Trojan horse defense

Last updated

The Trojan horse defense is a technologically based take on the classic SODDI defense, believed to have surfaced in the UK in 2003. [1] The defense typically involves defendant denial of responsibility for (i) the presence of cyber contraband on the defendant's computer system; or (ii) commission of a cybercrime via the defendant's computer, on the basis that a malware (such as a Trojan horse, virus, worm, Internet bot or other program) [2] or on some other perpetrator using such malware, was responsible for the commission of the offence in question. [3]

Contents

A modified use of the defense involves a defendant charged with a non-cyber crime admitting that whilst technically speaking the defendant may be responsible for the commission of the offence, he or she lacked the necessary criminal intent or knowledge on account of malware involvement. [4]

The phrase itself is not an established legal term, originating from early texts by digital evidence specialists [5] referring specifically to trojans because many early successful Trojan horse defenses were based on the operation of alleged Trojan horses. [6] Due to the increasing use of Trojan programs by hackers, and increased publicity regarding the defense, its use is likely to become more widespread. [7]

Excluding offences of strict liability, criminal law generally requires the prosecution to establish every element of the actus reus and the mens rea of an offence [8] together with the "absence of a valid defence". [9] Guilt must be proved, and any defense disproved, [8] beyond a reasonable doubt. [10]

In a trojan horse defense the defendant claims he did not commit the actus reus. [11] In addition (or, where the defendant cannot deny that they committed the actus reus of the offence, then in the alternative) the defendant contends lack of the requisite mens rea as he "did not even know about the crime being committed". [12]

With notable exception, [13] the defendant should typically introduce some credible evidence that (a) malware was installed on the defendant's computer; (b) by someone other than the defendant; (c) without the defendant's knowledge. [14] Unlike the real-world SODDI defense, the apparent anonymity of the perpetrator works to the advantage of the defendant. [15]

Prosecution rebuttal of the defense

Where a defense has been put forward as discussed above, [16] the prosecution are essentially in the position of having to "disprove a negative" [17] by showing that malware was not responsible. This has proved controversial, with suggestions that "should a defendant choose to rely on this defense, the burden of proof (should) be on that defendant". [18] If evidence suggest that malware was present and responsible, then the prosecution need to seek to rebut the claim of absence of defendant requisite mens rea.

Much will depend on the outcome of the forensic investigative process, together with expert witness evidence relating to the facts. Digital evidence such as the following may assist the prosecution in potentially negating the legal or factual foundation of the defense by casting doubt on the contended absence of actus reus and/or mens rea: [19] -

Such properly obtained, processed and handled digital evidence may prove more effective when also combined with corroborating non-digital evidence [25] for example (i) that the defendant has enough knowledge about computers to protect them; and (ii) relevant physical evidence from the crime scene that is related to the crime. [26]

The role of computer forensics

Whilst there is currently "no established standard method for conducting a computer forensic examination", [27] the employment of digital forensics good practice and methodologies in the investigation by computer forensics experts can be crucial in establishing defendant innocence or guilt. [28] This should include implementation of the key principles for handling and obtaining computer based electronic evidence - see for example the (ACPO) Good Practice Guide for Computer-Based Electronic Evidence. [29] Some practical steps should potentially include the following:-

Cases involving the Trojan Horse Defense

There are different cases where the Trojan horse defense has been used, sometimes successfully. Some key cases include the following:-

Regina v Aaron Caffrey (2003) [32] :

The first heavily publicised case involving the successful use of the defense, [33] Caffrey was arrested on suspicion of having launched a Denial of Service attack against the computer systems of the Port of Houston, [34] causing the Port's webserver to freeze [35] and resulting in huge damage being suffered on account of the Port's network connections being rendered unavailable [36] thereby preventing the provision of information to "ship masters, mooring companies, and support companies responsible for the support of ships saling and leaving the port". [36] Caffrey was charged with an unauthorised modification offence under section 3 of the Computer Misuse Act 1990 (section 3 has since been amended by the Police and Justice Act 2006 creating an offence of temporary impairment.

The prosecution and defense agreed that the attack originated from Caffrey's computer. [37] Whilst Caffrey admitted to being a "member of a hacker group", [38] Caffrey's defense claimed that, without Caffrey's knowledge, [39] attackers breached his system [36] and installed "an unspecified Trojan...to gain control of his PC and launch the assault" [40] and which also enabled the attackers to plant evidence on Caffrey's computer.

No evidence of any trojan, backdoor services or log alterations were found on Caffrey's computer. [41] However evidence of the Denial of Service script itself was found with logs showing the attack program has been run. Incriminating chat logs were also recovered. [42] Caffrey himself testified that a Trojan horse "armed with a wiping tool" [43] could have deleted all traces of itself after the attack. Despite expert testimony that no such trojans existed, the jury acquitted Caffrey. [44]

The case also raises issues regarding digital forensics best practice as evidence may have been destroyed when the power to Caffrey's computer was terminated by investigators. [45]

Julian Green (2003): [46] A United Kingdom-based case, Julian Green was arrested after 172 indecent pictures of children were found on Green's hard drive. [47] The defense argued that Green had no knowledge of the images on his computer and that someone else could have planted the pictures. Green's computer forensics consultant identified 11 Trojan horses on Green's computer, which in the consultant's expert witness testimony, were capable of putting the pornography on Green's computer without Green's knowledge or permission. [47] The jury acquitted Green of all charges after the prosecution offered no evidence at Exeter Crown Court, due to their failure to prove that Green downloaded the images onto the computer. [47]

The case also raises issues related to the evidential chain of custody, as the possibility of evidence having been planted on Green's computer could not be excluded. [48]

Karl Schofield (2003) [49] :

Karl Schofield was also acquitted by using the Trojan horse defense. He was accused of creating 14 indecent images of children on his computer but forensic testimony was given by a defense expert witness that a Trojan horse had been found on Schofield's computer [47] and that the program was responsible for the images found on the computer [50] Prosecutors accepted the expert witness testimony and dismissed the charges, concluding they could not establish beyond a reasonable doubt that Schofield was responsible for downloading the images. [51]

Eugene Pitts (2003) :

A US-based case involving an Alabama accountant who was found innocent of nine counts of tax evasion and filing fraudulent personal and business state income tax returns with the Alabama state revenue department. [28] The prosecution claimed he knowingly underreported more than $630,000 in income over a three-year period and was facing a fine of $900,000 and up to 33 years in prison. [51] Pitts apparently had previously been accused in preceding years of under reporting taxes. [33] Pitts argued that a computer virus was responsible for modifying his electronic files resulting in the under-reporting the income of his firm, [33] and that the virus was unbeknown to him until investigators alerted him. [52] State prosecutors noted that the alleged virus did not affect the tax returns of customers, which were prepared on the same machine. [28] The jury acquitted Pitts of all charges. [50]

The future of the defense

Increased publicity, increased use

As the defense gains more publicity, its use by defendants may increase. This may lead to criminals potentially planting Trojans on their own computers and later seeking to rely on the defense. Equally, innocent defendants incriminated by malware need to be protected. Cyberextortionists are already exploiting the public's fears by "shaking down" [53] victims, extorting payment from them failing which the cyber-criminals will plant cyber-contraband on their computers. [54]

As with many criminal offences, it is difficult to prevent the problematic matters that arise during the term of the investigation. For example, in the case of Julian Green, before his acquittal, he spent one night in the cells, nine days in prison, three months in a bail hostel and lost custody of his daughter and possession of his house. [55] In the following case of Karl Schofield, he was attacked by vigilantes following reports of his arrest, lost his employment and the case took two years to come to trial. [55]

Appropriate digital forensic techniques and methodologies must be developed and employed which can put the "forensic analyst is in a much stronger position to be able to prove or disprovea backdoor claim". [54] Where applied early on in the investigation process, this could potentially avoid a reputationally damaging trial for an innocent defendant.

Juries

For a layman juror, the sheer volume and complexity of expert testimonies relating to computer technology, such as Trojan horse, could make it difficult for them to separate facts from fallacy. [56] It is possible that some cases are being acquitted since jurors typically lack technical knowledge. One possible suggested method to address this would involve be to educate juries and prosecutors in the intricacies of information security [18]

Mobile Technology

The increasing dominance of Smart Device technology (combined with consumer's typically lax habits regarding smart device security [57] ) may lead to future cases where the defense is invoked in the context of such devices [58]

Government Trojans

Where the use of Government Trojans results in contraband on, or commission of a cybercrime via, a defendant's computer, there is a risk that through a gag order (for example a US National security letter) the defendant could be prevented from disclosing his defense, on national security grounds. The balancing of such apparent national security interests against principles of civil liberties, is a nettle which, should the use of government trojans continue, [59] may need to be grasped by Legislatures in the near future.

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Computer forensics</span> Branch of digital forensic science

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

<span class="mw-page-title-main">ILOVEYOU</span> Computer worm

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

Crimeware is a class of malware designed specifically to automate cybercrime.

Mistaken identity is a defense in criminal law which claims the actual innocence of the criminal defendant, and attempts to undermine evidence of guilt by asserting that any eyewitness to the crime incorrectly thought that they saw the defendant, when in fact the person seen by the witness was someone else. The defendant may question both the memory of the witness, and the perception of the witness.

<span class="mw-page-title-main">Digital forensics</span> Branch of forensic science

Digital forensics is a branch of forensic science encompassing the recovery, investigation, examination, and analysis of material found in digital devices, often in relation to mobile devices and computer crime. The term "digital forensics" was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.

State of Connecticut v. Julie Amero is a court case in the 2000s concerning Internet privacy and DNS hijacking. The defendant in the case, Julie Amero, a substitute teacher, was previously convicted of four counts of risk of injury to a minor, or impairing the morals of a child, as the result of a computer that was infected with spyware and DNS hijacking software; the conviction was vacated on appeal.

Bradley Willman is an anti-pedophile activist from Canada who engaged in private investigations using the Internet to expose pedophiles. At one time, he had unfettered access to between 2,000 and 3,000 computers that had been used to visit websites of interest to pedophiles as the result of his use of a Trojan horse. Willman's actions helped put California Superior Court judge Ronald Kline in prison for more than two years in 2007 for possession of child pornography. However, the legality of Willman's use of the Trojan horse was a basis for appeal by the judge.

<span class="mw-page-title-main">Computational criminology</span> Use of computer science methods to formally define concepts in criminology

Computational criminology is an interdisciplinary field which uses computing science methods to formally define criminology concepts, improve our understanding of complex phenomena, and generate solutions for related problems.

<span class="mw-page-title-main">Network forensics</span>

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.

<span class="mw-page-title-main">Digital forensic process</span>

The digital forensic process is a recognized scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings. The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.

Eoghan Casey is a digital forensics professional, researcher, and author. Casey has conducted a wide range of digital investigations, including data breaches, fraud, violent crimes, identity theft, and on-line criminal activity. He is also a member of the Digital/Multimedia Scientific Area Committee of the Organization for Scientific Area Committees. He helps organize the digital forensic research DFRWS.org conferences each year, and is on the DFRWS Board of Directors. He has a B.S. in Mechanical Engineering from the University of California, Berkeley, an M.A. in Educational Communication and Technology from New York University, and a Ph.D. in Computer Science from University College Dublin.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.

DPP v Lennon is the first reported criminal case in the United Kingdom concerning denial-of-service (DoS) attacks. The appeal court found that DoS attacks constituted an offence of unauthorised modification under s. 3 of the Computer Misuse Act 1990 (CMA) and thus clarified the law regarding DoS.

High Technology Crime Investigation Association (HTCIA) is an international non-profit professional organization devoted to the prevention, investigation, and prosecution of crimes involving advanced technologies. Author and cybercrime expert, Christopher Brown, described HTCIA as "one of the largest and most respected" associations of its kind.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

<span class="mw-page-title-main">Microsoft Digital Crimes Unit</span> Internet security organization

The Microsoft Digital Crimes Unit (DCU) is a Microsoft sponsored team of international legal and internet security experts employing the latest tools and technologies to stop or interfere with cybercrime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in Redmond, Washington. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include lawyers, data scientists, investigators, forensic analysts, and engineers. The DCU has international offices located in major cities such as: Beijing, Berlin, Bogota, Delhi, Dublin, Hong Kong, Sydney, and Washington, D.C. The DCU's main focuses are child protection, copyright infringement and malware crimes. The DCU must work closely with law enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.

Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity. Malware of this type is designed to work in memory, so its existence on the system lasts only until the system is rebooted.

References

  1. Bowles, S., Hernandez-Castro, J., "The first 10 years of the Trojan Horse defence", Computer Fraud & Security, January 2015, Vol.2015(1), pp.5-13, page 5
  2. 1 2 3 Steel, C.M.S, "Technical SODDI Defences: the Trojan Horse Defence Revisited", DFSL V9N4 (http://ojs.jdfsl.org/index.php/jdfsl/article/viewFile/258/236)
  3. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), p.1
  4. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 18. See the case of Eugene Pitts (2003)
  5. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 2
  6. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.11.
  7. Kao,DY., Wang, SJ., Huang, F., 'SoTE:Strategy of Triple-E on solving Trojan defense in Cyber-crime cases' (2010) Computer Law and Security Review 26, p.55.
  8. 1 2 Laird, K., Ormerod, D., "Smith and Hogan's Criminal Law" 14th Edition, page 59
  9. Laird, K., Ormerod, D., "Smith and Hogan's Criminal Law" 14th Edition, p.59 citing Landham, D., [1976] Crim LR 276
  10. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 12
  11. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, pages 16-17
  12. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 4
  13. 1 2 See for example Regina v Aaron Caffrey, Southwark Crown Court, 17 October 2003
  14. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 18
  15. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 17
  16. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 14
  17. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 14
  18. 1 2 Starnes, R., "The Trojan Defence", Network Security, Volume 2003, Issue 12, December 2003, page 8
  19. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 26
  20. Ghavalas, B., Philips, A., "Trojan defence: A forensic view part II", Digital Investigation (2005) 2, 133-136, page 134
  21. Overill, R.E., Siloman, J.A.M., "A Complexity Based Forensic Analysis of the Trojan Horse Defence", 2011 Sixth International Conference on Availability, Reliability and Security, Aug. 2011, pp.764-768, page 765
  22. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 7
  23. Steel, C.M.S, "Technical SODDI Defences: the Trojan Horse Defence Revisited", DFSL V9N4, page 51
  24. Haagman, D., Ghavalas, B., "Trojan defence: A forensic view", Digital Investigation (2005) 2, pp.23-30, page 28
  25. Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 6
  26. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 47
  27. Carney, M., Rogers, M., "The Trojan Made Me Do it: A First Step in Statistical Based Computer Forensics Reconstruction", International Journal of Digital Evidence Spring 2004, Volume 2, Issue 4, page 2
  28. 1 2 3 Everett, C., 'Viruses Bottleneck Prosecution' (2003) Mayfield Press, Oxford, Computer Fraud & Security
  29. "(ACPO) Good Practice Guide for Computer-Based Electronic Evidence" (PDF).
  30. Haagman, D., Ghavalas, B., "Trojan defence: A forensic view", Digital Investigation (2005) 2, pp.23-30, page 27-28
  31. Haagman, D., Ghavalas, B., "Trojan defence: A forensic view", Digital Investigation (2005) 2, pp.23-30, page 28
  32. "Teenage hacker cleared of crashing Houston's computer system". The Independent. 2003-10-17. Retrieved 2023-06-28.
  33. 1 2 3 Bowles, S., Hernandez-Castro, J., "The first 10 years of the Trojan Horse defence", Computer Fraud & Security, January 2015, Vol.2015(1), pp.5-13, page 7
  34. Meyers, M., Rogers, M., "Computer Forensics: The Need for Standardization and Certification", International Journal of Digital Evidence, Fall 2004, Volume 3, Issue 2, pages 2-3
  35. Rasch, M., "The Giant Wooden Horse Did It", Security Focus, at http://www.securityfocus.com/columnists/208 (Jan. 19, 2004).
  36. 1 2 3 Šepec, M., "The Trojan Horse Defence -- a Modern Problem of Digital Evidence", Digital Evidence and Electronic Signature Law Review, 9, (2012), page 3
  37. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 5
  38. Joshua, UK Hacker Acquitted, Geek.com, at http://www.geek.com/news/uk-hacker-acquitted-554079/ Archived 2019-09-03 at the Wayback Machine
  39. Meyers, M., Rogers, M., "Computer Forensics: The Need for Standardization and Certification", International Journal of Digital Evidence, Fall 2004, Volume 3, Issue 2, page 3
  40. Leyden, John. "Caffrey acquittal a setback for cybercrime prosecutions". www.theregister.com. Retrieved 2023-06-28.
  41. Leyden, John. "Caffrey acquittal a setback for cybercrime prosecutions". www.theregister.com. Retrieved 2023-06-28.
  42. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.13 referring to the article published by Neil Barrett, an expert witness in the Cafffey trial
  43. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 6
  44. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 21
  45. Meyers, M., Rogers, M., "Computer Forensics: The Need for Standardization and Certification", International Journal of Digital Evidence, Fall 2004, Volume 3, Issue 2, page 7
  46. Exeter Crown Court, 13 July 2003 (https://www.sophos.com/en-us/press-office/press-releases/2003/08/va_porntrojan.aspx)
  47. 1 2 3 4 "Man blames Trojan horse for child pornography, Sophos Anti-Virus reports". SOPHOS. August 2003. Retrieved 2012-02-24.
  48. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 7
  49. Reading Crown Court, 24 April 2003 (http://www.out-law.com/page-3505)
  50. 1 2 Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 8
  51. 1 2 Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.8.
  52. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, p.8 citing Patricia Dedrick, Auditor: Virus Caused Errors, THE BIRMINGHAM NEWS, Aug. 26, 2003, available at LEXIS, Alabama News Sources.
  53. Brenner, S., Carrier, B., Henninger, J., 'The Trojan Horse Defense in Cybercrime Cases' (2004) 21 Santa Clara Computer and High Technology Law Journal 1, page 15
  54. 1 2 Ghavalas, B., Philips, A., "Trojan defence: A forensic view part II", Digital Investigation (2005) 2, 133-136, page 136
  55. 1 2 Pickup, David MW. "Internet & Computer Crime". St Johns Buildings Criminal Law Seminar. Retrieved 2012-02-23.
  56. "The "Trojan" Defence - Bringing Reasonable Doubt to a Jury Near You". stratsec. November 2003. Archived from the original on 2013-02-22. Retrieved 2012-02-25.
  57. See: http://www.consumerreports.org/cro/news/2014/04/smart-phone-thefts-rose-to-3-1-million-last-year/index.htm
  58. See Bowles, S., Hernandez-Castro, J., "The first 10 years of the Trojan Horse defence", Computer Fraud & Security, January 2015, Vol.2015(1), pp.5-13, page 7
  59. Gliss, H., "German police and Secret Service propose use of Trojan horse: a crazy notion", Computer Fraud & Security, 2007, Vol.2007(4), pages 16-17