11,000 IP addresses found on accused hacker's PC
Published: 08 Oct 2003 16:20 BST
More than 11,000 IP addresses of vulnerable servers were found on the computer of a UK teenager that has been accused of launching a DDoS attack responsible for knocking out IT systems at the Port of Houston in Texas, Southwark Crown Court was told on Wednesday.
Aaron Caffrey, whose father is a software engineer and mother is a lecturer in IT, allegedly used a well-known 'Unicode' exploit to take advantage of vulnerabilities in Microsoft's IIS Web server software. His defence counsel has argued that unpatched security holes in Windows enabled someone to use Caffrey's computer to launch the attack.
Southwark Crown Court heard on Wednesday that on Caffrey's computer, which was forensically examined by the Computer Crime Squad three months after the attack took place, there was a file called webservers.txt that listed the IP addresses of 11,608 servers vulnerable to the Unicode exploit.
Cedric d'Ablis, a security architect at Cable and Wireless, gave evidence to the court on Wednesday. He examined Caffrey's computer in October 2002 -- 13 months after the attack took place. D'Ablis told the court that there was no legitimate reason why someone would have a list of IP addresses on their system.
D'Ablis also said that there was no evidence of a third party having accessed Caffrey's computer remotely in order to initiate the DDos attack. "I would expect to find a tool that would allow someone to do this. There are a number of tools but commonly, it would be a Trojan or a Trojan horse. I did not find one," he said.
However, d'Ablis admitted that during his examination of Caffrey's computer, he only looked for open ports and active Trojans. During cross examination, he said that according to the server logs, Caffrey's machine had been "probed regularly" and admitted that it was possible the system could have been compromised, with the attack originating from a remote computer and made to look like it started from Caffrey's system. "Whenever something is installed on a computer, there are always traces of it somewhere on the system. But I did not look for these traces," he said.
The trial was almost adjourned for the day when a juror could not continue listening to evidence after suffering from a serious migraine. The judge, with agreement from the prosecution and defence counsels, agreed to continue with 11 jurors.
The case continues.
Did you find this article useful?
109 out of 181 people found this useful
- Share this article:
Full Talkback thread
5 comments
-
11k IP-s... So what??? What kind of file(s)???..... Anonymous -
who gives a fuck, as long as this kid wasnt using... Anonymous
-
Yea who gives a F*** well i cant see why the cour... P G N
-
i will like you to email me transparent and non tr... koffi
-
Uhm, actually I dont have a comment on this story... Sarah Utley
