Feeds

Jury mulls verdict in UK teen hacking case

Trojan claim

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

The jury in the trial of a UK teen accused of an electronic attack on a major US port retired today to consider its verdict.

Aaron Caffrey, 19, of Shaftesbury, Dorset, allegedly hampered the operations of the Port of Houston by initiating an attack that crippled its Web-based systems for hours in the early hours of September 21 2001. This was the result of a misdirected attack by Caffrey against a fellow chat-room user, the prosecution claims.

Caffrey denies a charge of unauthorised computer modification connected with this alleged attack.

Summing up the case at Southwark Crown Court this afternoon, Judge Loraine Smith said that neither side in the case disputed evidence that an attack on the Port of Houston's Web servers originated from Caffrey's computer.

The jury had to decide whether it was Caffrey himself, or unidentified attackers who gained remote access to the teenager's computer, which initiated the attack. The jury also needed to consider who wrote the attack script (IIS Unicode Exploiter – PING DDoS tool, coded by Aaron) found on Caffrey's PC, Judge Smith added.

Trojan wars

Caffrey testified in his defence that evidence against him was planted on his machine by attackers who used an unspecified Trojan to gain control of his PC and launch the assault. However Neil Barrett, an expert witness for the prosecution, testified that Caffrey's computer contained no trace of the tell-tale signs that would be left by such an attack.

Computer logs from the Port of Houston's NT Server enabled police to trace the attack back to a computer in Caffrey’s Dorset home. He was arrested by officers from the Metropolitan Police's Computer Crime Unit, who lead the investigation, in January 2002.

Police recovered attack scripts and the transcript of an IRC conversation dating from around the time of the attack from Caffrey's PC. This transcript formed a key plank in the prosecution case against Caffrey.

Punch drunk love

Excerpts from the transcript show how Caffrey (or someone impersonating him) took exception to anti-American remarks made by an IRC user called Bokkie. Caffrey took particular exception to the remarks because he was "in love" with an American girl, called Jessica, at the time. This allegedly prompted him to take out Bokkie Net connection using an attack tool which, according to the transcripts, had minimal impact on his intended victim.

In court this week, it emerged that Caffrey's relationship with Jessica was an "on/off" cyber relationship and that the pair had never actually met.

Caffrey suffers from Asperger's Syndrome - a mild form of autism – which impairs his ability to concentrate over extended periods, impairs his ability to interact socially and predisposes sufferers to an "excessive preoccupation with a specialised interest".

Judge Smith told the jury to put aside any sympathy for Caffrey that they may have as a result of his condition and to decide the case on the basis of the evidence and testimony put before them during the eight day trial.

The case against Caffrey is one of very few in which a computer crime prosecution has been put before a jury in the UK. In most such cases, the accused enters a guilty plea or (more infrequently) the prosecution abandons its case long before reaching this stage.

Caffrey pleads not guilty to the single charge of unauthorised modifications of a computer contrary to Section 3 of the Computer Misuse Act 1990.

The jury will return to continue its deliberations in the case on Friday. ®

Related Stories

UK teenager accused of 'electronic sabotage' against US port
UK teen in 'elite' hacking group

Secure remote control for conventional and virtual desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.