Tuesday, 22 May 2012

The Trojan Horse Defense

There is a defense which came up during the year 2003, which is called the "Trojan Horse Defense" which attributes the commission of a cybercrime on a malware, whether a Trojan Horse, virus, worm or other programs in which it has been called such a way because its a defense which can be use over a cybercrime that was based on the operation of a Trojan Horses virus. It has been believed that such virus has a malicious funtionality that includes anything from donwnloading , editing or crushing files, spy's on other users screen to attacking other computers. Thus, this defense are used for crimes related to cyber crime where a virus was involved in it as virus of Trojan Horse are capable of malicious malfuntional by itself even without the presence of the user or the hacker themselves as the virus was programmed to do so. Having a defense that putting the blame over a virus is acceptable to the modern law and many cases of it has been tried over the courts. ( Susan W. Brenner, Brian Carrier, and Jef Henninger "THE TROJAN HORSE DEFENSE IN CYBERCRIME CASES" CERIAS Tech Report 2005-15)

The leading case in which first brought such new defense to the cyber world's attention was on the case of Aaron Caffrey which was basically charged on "carrying out a denial of service attack on the computers of the port of Houston, Texas or in other words hacks them, and causes them to shut down on September 20, 2001, which was less than two weeks after the 9/11 attacks. 

The prosecution submitts that the attack came from Caffrey's laptop computer, but denied by Caffrey that a virus of Trojan Horse whcih was installed on his computer by someone else was doing the attack. However, investigations done by the forensics and yet no trace of Trojan Horse virus was found in the laptop computer. But claimed by the defense that the virus had "self-erased" of its own traces. Caffrey's defense was successfull and the jury acquitted Caffrey and convinced by the defense counsel that "a Trojan Horse armed with a 'wiping tool' was responsible, enabling the computer to launcg teh DoS attack, edit the system's log files, and tehn deletes all traces of the rojan- despite prosecution claims that no such technology existed"

Another case, which came up few months before Caffrey's acquittal was another United Kingdom's case where the defense used the same defence of Trojan Horse in rebutting the prosecutions charge of the plaintiff's, Julian Greene, over possession of child pornography. He was charged over having 172 indecent pictures of children in his computer and also prior to the investigation, 11 Trojan Horse program was also found. Green's attorney argued that the indecent pictures was put or downloaded by the virus to be placed on Greene's computer. Having the chain of custody for the computer did not excludes the possibility of someone else could placed the virus on Greene's computer, thus the prosecution offered no evidence to counter-claims.

Few months prior to this case, similar case came about on UK over another man called Karl Schofield. Forensic experts concludes that in existence of the Trojan Horse programs  on his computer, thus the same indecent children pictures that was found on his computer was also viewed as was placed by the same malicious programs.

A different case which is important to be highlighted upon was the case of Eugene Pitts on the United States where he was prosecuted on nine counts of tax evasion and filing fraudulent tax returns with the Alabama state revenue department. Pitts asserting that the errors was actually the result of a virus that he did not aware of until after the stat revenue investigators alerted him in 2000 of problems with his personal and corporate returns. Pitts then acquitted of all charges by the jury.

The common thing about these four cases was that this defense was almost the same with the defense of SODDI which stands for  "Some Other Dude Did It". In which in this defense, when someone raises it, he or she concedes that the crime was not not done by him or her but blames it on someone else unknown to him and others. This defense was particularly viewed sceptically, because jurors usually understands hwo the real-world works. Serene said that the SODDI defense was actually much more successfull in the cybercrime cases because it involves things in which most jurors dont understand enough to buy claims of caffrey's about being framed by self-erasing Trojan Horse Program.

Thus for a THD to be convinced to the jury, all the defense have to do is to present credible evidence that would let a 'reasonable juror' finds that the crime was done by someone else according to the SODDI defense which was the crime was done by someone else.  Then, the prosecution must rebut the defense by proving that it was beyond reasonable doubt that it was the defendant who done it not Some Other Dude Using a Trojan Horse. The prosecution however still available to ponder around proving a negative argument where : it was not Some Other Dude Using a Trojan Horse prgram who done it. Yet, doing this is not easy to do so. This part of the case comes from one of the expert witnesses :

" I was one of the prosecution expert witnesses in the case of Aaron Caffrey. His computer was used to launch a distributed denial-of-service (DoS) attack. One of the computers used for the DoS attack belonged to the Port of Houston, and it crashed as a result of the DoS script intrusion. On Caffrey’s computer there were IRC logs in which he apparently discussed the launching and probable effect of the DoS attack; there was the DoS script itself; and there were logs of the program being run. It seemed an open and shut case, in which a love-struck 17-year-old defended his American girlfriend’s honour by responding to insulting IRC behaviour by launching a DoS attack. 
 . . . . 
I analysed the seized computer and found no viruses or Trojan programs infecting any of the applications loaded on it. There was no evidence of any backdoor services having been enabled; there was no evidence of any logs having been altered; there was no evidence of any vulnerable services that could have been used to hack into the computer; and there was no trace of any secure deletion tool having been used. In short, there was no evidence that the computer had ever been remotely controlled. Though the defence effectively claimed a big boy did it and ran away, I could find no footprints where I would expect to have found them. Caffrey’s defence was that such footprints could have been completely erased; the prosecution’s assertion was that it is not possible to erase all the footprints, and that the attempt to do so would leave distinctive remains. For the defence, no computer expert witness was called to offer support to the claim. Caffrey himself served as his own expert witness. Despite no evidence beyond Caffrey’s assertion that running programs could delete themselves without a trace, the jury found him not guilty. This leaves the prosecution of computer crime in the UK in a difficult position. Every case will now offer the defence of an untraceable Trojan horse program having been responsible. As a result of this decision, internet paedophiles and careless hackers have been offered a “get out of jail free” card 
that we will have to work very hard to counter. We will have to find better ways of presenting our arguments and of explaining how computers work - it’s not going to be easy, but it is going to be necessary."

Therefore according to statement which was given, such defense will proven to be a difficulties to the prosecution at the later date as it involves with such a complex mechanism of programs and the explanation of it must be carry out in a laypeople's term so that everyone could understand it. Blaming a Trojan Horse virus is a new thing in the eyes of the law. For a computer program to done a cybercrime and appears to be framing other people that does it, is not impossible. However I do believe that blaming alone the Trojan Horse virus may not be sufficient to achieve justice as there are more things that should be done, that is, tracking the hacker behind these Trojan Horse virus which are doing more and more cyber crimes in the internet world. Although unfeasible as of right now, but possible to be done in the future in order to track the hackers more efficiently to tackle the increasing rate of cybercrimes.  However, it is significant as of right now, that the law finally recognized of such malicious computer program of Trojan Horse Virus that the defense of it was created prior to the case of Aaron Caffrey. With this, we can see that the law are developing following the flow of modern times of the computer world and one day, a universal statute or provision can be made over the usage of programs on the internet to curb more efficiently of problems brought by Trojan Horses viruses.

1 comment: