Full Report
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.
Analysis Summary
# Incident Report: Expert Credential Fraud and Subsequent Investigation
## Executive Summary
This report details an incident involving a prominent Minnesota cybersecurity and computer forensics expert, Mark Lanterman, who is under investigation by the FBI due to allegations of misrepresenting his educational background and professional credentials. The discovery led to the immediate halting of pending cases relying on his testimony and potential grounds for appeal in numerous past adjudicated cases where his expertise was pivotal.
## Incident Details
- Discovery Date: Late 2023 / Early 2024 (Allegations surfaced, formal legal challenge on March 14, 2025)
- Incident Date: Ongoing misrepresentation over a 30-year career.
- Affected Organization: Computer Forensic Services (CFS) and the legal/court systems reliant on the expert.
- Sector: Cybersecurity Consulting, Forensic Analysis, Legal Support.
- Geography: Minnesota (Primary operations), Nationwide Impact (Testimony history).
## Timeline of Events
### Initial Access
- Date/Time: Prior to 2023 (Period the misrepresented credentials were used).
- Vector: Deception/Misrepresentation in professional profiles and courtroom testimony.
- Details: Lanterman claimed to hold a BS and MS in computer science from Upsala College and postgraduate cybersecurity work at Harvard University.
### Lateral Movement
N/A - This is an internal misconduct/fraud incident, not a traditional network intrusion.
### Data Exfiltration/Impact
- What was stolen or damaged: The integrity of numerous legal proceedings and the credibility of the forensic findings presented as evidence. Potential for wrongful convictions or overturned verdicts.
### Detection & Response
- How it was discovered: Initially challenged by attorney Sean Harrington in late 2023; substantiated by Perkins Coie LLP in March 2025 while defending a client whose laptop was forensically reviewed by Lanterman.
- Response actions taken:
- Perkins Coie asked the judge on March 14, 2025, to strike Lanterman’s testimony.
- Hennepin County Attorney’s Office notified 10 pending cases they could not verify his background.
- FBI opened an inquiry into the allegations.
- Lanterman removed his profile from the CFS website.
- Lanterman withdrew from one case, citing retirement due to the negative attention.
- Lanterman’s son asked him to step down from the business.
## Attack Methodology
- Initial Access: **Misrepresentation/Fraud (Social Engineering)**: Claimed degrees from Upsala College and Harvard.
- Persistence: **Documented Testimony**: Maintained credibility by providing expert testimony in over 2,000 cases over 30 years based on false premises.
- Privilege Escalation: **Leveraging Legal System Reliance**: Used the weight of expert witness status to influence court outcomes.
- Defense Evasion: **Lack of Scrutiny**: Credentials were not sufficiently vetted by the courts or opposing counsel for decades.
- Credential Access: N/A (Self-generated fraud).
- Discovery: **External Diligence**: Perkins Coie confirmed Upsala College transcripts do not exist at the holding institution (Felician University) and Lanterman’s name was missing from yearbooks. HarvardX work was revealed to be an 8-week online course, misrepresented as postgraduate work.
- Lateral Movement: N/A
- Collection: N/A
- Exfiltration: N/A
- Impact: **Mistrial/Appeal Risk**: Criminal and civil cases (e.g., Stephen Allwine murder conviction) are now subject to review.
## Impact Assessment
- Financial: Potential costs associated with revisiting adjudicated cases, malpractice claims against forensic firms, and legal defense fees.
- Data Breach: No indication of data breach, but massive compromise of evidentiary integrity.
- Operational: Significant disruption to numerous ongoing and closed legal cases in Minnesota and potentially elsewhere.
- Reputational: Severe damage to the reputation of Computer Forensic Services, the expert witness ecosystem, and the courts involved.
## Indicators of Compromise
- Network indicators: N/A
- File indicators: **Absconded Personnel File**: Lanterman allegedly took his personnel file from the Springfield Township Police Department using a fabricated medical emergency pretext, constituting potential spoliation of evidence.
- Behavioral indicators: Claims of testifying to the Supreme Court, training the "entire federal judiciary" while lacking basic college degrees.
## Response Actions
- Containment measures: Removal of Lanterman's profile from CFS website; Notification to parties in pending cases.
- Eradication steps: FBI investigation; Legal challenges to exclude testimony.
- Recovery actions: Review and appeal process for cases reliant on his testimony (e.g., Stephen Allwine petition).
## Lessons Learned
- Key takeaways: The incident highlights a critical failure in the due diligence process for retaining and qualifying expert witnesses; claims regarding prestigious institutions (especially those that are defunct) must be rigorously verified through primary documentation (transcripts).
- What could have been done better: Attorneys proposing experts must actively vet qualifications beyond surface-level review, ensuring adherence to rules requiring disclosure of case history.
## Recommendations
- Prevention measures for similar incidents: Implement mandatory, independent verification of academic credentials (contacting Registrar offices directly) for all retained expert witnesses before testimony is offered. Establish mandatory cross-validation protocols for claims related to employment history, especially concerning sensitive agencies (like the Secret Service).