Computer hacking trial opens

[InfoSec News <isn () c4i org>]

http://www.nzherald.co.nz/storydisplay.cfm?storyID=198010&thesection=technology&thesubsection=general

03.07.2001 
By PETER GRIFFIN 
technology writer 

A seemingly innocent "Potato" computer game is at the centre of an
internet hacking case that finally went to trial yesterday, after
nearly three years of sporadic proceedings.

Andrew Garrett is accused of using internet passwords, obtained from
customers of Telecom's internet service provider Xtra, to gain free
internet access. The Auckland man faces 10 charges of fraud, forgery,
wilful damage and threatening to damage property.

Opening the Crown's case, prosecutor Helen Gilbert said Garrett used a
simple computer game sent as an e-mail attachment to mask a "Back
Orifice" Trojan program, which infected the computers of Xtra account
holders when they opened the e-mail.

"[For] anyone who opened the e-mail to play the game, Back Orifice
server installed itself on to their computer. On the face of it, it
looked like something you might like to have a play with," she said.

The Crown says the Trojan program allowed Garrett not only to access
internet passwords but to crash users' computers at will and view
everything on their screens.

Jurors were presented with a mass of evidence, compiled when the
police seized Garrett's computer in 1998 and including a series of
computer logs that, the Crown claims, reveal he had access to other
computers.

A characteristic of the virus allegedly used by Garrett also allowed
him to send messages to the account holders whose computers he had
hijacked, the Crown claimed.

That lies at the root of the charge of threatening to damage property.

"I recommend you find another ISP. If you don't, I will format your
hard drive and don't think I can't," a message received by one Xtra
account holder read.

Last June, the prosecution was aborted when two justices of the peace
revealed they were Telecom shareholders and their involvement amounted
to a conflict of interest.

At the root of Garrett's actions, claims the Crown, was his
dissatisfaction with Telecom's decision to cut off his phone lines in
1997, effectively closing the internet business he was running called
The Hive.

"The fact that he had a dispute with Telecom did not give him the
right to take people's passwords," said Ms Gilbert.

She pointed out that Garrett did not have to gain financially to face
fraud charges.

The issue first came to light in November 1998, when Garrett sent the
Herald 200 passwords - proof, he said, that Telecom's internet network
was insecure.

Giving evidence yesterday was John Thackray, former manager of the
police electronic crimes unit, who experimented with a cloned copy of
Garrett's computer hard drive to successfully recreate the virus
attack.

Cross-examining Mr Thackray, defence lawyer Michael Levett pointed to
the fact that the Back Orifice "zip" file found on Garrett's computer
was compressed, and there was no evidence that it had been "unzipped,"
a necessary action for the file to be used maliciously.

The case continues today, when for the first time in a New Zealand
trial, police experts will carry out a simulated hack to recreate how
Garrett could have gained remote access to other computers.




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.