Thursday, November 20, 2003

ZDNet AnchorDesk: It wasn't me, it was the Trojan horse:
"Remember the Twinkie defense? Well, now there's the Trojan horse defense. That's right: In three recent court cases in the United Kingdom, defendants pleaded not guilty on the basis that someone else put code on their computer (via a Trojan horse) that caused their machines to break the law. "

While these cases have no direct bearing on U.S. court cases, they could lead to creative defenses for computer-related crimes in this country as well.

THE FIRST TWO cases involved the downloading of child pornography, while the third concerned a denial-of-service attack that caused real-world economic damage. All three defendants were acquitted.

In one of the child pornography cases, Karl Schofield of Whitley, England was cleared of processing 14 images of child pornography on his home PC. In the other, Julian Green of Devon, England, who was acquitted of storing 172 images of child pornography on his system.

In both cases, computer forensics experts found evidence of Trojan horses on the suspects' hard drives. The rogue code was allegedly deposited there via pop-up advertisements, banner ads, or Internet worms.

The third case involved a U.K. teenager named Aaron Caffrey. U.S. police discovered that his computer was responsible for the denial-of-service attack that crashed servers at the Port of Houston in October. However, Caffrey claimed that someone else put a Trojan horse on his PC that allowed his system to be controlled remotely. When investigators were unable to find evidence of such a remote-control Trojan, Caffrey claimed the Trojan had automatically erased itself.

THIS SEEMS suspicious to me, if only because Microsoft Windows (the operating system on Caffrey's computer) is notorious for creating duplicates or logs of all data. So either Caffrey was lying, or the authorities who investigated him were inept, as evidence of a Trojan horse should be relatively easy to find. Computer forensics tools, such as Guidance Software's EnCase, can quickly reveal hidden, partial, or even deleted files.…

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5107486.html?tag=adss
Posted by Unknown at 2:42 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
con·cept