Slashdot Mirror
The Virus Did It
scubacuda writes "The Inquirer and Get Reading report that a UK man accused of having pornographic pictures of kids on his computer was acquitted after a court heard that his machine was infected with a Trojan on his PC which probably auto-downloaded the images. (In light of moves like Operation Ore, we'll probably hear more defenses like this.)"
Human: I plead insanity! I wasn't aware of my actions at the time that I was doing them. I can't be held responsible.
Computer: I plead trojan. I wasn't aware of my actions at the time that I was doing them. I can't be held responsible.
Perhaps Mr. Schofield should be charged with the misdemeanor offense "Running Windows".
Some community service should put things aright, methinks.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
I guess you should have invested in some virus protection software. Could have saved a lot of money.
The virus would have to ask kc or ScottK if it could do it.
...of making a virus that downloads child pr0n onto a remote computer? I thought virii were created to wreak havoc, not frame random computer users... or am I wrong? And furthermore, if a jury can believe this defense, what's to keep all the imminent RIAA and MPAA suits from being defused by the same argument? FIRST POST! WOO!!
"Life in every breath... that is bushido"
- Bill
They've been downloading MP3s, porn, movies, all kinds of stuff I am not aware of!
- For the complete works of Shakespeare: cat
Now this is why you should always use protection? Don't know what you will catch
Rus
Cheap UK and US VPS
How eloquently expressed...
I doubt this type of defense will help people who used their credit card to sign up for child porn sites.
Himmler: My orders were not from Hitler but from a virus.
Tim McVeigh: A virus filled that truck with diesel and fertilizer.
Magic Johnson: I didn't get AIDS from a woman but from a virus.
well.. ok, you can scratch the last one.
Trolling is a art,
Yet another example of why the decision to allow defendants in criminal trials to be named was a bad decision *sigh*.
As to the story - sounds strange that a trojan would do that unless someone was using his machine as a proxy and in that case why would the images be cached on his system?
couldnt he tell the increbible slowness of his internet connection was caused by something? did he just think his computer slowerd overnight? he needs a fine for being an idoit
This bloke lived near me, he was hounded out of his home by ignorant fuckwits who presume that becuase somebody lives with their mother and father (after the age of 18) and is being done for paedophile images, the must be guilty.
It's a bit of a wake up call to the moronic masses that people can be innocent as well as guilty!
So that's how those pictures of mating llamas got on my hard drive!
Why haven't I deleted them?...
*shifts eyes, and flees*
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
It's not clear from the articles....Is this guy claiming that the virus automatically downloaded the images themselves or that the virus opened up a back door for someone else to use his PC as a storage facility for their images?
Why do I h8 apple?
Like when the BSA or RIAA come a-callin':
I swear I didn't copy and install all that software illegally. I swear I didn't download all those MP3s and put them into my playlists. A trojan did it.
(Lame, I know. But, one can certainly hope...)
I see a market here: howzabout selling software that (a) appears to be a virus infection -- well, OK, a voluntary virus; and (b) downloads porn automagically! Not only does it save typing and clicking, it provides a tested legal defense for your first arrest! Plus, we can have the porn providers pay to have their ad banners downloaded! Quick, get me to a venture capitalist!
--- Often in error; never in doubt!
The more it goes, the more I think that the main issue of online security is not the protocols (SSL, SET...) but the security of the endpoints, and particularly of the clients.
I would not be surprised if we found a virus that searches through the local (and even LAN-accessible) documents for interesting keywords or types of information, then somehow manages to send this information back to some spying agency. In fact, I think this has probably already been done.
Imagine the potential:Of course, most corporate networks are firewalled. Still, lots of binary data is exchanged. You just have to hide yours in the flux... Do you really think this would be noticed in the middle of a virus attack?. Traffic analysis would be thwarted by the viral attack sending information in many directions, with no obvious destination. Onion peel routing and distribution through Usenet or WWW bulletin boards could do the rest - untracable information.
When the crime is as insane as "possession of a picture" (a digital one, no less), the defenses to the crime will sound somewhat nutty as well. It's to be expected. The only solution is to eradicate due process entirely and just execute the acccused immediately. Considering we're talking about kiddie porn here, i'm sure a vast majority of people wouldn't mind doing so at all.
Stupid people make stupid things profitable.
The problem this guy is going to face is that, despite his conviction, the prevailing mood in the UK is such that he will still find himself stigmatised for a very long time.
As he found out from the vigilante attacks before his trial, the maxim "innocent until proven guilty" doesn't seem to apply for some people any more - the witch hunts led by certain newspapers mean that any slight suggestion of paedophilia turns the accused into an immediate fugitive.
Therefore, though it's very kind of the Crown Prosecution Service to accept this explanation at trial, why did they wait before it was up before a judge with all the attendant publicity before letting him off the hook?
In the minds of some people as well, there's going to be an attitude of "that's right, blame it on the computer - he would say that, wouldn't he?". Technology-based defences simply don't hold water for a lot of non-technical people - which with the increasing number of technological offences being put to juries is quite a worry.
So, this guy will still be stigmatised as a paedophile, all for the price of some virus checking software...
Very dubious indeed. I find it very hard to believe that he did not notice several image files appearing on his drive. Also such paedophiles are monitored very carefully, and not without reason.
This may have been a case where the jury and judge knew very little about the natures of trojan and computer.
I am a man, not a toy.
IT wasn't ME it was the one armed man!
I am Bennett Haselton! I am Bennett Haselton!
This case sounds interesting for a couple of reasons. The defendent's entire case is out the window, of course, if the prosecution shows that the virus was not responsible for downloading kiddie pr0n. Assume such a virus existed for the sake of argument.
First, there is negligence for allowing one's computer to become infected. A related precedent would be the owner of a condemned house allowing it to become a crack house. IANAL, but in a lot of ways it seems the cases are similar. One could claim that the software manufacturer (MS) was responsible for faulty software, or that the virus writer was responsible for letting loose his creation. In the same way, the crackhouse owner could claim that the lock manufacturer did a poor job, or that the addicts breaking into his house were at fault.
Second, if computers become more like personal extensions of ourselves, indispensible, parts of our consciousness in some far-fetched way, then the defendent might take the insanity route. That is, "God told me to take 7 wives and this girl is one of them." However, computers are subject to more detailed forensics that people's brains, so claiming an insane computer might not withstand much scrutiny in court.
"Provided by the management for your protection."
A trojan horse program, codenamed "Kazaa", has been reported to download pirated music and DVDs on thousands of computers throughout the world. The matter is being investigated.
void*x=(*((void*(*)())&(x=(void*)0xfdeb58)))();
I am sorry Mr. President... my computer was infected with a virus and this trojan submitted comupter code to terrorist supporting open source projects. Particularily, OpenBSD...
"The large print giveth, and the small print taketh away" -Tom Waits
--
cheap website hosting
With that out of the way, I find it amazing the lengths people will go to to blame anybody or anything for their actions but themselves. "I didn't download pictures of naked children, the computer did it!" or "I didn't willingly throw myself upon a flaming mattress, that show on MTV made me do it! or "I didn't want to get pregnant, it was HIS fault!"
I apologize for this somewhat offtopic rant, but it's this kind of lack of personal responsibility that's eroding our society.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
Hmm, I need to go home and install a few inactive trojans (blocked by my firewall of course. "But your honor. I didn't download all those illegal MP3's. It must have been that trojan installed on my computer!"
Uh, you might want to reconsider believing the story attributed to the Register. The domain name for the Register story is an IP address.
<a href="http://www.joblessjimmy.com">Work is dumb and so is Jobless Jimmy.</a>
I read this story about a week ago. It worried me a lot at the time for the precedent it sets. From the story, either someone was out to incriminate this guy by planting child porn on his computer or this guy really did download it and he is up against some really pathetic prosecutors. We read that he has been attacked in his neighbourhood, and that he is an all round family man. Fine. But that in itself doesn't make the story more credible... Either way, the guy responsible has got away free. Isn't that the most worrying thing...
... when your found to have cracked the latest software and the DMC is after you could you claim a virus but the software there!
I gotta keep this short 'cause I have to go uninstall Symantec Norton Antivirus Corporate Edition to make sure that my company lawyers have a good defense for some of our employees.... Hell, I might just turn off our firewall and load MS Backoffice for an OS as long as we're looking to give more people/programs easy access.
Oh yeah, did you hear his new song, Pre-Teanage Wasteland?
So that's how those pictures of mating llamas got on my hard drive!
It sounds like you were just putting the finishing touches on the latest O'Reilly book:
Pr0n in a Nutshell.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
While the genuine ones are released in months or a couple of years (but don't drive over the speed limit or no more car nor freedom for you!), batches of arrests with public announcements of guilt-before-proven-guilty are made on the basis of such reliable things as "tip-offs" (which come after "set-ups") and the joke that is Operation Ore. Now anyone with a stolen credit card number can be branded a paedophile. I admin an e-commerce site... as Fisher Price, the well-known Windows XP UI and kindergarten toy designer, would say, "Imagine the possibilities."
My brother called me one day to say that his new computer had run out of disk space and he didn't know why. I connected to his computer via Remote Desktop and browsed his folder and when I got to his My Music directory it was full of 7 gigs of movie files, none of which he had seen before. I deleted them and suggested he get a firewall program.
Sure enough, as soon as he got his firewall up he got a slew of alerts about people trying to connect to his computer. I make sure I keep my firewall up at all times now.
So, where can I find this wonderful program that will exonerate me from any liability should the FBI come knocking at my door?
..."
(Knock on door) "Open up, Mr. Smith. This is special agent Johnson withthe FBI. we have a warrant to search your premises."
(LippyTheLip quickly downloads said trojan to have an alibi) "Sure, come on in Agent Smith. Let me restart my computer for you.
this is the first virus that I want....
I'll be damned if Norton will "Protect" me from the hoors of pr0n
David Lightman - "Your computer called *me*."
Department of Defense - "David, computers don't call people."
David Lightman - "Yours did."
Hey, it worked so well for David, it'll work for me, right?
The articles don't mention why the authorities looked on his PC for kiddie porn. What tipped them off?
I suspect there's much more to this case than the articles mention.
Once again, sorry for bleating like a dying, clubbed baby seal, but I felt that I should add that although I don't have any links that I can think of right now DIRECTLY on the subject, I would like to direct you to a series of essays on kuro5hin.org, written by a man living with schizoaffective disorder. Although it probably won't change your viewpoints, perhaps upon reading about some of this guy's experiences, you'll have a building block to construct a more enlightened philosophy of justice and of mental disorder.
I was unaware the UK had reinstated the Stupidty defense.
M@
Krispy Cream is people
Surfing the web i've ended up with shortcuts to porn sites in my favourites and in my history - along with that, pictures in my internet cache. (and then when I go to type in a URL in Start->Run, fucking auto-complete puts in one of the addresses - that's always fun when you're at work, VNCing into your machine, and all your coworkers see something like www.hotpeanutbutterclits.com or something 0_0)
I've also seen people's pc's hacked and used to serve up free porn and warez.
This particular case may be unrealistic, but this sort of stuff is possible...
Robots are everywhere, and they eat old people's medicine for fuel.
See, its not a problem that the odd inncent person has his life ruined by association with crimes that they did not commit, because we're dealing with kiddie porn! Sure, a few people will have their lives ruined, but it's kiddie porn!
I personally think that we should skip the trials altogether. Sure, some innocent people will end up in the nonce wing for life, but it's kiddie porn!
Won't somebody please think of the children!
O.K, I'll stop now. I don't even know if I'm being sarcastic any more...
I don't know about British law (although our Canadian system is probably closer to it, than to the American system we see on TV), but doesn't there need to be a REASONABLE doubt?
Yes officer, the lock on my front door has been broken for a few weeks now. That body is in the basement because some bastard probably dropped it off there while I was at work
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Anyway, with P2P getting more sophisticated, efficient and private, I can easily see this happening a lot. Of course, I don't think anyone should be guilty in cases like these. Apparently, neither do the British courts.
I have been telling people this for awhile when referencing the extremely harsh penalties imposed on even accidentaly viewing child pornography on the internet. Another example that could get you into the courts would be being coerced into going to a site by your friend. I mean everyone has fallen for the old goatse trick at least once right? And who really wants to see that?
2001-12-25 02:34:02 Porn trojan virus? (articles,security) (rejected)
I've seen and disinfected a laptop of a friend who was infected with a virus that downloaded porn pages in the background whenever he connected to the internet. I guess it was to collect link credits. His history and cache would fill up with porn crap and he claimed to not be visiting the sites. At first I didn't believe him (obviously) and was surprised when I saw the behavior for myself. Beware!
Surely any cracker is not going to store his stuff neatly in "My Music".
The first thing your brother needs to do is to turn off the Remote Desktop - even better uninstall thet programme. That has got to be a horrendous security hole!
What firewall programme? There are some good ones and some bad ones.
Of course he got hits on his firewall! Doesn't everyone? I used to get a load from my ISP - so I moved...
I'll see your Constitution and raise you a Queen.
A morning one section color laser printer was locked, there was an error somewhere, when I restablised the printer. It began to print porn photos stacked in the previous night. The suspect guy was telling everybody that the new virus are porn printing ugly ones.
[bart voice] I didn't do it [/bart voice]
I see a lot of comments about - wink, wink - sure it was the virus, or dumb ass for executing a Trojan.
My first lesson with an improperly configured Linux box outside the firewall was when my ISP called asking about some insane bandwidth use. What? I checked the box and it seemed fine. Found out the traffic was on FTP, which I was not using. Sure enough, tons of porn and other files were getting uploaded and downloaded... all the files in a hidden directory. The box was owned, and I ended up rebuilding from scratch, this time leaving services off I did not actually use and patching some of the services I did. Than I discovered ssh and a few other key insights that were new to me.
I cannot believe I am the only one this kind of thing happened to...
+++ UGUCAUCGUAUUUCU
I wonder if he got the virus from Pete Townshend's computer.
Your reality is lies and balderdash and I'm delighted to say that I have no grasp of it whatsoever. - Baron Munchausen
If this was a secure site with secure Credit Card information being transmitted, then how did they get it? Did they just ask the site to hand it over? Or do privacy laws not matter over international waters?
Did they hack the site? And if so, would that not be prosecutable? Now please, these are real qeustions of the group, and I would like to know.
My point here is, that after doing a Google on Operation Ore's organization, how easy is it to find this information that you were supposedly transmitting securely? What if there are people who pay for subscriptions to Right or Left wing political groups? Activist groups? Sure this is not child pornography, but it just seemed to easy to get subscription information, CREDIT CARD NUMBERS, and Addresses, and being so able to publish this. Although I have high doubts about any trojan doing this, just a case of plausible deniability, it's the fact that the information was so readily gotten, and usable to those who oppose their beliefs and views. And those goes for anything you put your name, CC number, and address to.
Need I say more?
If you keep throwing chairs, one day you'll break windows....
I could see a lot of people interested in a very high capacity distributed filesystem which could make use of hundreds of trojan'd PCs out on the internet to store information which you didn't want found on your own computer.
Make it highly redundant, self healing, replicating data as the "servers" go offline to make sure the information remains available. Hell, I could use something like that here at work.
Government of the people, by corporate executives, for corporate profits.
Townshend will be kicking himself that he didn't think of this one
I probably have about 20 or 30 files sitting on my desktop that I havn't filed away, and a lot of that changes frequently. I doubt I would even notice one or two more, although I eventualy might see what they were in order to 'file' them. (and, by that I mean dumping into a big folder along with everything else I've cleaned off my desktop in the past few years)
Beyond that, my computer has hundreds of thousands of files on it, in total. I don't even know how many. I would never notice additions... unless I had something like tripwire installed, but then I wouldn't have had the trojan in the first place, now would I?
autopr0n is like, down and stuff.
You didn't read the full post.
You don't go free after being declared NGRI. It's quite different than being declared not guilty. You go to a mental hospital until such time as some guy on some board decides that the hospital is correct and that you are sane. Until then, and that can be a long time after you've regained your sanity, you are in a mental hospital.
We should get one of those guys being sued by RIAA to do this just to see what happens =P
I didn't notice the folder named "Child Porn" and all the neatly arranged subfolders inside of "My Documents".
Actually, considering that most trojans do come from porn sites (I only have info about legit sites, a good number of people asked me for help with computer problems after going to such sites, mostly dial-ups with old OS'es), but also hack sites, it would be actually quite likely for the trojan to download porn. It would be in the spirit of most spam-trojan-hack abusers of the internet.
Listening to her music? I mean, I could understand masturbating to photos of Britney, but listening to her music?
They need to put you away for the good of society.
the word virus.
"Life in every breath... that is bushido"
A couple of months ago CSO magazine ran an article about a similar problem, except it was coupled with the threat of blackmail.
Could it possible that this (or something similar) can get an innocent victim arrested? In a less technologically literate or a far more fundamentallist culture, the "virus did it" defense probably won't work . . .
In this case a crime was committed. Whether the crime was committed by the accused or some unknown third party is irrelevant. All that is relevant is known security holes and popular complacence allowed the criminal(s) to escape prosecution. Would the firewall banned by the ISP had helped this guy? Who knows. Will following the paranoid government route of building back doors and escrowed keys into every so-called secured system make the situation worse? Probably. The government will have great motivation to prove their protocols are one hundred percent secure, and will have no motivation to make sure justice is done by finding the real criminals.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I was discussing this very notion with a co-worker not to long ago as a way to get around the RIAA. If someone writes a virus that connects to P2P networks would you be liable for songs downloaded onto your machine if it was discovered that you were infected?
dude, plural of computer virus is..
viruses
don't argue.
You can bet your arse someone now has the idea and is hacking away at this very moment writing this very virus not to unleash on the world but as a defense should he ever get caught. There is now case law to back it up. I wouldn't be suprised to see this defense proliferate copyright cases in the very near future.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Once I made several mistakes at the same time.
1 Applied an access list to a wrong interface on a router
2 Behind this router I put a Win2k computer, which had been configured for a private network. Computer name, admin account and password for this account was the same word.
One day I found that this computer had a remote control software and FTP server installed on it. I wouldn't be surprised to find some kiddie porn few days later, so I think that the story makes sense.
"The large print giveth, and the small print taketh away" -Tom Waits
Whoever said this has obviously never read a Microsoft agreement.
I'll see your senator, and I'll raise you two judges.
As to the story - sounds strange that a trojan would do that unless someone was using his machine as a proxy and in that case why would the images be cached on his system?
The story doesn't seem entirely unlikely though.
A company I know had a server compromised some time ago and had a rootkit installed. They were then used as a warez ftp server.
Why would the cracker do that?
Maybe he was just after some disk space and a fat pipe?
But maybe, just maybe it was warez the cracker absolutely positively didn't want laying around on his own box? Something they thought he could get into serious trouble over?
I'll never know, I didn't check what it was before the disk was reformatted, but whatever it was there were several GB of it...
"First lesson," Jon said. "Stick them with the pointy end."
I am a man, not a toy.
Hey, news flash! There's no reason you can't be both! That can be fun, if you like who is having their toy playtime.
I'll see your senator, and I'll raise you two judges.
Consider this. Suppose I am some piece of trash who enjoys looking a child porn. All I have to do is obtain this trojan and make it look like "the trojan did it". That way, if I get busted, the trojan takes the fall for me. It's like a get-out-of-jail free card.
I don't make the rules. I just make fun of them.
I'm not aware of british laws, but here in Brazil, as far as I understand, you could never be sued by just having child pornography (or whatever) on your computer. It should be proved that you created them or paid for them. How does that works on UK? Can you actually be sued if it's unknown how you got them?
see in this post
Simply write a little proggie (ahem... virus) that does EXACTLY THAT... downloads random porn imaged from newsgroups. It is not illegal to NOT have an anti-virus program installed!
and installed the latest SP and has allowed MS to run software on his computer. Who is to say others haven't as well?
If you are a Windows user, you DON'T have complete control over your PC any more.
Here's the thing. I'll agree to let these insane folks out on the street again if you'll agree to let them live with you while they're out.
You! Yes, YOU! Out of the gene pool!
The machine in question was seized and taken for forensic examination immediately after the arrest? If not then WHY NOT? Thorough forensics revealed presence of trojan and case was not prosecuted. No? Then the UK police need to get a fucking clue!
Trojan? Porn? Yeah, I'll leave it to you to make up your own jokes.
For every post, there is an equal and opposite re-post.
And drinking is the interesting analogy because you generally begin sober and aware that drinking will lead to a lack of accountability. In many jurisdictions, this knowledge means you are still liable because the ultimate consequences are forseeable.
So now, what if I offered a site that wanted to distribute a banned kind of material (kiddie porn, secure encryption technology, that kind of thing) and it was known that anyone connecting could not legally ask for what they surely wanted. Isn't the obvious solution for me to make a virus that will "helpfully" download it for you? You'd just pay for "time at my site" browsing my fine HTML pages, not for the content. But, magically, the content would just get thrust upon you. Escort services use this dodge. Customer pays for time, not service. But customers get service, typically, or they don't come back. Still, legally, the transaction may be quite distinct from prostitution (so I'm told).
Then again, the escort service model obliges me to come to the issue of "victimless crime". Driving drunk and injuring someone has a victim, and we want to fix the legal system to minimize such cases. Escort services have no obvious victim, IMO, and so I'd argue the other way--that perhaps the simpler solution is just to legalize prostitution.
Child porn is caught in between these two scenarios, I think, with some parts of it falling into one scenario and some into the other. Certainly, if the pics are of real children, then that's bad. But it's within range of technology to make the entire industry based on fabricated images. Then who would be the victim? If no child was abused in the taking of the pictures, for all we know, the people in possession of them are sublimating urges they might otherwise carry out. Is taking the photos away going to cause them to not have the urge? Or just cause them to be out on the street seeking real children? We're so quick to make assumptions in this area, I just don't know why we don't just make a death penalty for anyone even suspected of child abuse or kiddie porn and be done with it mercifully, because nothing the person can do for the rest of their life after they're found in possession of something like this will ever be normal.
When I see a child being abused, it's not erotic to me. That it is to someone shouldn't make it a crime for me to see it--maybe I and all of us need to see that picture to understand someone's outrage about a crime. How do we know when someone is seeing something for a "legitimate" reason or not? There may be pictures of murders that arouse people, but we distinguish between "snuff films" (which are illegal because of their filming technique, not their content) and other films about murder, because murder is a fact of life we need to understand. I am alarmed at the concept that the mere possession of certain kinds of topic material, in and of itself, a crime. Who will study this crime if no one may possess its materials? Will images of murder, of feces, or other things that turn others on but not me one day also be illegal to possess? Where does it stop?
Sure--people are legitimately angry at people who harm children, and they want someone to punish. They can't catch the guy who makes it, so they find someone else to lash out at. (The drug war is the same way. Sometimes drugs cause problems, so we make all uses of drugs illegal whether they hurt anyone or not, just so there's always someone handy to punish when we're mad.) I just hope that in our rush to make it possible to punish people who too easily elude our present systems, we don't take away rights which are not causally related to any kind of harm. And I have to say, the idea of criminalizing the viewing a picture, any picture, in privacy, whether it's a field of daisies or a torture chamber somewhere, is
Kent M Pitman
Philosopher, Technologist, Writer
it cast a shade on his life. Between the vigilantes who assumed him guilty, the fact that he lost work, the time and money he spent on defending himself, and the fact that he didn't dare see his kids for two months, he got screwed.
Now, some district attorney (or whatever they call them in England) is saying "he got off scot-free. The system worked."
How many people do you know who are less than computer savvy and their computers fill up with spyware? If adware/spyware junk can end up inadvertantly installed, what's to stop BackOrifice or some other remote control app, or a hidden FTP client?
Picture this... Bob buys a new Windows XP machine, doesn't know about firewalls or even that it's a bad idea to click on "Yes" when a web page asks if you want to install something. Bob surfs on over to a page looking for a new Brittany Spears song and clicks "Yes" to downloading what he thinks is going to be the MP3 but actually turns out to install a stealthy FTP server that announces its presence to its creator.
Let's say the creator of this application maintains a list of all the infected machines and some child porn group decides it's not a bad idea to use a compromised machine as a hub for exchanging pictures. Sure enough, Bob's computer will be full of child porn he never knowingly downloaded.
I'd rather a few child porn downloaders end up not being locked away than one innocent person being locked up because they failed to secure their computer. My first Linux box I put online got rooted, I originally thought Comet Cursor was harmless and ended up with shitloads of spyware, and I consider myself pretty computer savvy. Nearly all my friends have constant battles with spyware and those that are less savvy don't even know why they get popups constantly even when they're not browsing the web. If you don't have full control of your computer, how can you be held responsible for its contents?
dude, plural of computer virus is..
your momma
don't argue.
Gee. Adding the words "Don't argue" doesn't make you right, it makes you look insecure and unable to defend your position.
So, the day has come at last. I must say I'm surprised, as I've been expecting it for over 5 years.
The point is that the law has to decide how much responsibility a person has for what their computer decides to do.
Up till now, the assumption has been that whatever your computer does, is done at your request, and you are wholly responsible. This despite the fact that that has never been true, and is getting further from the truth every year.
There is no legal tradition to apply here. The nearest analogy to the relationship between a person and his computer is the relationship between a man and his dog.
People have kept dogs for thousands -- most likely tens of thousands -- of years, so everyone has a rough idea what the deal is. The general legal view is that you have a duty to keep your dog from causing harm under forseeable circumstances, but there is a distinction between what your dog does and what you do. If your dog attacks a child, you are not guilty of Grievous Bodily Harm, but you might be guilty of keeping a dangerous dog. If your dog craps on the street, that is different than if you crap on the street, but you might still be fined.
If you are found guilty of not properly controlling a dog, you can be banned from keeping one. If your dog causes harm and is considered not to be controllable, the court can order it to be destroyed.
(If you deliberately cause your dog to kill someone, that is still murder of course, but your intention is crucial)
This is the only rational legal framework for crimes committed by a computer without the intention of its owner.
When will computers that run MS-Windows be ordered to be put down?
With each major change in technology, there is social upheavel. Checkers and chess: same board; altered function of the pieces.
I suspect this is not the last of something like this we will see. Growth is exponential, be it physical growth or intellectual advancement.
In the future, we may see the same kind of case with the exception of it was not the innocent man on the stand whose fingerprints are on the dead girls neck, rather his clone concieved (and corrupted for nefarious intentions) without his knowledge by a mad doctor from a strand of his hair left at the gym.
Like it or not, our societies are going to change and evolve; we are already seeing the cracks in the system.
There are a variety of solutions. The one John Ashcroft supports is a reversal of the current process, turning innocent until proven guilty inverted, imprisoning innocents as a side effect of relaxing the burden of proof to ensure the net casts on the guilty. That can be considered "the easy way", modifying a piece of the current system to accomodate situations previously unthought.
The alternative to putting band-aids on the symptoms without curing the cause is a reformation.
We will patch these problems for a while with a variety of laws and judgements and precedents, attempting to force the old world rules on the new world, but it is a losing battle and eventually the system will crumble under it's own weight. (How many people can we imprison, taking them out of the work force for petty crimes like marijuana and pornography until the free are simply working to keep the imprisoned as such. Once this point is crossed, who will work legitamately knowing their toils are mostly going to keep someone from working and supporting the system themselves?).
What we are going to need are revolutions. Cultural, ecological, agricultural, legal, governmental, medicinal in which we redefine the roles of the institutions within to function with the advent of perfect-digital copies, instant communication, technology (in many regards indistinguishable from magic), etc.
Two examples:
1) The difference between gulf war I and II was a matter of informational availability. In the previous gulf war, most on the scene news came from three guys in a hotel room. In gulf II wrought by unelected baby bush the information came freely over the internet (is it a coincidence, following the press debacle of rumsfeld saying one thing and the foreign press from all corners of the globe saying something totally counter, cisco who arguably runs the internet announces support for lower layer content examination and control?). Many people were horrified and fell into denial as they were presented with the pictures of what it takes to maintain the influence of the richest country in the world. The same thing has gone on since Day 1 in every empire, economic or otherwise, in history. The difference is now we can see it as it happens unfiltered by our handlers.
2) The RIAA's previous monopoly is basically over thanks to MP3. As technology evolved, it erased the need for a complex supply and distribution chain and threatens to uproot a lot of people's lives. This reminds of the people who build on a valley flood plain during a twenty year drought and then had their houses washed away when the drought ended. They had built on the land assuming it would remain as it and hadn't bothered to examine the historical context of the locality. The RIAA did not realize what had happened to telephone operators with the advent of the automated telephone switch. They were unemployed much like the carriage drivers at the advent of the car. But this is all elementary darwinism. The strong survive and the weak die off. The RIAA is weak; they are rich people used to a certain lifestyle that is based on exploiting the fruits of other's labor. In not following the trend, they have been replaced and are now fighting to survive, but the point is that they did not develop the skills to survive and the outcome is ine
After visiting the URL I just posted above (it had been a long time), I must mention: you might want to be more careful than I had initially suggested.
The site immediately pops up that bogus Windows' "Do you want to install and run..." dialog, so DEFINITELY DO NOT agree to that.
Then the site is hard to leave without subsequent redirections to porn-related stuff. I hate those web-weenie-bastards who do that stuff.
Most people, if you kick their dog, won't kill someone.
What's the difference between someone with a mild 'illness' like a hair trigger temper and a true ilness (NGRI)?
Should I plead 'hair trigger temper' and get anger management counseling?
Seems like both make a person unable to function in normal society doesn't it?
Guy was accused of having pornographic pictures of kids on his computer, right? Well he did! It's purely mitigation that it wasn't his fault - but legally it was still his responsibility, if the law was written that way. Bit like receiving stolen goods law.
Now if the burden of proof becomes the presecutor's to PROVE the defendant knowingly downloaded the material (as opposed to reasonable likelyhood),then we're going to get a lot of ISP log requests to differentiate between an upload by nastyware and a download by user.
dont worry about it now, the feds have seen your post and their at your door. *knock knock*
wake up neo. you pedophilic pervert.
This is my sig. There are many like it, but this one is mine.
The scary question is not whether or not he was actually involved in the aforementioned illegal material - but whether such a virus could and does exist. Judging by other /. comments, I wouldn't be surprised if one does, but even if it's not a virus, it wouldn't be hard for somebody's box to become a haxored harbour for illegal material.
Recently, I've been playing with my Samba server on my home network, which also serves as my router, etc. I accidentally malformed the "interfaces" line so that I was allowing connections from my "DSL" NIC as opposed to just the LAN one. Luckily, I found some suspiciousl logs fairly soon after (it logs by username, and there were some odd Chinese-sounding names trying to log in), and tracked down the problem. BUT, if my samba server had been owned, it would have been an easy route to the windows machine in the private network behind the Samba box (not to mention the previous samba exploit, recently patched). If hacked, this box and others could easily have been a harbour for illegal porn or other nasty files.
Also, this isn't mentioning at all the fact that there is a lot of misnamed material on kaZaa, etc - and while a lot is just movies named as other movies, some of it is pretty sleazy stuff that could theoretically get you in trouble with your wife/girlfriend, if not the police. You download the file and get caught... intent can be hard to disprove.
see you I will kick your ass! your post really pissed me off1 I do not need anger management counseling you prick; why i will blow your fucking head off!
So, if anything shows up on my systems that shouldn't be, I can blame virus-of-the-week on it?This almost gives me motivation to keep one of my boxes around the house running Windows. Almost.
The guy is a sicko. No doubt about that. Second, I have a real problem with the way they seem to be handling kiddie porn prosecution. They are going, it seems, after the users and not the sick bastard who took pictures of the children in the first place, and put them up on the web. If the kiddie porn producers are taken care of, then the user end pretty much gets taken care of by itself. I ain't saying that these sickos should not be watched. If you download them, chances are, you will upload them. So, yeah they should monitor the guy. I never said that what they user does is right either, it's just if the picture does not exist to download, well, you get the idea. He'll just have to go somewhere else for his sick fantasy. Also, there are a ton of porn sites that ride the edge in my opinion. I mean have you ever gotten a e-mail (that was not filtered yet) and the girl in that porn spam looked like she was WAY too young. I have seen this time and time again (SPAMMERS! Got to hate them....).
Gorkman
A more scientific explanation is found in the alt.usage.english FAQ:
(Emaphasis mine).File under 'M' for 'Manic ranting'
A friend was messing with my machine, changing my background and internet explorer start page, etc - so next time I got at his box I made a registry entry in HKLM->SOFTWARE->MS->Windows->CurrentVersion->Ru n that basically reloaded some other registry stuff every time his machine restarted. Of course, I'm not sick enough to set it up with K-pr0n, but a goatse link got the point over to him quickly enough that he should stay away from my machine if he wanted his to remain untouched :-)
I imagine many of you have used P2P apps like KaZaA. I'd bet money that almost all of you even downloaded some porn with it. Don't be bashful. There's nothing wrong with it. However I'm sure you too have noticed the overwhelming amount of BS crap files that get turned up in searches. Many of them say "underaged" or "pre-teens" or many other things that indicate a minor child. And many of them are pure junk and are simply pictures ripped from a Girls Gone Wild video. However some times you end up downloading a picture you just can't identify. You really can't tell if those are kids, flat-chested and baby-faced college seniors, or midgets. If you don't delete these files and leave them on your computer, are you now guilty of having child pornography if someone proves that the picture you downloaded 1 year ago and is still in you junk directory?
Lets say for example that your ex knows you have porn on your computer. Hell she and you used to watch it together. You break up with her and she's pissed. She makes an anonymous call to the police one night when drunk. The next day and overzealous police officer has a warrant from a judge looking for some good PR for the election coming up. They confiscate your computer and arrest you, even though all they have as proof is the anonymous tip. A lab goes through your hard drives and CDs while you're grilled by a cop with bad breath over how you abuse children. You don't want to call for a lawyer because you don't want to seem guilty. You think it's all a big mistake. The lab boys come back with the porn. The cops browse through it. A picture comes up of Devon in her early years. "Does she look like a minor to you, Bob?" "She sure looks like a minor to me, Chuck." They arrest you and charge you with child pornography, even though they have confirmed that the person in the photo is a minor. The PD and DAs office goes public to say how they've arrested a vile child pornographer. Media coverage. Citizen outrage at him. yadda yadda yadda. In the meantime he's arrained. This gives an assistant DA time to go through all the porn on the hard drive. Whoops. It turns out that the photo the cops thought was child porn wasn't. Hell it obviously wasn't. Damn overzealous cops. Nevertheless he goes through all the porn. He even enlists the help of a person in the pornography business who can recognize many of his fellow actors. Finally they come down to a small handful of pictures that no one can identify. Of these 3 could be of a minor. The DA picks the most child-like photo as proof and goes to trial. The prosecution paints the defendant as a vile, horrible child pornographer. A few of his ex-girlfriends step into the lime light to say how he was abusive or was obsessed with kids or some other bullshit like that. The defense lays out the facts of law and that the photo can't
When I was a stupid little kid, and just learning about the internet, I wanted to be a "hax0r" so I was running around the internet with a ip scanner, port sniffer, and various password brute forcing tools. Eventually my ISP cut of my family's service because they were detecting the portscans or something. I quickly installed a trojan on my own machine and blamed it. We had our service back that day.
Please mod this up a little bit. This needs to be seen and read by people.
Even without viruses, how many of you have automated scripts to bulk-download pages from link sites and binaries from newsgroups?
Now what if one day these sources get 'infected' with illegal content and for some (perhaps unrelated reason) you get search-and-seized before you notice it?
How can you be responsible for content you haven't even checked yet?
Strangely enough, none of the antivirus sites have a listing for a kiddie-porn downloading virus...
Manipulate the moderator system! Mod someone as "overrated" today.
Don't like the guy next door? Next time he's out, get into his house (where I live most people leave a door unlocked or window open, so this wouldn't be difficult) and download some KP to his computer.
... "But Your Honor, I swear I didn't even know it was on my computer! Someone must have planted it!"
If you want to be really tricky, hide it somewhere he won't find it, and come back once in a while over the next couple o weeks and download some more, delete some of it, etc. -- make the activity look "real." Hell, use his CD burner to put some on CD and stick it in the mess he no doubt has on his desk.
Then call the cops and leave an anonymous "tip."
There's no chance anyone will ever believe him; even if you left fingerprints galore all over the computer there's no way the cops would waste their time checking -- why try to help that sick pervert?
___
On a less hypothetical note, let me say you don't even need to waste time planting it. A friend of mine had a tussle with his roommate six months ago and ended up calling the cops on him (for legitimate reasons; his roommate has been arrested more times than I can count, he's a bit on the aggressively drunk side).
The roommate decided to get even by telling the cops he'd seen KP on my friends computer. They took it away from him (he needs it to work) and told him he'd have it back in two weeks if they found nothing on it; it's been six months...
I really can't see anything objectionable with just looking at pictures and jacking off. Frankly, if these people have to get their rocks off, isn't it better they do so into a box of Kleenex? If some nonce is at home having a w@nk then he's not out there doing any *real* damage; nor is he likely to be capable of any real damage for a few hours.
I say - decriminalise mere *possession* of images and concentrate resources on the *real* problems. For a start, find out what the real problems *are* instead of going around in denial (which is what the vigilante mobs are doing; they set out to attack suspected paedophiles to reinforce the idea that they themselves couldn't possibly entertain such a notion).
The amount of harm done to a child by the manufacture of one pornographic picture of them is the same whether one person or a million people look at it -- as long as looking is all they do. Remember the old rule of "innocent until proven guilty" - it used to be a principle of British justice.
Je fume. Tu fumes. Nous fûmes!
Does anyone else see the irony here?
Tequila: It's not just for breakfast anymore!
A trojan that auto-downloads stuff? I thought trojans usually opened your computer to the internet to let a hacker use parts of your hard drive? That's hardly auto-downloading since it's not really the virus that's doing it.
Beware: In C++, your friends can see your privates!
And I don't even want to think about how Paul Reuben would try to explain his...
Of course this is "not unheard of". The question this begs is if there is a person out there who does not know someone who's trashy M$ box has been abused in this manner. I know two people, my brother in law who likes music and a friend of my wife who is a competent NT sysadmin.
Your brother should rebuild the machine. It was owned and the owners could have installed anything they wanted on it, including services your "firewall" will not catch.
You should also caution your brother about running all sorts of services he does not need or use, such as remote desktop, or many of the other big bright blinking "rape me" services M$ puts on their boxes. The easiest way to do this is to not use windows. Look to Debian or Mandrake for reasonable setups.
My IT friend gave up windows for personal use a year ago. Someone put an ftp server on one of his NT machines. The server refused local connections, so that he could not see it from itself. The ftp directory was hidden, but he was able to see it when he looked hard enough. He was denied the ability to see within it, however. He could see the server from other machines, though he was not able to login. It should be rather obvious that he was not the owner of his own machine at that point. That was it for him.
Friends don't help friends install M$ junk.
It would be a stretch to go into court and claim that, as a result of visiting some malicious store, someone who you don't know was able to slip something into your pocket that taught your dog to kill on command from a remote control.
The ownership of a car might be more apt.
If my car runs over someone, I'm liable. But what if someone deliberately puts something in the road that causes my tires to blow out, thereby causing my car to veer out of control and hit someone?
I'm sure that I'd still bear some liability (at least in a U. S. court), but I'd be able to skate on part of it because control of my vehicle was taken away from me by persons unknown.
-- I have monkeys in my pants.
Isn't the Trojan supposed to be the protection? That's what their commercials tell me.
I realize that my post hardly affects your proposal. Your proposition is still very much on the money.
Computer owners need to bear some responsibility. If you can't control it, you should have one. Just like cars and dogs.
-- I have monkeys in my pants.
Of course. This logic is what has led to such a resounding success in the War On Drugs, which as we all know, ended in 1986, after a few years of fighting the suppliers.
Back Orifice 2k, get into someone's system after successful implant of the trojan/remote admin tool. Then store your illicit goods in a deep buried subdirectory somewhere in a hidden (folder options / do not show hidden files)c:/windows/something/something/ . With 80gig hard drives being fairly average. It would be easy. And scary. As for antiviris software, how many normal non geeky people use it religiously ~only after~ having been hit with something?
"There is always some madness in love. But there is also always some reason in madness."- Friedrich Nietzsche
Imagine a virus that downloads kiddy porn and stolen credit card numbers onto your hard drive, then emails the FBI and deletes itself. Ouch. How could you defend against something like that in court?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
That's just as well, because the fact that the mere posession of child pornography is punishable is absurd.
Pete Townshend was charged, although he quite credibly claims that he was researching the issue. I for one would give him the benefit of the doubt.
The real criminals are those who abuse children, and that's a crime independent of the posession of pictures. Arguably the posession of pictures should be legal - if for no other reason, then because the more widespread they are, the more easily available the evidence against those who actually abused the children in the first place!
Erm, just a guess, but I would suspect the person who said it was Tom Waits. :P
Has Symantec released the update for this!
How about WindowsUpdate...will that protect me!
AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
Seriously -- if people knew more about the systems they run on, they wouldn't have problems like this. For example...all pictures should be stored in the 'My Pictures' folder provided by Microsoft. Why do you think it's there?
(Okay..maybe that wasn't so serious.)
until they decompile the trojan, or find proof otherwise. The burden of proof is on the prosecution.
Then the defense would have to prove the defendant didn't build the trojan.
interesting
The court doesn't know what the Windows code does. IANAL but I reckon it might be entertaining to construct a defense around the statement "Windows did it".
One thing quite a few people seem to have missed, both in this Trojan case and in NGRI cases, is that simply making a claim is not sufficient. In an NGRI case, the prosecution must be convinced or a jury must be convinced by expert evidence (medical examinations, etc.) that the accused is actually suffering from more than a desire to avoid responsibility. Likewise, in this Trojan case, an outside expert determined that such a Trojan DID exist and DID download files -- and he proved it well enough that the prosecution accepted it.
What I have to wonder about is why it took so long to determine this. Did investigators simply decide he was guilty at the beginning and refuse to consider other possibilities?
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
So any Linux using peadophiles are going to jail then? After all, they can't plead trojan.
Beep beep.
Another nutters comments: http://www.geocities.com/totierne/hammer9.html
l low Analyse this
hell go mad and read a whole nutters blog through recent breakdown.
http://www.geocities.com/totierne
fo
Anonymous Coward: aka Turloch 'bipolar' OT
5 breakdowns and back on my feet.
You approach the situation and the person starts running away. I do not know exactly what I would do but there is a chance that the average person would be inclined to chase him down and cause great harm with any weapon they could find.
If you happen to accidentally instead blow away the police officer who's been trying to track down the guy for peering into a window a few houses down thirty minutes ago, then you're causing more damage to society.
Our legal system is designed to, if at all possible, defer punishment until it can be reviewed in a levelheaded manner by a jury of peers, and to prevent escalation of a situation. Why? Because preventing people from making sudden, potentially nasty calls in the heat of the moment tends to be a good idea.
Obviously, that doesn't work if someone has a knife to your throat. You *can't* defer judgement then, which is why we have a self-defense defense.
If everyone carried guns and was legally entitled to fire at a fleeing suspect that is not threatening them, then a case of mistaken identity and a couple of people making mistakes in the heat of the moment could cause a sudden large shootout.
May we never see th
The degree to which firewall vendors can get away with overselling their product amazes me. It even dwarfs the antivirus vendors of the last decade (matter of fact, a coupla companies sell both -- similar marketing skills). You keep people afraid and they keep giving you money.
(a) You *do* realize that those TCP connections you saw with netstat could be all sorts of things? Old waiting-to-time-out http connections, etc. They don't mean that someone's controlling your computer from the outside.
(b) If it's in "My Documents", the chances are a million to one that it was someone using the computer locally. Someone in your family, or a friend, or whatnot.
(c) If it really is a security issue, it's cheaper and less intrusive to just turn off shares/flip off the web server/etc that you're running, instead of leaving all that crap in place and snapping a firewall on top.
May we never see th
Of course. This logic is what has led to such a resounding success in the War On Drugs, which as we all know, ended in 1986, after a few years of fighting the suppliers.
Uh...so your logic is that the War On Drugs should go after end users as well? It *does*.
I think the same problem applies to kiddie porn. People want it, and it's essentially impossible to keep it from flowing (it's *data* for chrissake...we use the same argument about the RIAA and music).
May we never see th
gtk-gnutella has the ability to autodownload anything grabbed from search results flying past you on the wire that match some set of criteria you set. So if you leave it running, and tell it to download everything with "friends AND episode" in it and a search result comes past reading "two underage lolita girls fuck their friends [kiddie porn episode].avi", your filter will match, and the client will start yanking it down.
May we never see th
do this all the time. i mean ALL the time.
they use x-scan or some other tool like grims ping and scan entire networks for vulnerable 2k machines with shitty passwords or IIS holes, get access to it, and turn it into xdcc bots that serve warez on IRC servers using that machines bandwdith. this is nothing new really..
its brilliant actually since it runs it as a hidden process, named like SVChost or some bs thing that no one will notice, starts on boot, and has serv-u, as well as that xdcc serving bot all running. and to make things worse, serv-u can execute programs, so use flashfxp and you have total control of that machine. through an ftpd.
for gods sake people, port over chroot haha.
Um Ah Jhonny Chocraine! Help! Oh wait, I hacked the CIA database in Quantaco? Oh shit, must be that email virus thats going around
Makes me wonder if they have computer Robetusen
Science will save us. The question is, will it destroy us first?
I think it's a relatively weak correlation that the Trojan showed up the day before the images did. It seems likely that the Trojan downloaded them, but I wouldn't call that proof! Couldn't they analyze the trojan, either by reverse-engineering it or by running it in a controlled environment, to prove "beyond a shadow of a doubt" that it was the Trojan and not Mr. Schofield who downloaded them?
There's reasonable doubt that he's not guilty. After all, he hasn't been proven innocent yet, has he? Just to drive the point home, we're talking about folks that would harass and threaten a pediatrician...
Caught in a loop
and I can't log out
I've been hacked on my port 80
Why can't I free
system memory
Why didn't McAffe's checker save me
I cant go online ever
with these malicious MIMEs
Now I know I should have never
clicked suspicious MIMEs...
Popup windows
that I can't ever close
Backspawn themselves and won't go away
My javascript's bad
I guess I've been had
by some script kiddie based in Bombay
My own ISP
is denying service to me
They say I hosted last night's ping storm
And I'm spamming the net
and people I've never met
Are questioning my taste in p0rn
I cant go online ever
with these malicious MIMEs
Now I know I should have never
clicked suspicious MIMEs...