PDA

View Full Version : Innocent Or Guilty?



nikita69
10-10-2003, 03:43 AM
UK port hacker tells Judge he is innocent - it is all Microsoft's fault
11,000 vulnerable IP addresses found on accused hacker's PC
10-08-2003 10:35:14 AM CST -- Munir Kotadia, CNET News.com


A UK teenager accused of launching a distributed denial of service (DDoS) attack on a major US port has said a flaw in Windows allowed hackers to take control of his machine and launch the attack without his knowledge. In his interview with the police, which was read out in court on Tuesday, Aaron Caffrey said: "My OS supports remote admin and remote assistance. At that time, the patches were not available. Anyone could control it. Windows Media Player was also unpatched." Caffrey added: "Someone has edited those log files. just because something says something, it doesn't mean it happened. My machine was hackable. They have planted it or added to it." On Wednesday, the trial's second day, the defence counsel for Aaron Caffrey started questioning Detective Constable Stunt, a member of the Computer Crime Squad that forensically examined Caffery's computer in January 2002, which was around three months after the Port of Houston in Texas was attacked.

Southwark Crown Court heard that it was possible for someone to take control of the defendant's computer because of critical vulnerabilities in Microsoft's Windows operating system. Stunt said that although he was not aware of any specific vulnerability, he admitted that Microsoft does have security problems. "There are thousands of [security bulletins] and Microsoft issues numerous patches on a daily basis," he said. The court heard that police examinations of Caffrey's machine recovered log files of a chatroom conversation that recorded the exact moment the attack took place. But the defence argued that if a vulnerability exists, the log files could easily have been changed by someone who had accessed the system remotely....continued...

Click here to read the full story at Silicon.com

11,000 IP addresses found on accused hacker's PC

Innocent ? Or simply pulling the same line of defence tactics that got a paedophile off the hook ? Could the 'Microsoft has defective security defence' © be the perfect alibi for cyber-criminals ? Stay tuned and we shall see if the Judge buys this. But if you read the second article you will see that this 'kid' was no idiot when it comes to PC's and neither were his parents..

SOURCE (http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanCC%2edb&command=viewone&id=55&op=t)

lynx
10-10-2003, 11:46 AM
It's a pity the article you quoted missed this bit from the original.

The defence counsel asked Stunt if it was possible to cut some text from one log file and paste it into another log file from a remote computer. Stunt dismissed the idea: "Remotely, the answer would be no. It is impossible, the technology does not exist," he said
Yeah, right. Except that we all know that there are some commercial packages (eg pcAnywhere) that are capable of taking control of a machine and allowing virtually any access. So if there are commercial packages which can do this, you can bet that there are other 'packages' which can do it without the user being aware that it is happening.

How about this bit:

Cedric d'Ablis, a security architect at Cable and Wireless, gave evidence to the court on Wednesday. He examined Caffrey's computer in October 2002 -- 13 months after the attack took place. D'Ablis told the court that there was no legitimate reason why someone would have a list of IP addresses on their system.

D'Ablis also said that there was no evidence of a third party having accessed Caffrey's computer remotely in order to initiate the DDos attack. "I would expect to find a tool that would allow someone to do this. There are a number of tools but commonly, it would be a Trojan or a Trojan horse. I did not find one," he said.

However, d'Ablis admitted that during his examination of Caffrey's computer, he only looked for open ports and active Trojans. During cross examination, he said that according to the server logs, Caffrey's machine had been "probed regularly" and admitted that it was possible the system could have been compromised, with  the attack originating from a remote computer and made to look like it started from Caffrey's system. "Whenever something is installed on a computer, there are always traces of it somewhere on the system. But I did not look for these traces," he said.
Sounds like he couldn't really be bothered to look.

I think the teenager is probably guilty, but it sounds like the prosecution haven't done their homework, so he could get away with it.

billyfridge
10-10-2003, 04:14 PM
Originally posted by nikita69@10 October 2003 - 03:43


11,000 IP addresses found on accused hacker's PC

Wouldn&#39;t he have noticed reduced space on his hard drive, i would <_<

lynx
10-10-2003, 04:19 PM
At most, that file would be 160k.

billyfridge
10-10-2003, 04:22 PM
Originally posted by lynx@10 October 2003 - 16:19
At most, that file would be 160k.
Please excuse my innocence i&#39;m not an expert pc user :rolleyes:
Perhaps i should keep my big mouth shut :P

clocker
10-10-2003, 05:55 PM
It&#39;s an interesting dilemma for law enforcement...

The very people who are capable of cybercrime are also the most capable of creating an alibi and mounting their own defence.

billyfridge
10-10-2003, 06:22 PM
Originally posted by clocker@10 October 2003 - 17:55
It&#39;s an interesting dilemma for law enforcement...

The very people who are capable of cybercrime are also the most capable of creating an alibi and mounting their own defence.
It&#39;s a new crime so it&#39;s going to take a Lot of &#39;trial&#39; and error. I can&#39;t wait for
the first cyber rape case :o

nikita69
10-10-2003, 06:39 PM
@lynx - thx, didn&#39;t catch it. :)

james_bond_rulez
10-10-2003, 07:02 PM
20 years of jail time should serve him some good :lol:

J'Pol
10-11-2003, 09:56 AM
Guilty as a guilty person, that did it.

Billy_Dean
10-13-2003, 05:59 AM
Originally posted by JPaul@11 October 2003 - 18:56
Guilty as a guilty person, that did it.
That&#39;s OK then, case closed, send everyone home, no need for the judicial process, the "great one" has spoken.


:)

lynx
10-17-2003, 03:22 PM
Not guilty verdict returned.

I would not be surprised to find civil suits following, where the burden of proof is not as high, and in general the lawyers seem to be a damn sight smarter.

J'Pol
10-17-2003, 03:47 PM
Which civil suits do you foresee.

lynx
10-17-2003, 04:01 PM
Originally posted by JPaul@17 October 2003 - 15:47
Which civil suits do you foresee.
I suspect you are smart enough to work that out for yourself.

J'Pol
10-17-2003, 06:55 PM
Originally posted by lynx+17 October 2003 - 17:01--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (lynx @ 17 October 2003 - 17:01)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-JPaul@17 October 2003 - 15:47
Which civil suits do you foresee.
I suspect you are smart enough to work that out for yourself. [/b][/quote]
No, honestly I cannot see who would be sued.

It&#39;s not common practice for everyone who is found not guilty to then sue someone.

I just wondered why you thought it would happen on this occasion. More importantly who would be sued.

Rat Faced
10-17-2003, 06:59 PM
I think Lynx was thinking more about the youth being the sued by the US Port, rather than the other way around...

J'Pol
10-17-2003, 07:02 PM
Originally posted by Rat Faced@17 October 2003 - 19:59
I think Lynx was thinking more about the youth being the sued by the US Port, rather than the other way around...
LOL

Thanks for that, hands up to being an arse there. :blink:

My apologies Lynx, just got the wrong end of the stick. I was wondering what you were getting at.