[ISN] Questions cloud cyber crime cases

From: InfoSec News (isn@private)
Date: Sun Oct 19 2003 - 22:21:35 PDT

  • Next message: InfoSec News: "[ISN] Former White House cybersecurity czar calls for security audit standards"

    Forwarded from: Richard Caasi <caasi@private>
    
    http://news.bbc.co.uk/2/hi/technology/3202116.stm
    
    17 October, 2003
    
    The acquittal of a teenager accused of carrying out a high-profile
    hack attack has cast doubts over future computer crime prosecutions,
    say experts.
    
    Aaron Caffrey, 19, was accused of crashing systems at the port of
    Houston in Texas by hacking into its computer systems.
    
    But a jury cleared him after believing his defence that hackers had
    broken into his computer and used it to launch the attack.
    
    "This verdict sets a potentially dangerous precedent with regard to
    hacking cases," said Cable & Wireless security expert Richard Starnes.
    
    "A potential outcome is that defendants, charged with such an offence
    in the future, could attempt to compromise their own system, in order
    to employ a similar defence in the event they are caught."
    
    Elite member
    
    Mr Caffrey had faced one charge at Southwark Crown Court of
    unauthorised modification of computer material.
    
    He was accused of launching an attack on 20 September 2001 on one of
    the US's biggest ports, bombarding its computer system with thousands
    of electronic messages.
    
    It froze the port's web service, which contained vital data for
    shipping, mooring companies and support firms responsible for helping
    ships navigate in and out of the harbour.
    
    Mr Caffrey admitted being a member of a group called Allied Haxor
    Elite and hacking into computers for friends to test their security.
    
    But he insisted he was not responsible for the attack on the port of
    Houston.
    
    Both the defence and prosecution acknowledged that the attack had come
    from Mr Caffrey's computer.
    
    The case hinged on whether the jury believed the defendant's argument
    that his computer had been taken over by a hacker using a Trojan horse
    program.
    
    A forensic examination of Mr Caffrey's PC had found no trace of a
    hidden program with the instructions for the attack.
    
    Trojan defence
    
    The verdict shows that the prosecution case failed to convince the
    jury that the teenage was responsible for the attack.
    
    "Clearly the authorities are facing a fundamental problem when
    attempting to prosecute suspected computer criminals," said Graham
    Cluley, senior technology consultant at the security firm, Sophos.
    
    "The Caffrey case suggests that even if no evidence of a computer
    break-in is unearthed on a suspect's PC, they might still be able to
    successfully claim that they were not responsible for what their
    computer does, or what is found on its hard drive."
    
    The Trojan defence has been successfully used in the UK courts before.
    
    In July, a man was cleared of possessing child porn when a number of
    Trojan horses were discovered on his computer.
    
    Experts say the Caffrey case could prompt a review by police of how to
    present evidence before a jury in computer crime cases.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 20 2003 - 01:28:32 PDT