Must Read: Galaxy Note 8.0 tablet: Beating the iPad mini (review)

Topic: Security

Accused port hacker says log files were 'edited'

Summary: A teenager accused of launching an attack on one of the US's biggest ports has claimed flaws in Windows allowed the real attacker to frame him

Munir Kotadia

By Munir Kotadia |

A UK teenager accused of launching a distributed denial of service (DDoS) attack on a major US port has said a flaw in Windows allowed hackers to take control of his machine and launch the attack without his knowledge.

In his interview with the police, which was read out in court on Tuesday, Aaron Caffrey said: "My OS supports remote admin and remote assistance. At that time, the patches were not available. Anyone could control it. Windows Media Player was also unpatched."

Caffrey added: "Someone has edited those log files. just because something says something, it doesn't mean it happened. My machine was hackable. They have planted it or added to it."

On Wednesday, the trial's second day, the defence counsel for Aaron Caffrey started questioning Detective Constable Stunt, a member of the Computer Crime Squad that forensically examined Caffery's computer in January 2002, which was around three months after the Port of Houston in Texas was attacked.

Southwark Crown Court heard that it was possible for someone to take control of the defendant's computer because of critical vulnerabilities in Microsoft's Windows operating system. Stunt said that although he was not aware of any specific vulnerability, he admitted that Microsoft does have security problems. "There are thousands of [security bulletins] and Microsoft issues numerous patches on a daily basis," he said.

The court heard that police examinations of Caffrey's machine recovered log files of a chatroom conversation that recorded the exact moment the attack took place. But the defence argued that if a vulnerability exists, the log files could easily have been changed by someone who had accessed the system remotely.

The defence counsel asked Stunt if it was possible to cut some text from one log file and paste it into another log file from a remote computer. Stunt dismissed the idea: "Remotely, the answer would be no. It is impossible, the technology does not exist," he said.

The case continues.

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Contact

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • To quote the article.

    "The defence counsel asked Stunt if it was possible to cut some text from one log file and paste it into another log file from a remote computer. Stunt dismissed the idea: "Remotely, the answer would be no. It is impossible, the technology does not exist," he said."

    The Detective is wrong in his assesment of of being able to cut and paste via remote desktop through Windows XP's Remote Desktop Connection.

    This is from experience I run 3 game servers and I have to constantly look at and edit the log files. I 'm capable of cutting and pasting information from my personal computer to my servers via Remote Desktop. This process is not very complicated and is easy enough for a child to do it.
    anonymous
    Reply Vote
  • If the hacker was running as Adminitrator or any account in the Administrators group (not hard to accomplish in this scenario), then editing the logs is hard but not impossible.

    Although Windows protects its log files from being edited, it does not adequitely protect device access to the disk upon which they reside (accessed by opening \\.\PHYSICALDRIVE0).

    Please remember, hackers do not pass out their best tools.
    anonymous
    Reply Vote
  • "It is impossible".
    Now, THAT was a very dangerous statement to make nowadays.
    If you compromise the victim
    anonymous
    Reply Vote
  • The comment from the Detective about it being impossible to cut text and paste it into a log file remotely is absolutely NOT TRUE!! We do it every day for maintenance reasons. We cut text from a log file and paste it into a remote text document so our developers can search through errors and report on them. So I hope the court will find that it is not an impossible feat. Especially with MS products. Remote Desktop Client allows cutting text and pasting it somewhere else with no problem.
    anonymous
    Reply Vote
  • I think that the log files might have been edited.
    I'm having the same problem as Mr. Caffrey, some one took control remotely over my PC and emailed some nude pictures ro my ex-boss, and they've got me in court for that.
    indeed they should have sued Microsoft for its Windows.
    anonymous
    Reply Vote
  • There are lots of methods, the person who stated this is seriously incorrect...
    anonymous
    Reply Vote
  • Aaron is right... this stuff can happen, and the guy who said its impossible must be uneducated on what hes stating.
    anonymous
    Reply Vote
  • Has "Inspector" (DC) Stunt *ever* heard of malware known as "rootkit"s?... If not, what kind of "expert" is he?...

    Is Stunt even qualified to detect a rootkit?... Does he know what rootkits can do?...

    As reported by ZDUK, the seriously uninformed statements made in court by the prosecution's "expert witnesses" should immediately call into question the forensic skills and InfoSec experience of these so-called "experts."

    These experts are, at best, stupifyingly ignorant or, at worst, manufacturing a case in order to railroad a conviction...

    All aboard!!!...
    anonymous
    Reply Vote
  • Does the UK have the equivalent of an amicus curiae brief?
    To Do List:
    1.Someone needs to write the judge in this case and set the record straight.
    2.The UK needs to re-evaluate their expert witness evaluation criteria.
    3.Mr Stunt needs to be removed from his current position as he is a danger to himself and others.
    anonymous
    Reply Vote
  • Hmmm I like using "pipe" works in Unix and Windoze - touch does a nice job on the file date too....
    anonymous
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close