October 17, 2016 | 6 min read
**Please note: if you represent either side in the case of Oppenheimer v. La Habra, you should probably not read past this point**
Can you imagine what would happen if a law firm inadvertently published their collection of electronic client files to the public internet? I can’t find any examples of this happening… until now.
My investigation into the remote synchronization protocol (“rsync”) has uncovered several law firms that were, perhaps unknowingly, publishing their internal file repositories to the world. Anyone with an internet connection could have downloaded these files, as they were being hosted on public IP addresses with no username or password protection. There is absolutely no form of hacking involved whatsoever here.
Client files are the crown jewels of a law firm and supposed to be kept under lock and key, which makes these internet-accessible discoveries even more surprising.
Publishing your own internal files through the public internet, via rsync protocol may be foolish, but it is not my job to ascertain the motives of law firms that, for whatever reason, wish to cause their own data breaches. Furthermore, according to the California Bar Association’s ethics hotline, there is nothing that a law firm can do to remove these documents from my possession.
I had every intention of simply writing a small post about the situation and deleting the whole 500+ gigabytes of gathered legal data. But then I saw something that I can’t un-see.
It involves a jail cell death video that is present in these files. On January 2nd, 2015, Daniel Oppenheimer hanged himself while in a holding cell at the La Habra city jail. Oppenheimer’s daughter is now suing for wrongful death. The District Attorney’s investigation concluded that there was no wrongdoing on the part of jail staff and that Mr. Oppenheimer’s own decision to take his life was the sole factor leading to his death.
I found evidence to the contrary. Within the client files for the Law Firm of Ferguson, Praet & Sherman, there is a text file titled “attorney notes WORK PRODUCT”. The content of that file is a timeline of events from Oppenheimer’s death video. Most of the noted events correspond with the timeline that is present in the District Attorney’s official report.
However, there are notable exceptions. Twice, while Daniel Oppenheimer strangles to death, La Habra jail staff members walk past his cell and do nothing to stop it. In the video you can clearly see their reflections in the plexiglass as they walk by. The first pass is nearly six minutes before anyone radios for help.
This “attorney notes WORK PRODUCT” file shows that an attorney with Ferguson, Praet & Sherman noticed these reflections in the video. It indicates that someone at Ferguson, Praet & Sherman knows that the District Attorney’s report is missing these key timeline entries.
It would certainly be awkward for the City’s defense attorneys to point out deficiencies in the DA’s report. But it’s the right thing to do. And for all I know, someone at Ferguson, Praet & Sherman may have indeed pointed this out to the appropriate channels, but I have seen no evidence of that.
I cannot sit idly by and do nothing in this situation. I cannot simply delete these files. My conscience will not allow it. If someone must face scrutiny in order for this truth to get out, then let it be me. It is a burden I will gladly bear in order to see that potential manslaughter does not get swept under the rug.
Daniel Oppenheimer may not have been a great person. He was an admitted meth user and had a long history of run-ins with the law. But when a staff member at the La Habra City jail had a duty to act, this video shows that they did not.
I am calling on the Orange County District Attorney to take another look at this death video and act appropriately against the individuals that walked past and did nothing while a man, in their care, strangled to death.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Researcher, Chris Vickery.
Do you have security tips or suggestions? Contact: email@example.com or firstname.lastname@example.org
Stay tuned to the latest security news by visiting MacKeeper Security Watch blog with Chris Vickery.