Judge rules cops' hacker went too far

[Sockfulloflove]

The decision, handed down earlier this month, is believed to be the first to say that hacking into an Internet-connected home PC without a warrant violates the Fourth Amendment, which prohibits unreasonable searches and seizures.

"This makes it clear that law enforcement needs a search warrant to do this," said Orin Kerr, an associate professor at George Washington University Law School. Kerr said the ruling was the first of its kind.

The Virginia judge suppressed evidence of child porn possession after the defendant's lawyers argued the evidence had been illegally obtained by a hacker whose methods had received approval from law enforcement officials.

The decision came out of a case in which a hacker uploaded a file to a child porn newsgroup that made it possible to track who downloaded files from the service. The uploaded file contained the SubSeven virus, which the hacker used to remotely search people's computers for porn.

The hacker then played the role of a cybervigilante, sending anonymous tips to law enforcement officials alerting them to child porn files the hacker had found on people's PCs.

In one case, the hacker tipped off officials in Alabama about a doctor in that state who had downloaded files from the newsgroup. The doctor was eventually sentenced to 17 years in prison. The hacker later contacted the same officials about a Virginia man who the hacker suspected was involved with child porn.

The Alabama officials told the FBI of the hacker's suspicions. The bureau, through the Alabama officials, encouraged the hacker to send more information. Based on that further data, U.S. attorneys and state prosecutors filed numerous charges against the Virginia man, William Adderson Jarrett, related to creating and receiving child porn.

Jarrett pleaded guilty. However, his attorneys also argued that the FBI had violated Jarrett's Fourth Amendment rights when they retrieved the information, via the hacker, without a warrant.

The judge agreed with that assertion, ruling that the evidence could not be used in court because the FBI had approved of hacking as a means of obtaining it, a move that violates protections against unreasonable search and seizure.

"By requesting that (the hacker) send the information," the judge's ruling said, "the FBI indicated its approval of whatever methods (the hacker) had used to obtain the information."

The decision put Jarrett's guilty plea on hold.

Although U.S. prosecutors are likely to appeal the ruling, the case could be a cautionary tale for agencies that try to use hackers as an arm of law enforcement without first obtaining a warrant.

The ruling also could open the door for other defendants to use similar arguments in their cases.

[MoonMan]

The SubSeven virus is a nasty virus indeed:

From News.com

Mutations make new SubSeven virus riskier


By CNET News.com Staff
March 15, 2001, 9:45 AM PT


A new version of the SubSeven Trojan horse virus has emerged, with features that make it even more dangerous than before.
SubSeven typically infects computers by posing as an innocuous e-mail attachment. The program allows an attacker to retrieve saved and cached passwords and decrypt some of them, to modify registry settings, and to manipulate files from a remote system.

Once resident on an infected computer, the software copies itself to the Windows directory with the original name of the file from which it was run. It then unpacks a DLL (dynamic link library) to the Windows system directory and edits the Windows Registry so that SubSeven will run every time Windows boots up.



New features in the virus include the ability for attackers to disguise their identity by connecting from an alternate IP address via proxy support. The proxies help attackers hide their identity by adding another machine between victim and attacker.

Also new are built-in CGI scripting utilities that allow attackers to remotely and automatically post the addresses of vulnerable systems on the Web.

SubSeven 2.2 has added the ability to let the attacker be notified through IRC, ICQ and e-mail. It can also log keystrokes and send the log as an undetected e-mail.

Also built-in are features that help to fool Web users into revealing their passwords, such as fake login screens for programs such as ICQ.

http://news.com.com/2100-1001-254164.html?tag=rn

http://www.europe.f-secure.com/v-descs/subseven.shtml