Call for specialist technical judges after teenager is cleared of attack

The acquittal earlier this month of a teenager accused of carrying out a cyberattack on one of the biggest ports in the US has...

The acquittal earlier this month of a teenager accused of carrying out a cyberattack on one of the biggest ports in the US has led industry experts to call for specialist judges to deal with complex technical cases.

Aaron Caffrey was acquitted on 17 October of a charge of unauthorised modification of computer material under the Computer Misuse Act, following a denial of service attack on the port of Houston in Texas.

The jury cleared the 19-year old, accepting his defence that hackers had broken into his PC and used it to launch the attack with a Trojan horse program, planting incriminating evidence at the same time.

Caffrey was acquitted despite evidence from Neil Barrett, technical director at security testing company Information Risk Management, who was an expert witness for the prosecution.

He told the court that, after examining the physical location of data blocks on Caffrey's PC, there was no evidence that the log files had been altered at a later date.

Peter Sommer, head of computer security research at the London School of Economics, said, "The Trojan defence is not a new one, but it normally fails. The prosecution prepared carefully, but occasionally you get rogue decisions."

Richard Starnes, director of incident response for the managed security operations centre atCable & Wireless, said, "The time has come to debate the need for specialist judging panels or juries that would allow for a more complete understanding of the evidence brought forth in technology-based trials."

Starnes warned that the verdict had set a potentially dangerous precedent with regard to hacking cases. "In the future, any defendant charged with such anoffence could attempt to compromise their own system, in order to employ a similar defence in the event of capture," he said.

The Metropolitan Police brought the prosecution and would not comment on the verdict, but police experts have expressed concern that language used in the Computer Misuse Act 1990 does not criminalise denial of service attacks.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.