Full Text

I. INTRODUCTION

Aaron Caffrey walked free from Southwark Crown Court last week after being cleared of launching a DdoS attack on one of the busiest ports on the United States, even though both the prosecution and defense agreed that Caffrey's machine was responsible for launching the attack.1

The "Trojan horse defense" surfaced in 2003 in several cybercrime cases brought in the United Kingdom. A Trojan horse program, a variety of malware,2 is "a program that appears to have some useful or benign purpose, but really masks some hidden malicious functionality."3 Malicious functionality could include anything from downloading contraband files to attacking other computers.

In what is perhaps the best-known of these cases, nineteen-year-old Aaron Caffrey was charged with "carrying out a denial of service attack on the computers of the port of Houston, Texas on September 20, 2001-less than two weeks after the 9/11 attacks."4 The attack froze the port's Webserver. The denial of service attack,

which was traced to a computer at Caffrey's home by U.S. police, was allegedly aimed at taking a South African chatroom user called 'Bokkie' offline after she had made comments on IRC attacking the United States. Caffrey allegedly took offense at the comments because his girlfriend at the time, Jessica, was American.

Caffrey admitted Jessica was his girlfriend at the time but denied any knowledge of the attacks.7 At trial, Caffrey admitted being "a member of a hacker group called Allied Haxor Elite"8 but claimed the evidence against him

was planted on his machine by attackers who used an unspecified Trojan [horse program] to gain control of his PC and launch the assault.

A forensic examination of Caffrey's PC found attack tools but no trace of Trojan infection.

The case therefore hinged on whether the jury accepted the defence argument that a Trojan could wipe itself or expert testimony from the prosecution that no such technology existed.

While the prosecution was reportedly confident as to the strength of its case,10 the jury acquitted Caffrey-who faced up to three years in prison-after deliberating for only a few hours.11 The defense counsel apparently convinced the jurors that "a [T]rojan horse armed with a 'wiping tool' was responsible, enabling the computer to launch the DoS attack, edit the system's log files,...