Managers seek Trojans

Hacker case raises concerns about hidden programs

Written by Madeline Bennett

IT Week, 27 Oct 2003

A teenager was this month acquitted of causing a denial-of-service attack, after he argued that his computer was hijacked. The verdict has raised concerns that firms could find their own computers are vulnerable to such interference.

Aaron Caffrey appeared at Southwark Crown Court charged with launching a denial-of-service attack that crippled a US port's IT systems. Caffrey argued that a Trojan program was planted on his computer by a third party and was used to launch the attack without his knowledge.

Advertisement

Although forensic experts said they found no evidence of a Trojan infection, Caffrey argued that he had been the victim of a self-wiping backdoor program.

The defence argument should serve as a warning to firms of the very real risk that their systems could be hijacked by malicious users, according to David Williamson, UK sales director for managed security services provider Ubizen. "A significant number of machines have been compromised, research has shown," he said. "But it can be difficult to locate someone who is using your machine without your knowledge."

Earlier this year a man was acquitted of child pornography charges after experts for the defence proved that a Trojan program had downloaded illegal images without his knowledge.

Williamson advised companies to use tools to carry out thorough scans of systems, specifically looking for hidden software installations. "They won't be discovered by ordinary antivirus or network scanning tools," he added.

The Caffrey case has also refreshed concerns about whether UK law is equipped to deal with denial-of-service attacks. Caffrey was tried under the Computer Misuse Act (CMA) 1990, which security and legal experts have often said should be updated.

Rupert Battcock, an IT lawyer at law firm Nabarro Nathanson, said while there could be an argument for looking at the status of some types of attack - particularly distributed denial-of-service attacks - the outcome of this case was unlikely to prompt a review of the CMA. This was because Caffrey's acquittal was based on the argument that the defendant's computer had been hijacked, rather than because denial-of-service attacks were beyond the scope of this particular law, Battcock added.

Tags:

Further reading

Related articles

Related whitepapers

Related jobs

Do you agree?

Have your say on this article

IT white papers

Search vnunet IThound

Top categories

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Watch

Shaun Nichols

19 Dec 2008

2.93 MBPodcast Special: Views from the Valley More...

Podcast image

18 Dec 2008

17.6 MBComputing podcast - the highlights of 2008 More...

Shaun Nichols and Iain Thomson

15 Dec 2008

4.98 MBPodcast Special: Views from the Valley More...

Listen to more

Poll

Communications super-database

Communications super-database

Should the government be allowed to track our emails and internet use?

Previous poll results

Spotlight

CES logo

CES 2009 preview

vnunet.com looks at what is in store for delegates at...  More...

Lotus Notes

IBM unveils Lotus Notes 8.5

Collaboration suite beefs up Mac support and cuts email storage...  More...

Asus Eee Top

Review: Asus Eee Top ET1602 PC

A compact, touchscreen desktop PC best suited for basic computing...  More...

Moto W233 Renew

Motorola launches eco-friendly mobile phone

Moto W233 Renew handset is made out of recycled water...  More...

Primary Navigation