A so-called hacktivist's Trojan program that allowed him to infiltrate the judge's computer and find evidence of child pornography possession raises legal and ethical questions for some.
By Sharon Gaudin
Feb 23, 2007 01:32 PM
A former California judge was sentenced this week for possession of child pornography, six years after a vigilante hacker infiltrated his computer with a Trojan horse computer program designed to weed out pedophiles.
Former Orange County Superior Court Judge Ronald C. Kline, 65, of Irvine, Calif., was sentenced Feb. 20 to 27 months in federal prison for possessing thousands of images of under-age boys engaged in sexually explicit conduct. He pleaded guilty in December 2005 to four counts of possession of child pornography, admitting that the images of child pornography were on his home computer, two floppy disks, and one portable disk drive, according to a written release from the U.S. Attorney's Office in the Central District of California.
The sentencing wrapped up nearly six years of legal wrangling over the admissibility of evidence obtained from Kline's computer.
Brad Willman, a Canadian known in hacker circles as Citizen Tipster, wrote the Trojan and embedded it in images of child pornography. He then planted the images on newsgroup sites frequented by pedophiles. Once users downloaded the images, their computers would be infected by the Trojan and Willman would have access to their machines so he could root around in them, looking for other child pornography or even molestation evidence.
Willman has not been charged for the computer break-ins or for writing and distributing the malware.
The vigilante hacker found other images of child pornography on Kline's computer, along with a personal diary recounting his "sexual interest" in young boys, according to Assistant U.S. Attorney Greg Staples, who worked on the case. Kline, who was a judge from 1995 to 2003, also was a Little League umpire in the town he lived in.
Staples says Willman passed the information on to a group that tracks pedophiles, and the information eventually made its way to California authorities, who began an investigation.
"We wouldn't have known about this without him," says Staples, who adds that a search of Kline's home revealed 1,500 images and 24 videos of child pornography. "It began the investigation ... he fancied himself a predator hunter." Staples also says a search of Kline's judicial chambers found he used his court computer to visit pedophile sites, as well.
The ethical difficulties with the investigation, which in itself was illegal, led to complications for the prosecution. The federal case took a major setback when U.S. District Court Judge Consuelo Marshall ruled in 2003 that the evidence Willman found on Kline's computer amounted to an illegal seizure, saying the man, who called himself a "hacktivist," was acting as an agent for law enforcement.
The Ninth Circuit Court of Appeals overruled that decision in 2004. The case never went to trial because Kline pleaded guilty in December 2005.
Staples says it was easy enough to prove that Willman had not been acting as an agent for the police because it took them upwards of six months just to track him down to verify his identity and what he found on Kline's computer. "The key issue, as far as this case goes, is whether the government had knowledge of what this person was doing," he adds. "Clearly, we did not. He did his search six months or more before we even knew who he was."
The question now is whether this case will spur more would-be vigilante hackers to take up arms against any number of groups or causes. While the prosecutor claims the state wouldn't have had a case against Kline without Willman's help, virus writing and accessing someone else's computer is a legal minefield. And if the malware or intrusion had caused more than $5,000 in damages to the computer, the hacktivist could have been facing federal charges.
"You don't want vigilante amateurs getting involved in this," says Graham Cluley, senior technology consultant for Sophos. "They are breaking the law. ... The danger here is taking the law into your own hands."
Keith Jones, a senior partner with Maryland-based Jones, Rose, Dykstra & Associates, a digital forensics company, says infecting machines with malware could damage evidence that law enforcement will need to make the case. It also could give the defense something to argue during court.
"A case without a Trojan is going to be a heck of a lot easier to prove," says Jones, who has done forensic investigations on more than 100 cases, including the UBS PaineWebber case last year. "If there's a Trojan on there, you're no longer examining a computer that only the owner has been able to touch. Now you have the added job of figuring out if this picture was downloaded by the person physically controlling the keyboard or by the person controlling the Trojan. ... It lets the defense argue that someone else had the ability to do it."
Assistant U.S. Attorney Elena Duarte did not work on the Kline case but as chief of the Cyber and Intellectual Property Crimes Section for the Los Angeles office, she warns would-be hacktivists that no matter the cause, hacking is still against the law.
"I would caution folks who think that just because there's a moral justification it makes it all right to violate any laws," she says. "Computer intrusion statues don't provide for a justification if you have a good motive. It's not a good thing and it certainly should be discouraged. ... It puts them in a position of a potential target for prosecution."
Duarte says anyone thinking of working as a vigilante should make sure they know the law, and consider if they want to run the risk of being criminally prosecuted.
"It's always good to see criminals brought to justice but the means of doing that are just as important," says Duarte. "If the means are not appropriate, then we certainly don't encourage them."
http://www.informationweek.com/security ... =197008431