Feeds

Jury mulls verdict in UK teen hacking case

Trojan claim

  • alert
  • submit to reddit

Reducing security risks from open source software

The jury in the trial of a UK teen accused of an electronic attack on a major US port retired today to consider its verdict.

Aaron Caffrey, 19, of Shaftesbury, Dorset, allegedly hampered the operations of the Port of Houston by initiating an attack that crippled its Web-based systems for hours in the early hours of September 21 2001. This was the result of a misdirected attack by Caffrey against a fellow chat-room user, the prosecution claims.

Caffrey denies a charge of unauthorised computer modification connected with this alleged attack.

Summing up the case at Southwark Crown Court this afternoon, Judge Loraine Smith said that neither side in the case disputed evidence that an attack on the Port of Houston's Web servers originated from Caffrey's computer.

The jury had to decide whether it was Caffrey himself, or unidentified attackers who gained remote access to the teenager's computer, which initiated the attack. The jury also needed to consider who wrote the attack script (IIS Unicode Exploiter – PING DDoS tool, coded by Aaron) found on Caffrey's PC, Judge Smith added.

Trojan wars

Caffrey testified in his defence that evidence against him was planted on his machine by attackers who used an unspecified Trojan to gain control of his PC and launch the assault. However Neil Barrett, an expert witness for the prosecution, testified that Caffrey's computer contained no trace of the tell-tale signs that would be left by such an attack.

Computer logs from the Port of Houston's NT Server enabled police to trace the attack back to a computer in Caffrey’s Dorset home. He was arrested by officers from the Metropolitan Police's Computer Crime Unit, who lead the investigation, in January 2002.

Police recovered attack scripts and the transcript of an IRC conversation dating from around the time of the attack from Caffrey's PC. This transcript formed a key plank in the prosecution case against Caffrey.

Punch drunk love

Excerpts from the transcript show how Caffrey (or someone impersonating him) took exception to anti-American remarks made by an IRC user called Bokkie. Caffrey took particular exception to the remarks because he was "in love" with an American girl, called Jessica, at the time. This allegedly prompted him to take out Bokkie Net connection using an attack tool which, according to the transcripts, had minimal impact on his intended victim.

In court this week, it emerged that Caffrey's relationship with Jessica was an "on/off" cyber relationship and that the pair had never actually met.

Caffrey suffers from Asperger's Syndrome - a mild form of autism – which impairs his ability to concentrate over extended periods, impairs his ability to interact socially and predisposes sufferers to an "excessive preoccupation with a specialised interest".

Judge Smith told the jury to put aside any sympathy for Caffrey that they may have as a result of his condition and to decide the case on the basis of the evidence and testimony put before them during the eight day trial.

The case against Caffrey is one of very few in which a computer crime prosecution has been put before a jury in the UK. In most such cases, the accused enters a guilty plea or (more infrequently) the prosecution abandons its case long before reaching this stage.

Caffrey pleads not guilty to the single charge of unauthorised modifications of a computer contrary to Section 3 of the Computer Misuse Act 1990.

The jury will return to continue its deliberations in the case on Friday. ®

Related Stories

UK teenager accused of 'electronic sabotage' against US port
UK teen in 'elite' hacking group

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.