Feeds

Jury mulls verdict in UK teen hacking case

Trojan claim

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The jury in the trial of a UK teen accused of an electronic attack on a major US port retired today to consider its verdict.

Aaron Caffrey, 19, of Shaftesbury, Dorset, allegedly hampered the operations of the Port of Houston by initiating an attack that crippled its Web-based systems for hours in the early hours of September 21 2001. This was the result of a misdirected attack by Caffrey against a fellow chat-room user, the prosecution claims.

Caffrey denies a charge of unauthorised computer modification connected with this alleged attack.

Summing up the case at Southwark Crown Court this afternoon, Judge Loraine Smith said that neither side in the case disputed evidence that an attack on the Port of Houston's Web servers originated from Caffrey's computer.

The jury had to decide whether it was Caffrey himself, or unidentified attackers who gained remote access to the teenager's computer, which initiated the attack. The jury also needed to consider who wrote the attack script (IIS Unicode Exploiter – PING DDoS tool, coded by Aaron) found on Caffrey's PC, Judge Smith added.

Trojan wars

Caffrey testified in his defence that evidence against him was planted on his machine by attackers who used an unspecified Trojan to gain control of his PC and launch the assault. However Neil Barrett, an expert witness for the prosecution, testified that Caffrey's computer contained no trace of the tell-tale signs that would be left by such an attack.

Computer logs from the Port of Houston's NT Server enabled police to trace the attack back to a computer in Caffrey’s Dorset home. He was arrested by officers from the Metropolitan Police's Computer Crime Unit, who lead the investigation, in January 2002.

Police recovered attack scripts and the transcript of an IRC conversation dating from around the time of the attack from Caffrey's PC. This transcript formed a key plank in the prosecution case against Caffrey.

Punch drunk love

Excerpts from the transcript show how Caffrey (or someone impersonating him) took exception to anti-American remarks made by an IRC user called Bokkie. Caffrey took particular exception to the remarks because he was "in love" with an American girl, called Jessica, at the time. This allegedly prompted him to take out Bokkie Net connection using an attack tool which, according to the transcripts, had minimal impact on his intended victim.

In court this week, it emerged that Caffrey's relationship with Jessica was an "on/off" cyber relationship and that the pair had never actually met.

Caffrey suffers from Asperger's Syndrome - a mild form of autism – which impairs his ability to concentrate over extended periods, impairs his ability to interact socially and predisposes sufferers to an "excessive preoccupation with a specialised interest".

Judge Smith told the jury to put aside any sympathy for Caffrey that they may have as a result of his condition and to decide the case on the basis of the evidence and testimony put before them during the eight day trial.

The case against Caffrey is one of very few in which a computer crime prosecution has been put before a jury in the UK. In most such cases, the accused enters a guilty plea or (more infrequently) the prosecution abandons its case long before reaching this stage.

Caffrey pleads not guilty to the single charge of unauthorised modifications of a computer contrary to Section 3 of the Computer Misuse Act 1990.

The jury will return to continue its deliberations in the case on Friday. ®

Related Stories

UK teenager accused of 'electronic sabotage' against US port
UK teen in 'elite' hacking group

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.