Trojan horse defense

Last updated

The Trojan horse defense is a technologically based take on the classic SODDI defense, believed to have surfaced in the UK in 2003. [1] The defense typically involves defendant denial of responsibility for (i) the presence of cyber contraband on the defendant's computer system; or (ii) commission of a cybercrime via the defendant's computer, on the basis that a malware (such as a Trojan horse, virus, worm, Internet bot or other program) [2] or on some other perpetrator using such malware, was responsible for the commission of the offence in question. [3]

Contents

A modified use of the defense involves a defendant charged with a non-cyber crime admitting that whilst technically speaking the defendant may be responsible for the commission of the offence, he or she lacked the necessary criminal intent or knowledge on account of malware involvement. [4]

The phrase itself is not an established legal term, originating from early texts by digital evidence specialists [5] referring specifically to trojans because many early successful Trojan horse defenses were based on the operation of alleged Trojan horses. [6] Due to the increasing use of Trojan programs by hackers, and increased publicity regarding the defense, its use is likely to become more widespread. [7]

Excluding offences of strict liability, criminal law generally requires the prosecution to establish every element of the actus reus and the mens rea of an offence [8] together with the "absence of a valid defence". [9] Guilt must be proved, and any defense disproved, [8] beyond a reasonable doubt. [10]

In a trojan horse defense the defendant claims he did not commit the actus reus. [11] In addition (or, where the defendant cannot deny that they committed the actus reus of the offence, then in the alternative) the defendant contends lack of the requisite mens rea as he "did not even know about the crime being committed". [12]

With notable exception, [13] the defendant should typically introduce some credible evidence that (a) malware was installed on the defendant's computer; (b) by someone other than the defendant; (c) without the defendant's knowledge. [14] Unlike the real-world SODDI defense, the apparent anonymity of the perpetrator works to the advantage of the defendant. [15]

Prosecution rebuttal of the defense

Where a defense has been put forward as discussed above, [16] the prosecution are essentially in the position of having to "disprove a negative" [17] by showing that malware was not responsible. This has proved controversial, with suggestions that "should a defendant choose to rely on this defense, the burden of proof (should) be on that defendant". [18] If evidence suggest that malware was present and responsible, then the prosecution need to seek to rebut the claim of absence of defendant requisite mens rea.

Much will depend on the outcome of the forensic investigative process, together with expert witness evidence relating to the facts. Digital evidence such as the following may assist the prosecution in potentially negating the legal or factual foundation of the defense by casting doubt on the contended absence of actus reus and/or mens rea: [19] -

Such properly obtained, processed and handled digital evidence may prove more effective when also combined with corroborating non-digital evidence [25] for example (i) that the defendant has enough knowledge about computers to protect them; and (ii) relevant physical evidence from the crime scene that is related to the crime. [26]

The role of computer forensics

Whilst there is currently "no established standard method for conducting a computer forensic examination", [27] the employment of digital forensics good practice and methodologies in the investigation by computer forensics experts can be crucial in establishing defendant innocence or guilt. [28] This should include implementation of the key principles for handling and obtaining computer based electronic evidence - see for example the (ACPO) Good Practice Guide for Computer-Based Electronic Evidence. [29] Some practical steps should potentially include the following:-

Cases involving the Trojan Horse Defense

There are different cases where the Trojan horse defense has been used, sometimes successfully. Some key cases include the following:-

Regina v Aaron Caffrey (2003) [32] :

The first heavily publicised case involving the successful use of the defense, [33] Caffrey was arrested on suspicion of having launched a Denial of Service attack against the computer systems of the Port of Houston, [34] causing the Port's webserver to freeze [35] and resulting in huge damage being suffered on account of the Port's network connections being rendered unavailable [36] thereby preventing the provision of information to "ship masters, mooring companies, and support companies responsible for the support of ships saling and leaving the port". [36] Caffrey was charged with an unauthorised modification offence under section 3 of the Computer Misuse Act 1990 (section 3 has since been amended by the Police and Justice Act 2006 creating an offence of temporary impairment.

The prosecution and defense agreed that the attack originated from Caffrey's computer. [37] Whilst Caffrey admitted to being a "member of a hacker group", [38] Caffrey's defense claimed that, without Caffrey's knowledge, [39] attackers breached his system [36] and installed "an unspecified Trojan...to gain control of his PC and launch the assault" [40] and which also enabled the attackers to plant evidence on Caffrey's computer.

No evidence of any trojan, backdoor services or log alterations were found on Caffrey's computer. [41] However evidence of the Denial of Service script itself was found with logs showing the attack program has been run. Incriminating chat logs were also recovered. [42] Caffrey himself testified that a Trojan horse "armed with a wiping tool" [43] could have deleted all traces of itself after the attack. Despite expert testimony that no such trojans existed, the jury acquitted Caffrey. [44]

The case also raises issues regarding digital forensics best practice as evidence may have been destroyed when the power to Caffrey's computer was terminated by investigators. [45]

Julian Green (2003): [46] A United Kingdom-based case, Julian Green was arrested after 172 indecent pictures of children were found on Green's hard drive. [47] The defense argued that Green had no knowledge of the images on his computer and that someone else could have planted the pictures. Green's computer forensics consultant identified 11 Trojan horses on Green's computer, which in the consultant's expert witness testimony, were capable of putting the pornography on Green's computer without Green's knowledge or permission. [47] The jury acquitted Green of all charges after the prosecution offered no evidence at Exeter Crown Court, due to their failure to prove that Green downloaded the images onto the computer. [47]

The case also raises issues related to the evidential chain of custody, as the possibility of evidence having been planted on Green's computer could not be excluded. [48]

Karl Schofield (2003) [49] :

Karl Schofield was also acquitted by using the Trojan horse defense. He was accused of creating 14 indecent images of children on his computer but forensic testimony was given by a defense expert witness that a Trojan horse had been found on Schofield's computer [47] and that the program was responsible for the images found on the computer [50] Prosecutors accepted the expert witness testimony and dismissed the charges, concluding they could not establish beyond a reasonable doubt that Schofield was responsible for downloading the images. [51]

Eugene Pitts (2003) :

A US-based case involving an Alabama accountant who was found innocent of nine counts of tax evasion and filing fraudulent personal and business state income tax returns with the Alabama state revenue department. [28] The prosecution claimed he knowingly underreported more than $630,000 in income over a three-year period and was facing a fine of $900,000 and up to 33 years in prison. [51] Pitts apparently had previously been accused in preceding years of under reporting taxes. [33] Pitts argued that a computer virus was responsible for modifying his electronic files resulting in the under-reporting the income of his firm, [33] and that the virus was unbeknown to him until investigators alerted him. [52] State prosecutors noted that the alleged virus did not affect the tax returns of customers, which were prepared on the same machine. [28] The jury acquitted Pitts of all charges. [50]

The future of the defense

Increased publicity, increased use

As the defense gains more publicity, its use by defendants may increase. This may lead to criminals potentially planting Trojans on their own computers and later seeking to rely on the defense. Equally, innocent defendants incriminated by malware need to be protected. Cyberextortionists are already exploiting the public's fears by "shaking down" [53] victims, extorting payment from them failing which the cyber-criminals will plant cyber-contraband on their computers. [54]

As with many criminal offences, it is difficult to prevent the problematic matters that arise during the term of the investigation. For example, in the case of Julian Green, before his acquittal, he spent one night in the cells, nine days in prison, three months in a bail hostel and lost custody of his daughter and possession of his house. [55] In the following case of Karl Schofield, he was attacked by vigilantes following reports of his arrest, lost his employment and the case took two years to come to trial. [55]

Appropriate digital forensic techniques and methodologies must be developed and employed which can put the "forensic analyst is in a much stronger position to be able to prove or disprovea backdoor claim". [54] Where applied early on in the investigation process, this could potentially avoid a reputationally damaging trial for an innocent defendant.

Juries

For a layman juror, the sheer volume and complexity of expert testimonies relating to computer technology, such as Trojan horse, could make it difficult for them to separate facts from fallacy. [56] It is possible that some cases are being acquitted since juror are not technologically knowledgeable. One possible suggested method to address this would involve be to educate juries and prosecutors in the intricacies of information security [18]

Mobile Technology

The increasing dominance of Smart Device technology (combined with consumer's typically lax habits regarding smart device security [57] ) may lead to future cases where the defense is invoked in the context of such devices [58]

Government Trojans

Where the use of Government Trojans results in contraband on, or commission of a cybercrime via, a defendant's computer, there is a risk that through a gag order (for example a US National security letter) the defendant could be prevented from disclosing his defense, on national security grounds. The balancing of such apparent national security interests against principles of civil liberties, is a nettle which, should the use of government trojans continue, [59] may need to be grasped by Legislatures in the near future.

See also

Related Research Articles

The insanity defense, also known as the mental disorder defense, is an affirmative defense by excuse in a criminal case, arguing that the defendant is not responsible for their actions due to an episodic psychiatric disease at the time of the criminal act. This is contrasted with an excuse of provocation, in which the defendant is responsible, but the responsibility is lessened due to a temporary mental state. It is also contrasted with a finding that a defendant cannot stand trial in a criminal case because a mental disease prevents them from effectively assisting counsel, from a civil finding in trusts and estates where a will is nullified because it was made when a mental disorder prevented a testator from recognizing the natural objects of their bounty, and from involuntary civil commitment to a mental institution, when anyone is found to be gravely disabled or to be a danger to themself or to others.

<span class="mw-page-title-main">Malware</span> Malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Cybercrime</span> Term for an online crime

A cybercrime is a crime that involves a computer or a computer network. The computer may have been used in committing the crime, or it may be the target. Cybercrime may harm someone's security or finances.

The compilation of a unified list of computer viruses is made difficult because of naming. To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software compile and publish lists of viruses. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names denote the same virus.

<span class="mw-page-title-main">Computer forensics</span> Branch of digital forensic science

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

<span class="mw-page-title-main">Crimeware</span> Class of malware designed specifically to automate cybercrime

Crimeware is a class of malware designed specifically to automate cybercrime.

<span class="mw-page-title-main">Digital forensics</span> Branch of forensic science

Digital forensics is a branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices, often in relation to mobile devices and computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.

The following outline is provided as an overview of and topical guide to forensic science:

State of Connecticut v. Julie Amero is a court case in the 2000s concerning Internet privacy and DNS hijacking. The defendant in the case, Julie Amero, a substitute teacher, was previously convicted of four counts of risk of injury to a minor, or impairing the morals of a child, as the result of a computer that was infected with spyware and DNS hijacking software; the conviction was vacated on appeal.

Computational criminology is an interdisciplinary field which uses computing science methods to formally define criminology concepts, improve our understanding of complex phenomena, and generate solutions for related problems.

<span class="mw-page-title-main">Network forensics</span>

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.

<span class="mw-page-title-main">Digital forensic process</span>

The digital forensic process is a recognized scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings. The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.

Eoghan Casey is a digital forensics professional, researcher, and author. Casey has conducted a wide range of digital investigations, including data breaches, fraud, violent crimes, identity theft, and on-line criminal activity. He is also a member of the Digital/Multimedia Scientific Area Committee of the Organization for Scientific Area Committees. He helps organize the digital forensic research DFRWS.org conferences each year, and is on the DFRWS Board of Directors. He has a B.S. in Mechanical Engineering from the University of California, Berkeley, an M.A. in Educational Communication and Technology from New York University, and a Ph.D. in Computer Science from University College Dublin.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced. No matter, in developing or developed countries, governments and industries have gradually realized the colossal threats of cybercrime on economic and political security and public interests. However, complexity in types and forms of cybercrime increases the difficulty to fight back. In this sense, fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale. China–United States cooperation is one of the most striking progress recently, because they are the top two source countries of cybercrime.

DPP v Lennon is the first reported criminal case in the U.K. concerning so-called "denial of service" (DoS) attacks. The appeal court found that DoS attacks constituted an offence of unauthorised modification under s. 3 of the Computer Misuse Act 1990 (CMA) and thus clarified the law regarding DoS.

High Technology Crime Investigation Association (HTCIA) is an international non-profit professional organization devoted to the prevention, investigation, and prosecution of crimes involving advanced technologies. Author and cybercrime expert, Christopher Brown, described HTCIA as "one of the largest and most respected" associations of its kind.

OdaTV(also known as Odatv.com, Odatv or odaTV), an online news portal based in Turkey, was founded in 2007. It is one of the most followed news portals in Turkey and according to the Alexa statistics, it is the 119th most visited website in the country.

<span class="mw-page-title-main">Microsoft Digital Crimes Unit</span>

The Microsoft Digital Crimes Unit (DCU) is a Microsoft sponsored team of international legal and internet security experts employing the latest tools and technologies to stop or interfere with cyber crime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in Redmond, Washington. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include lawyers, data scientists, investigators, forensic analysts, and engineers. The DCU has international offices located in major cities such as: Beijing, Berlin, Bogota, Delhi, Dublin, Hong Kong, Sydney, and Washington, D.C. The DCU's main focuses are child protection, copyright infringement and malware crimes. The DCU must work closely with law enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.

Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity. Malware of this type is designed to work in-memory, so its existence on the system lasts only until the system is rebooted.

William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.

References

  1. Bowles, S., Hernandez-Castro, J., "The first 10 years of the Trojan Horse defence", Computer Fraud & Security, January 2015, Vol.2015(1), pp.5-13, page 5
  2. 1 2 3 Steel, C.M.S, "Technical SODDI Defences: the Trojan Horse Defence Revisited", DFSL V9N4 (http://ojs.jdfsl.org/index.php/jdfsl/article/viewFile/258/236)
  3. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), p.1
  4. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 18. See the case of Eugene Pitts (2003)
  5. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 2
  6. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.11.
  7. Kao,DY., Wang, SJ., Huang, F., 'SoTE:Strategy of Triple-E on solving Trojan defense in Cyber-crime cases' (2010) Computer Law and Security Review 26, p.55.
  8. 1 2 Laird, K., Ormerod, D., "Smith and Hogan's Criminal Law" 14th Edition, page 59
  9. Laird, K., Ormerod, D., "Smith and Hogan's Criminal Law" 14th Edition, p.59 citing Landham, D., [1976] Crim LR 276
  10. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 12
  11. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, pages 16-17
  12. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 4
  13. 1 2 See for example Regina v Aaron Caffrey, Southwark Crown Court, 17 October 2003
  14. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 18
  15. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 17
  16. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 14
  17. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 14
  18. 1 2 Starnes, R., "The Trojan Defence", Network Security, Volume 2003, Issue 12, December 2003, page 8
  19. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 26
  20. Ghavalas, B., Philips, A., "Trojan defence: A forensic view part II", Digital Investigation (2005) 2, 133-136, page 134
  21. Overill, R.E., Siloman, J.A.M., "A Complexity Based Forensic Analysis of the Trojan Horse Defence", 2011 Sixth International Conference on Availability, Reliability and Security, Aug. 2011, pp.764-768, page 765
  22. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 7
  23. Steel, C.M.S, "Technical SODDI Defences: the Trojan Horse Defence Revisited", DFSL V9N4, page 51
  24. Haagman, D., Ghavalas, B., "Trojan defence: A forensic view", Digital Investigation (2005) 2, pp.23-30, page 28
  25. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 6
  26. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 47
  27. Carney, M., Rogers, M., "The Trojan Made Me Do it: A First Step in Statistical Based Computer Forensics Reconstruction", International Journal of Digital Evidence Spring 2004, Volume 2, Issue 4, page 2
  28. 1 2 3 Everett, C., 'Viruses Bottleneck Prosecution' (2003) Mayfield Press, Oxford, Computer Fraud & Security
  29. "(ACPO) Good Practice Guide for Computer-Based Electronic Evidence" (PDF).
  30. Haagman, D., Ghavalas, B., "Trojan defence: A forensic view", Digital Investigation (2005) 2, pp.23-30, page 27-28
  31. Haagman, D., Ghavalas, B., "Trojan defence: A forensic view", Digital Investigation (2005) 2, pp.23-30, page 28
  32. Southwark Crown Court, 17 October 2003 (https://www.independent.co.uk/news/business/news/teenage-hacker-cleared-of-crashing-houstons-computer-system-91926.html)
  33. 1 2 3 Bowles, S., Hernandez-Castro, J., "The first 10 years of the Trojan Horse defence", Computer Fraud & Security, January 2015, Vol.2015(1), pp.5-13, page 7
  34. Meyers, M., Rogers, M., "Computer Forensics: The Need for Standardization and Certification", International Journal of Digital Evidence, Fall 2004, Volume 3, Issue 2, pages 2-3
  35. Rasch, M., "The Giant Wooden Horse Did It", Security Focus, at http://www.securityfocus.com/columnists/208 (Jan. 19, 2004).
  36. 1 2 3 Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 3
  37. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 5
  38. Joshua, UK Hacker Acquitted, Geek.com, at http://www.geek.com/news/uk-hacker-acquitted-554079/ Archived 2019-09-03 at the Wayback Machine
  39. Meyers, M., Rogers, M., "Computer Forensics: The Need for Standardization and Certification", International Journal of Digital Evidence, Fall 2004, Volume 3, Issue 2, page 3
  40. Leyden, J., "Caffrey Acquittal A Setback for Cybercrime Prosecutions" The Register, 17 October 2003, at https://www.theregister.co.uk/content/archive/33460.html
  41. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.13 referring to the article published by Neil Barrett, an expert witness in the Cafffey trial. See also Leyden, J., "Caffrey Acquittal A Setback for Cybercrime Prosecutions" The Register, 17 October 2003, at https://www.theregister.co.uk/content/archive/33460.html
  42. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.13 referring to the article published by Neil Barrett, an expert witness in the Cafffey trial
  43. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 6
  44. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 21
  45. Meyers, M., Rogers, M., "Computer Forensics: The Need for Standardization and Certification", International Journal of Digital Evidence, Fall 2004, Volume 3, Issue 2, page 7
  46. Exeter Crown Court, 13 July 2003 (https://www.sophos.com/en-us/press-office/press-releases/2003/08/va_porntrojan.aspx)
  47. 1 2 3 4 "Man blames Trojan horse for child pornography, Sophos Anti-Virus reports". SOPHOS. August 2003. Retrieved 2012-02-24.
  48. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 7
  49. Reading Crown Court, 24 April 2003 (http://www.out-law.com/page-3505)
  50. 1 2 Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 8
  51. 1 2 Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.8.
  52. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.8 citing Patricia Dedrick, Auditor: Virus Caused Errors, THE BIRMINGHAM NEWS, Aug. 26, 2003, available at LEXIS, Alabama News Sources.
  53. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 15
  54. 1 2 Ghavalas, B., Philips, A., "Trojan defence: A forensic view part II", Digital Investigation (2005) 2, 133-136, page 136
  55. 1 2 Pickup, David MW. "Internet & Computer Crime". St Johns Buildings Criminal Law Seminar. Retrieved 2012-02-23.
  56. "The "Trojan" Defence - Bringing Reasonable Doubt to a Jury Near You". stratsec. November 2003. Archived from the original on 2013-02-22. Retrieved 2012-02-25.
  57. See: http://www.consumerreports.org/cro/news/2014/04/smart-phone-thefts-rose-to-3-1-million-last-year/index.htm
  58. See Bowles, S., Hernandez-Castro, J., "The first 10 years of the Trojan Horse defence", Computer Fraud & Security, January 2015, Vol.2015(1), pp.5-13, page 7
  59. Gliss, H., "German police and Secret Service propose use of Trojan horse: a crazy notion", Computer Fraud & Security, 2007, Vol.2007(4), pages 16-17
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.