defense witnesses in the trial suggested the possibility of remote hacking or unauthorized access to the computer to download the pornographic material. They argued that Duggar, being a "Mac guy" and home-schooled, lacked the sophisticated IT skills to install a Linux partition on his own. Furthermore, they claimed that other employees could have accessed the computer or streamed the content remotely without Duggar's knowledge. This perspective implies a non-malicious explanation for the presence of the illicit material on the computer [121983].
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions The intent of the software failure incident in the reported case involves elements of both poor decisions and accidental decisions: (a) poor_decisions: The software failure incident can be linked to poor decisions, such as the low security setting called 'universal plug and play' on the internet network at Wholesale Motorcars, which made it extremely vulnerable to a 'hit and run' attack by allowing remote users to potentially log on and perform nefarious activities without detection [121983]. (b) accidental_decisions: On the other hand, there are aspects of accidental decisions or unintended consequences in the incident. For example, the defense witness Michele Bush disagreed with the government's case that a desktop could not be rebooted remotely, indicating a lack of clarity and certainty in understanding the actions taken on the computer remotely due to missing evidence like the internet router and system logs [121983].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident occurring due to development_incompetence: - The defense expert, Michele Bush, disagreed with the government's case and stated that a desktop could be rebooted remotely, indicating a lack of agreement on technical aspects related to the case [121983]. - There were disputes regarding the number of pieces of child pornography that were successfully downloaded from Josh Duggar's work computer, with the defense expert claiming that only 13 out of 66 pieces were procured by law enforcement, highlighting discrepancies in understanding and analysis [121983]. (b) The software failure incident occurring accidentally: - The defense expert, Michele Bush, mentioned that without having the internet router and a definite list of machines linked to it, it was impossible to determine who streamed the vile material and where they did so, indicating a lack of complete information or accidental oversight in the investigation [121983]. - There were discussions about the possibility of a remote hacker theory, but it was mentioned that the evidence to make a conclusive determination did not exist, suggesting gaps or accidental omissions in the available information [121983].
Duration temporary The software failure incident related to the Josh Duggar case can be considered as a temporary failure. This is evident from the fact that the failure was due to contributing factors introduced by certain circumstances but not all. The incident involved vulnerabilities in the internet network at Wholesale Motorcars, which was on a low security setting called 'universal plug and play', making it extremely vulnerable to a 'hit and run' attack by hackers [121983]. The defense expert testified that without having the internet router and a definite list of machines that linked to it, it was impossible to say for certain who streamed the illicit material and where they did so [121983]. Additionally, the defense argued that a handful of employees could have accessed the HP computer or even operated it remotely to stream porn without being noticed, suggesting a temporary failure scenario [121983].
Behaviour crash, omission, timing, value (a) crash: The software failure incident related to a crash can be observed in the article where it mentions that the system lost state and did not perform its intended functions. This is evident when it is stated that investigators traced child porn images to the IP address of Duggar's now-defunct used car dealership, Wholesale Motorcars, and seized his office HP desktop and iPhone in April [121983]. (b) omission: The software failure incident related to omission can be seen in the article where it discusses how the system omitted to perform its intended functions at an instance(s). This is evident when it is mentioned that the defense witness disagreed with the government's case that a desktop could not be rebooted remotely, indicating a failure in performing the intended function [121983]. (c) timing: The software failure incident related to timing can be identified in the article where it describes the system performing its intended functions correctly but either too late or too early. This is evident when it is stated that the system was vulnerable to hackers due to being on a low security setting, allowing a remote user to quickly log on, perform actions, and log off without detection [121983]. (d) value: The software failure incident related to value can be inferred from the article where it discusses the system performing its intended functions incorrectly. This is evident when it is mentioned that the prosecution alleged that Duggar downloaded and viewed images and videos of prepubescent girls being 'abused, violated, and exploited,' indicating incorrect behavior of the system [121983]. (e) byzantine: The software failure incident related to a byzantine behavior can be seen in the article where it describes the system behaving erroneously with inconsistent responses and interactions. This is evident when there are conflicting testimonies and interpretations regarding the evidence and actions related to the case, leading to uncertainty and lack of clarity [121983]. (f) other: The software failure incident related to other behavior can be observed in the article where it discusses the system behaving in a way not described in the previous options. This is evident in the various technical aspects and actions taken by the defense and prosecution witnesses, leading to a complex and multifaceted analysis of the software and its potential vulnerabilities [121983].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence, other (a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident reported in the articles. [121983] (b) harm: People were physically harmed due to the software failure - The articles do not mention any physical harm caused to individuals due to the software failure incident. [121983] (c) basic: People's access to food or shelter was impacted because of the software failure - There is no indication that people's access to food or shelter was impacted by the software failure incident. [121983] (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident involved the downloading and possession of child pornography on a work computer, which could be considered as an impact on data. [121983] (e) delay: People had to postpone an activity due to the software failure - The articles do not mention any activities being postponed due to the software failure incident. [121983] (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident primarily involved the vulnerability of the internet network at a car dealership, which could be considered as impacting non-human entities (computer systems). [121983] (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had significant consequences related to the downloading and possession of child pornography, as well as implications for the security of the internet network at the car dealership. [121983] (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discuss potential consequences such as the possibility of remote hacking to download porn, the lack of clarity due to missing evidence like the internet router, and the theoretical discussion around the Linux partition setup on the computer. [121983] (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident led to the exposure of vulnerabilities in the internet network security settings at the car dealership, potentially allowing unauthorized access and misuse of the network. This could be considered as a consequence related to cybersecurity risks. [121983]
Domain information (a) The failed system in the incident was related to the industry of information, specifically in the context of a child pornography trial involving Josh Duggar's internet network and computer at Wholesale Motorcars [121983]. The incident involved the downloading and possession of child pornography using the internet network and computer system at the car dealership, which was a key aspect of the trial proceedings.

Sources

Back to List