The "I was hacked" defense worked again!

Subject: The "I was hacked" defense worked again!
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Fri, 17 Oct 2003 17:03:48 -0400
Content-Type: multipart/alternative; boundary="=====================_13304968==.ALT"

re: http://www.msnbc.com/news/981726.asp?0dm=C15PT

"A British court cleared a teenager Friday of hacking into the computer of the U.S. port of Houston ..."

"Caffrey had insisted that, although the infiltration was triggered from his computer, he was not behind it. He testified as an expert in his own defense, arguing that a hacker could have taken over his machine to mount the attack."

This is the 2nd time I am aware of the "I may have been hacked" defense being successful.

If you are expecting your organizational security controls to be effective in constraining the malicious efforts of a computer savvy employee - well perhaps you should think again :-).

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

Prev by Date: MS vulnerabilities - now coming 5 at a time
Next by Date: Ex-cybersecurity czar Clarke issues gloomy report card
Prev by thread: Ex-cybersecurity czar Clarke issues gloomy report card
Next by thread: MS vulnerabilities - now coming 5 at a time

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov