According to the Paxton Record, A group of Iroquois County officials will pore over years worth of emails recovered from the work computers of former Ford-Iroquois Public Health Department employees in upcoming weeks, searching for further evidence of unethical and illegal conduct within the now-dissolved bi-county agency.
The work to be done by the Iroquois County panel — which will likely be comprised of county board members and perhaps the state’s attorney or one of his assistants — is part of the second phase of an investigation that could lead to criminal charges against ex-employees who abused their government positions.
The county is paying $5,650 to have computer forensic expert Andrew R. Garrett of Decatur-based Garrett Discovery Inc. look for evidence of waste and fraud on 18 computers used by ex-employees of the Ford-Iroquois Public Health Department. Garrett has already examined each computer’s emails, but he wants county officials to see them, as well, to help determine if the emails contain legitimate work-related content or something less appropriate.
“Some of the internal workings of the county and your business we don’t understand; therefore, we need a little help in analyzing these emails,” Garrett told the county board’s policy and procedure committee Friday.
County Board Chairman Kyle Anderson of Beaverville said Monday that he hoped to have the panel appointed to review the emails this week, perhaps as early as Tuesday.
“I’m just waiting on the state’s attorney to give guidance on that,” Anderson said. “We want to make sure it’s done right.”
After that, Garrett will provide the appointed panel with hard drives containing every email sent and received.
“On the hard drive, it will have a software package, a review platform, and you’ll be able to see every email,” Garrett said. “Also in this, we have a lot of people’s text messages from their cell phones — they copied them to their work computer — so unfortunately you’re going to see some of their personal conversations.”
Before starting his examination of the 18 computers late last year, Garrett previously examined, at no charge to the county, five other computers used by former health department managers, who, according to Garrett, used their computers for “personal use and gain and possibly illegal and unethical activities” at least 70 percent of the time they were on them.
A full forensic analysis of all 23 computers’ contents will be included in a final report presented to the county board in upcoming weeks, Garrett said.
Garrett presented preliminary results from the first phase of his examination of the 18 computers on Friday. The first phase included an analysis of each computer’s Internet history, dating back an average of three to five years, while the second phase will focus on email history.
Garrett provided preliminary data on the “top abusers” from his Phase I analysis, but he withheld their identities until he presents his final report to the board.
According to Garrett’s preliminary Phase I findings:
— The top abuser’s computer showed 76,240 visits to “inappropriate websites, including 8,440 hits on Facebook. There were also visits to Amazon and eBay, and the employee also was apparently selling things online during work hours.
— The second-highest abuser’s computer had 39,995 inappropriate Web searches and hits, including more than 1,000 visits to match.com, a couple visits to pornography sites and “lots of traffic” on mythirtyone.com, “which apparently has been used quite a bit by a few county employees.”
— The third-highest abuser’s computer contained 13,289 website entries on such sites as Amazon and eBay, as well as 404 on dating websites, more than 5,000 visits to Facebook and 3,000 visits to mythirtyone.com.
— The fourth-highest abuser’s computer showed 12,953 web entries to dating sites and 8,778 posts to Facebook.
Two of the 18 computers appear to have “little to no usage on them whatsoever,” Garrett said. Among the remaining 16, there were 160,129 inappropriate Web searches found.
“That tells us that we’re probably going to find a lot of stuff in the emails also,” Garrett said.
Garrett noted that “quite a few computers” he examined appear to have been used by “casual users of the Internet” — those who, over a two- or three-year period, had 669 inappropriate web searches while at work, for example. “And their inappropriate use would have been (limited to) Facebook, some Web searches, some eBay searches, Amazon, those types of things,” Garrett said.
“Six-hundred-sixty-nine hits over a two- to three-year period is not extreme,” Garrett added. “But some of these that are close to 30,000, 40,000, 70,000 is extreme.
“It’s very alarming. It looks to us that on a few — on probably six people’s computers — we had a hard time understanding what they do for a living. It looked to us like we were examining a personal computer, not a work computer.”
Some of the personal business was done on the mythirtyone.com website, which, according to Garrett, “allows people to make money from selling their friends products and services.”
“We found thousands of Web entries on these computers that had to do with the sale or promotion of mythirtyone.com to other county employees,” Garrett said. “And this was more than one employee involved; this was a couple.”
“So they’re running a business out of a county office?” asked county board member Kevin Hansen of Clifton.
“Yes, that’s correct,” Garrett responded. “What this mythirtyone website does is it allows you to sell things — there’s actually order processing going on while they’re at work, during work hours. There’s text messages to say, ‘Your order’s in,’ those types of things.”
Meanwhile, Garrett said some employees installed “remote access tools” on their work computers, allowing them to access their computers from elsewhere.
“Unfortunately, some of these tools they installed allowed data from your county to travel to Germany and back,” Garrett told the committee. “So there’s more than just misuse of time. There’s some inappropriate things that we think cause some security concerns.”