No Evidence That Hacker Was Hacked

from the tracks-covered-too-well dept

It appears that the hacker who was accused of shutting down computers at the Port of Houston is trying to go with the “it wasn’t me, it was someone else who hacked my computer” defense made popular by the guy who claimed that a trojan horse program filed his fraudulent tax returns. It appears that defense isn’t working in this case, as the prosecution has brought up a witness who points out that there’s absolutely no evidence that anyone hacked into the kids machine. Not sure about the details in this particular case, but I imagine we’ll still be seeing a lot of people using just such a defense for any sort of computer related crime in the future.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No Evidence That Hacker Was Hacked”

Subscribe: RSS Leave a comment
LittleW0lf says:

Forensically sound???

This guy’s argument about blocks being out of order when logs are edited after the fact is fine, and as far as I can see it is correct. But there are definately ways around this argument though, such as a hacker moving the log, or the victim “defragging” their hard drive.

Windows logs may be protected from defrags and movement of the files within the OS, but in this case, shouldn’t they also be protected from modification after the fact? Seems to me that the defense lawyer might be able to shoot holes through this argument.

The only way I could truely say something wasn’t modified is if they took cryptographically locked checksums of the files and compared them, then they could argue that the attacker didn’t modify the logs. Otherwise it is swiss cheese. Not that I don’t think the hacker is guilty (ok, so maybe I don’t, I do not have all the facts.) However this expert cannot believe that this evidence alone will convience a smart jury, nor will it stand up to ridicule by the competent defense lawyer.

Anonymous Coward says:

As somebody that *has* been used and abused....

…I can’t tell you how disconserting it is to hear the investigator say “but that’s just a theoretical vulnerability in TCP/IP”. Of course this was in the telnet to SSH transition period. Nobody uses telnet any more… still, 6 months after they were still trying to decide if they had a case, explits like hunt and jugernaught began to surface from the underground. Theoretical indeed…

Computer “evidence” is *extremely* ephemeral and if the computer is connected to the Internet in any way, shape or form…

Any good professional (and what I mean by “good professional” is that they don’t have a record — not even a FBI case file entry — and they make a living from their efforts) cracker knows to get a patsy before doing anything that anyone will take any notice of.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...