No Evidence That Hacker Was Hacked

from the tracks-covered-too-well dept

It appears that the hacker who was accused of shutting down computers at the Port of Houston is trying to go with the "it wasn't me, it was someone else who hacked my computer" defense made popular by the guy who claimed that a trojan horse program filed his fraudulent tax returns. It appears that defense isn't working in this case, as the prosecution has brought up a witness who points out that there's absolutely no evidence that anyone hacked into the kids machine. Not sure about the details in this particular case, but I imagine we'll still be seeing a lot of people using just such a defense for any sort of computer related crime in the future.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    aNonMooseCowherd, 9 Oct 2003 @ 4:43pm

    guess who else will use this ruse

    If RIAA sues the wrong people, they'll probably use this excuse as well.

    link to this | view in thread ]

  2. identicon
    LittleW0lf, 9 Oct 2003 @ 6:12pm

    Forensically sound???

    This guy's argument about blocks being out of order when logs are edited after the fact is fine, and as far as I can see it is correct. But there are definately ways around this argument though, such as a hacker moving the log, or the victim "defragging" their hard drive.

    Windows logs may be protected from defrags and movement of the files within the OS, but in this case, shouldn't they also be protected from modification after the fact? Seems to me that the defense lawyer might be able to shoot holes through this argument.

    The only way I could truely say something wasn't modified is if they took cryptographically locked checksums of the files and compared them, then they could argue that the attacker didn't modify the logs. Otherwise it is swiss cheese. Not that I don't think the hacker is guilty (ok, so maybe I don't, I do not have all the facts.) However this expert cannot believe that this evidence alone will convience a smart jury, nor will it stand up to ridicule by the competent defense lawyer.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 11 Oct 2003 @ 5:21am

    As somebody that *has* been used and abused....

    ...I can't tell you how disconserting it is to hear the investigator say "but that's just a theoretical vulnerability in TCP/IP". Of course this was in the telnet to SSH transition period. Nobody uses telnet any more... still, 6 months after they were still trying to decide if they had a case, explits like hunt and jugernaught began to surface from the underground. Theoretical indeed...

    Computer "evidence" is *extremely* ephemeral and if the computer is connected to the Internet in any way, shape or form...

    Any good professional (and what I mean by "good professional" is that they don't have a record -- not even a FBI case file entry -- and they make a living from their efforts) cracker knows to get a patsy before doing anything that anyone will take any notice of.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 11 Oct 2003 @ 5:23am

    Re: As somebody that *has* been used and abused...

    > "but that's just a theoretical vulnerability in TCP/IP". Of course this was in the telnet to SSH transition period. Nobody uses telnet any more...< br>

    ...and nobody is even really sure SSH is completely safe these days either.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.