Remember the Twinkie defense? Well, now there's the Trojan horse defense. That's right: In three recent court cases in the United Kingdom, defendants pleaded not guilty on the basis that someone else put code on their computers (via a Trojan horse) that caused their machines to break the law.
While these cases have no direct bearing on U.S. court cases, they could lead to creative defenses for computer-related crimes in this country as well.
Pornographic Trojan horses
The first two cases involved the downloading of child pornography, while the third concerned a denial-of-service attack that caused real-world economic damage. All three defendants were acquitted.
In one of the child pornography cases, Karl Schofield of Whitley, England,
was cleared of processing 14 images of child pornography on his home PC. In the other, Julian Green of Devon, England,
was acquitted of storing 172 images of child pornography on his system.
The defendants pleaded not guilty on the basis that someone else put code on their computers.
|  |
|
In both cases, computer forensics experts found evidence of Trojan horses on the suspects' hard drives. The rogue code was allegedly deposited there via pop-up advertisements, banner ads, or Internet worms.
The third case involved a U.K. teenager named Aaron Caffrey. U.S. police discovered that his computer
was responsible for the denial-of-service attack that crashed servers at the Port of Houston in October. However, Caffrey claimed that someone else put a Trojan horse on his PC that allowed his system to be controlled remotely. When investigators were unable to find evidence of such a remote-control Trojan, Caffrey claimed the Trojan had automatically erased itself.
Can't fool forensics tools
This seems suspicious to me, if only because Microsoft Windows (the operating system on Caffrey's computer) is notorious for creating duplicates or logs of all data. So either Caffrey was lying, or the authorities who investigated him were inept, as evidence of a Trojan horse should be relatively easy to find. Computer forensics tools, such as Guidance Software's EnCase, can quickly reveal hidden, partial, or even deleted files.
Caffrey also appeared to have access to Trojan horse code and a motive. He admitted he was active in script-kiddie IRC chat rooms, which are rife with code that could shut down remote computers. And he disclosed that he was infatuated with another IRC participant and took offense when another script kiddie sullied the young woman's reputation. Yet, despite his admissions, Caffrey's someone-else-did-it-then-erased-it defense proved good enough for a British jury, which acquitted him last month.
|
Because of this, computer crime investigators need to gain a better understanding of what particular Trojans can and cannot do.
| |
|
It's only a matter of time before someone tries the Trojan horse defense in a U.S. court, most likely in a child pornography case. Because of this, computer crime investigators need to gain a better understanding of what particular Trojans can and cannot do. For example, does a given Trojan facilitate the automatic downloading of pornography, or does it simply track a user's surfing history? Further, lawyers and judges will need to learn how to explain this technical information to jurors, who will ultimately rule on a person's guilt or innocence.
Anti-adware apps
Trojan horses are truly pernicious. I do a good job of keeping my work and home computers secure, yet I still find the occasional rogue file on my hard drive, probably from sites I visit through search engines. Rather than take the chance of having your computer become infected, I recommend not only keeping your antivirus software up-to-date and using a personal firewall, but also running
Spybot Search and Destroy or
Ad-aware 6.0 periodically to remove Trojan horses.
Only by keeping rogue code off of your hard drive will you be certain you'll never have to invoke the Trojan horse defense.
What do you think of the Trojan horse defense? Should it hold up in court? Why or why not? Tell me about it--TalkBack to me!
