I’ve been meaning to post this article for a while now. The absurdity of the case and the players is almost too much.
To summarize. In September, 2001 a web site for the Port of Houston was disabled by a denial of service attack. After investigation by the FBI and Interpol an 18 year old named Aaron Caffrey was arrested in London for causing the attack. Aaron Caffrey served as an “expert witness” in his defense, offering up expert testimony that he did not cause the attack, but that his computer was infected by a trojan (a type of virus) that was to blame. When asked to explain why there were no traces of the trojan on his computer he stated that it must have been programmed to delete itself.
Based on what is presented as fact in this article I have to believe that this guy is guilty. How do you establish yourself as a computer security expert, and then testify that some phantom computer virus infected your computer bypassing all of your security controls and personal expertise. His belief that after being prosecuted for computer fraud, and being on record that he could not identify, prevent, or even become aware of a virus running on his computer that disabled the Port of Houston’s computer that he is now going to be employed as a computer security consultant is just mind boggling.
So either he is 1) not very good at computer security counter to his claims, or 2) he is lying. What do you think?
Read the full story in the Houston Chronicle. Below are some of my favorite excerpts.
A teenage computer expert was acquitted Friday of hacking two years ago a system that provides navigational data for the Port of Houston.
A jury at Southwark Crown Court in London accepted 19-year-old Aaron Caffrey’s contention that unidentified vandals had installed an attack script on his computer, which he then unknowingly set into motion.
…
Caffrey, who belongs to a group called Allied Haxor Elite, acknowledged hacking into computers in the past but only with the permission of the machines’ owners, whom he said wanted to test their security systems.
He insisted he had nothing to do with the 2001 attack in Houston, testifying during a two-week trial that he knew nothing about it until police came to arrest him in January 2002.
The officers confiscated his computer. He was charged and brought to trial after computer experts failed to find so-called “Trojan horse” software that would have indicated someone had hijacked Caffrey’s computer.
He testified that the program might have been designed to self-destruct, leaving no trace of its presence.
…
Outside the courtroom, the teen said he now hoped to get a job as a computer security consultant or programmer.
I should be laughing, I know it.
Mr Clark
I find your attitude towards my son
First off all, many computer networks who are administrated by very qualified profressionals, get cracked into very easily due to unpatched vulnerabilities in software (and sometimes hardware).
Aaron was not given a copy of his computer to search for any trojans or signs of exploitation.
In september 2001, there were known and unpatched vulnerabilities in both Microsoft Windows and other software.
Knock knock, who is there? When someone is found ‘not guilty’ it means, by law, that they are actually not guilty. You seem to be claiming that your intelligence outwits that of an 11 member jury.
Reporters are not exactly the best source for information, perhaps you should have sat in the trial to gather data before coming to misconcepted conclusions?
Script Kiddies Are Funny
So as a comment to my post: British hacker acquitted in Port of Houston case I received this comment. First off all, many computer networks who are administrated by very qualified profressionals, get cracked into very easily due to unpatched…