Aaron Caffrey, the 19-year-old who faced trail at
Southwark crown court last week, was accused of hacking into the
computer system of the second biggest port in the US.
The denial of service attack, which came shortly after 11
September, exploited a security loophole that had been well
publicised for almost a year.
Oil tankers and other ships entering the port of Houston were
placed at serious risk after a denial of service attack launched
from Caffrey's home computer halted a website which was carrying
vital navigational data used by shipping pilots.
The website carried data on weather, tides, and water depths.
Without access to the site, there could have been "catastrophic
consequences to life and limb" the court heard.
Detectives from Scotland Yard's computer crime unit found
software on Caffrey's PC designed to exploit a security
vulnerability in Microsoft's Internet Information Server software
during a raid on Caffrey's parents' house in January 2002.
The custom-written software exploited a vulnerability in servers
using Microsoft software that had been publicised for a year before
Caffrey allegedly launched his denial of service attack, it has
emerged.
The port of Houston could have protected itself by ensuring its
servers had been patched with the latest Microsoft updates.
Paul Addison, for the prosecution, told the court that Caffrey
had used Unicode software to launch a distributed denial of service
attack against a girl called Bokkie he had met on an online chat
service.
The software allegedly took control of an undisclosed number of
servers with the Unicode vulnerability, including the port of
Houston server, and used them to flood the girl's computer with
thousands of electronic messages or "pings".
Systems logs for 20 September identified Caffrey's IP address
and the IP address of his target.
Caffrey denied breaching the Computer Misuse Act. He told police
that hackers had broken into his PC and used a Trojan programme to
launch the attack and plant incriminating evidence.