Feeds

Jury mulls verdict in UK teen hacking case

Trojan claim

  • alert
  • submit to reddit

SANS - Survey on application security programs

The jury in the trial of a UK teen accused of an electronic attack on a major US port retired today to consider its verdict.

Aaron Caffrey, 19, of Shaftesbury, Dorset, allegedly hampered the operations of the Port of Houston by initiating an attack that crippled its Web-based systems for hours in the early hours of September 21 2001. This was the result of a misdirected attack by Caffrey against a fellow chat-room user, the prosecution claims.

Caffrey denies a charge of unauthorised computer modification connected with this alleged attack.

Summing up the case at Southwark Crown Court this afternoon, Judge Loraine Smith said that neither side in the case disputed evidence that an attack on the Port of Houston's Web servers originated from Caffrey's computer.

The jury had to decide whether it was Caffrey himself, or unidentified attackers who gained remote access to the teenager's computer, which initiated the attack. The jury also needed to consider who wrote the attack script (IIS Unicode Exploiter – PING DDoS tool, coded by Aaron) found on Caffrey's PC, Judge Smith added.

Trojan wars

Caffrey testified in his defence that evidence against him was planted on his machine by attackers who used an unspecified Trojan to gain control of his PC and launch the assault. However Neil Barrett, an expert witness for the prosecution, testified that Caffrey's computer contained no trace of the tell-tale signs that would be left by such an attack.

Computer logs from the Port of Houston's NT Server enabled police to trace the attack back to a computer in Caffrey’s Dorset home. He was arrested by officers from the Metropolitan Police's Computer Crime Unit, who lead the investigation, in January 2002.

Police recovered attack scripts and the transcript of an IRC conversation dating from around the time of the attack from Caffrey's PC. This transcript formed a key plank in the prosecution case against Caffrey.

Punch drunk love

Excerpts from the transcript show how Caffrey (or someone impersonating him) took exception to anti-American remarks made by an IRC user called Bokkie. Caffrey took particular exception to the remarks because he was "in love" with an American girl, called Jessica, at the time. This allegedly prompted him to take out Bokkie Net connection using an attack tool which, according to the transcripts, had minimal impact on his intended victim.

In court this week, it emerged that Caffrey's relationship with Jessica was an "on/off" cyber relationship and that the pair had never actually met.

Caffrey suffers from Asperger's Syndrome - a mild form of autism – which impairs his ability to concentrate over extended periods, impairs his ability to interact socially and predisposes sufferers to an "excessive preoccupation with a specialised interest".

Judge Smith told the jury to put aside any sympathy for Caffrey that they may have as a result of his condition and to decide the case on the basis of the evidence and testimony put before them during the eight day trial.

The case against Caffrey is one of very few in which a computer crime prosecution has been put before a jury in the UK. In most such cases, the accused enters a guilty plea or (more infrequently) the prosecution abandons its case long before reaching this stage.

Caffrey pleads not guilty to the single charge of unauthorised modifications of a computer contrary to Section 3 of the Computer Misuse Act 1990.

The jury will return to continue its deliberations in the case on Friday. ®

Related Stories

UK teenager accused of 'electronic sabotage' against US port
UK teen in 'elite' hacking group

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.