Compromised Home Computers Used To Hide... >>
<< eMusic Sold, Gives Up On Unlimited Downloads
 tdicon 


Miscellaneous

by Mike Masnick

Thu, Oct 9th 2003 8:31am





No Evidence That Hacker Was Hacked

from the tracks-covered-too-well dept

It appears that the hacker who was accused of shutting down computers at the Port of Houston is trying to go with the "it wasn't me, it was someone else who hacked my computer" defense made popular by the guy who claimed that a trojan horse program filed his fraudulent tax returns. It appears that defense isn't working in this case, as the prosecution has brought up a witness who points out that there's absolutely no evidence that anyone hacked into the kids machine. Not sure about the details in this particular case, but I imagine we'll still be seeing a lot of people using just such a defense for any sort of computer related crime in the future.

4 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    guess who else will use this ruse

    identicon
    aNonMooseCowherd, Oct 9th, 2003 @ 4:43pm

    If RIAA sues the wrong people, they'll probably use this excuse as well.

    reply to this | link to this | view in thread ]

  2.  

    Forensically sound???

    identicon
    LittleW0lf, Oct 9th, 2003 @ 6:12pm

    This guy's argument about blocks being out of order when logs are edited after the fact is fine, and as far as I can see it is correct. But there are definately ways around this argument though, such as a hacker moving the log, or the victim "defragging" their hard drive.

    Windows logs may be protected from defrags and movement of the files within the OS, but in this case, shouldn't they also be protected from modification after the fact? Seems to me that the defense lawyer might be able to shoot holes through this argument.

    The only way I could truely say something wasn't modified is if they took cryptographically locked checksums of the files and compared them, then they could argue that the attacker didn't modify the logs. Otherwise it is swiss cheese. Not that I don't think the hacker is guilty (ok, so maybe I don't, I do not have all the facts.) However this expert cannot believe that this evidence alone will convience a smart jury, nor will it stand up to ridicule by the competent defense lawyer.

    reply to this | link to this | view in thread ]

  3.  

    As somebody that *has* been used and abused....

    identicon
    Anonymous Coward, Oct 11th, 2003 @ 5:21am

    ...I can't tell you how disconserting it is to hear the investigator say "but that's just a theoretical vulnerability in TCP/IP". Of course this was in the telnet to SSH transition period. Nobody uses telnet any more... still, 6 months after they were still trying to decide if they had a case, explits like hunt and jugernaught began to surface from the underground. Theoretical indeed...

    Computer "evidence" is *extremely* ephemeral and if the computer is connected to the Internet in any way, shape or form...

    Any good professional (and what I mean by "good professional" is that they don't have a record -- not even a FBI case file entry -- and they make a living from their efforts) cracker knows to get a patsy before doing anything that anyone will take any notice of.

    reply to this | link to this | view in thread ]

  4.  

    Re: As somebody that *has* been used and abused...

    identicon
    Anonymous Coward, Oct 11th, 2003 @ 5:23am

    > "but that's just a theoretical vulnerability in TCP/IP". Of course this was in the telnet to SSH transition period. Nobody uses telnet any more...< br>

    ...and nobody is even really sure SSH is completely safe these days either.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Compromised Home Computers Used To Hide... >>
<< eMusic Sold, Gives Up On Unlimited Downloads
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This