Full Report
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.
Analysis Summary
# Incident Report: Cybersecurity Expert Credential Fraud Leading to Potential Case Reopening
## Executive Summary
A long-standing Minnesota cybersecurity and computer forensics expert is under FBI investigation following allegations, primarily raised by attorney Sean Harrington and substantiated by Perkins Coie LLP, that he fabricated or misrepresented his academic credentials, including degrees from Harvard and Upsala College. This incident, which primarily concerns professional integrity and potential judicial fraud, has prompted legal offices to notify parties in pending cases and has led to the disgraced expert’s withdrawal from cases, potentially allowing defendants in previously adjudicated cases to appeal based on compromised forensic testimony.
## Incident Details
- **Discovery Date:** Late 2023 (Allegations first raised by Sean Harrington)
- **Incident Date:** Ongoing scrutiny beginning circa March 2024 (when Perkins Coie filed motions)
- **Affected Organization:** Computer Forensic Services (CFS) and the expert, Mark Lanterman
- **Sector:** Legal/Forensic Services, Expert Witness Testimony
- **Geography:** Minnesota (Primary location of Expert's firm)
## Timeline of Events
### Initial Access
* **Date/Time:** Not applicable (This is an integrity/fraud incident, not a network intrusion.)
* **Vector:** Misrepresentation of credentials on professional profiles and in court testimony.
* **Details:** Mark Lanterman claimed degrees from Upsala College and postgraduate work at Harvard University.
### Lateral Movement
* **Date/Time:** Ongoing throughout his 30-year career.
* **Details:** The "movement" relates to the reliance on his false credentials across numerous high-profile cases (e.g., Martha Stewart investigation, Bernie Madoff trial, Stephen Allwine murder case).
### Data Exfiltration/Impact
* **Date/Time:** Ongoing/Realized upon discovery.
* **Details:** The core impact is the potential invalidation of judgments across numerous cases where his testimony was pivotal, due to compromised expert qualification foundation. Specific data exfiltration is not the focus, instead, it is the exfiltration of legitimacy and trust in forensic findings.
### Detection & Response
* **Date/Time:** Started Late 2023 / March 2024.
* **Details:**
* Late 2023: Sean Harrington raises concerns after a conference speech.
* March 14, 2024: Perkins Coie LLP requests Lanterman’s testimony be struck in a pending case after finding no records for him at post-1995 transcript holder (Felician University) for Upsala College.
* March 2024: Hennepin County Attorney’s Office notifies parties in pending cases they cannot verify background; FBI inquiry confirmed.
* Post-March 24, 2024: Lanterman withdraws from a case, subsequently retiring and handing over the business to his children under pressure from his son.
* March 24, 2024: Stephen Allwine petitions the court to revisit his murder conviction, citing the allegations against Lanterman.
## Attack Methodology
This incident is categorized as **Professional Misconduct/Fraud**, not a typical cyberattack. The methodology revolves around maintaining a false professional narrative:
- **Initial Access (to trust):** Using a profile claiming degrees from respected institutions (Harvard, Upsala).
- **Persistence:** Maintaining this false status over 30 years across thousands of trials.
- **Privilege Escalation:** Using credentials of status (former USSS investigator) to enhance the false academic claims.
- **Defense Evasion:** Allegedly absconding with his personnel file from Springfield Township PD to obscure potentially verifiable employment history.
- **Credential Access:** N/A (The credentials themselves were the fabricated assets).
- **Discovery:** Investigation by opponents (Perkins Coie) and concerned parties (Harrington).
- **Lateral Movement:** The reach of his testimony across multiple jurisdictions and case types.
- **Collection:** N/A (No digital data theft).
- **Exfiltration:** Misleading the courts and juries on the basis of his expertise.
- **Impact:** Potential invalidation of judicial outcomes.
## Impact Assessment
- **Financial:** Undisclosed costs related to case reviews, appeals, and reputation damage for CFS.
- **Data Breach:** None directly reported, but the integrity of forensic data analyzed was compromised by the biased expert foundation.
- **Operational:** Significant disruption to ongoing legal proceedings and the potential for large-scale case appeals across Minnesota and potentially elsewhere.
- **Reputational:** Severe damage to the credibility of Lanterman and associated firms/courts that relied upon his testimony.
## Indicators of Compromise
* **Network indicators:** None applicable (Defanged: N/A)
* **File indicators:** Alleged spoliation of evidence (absconding with Springfield Township PD personnel file).
* **Behavioral indicators:** Misrepresenting completion of "postgraduate work" as an eight-week online HarvardX class; failure to produce verifiable transcripts from Upsala College; attempts to reclaim and withhold employment records.
## Response Actions
* **Containment measures:** Perkins Coie requested his testimony be stricken in the pending case. Lanterman voluntarily withdrew from a case and effectively retired shortly thereafter.
* **Eradication steps:** Hennepin County Attorney’s Office notified parties in ten pending cases.
* **Recovery actions:** Potential motion to reopen previous cases (e.g., Stephen Allwine petition) where his testimony was key.
## Lessons Learned
* **Key takeaways:** Expert witness vetting must include rigorous, direct verification of educational claims against primary sources (universities/registrars), especially for degrees from closed institutions.
* **What could have been done better:** Opposing counsel and courts must proactively audit the fundamental qualifications of high-profile, long-serving expert witnesses when credible challenges arise.
## Recommendations
* Forensic firms specializing in expert testimony must implement mandatory, independent third-party verification of all claimed academic credentials before they are submitted to the court.
* Judicial bodies should establish stricter protocols for continuous re-verification of expert qualifications, particularly when experts claim affiliation with high-status institutions that are later found to be misrepresentations.