27 Oct 2003
A teenager was this month acquitted of causing a denial-of-service attack, after he argued that his computer was hijacked. The verdict has raised concerns that firms could find their own computers are vulnerable to such interference.
Aaron Caffrey appeared at Southwark Crown Court charged with launching a denial-of-service attack that crippled a US port's IT systems. Caffrey argued that a Trojan program was planted on his computer by a third party and was used to launch the attack without his knowledge.
Although forensic experts said they found no evidence of a Trojan infection, Caffrey argued that he had been the victim of a self-wiping backdoor program.
The defence argument should serve as a warning to firms of the very real risk that their systems could be hijacked by malicious users, according to David Williamson, UK sales director for managed security services provider Ubizen. "A significant number of machines have been compromised, research has shown," he said. "But it can be difficult to locate someone who is using your machine without your knowledge."
Earlier this year a man was acquitted of child pornography charges after experts for the defence proved that a Trojan program had downloaded illegal images without his knowledge.
Williamson advised companies to use tools to carry out thorough scans of systems, specifically looking for hidden software installations. "They won't be discovered by ordinary antivirus or network scanning tools," he added.
The Caffrey case has also refreshed concerns about whether UK law is equipped to deal with denial-of-service attacks. Caffrey was tried under the Computer Misuse Act (CMA) 1990, which security and legal experts have often said should be updated.
Rupert Battcock, an IT lawyer at law firm Nabarro Nathanson, said while there could be an argument for looking at the status of some types of attack - particularly distributed denial-of-service attacks - the outcome of this case was unlikely to prompt a review of the CMA. This was because Caffrey's acquittal was based on the argument that the defendant's computer had been hijacked, rather than because denial-of-service attacks were beyond the scope of this particular law, Battcock added.
Have your say on this article
Newsletters
Latest stories from Hacking
You may also like
Hacking jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
