The Trojan horse defense started receiving attention through several different computer crime cases. This defense attributes the commission of a cybercrime on a malware, whether a Trojan horse, virus, worm or other program.[1] The phrase is used due to the fact that most of the successful Trojan horse defenses have been based on the operation of alleged Trojan horses.[2] Although this defense is still in its infancy stage, various cases have proven the effectiveness of the Trojan horse defense. Due to the increasing use of Trojan programs by hackers, this defense is likely to become more widespread.[3]
Legal Issues
Law enforcement agencies must combat the increasing challenges posed by viruses and Trojan horses as they introduce an element of doubt in legal cases.[4] Therefore, it is important to consider how a Trojan Horse Defense can be invoked and rebutted.
How the Trojan horse defense is used:[5]
- Raise Reasonable Doubt: Deny any involvement in the crime charged and claim that it was committed by someone else.
- Negate Mens Rea: A useful alternative for those who cannot deny their conduct that could constitute as the actus reus of the crime.
- Establishing the Defense: Present evidence establishing that a Trojan horse program (or a malware) was installed on the computer by someone else without any knowledge.
Response of Prosecution:[6]
- Establish Computer Expertise: The defense is likely to argue that they have very limited knowledge on computer technology and therefore vulnerable to exploitation by an unknown hacker. To rebut such claim, it needs to be shown that the defendant has enough knowledge about computers to protect them. Those with computer expertise are less likely to become a victim to such an attack.
- Negate the Factual Foundation of the Defense: Conduct a technical analysis of the defendant’s computer to determine the presence or absence of malware that could support the defense. If malware is found, there would be a thorough analysis of the computer in an attempt to show that the malware did not contribute to the criminal act. If malware is not found, prosecutors can use this to rebut the defendant’s claim that a Trojan horse is responsible.
Procedures followed by computer forensics experts to establish innocence or guilt:[7]
- Make a copy of the computer in question as early as possible to prevent contamination
- Mount as a second disk onto another machine for experts to run a standard anti-virus program
- If a Trojan is found, it is necessary to examine the totality of the circumstances and the quantity of incriminating materials
- Determine the vulnerability
- Consider the time and date stamps of offending materials to identify if materials has been uploaded on a regular basis or over a limited number of sessions
Cases Involving Trojan Horse Defense
There are different cases where the Trojan horse defense has been used successfully. Typically, it involves computer manipulation where the computing device is under the control of an unknown third party. The assertion is that the computer has been infected by a virus or a malware that allows the execution of programs or running of services without the owner’s knowledge or consent.[8]
Julian Green:
A United Kingdom-based case, where Julian Green was arrested after 172 indecent pictures of children was found on his hard drive.[9] The defendant also relied on the Trojan horse defense by blaming the charges on a computer malware. The defense argued that Green had no knowledge of the images on his computer and that someone else could have planted the pictures. This was supported by a computer forensics consultant, acting as an expert witness who identified 11 Trojan horses on Green’s computer, capable of carrying out actions without the user’s knowledge or permission.[10] He was acquitted of all charges after the prosecution offered no evidence at Exeter Crown Court, by failing to show that Green downloaded the images onto the computer.[11]
Karl Schofield:
Karl Schofield was also acquitted by using the Trojan horse defense. He was accused of creating 14 indecent images of children on his computer but testimony was given by a defense witness that a Trojan horse had been found on his computer.[12] Prosecutors accepted the witness testimony and dismissed the charges, concluding they could not establish beyond a reasonable doubt that he was responsible for downloading the images.[13]
Eugene Pitts:
A US-based case involving an Alabama accountant who was found innocent of nine counts of tax evasion and filing fraudulent personal and business state income tax returns with the Alabama state revenue department.[14] The prosecution claimed he knowingly underreported more than $630,000 in income over a three-year period and was facing a fine of $900,000 and up to 33 years in prison.[15] Pitt argued that a computer virus was to blame for under-reporting the income of his firm, although state prosecutors noted that the alleged virus did not affect the tax returns of customers, which were prepared on the same machine.[16] Pitt was acquitted of all charges.
Controversies
This defense particularly requires an accurate assessment since it determines the guilt or innocence of a person. It would be troubling if an individual guilty of disturbing crimes, such as possessing child pornography were set free, but even more troubling if an innocent person were convicted of a crime they did not commit.[17]
It is problematic that criminals can use this defense strategy to camouflage their crimes. For example, criminals can potentially plant Trojans on their own computers and later use the Trojan horse defense to escape prosecution of their crime. Furthermore, the availability of the defense raises concerns that the defendant can use a jury’s ignorance, and likely suspicion, of technology to obtain an acquittal even when the evidence overwhelmingly supports a conviction.[18] It is possible that some cases are being acquitted since juror are not technologically knowledgeable. For a layman juror, the sheer volume and complexity of expert testimonies relating to computer technology, such as Trojan horse, could make it difficult for them to separate facts from fallacy.[19]
On the other hand, it is crucial to prevent wrongful prosecution of an innocent person. Unfortunately, it is difficult to prevent the problematic matters that arise during the term of the investigation. For example, in the case of Julian Green, before his acquittal, he spent one night in the cells, nine days in prison, three months in a bail hostel and lost custody of his daughter and possession of his house.[20] In the following case of Karl Schofield, he was attacked by vigilantes following reports of his arrest, lost his employment and the case took two years to come to trial.[21] While an acquittal of an innocent person is crucial, such distressing experience a person has to go through is one of the few controversial matters.