Questions cloud cyber crime cases
Date: October 18, 2003
The acquittal of a teenager accused of carrying out a high-profile hack attack has cast doubts over future computer crime prosecutions, say experts.
Aaron Caffrey, 19, was accused of crashing systems at the port of Houston in Texas by hacking into its computer systems. But a jury cleared him after believing his defence that hackers had broken into his computer and used it to launch the attack. "This verdict sets a potentially dangerous precedent with regard to hacking cases," said Cable & Wireless security expert Richard Starnes. "A potential outcome is that defendants, charged with such an offence in the future, could attempt to compromise their own system, in order to employ a similar defence in the event they are caught."
Mr Caffrey had faced one charge at Southwark Crown Court of unauthorised modification of computer material. Clearly the authorities are facing a fundamental problem when attempting to prosecute suspected computer criminals
Graham Cluley, Sophos
He was accused of launching an attack on 20 September 2001 on one of the US's biggest ports, bombarding its computer system with thousands of electronic messages. It froze the port's web service, which contained vital data for shipping, mooring companies and support firms responsible for helping ships navigate in and out of the harbour.
Mr Caffrey admitted being a member of a group called Allied Haxor Elite and hacking into computers for friends to test their security. But he insisted he was not responsible for the attack on the port of Houston.
Both the defence and prosecution acknowledged that the attack had come from Mr Caffrey's computer. The case hinged on whether the jury believed the defendant's argument that his computer had been taken over by a hacker using a Trojan horse program.
A forensic examination of Mr Caffrey's PC had found no trace of a hidden program with the instructions for the attack.
The verdict shows that the prosecution case failed to convince the jury that the teenage was responsible for the attack. "Clearly the authorities are facing a fundamental problem when attempting to prosecute suspected computer criminals," said Graham Cluley, senior technology consultant at the security firm, Sophos.
"The Caffrey case suggests that even if no evidence of a computer break-in is unearthed on a suspect's PC, they might still be able to successfully claim that they were not responsible for what their computer does, or what is found on its hard drive." The Trojan defence has been successfully used in the UK courts before.
In July, a man was cleared of possessing child porn when a number of Trojan horses were discovered on his computer. Experts say the Caffrey case could prompt a review by police of how to present evidence before a jury in computer crime cases.
^macro[showdigestcomments;^uri;Questions cloud cyber crime cases]