McHenry Co. (ECWd) –
We now have a computer forensic expert’s report that points to criminal conduct taking place at the Algonquin Township Road District on or about April 2, 2017.
“It is my conclusion based on the totality of the evidence a user logged onto the server on April 2, 2017, and installed an anti-forensic software package designed to delete and destroy data, executed that program and destroyed beyond recover many files.”
“Additionally, a user took action to remove the user profile of ‘commissioner’ and ‘manager’ from the profile redirection folders including all files within those folders essentially deleting all user created data that was stored in those profiles and even deleted the local server login profile for those usernames.”
“After deletion of the folders and profiles, the profiles were rebuilt and gives the appearance that they have never been deleted, except that no user created data is present in those profiles.”
Considering the Downstate Local Records Commission has not issued any authorizations to destroy records to the Algonquin Road District and Township, the facts in the report should be yet another clear path for the State’s Attorney to move forward on as it relates to criminal prosecutions in Algonquin Township.
The law is clear when it comes to the destruction of public records.
(50 ILCS 205/4) –Sec. 4. (a) Except as otherwise provided in subsection (b) of this Section, all public records made or received by, or under the authority of, or coming into the custody, control or possession of any officer or agency shall not be mutilated, destroyed, transferred, removed or otherwise damaged or disposed of, in whole or in part, except as provided by law. Any person who knowingly, without lawful authority and with the intent to defraud any party, public officer, or entity, alters, destroys, defaces, removes, or conceals any public record commits a Class 4 felony.
So who deleted the computer records? Our FOIA request for invoices for IT computer work was met with an improper denial by claiming our request was too burdensome. More on that FOIA violation in a future article.
However, our FOIA request for all records pertaining to any computer forensic investigation reports may prove to be very problematic for former Highway Commissioner Robert Miller if the information contained in the report is verified by law enforcement investigators as being true and accurate.
From the Forensic Computer Investigators letter.
- That Mr. Miller asked him to wipe the data from the computers at the county because he had personal information on it
- That when he went to wipe data from Mr. Miller’s desktop PC that there wasn’t anything to wipe because Mr. Miller had already deleted everything
- That he replaced the backup drives (containing backups) from the server and replaced them with two new drives
- That he gave the two drives removed from the server to Mr. Miller
- That he has invoices for the work he had done, but is unsure whether or not he invoiced or replaced the workstation hard drives in the maintenance and sign shop
- The he (sic) has a text message he had sent Mr. Miller with the passwords
- That he removed the user profiles from the server and rebuilt them as new profiles
- That he downloaded and ran CCleaner to wipe out data
- That he will forward to Mr. Hanlon and I any information he still has regarding these tasks he performed
The conversation the Forensic Investigator had with the person Miller hired to work on the computers appears to be consistent with the findings in his full report, to include CCleaner was used to wipe out data. Who downloads anti-forensic computer software to remove personal data from the computers? Is this why there were no e-mails found on the computers when the new Highway Commissioner took office?
For starters, assuming these reports are accurate, Miller used public computers for personal matters. Use of public property for personal matters is a violation of our State Constitution.
Have the hard drives provided to Miller been returned to the Township? If the IT person hired by Miller is accurate with his determination, that Miller had already deleted everything, is that worthy of a police investigation into the destruction of public records?
It appears the actions of the past elected officials of Algonquin Township are catching up to them as investigations continue. As we reported before, the Illinois State Police told us the FBI is handling the investigation of Robert Miller. We would hope they add this information to their list of things to investigate.Report on Algonquin Township Server (003)
.Algonquin Township Highway Letter regarding ITC (002)
Our work is funded entirely thru donations and we ask that you consider donating at the below link.
Like Ur ChopsPosted at 16:32h, 23 January
“wash it? like with a cloth or something?” Hillary Clinton playing dumb on the acidwashing of her govt. emails.
CindyPosted at 18:41h, 23 January
Township ClerkPosted at 19:36h, 23 January
So is Mr Miller packing his bags for prison yet? And I sure hope he is setting aside money to repay the taxpayers for his irresponsible spending. I sure hope other road commissioners and township officials are following this and I also hope none of them are out there defending him. It saddens me to see other townships breaking the law like this. My township does not operate anything like this or like any of the others you have reported on. It’s really not that hard to follow the law but it takes committed trustees to do their job effectively and not approve questionable spending.
ANONYMOUSPosted at 20:54h, 23 January
Some pretty week forensics there in that report. CCleaner is a simple utility that many non-technical users rely on to clean up their crappy Windows operating systems. Temporary internet files, browsing histories, and user profile files are not public records, lol. The reporting here is more than a bit biased and poorly informed by this “computer forensics firm.”
Kirk AllenPosted at 22:44h, 23 January
Simple utility but effect according to forensic experts. You are wrong that profile files are not public records. They are public records because they were created by public officials. The reporting is based off of the report. How on earth is that biased?
jmkraftPosted at 08:16h, 24 January
Browsing history is most certainly public records. It deals directly with “the public duties of public employees and officials shall not be considered an invasion of personal privacy” – can’t get much clearer than that!
danni smithPosted at 10:16h, 24 January
Illinois, Land of Leavin”
Bob BarnesPosted at 10:36h, 30 January
Face it, this was no huge criminal enterprise but what the Millers considered a family business as it had been in the. Family for decades. Let’s just call it a public private enterprise to help the Miller Family. That pretty much sums it all up,we’re laws broken,yep was money misappropriated? You bet,unfortunately not much will happen. We should all just move along and clean up the mess.