Black Hat puts hacker on mock trial

LAS VEGAS--A raucous conference crowd heard real-life attorneys battle over a hacker's guilt in a mock trial held to illustrate how slippery electronic evidence can be in computer crime cases.

The mock trial, staged Wednesday at the Black Hat Briefings security conference here, centered on whether a video game designer had violated federal criminal laws by helping someone to break into U.S. Air Force computers.

In the government's evidence were purported e-mail messages without headers, and representations of Internet Relay Chat conversations--both of which can be altered without leaving a trace.

Richard Salgado, a computer crime prosecutor with the U.S. Justice Department in Washington, D.C., said that he participated in the mock trial to demonstrate to the conference audience what types of records should be kept to aid in possible criminal prosecutions of electronic intruders.

"It shouldn't be scary," Salgado said. "A lot of people in the audience are going to be the first responders, collecting the evidence...They really need to think of us."

Salgado co-authored the Justice Department's 2002 cybercrime manual. He also wrote a Justice Department bulletin in March 2001 that offered network and system administrators reasons for why they should report intrusions to law enforcement. Justice Department officials have complained that relatively few intrusions--almost all of which would violate federal law--are reported to police.

In the mock trial's scenario, a disgruntled employee of GetA Entertainment helped a teenage boy to enter an Air Force computer and use it to attack GetA's servers and modify character information.

In evidence, the teenager admitted to the intrusions, but said a designer at GetA Entertainment nicknamed "Weasel" had provided him with the undocumented commands and the unpublished Internet addresses that made the break-in possible.

"It's an area where we see a few cases, but obviously as technology blossoms and the potential for civil and criminal litigation increases, we'll see more," said U.S. District Judge Philip Pro, the chief judge for the Nevada district.

Pro said that he has participated in mock trials convened by economists and forensics scientists before, but that a computer security theme before a boisterous audience of hundreds was a novelty for him. In any kind of complex technology cases, Pro said, the key was for attorneys and technical experts to "use knowledge that the average person can understand."

Salgado acknowledged that the facts of the hypothetical case were fanciful--such as what happened to a virtual Pfizer's Rod of Endurance, a piece of evidence--but the underlying legal lessons were not.

The scenario was "based on recurring patterns," Salgado said. "It was intentionally designed to keep the audience's interest."

The mock trial, which lasted three hours, ended with a hung jury. Jury members were chosen randomly from conference attendees. Jennifer Granick, director of Stanford University's Center for Internet and Society and mock defense counsel, applauded the verdict, saying "any hung jury is a win for the defense."