Botched hack brings down major US port

A UK hacker brought down the computer system of a major US port in a botched and potentially "catastrophic" denial of service revenge attack on another chatroom user, Southwark Crown Court heard today.

The Port of Houston in Texas had its servers hijacked by Aaron Caffrey, 19, from Shaftesbury in Dorset, who used a well-known 'Unicode' exploit to take advantage of security vulnerabilities in Microsoft's IIS web server software, the prosecution claimed.

The denial of service attack on 20 September 2001, which was traced to a computer at Caffrey's home by US police, was allegedly aimed at taking a South African chatroom user called 'Bokkie' offline after she had made comments on IRC attacking the US. Caffrey allegedly took offence at the comments because his girlfriend at the time, Jessica, was American.

Chatroom logs read out at Southwark Crown Court today heard that a user calling himself "Aaron" told another chatroom user on the night of the attack: "She [Bokkie] hates America. She was probably one of the people cheering when Bin Laden attacked the USA. I want to see her time-out. If she hates America, she hates Jessica. That is a no no."

The chat logs also revealed that "Aaron" used a list of unpatched servers downloaded from the internet to hijack the machines and launch a denial of service attack on Bokkie. But it almost ended in disaster when it crashed the Port of Houston's systems under the weight of 100,000 requests to ping data at Bokkie's computer, leaving vital navigation and weather data inaccessible.

US police traced the source of the attack to a computer at Caffrey's home in Dorset and the IIS Unicode denial of service tool "coded by Aaron" was found on Caffrey's computer during forensic examination.

Caffrey, who suffers from the autistic disorder Asperger syndrome, denies he was responsible for the attack and in police interviews claimed his computer was hijacked by other hackers. In the interviews Caffrey said he had only ever run exploits on his own website which runs on Microsoft's IIS server and that he has never modified data.

"My OS supports remote admin and remote assistance. At that time, the patches were not available. Anyone could control it. Windows Media Player was also unpatched. Someone has either hacked me or edited those log files. They have planted it or added to it," he said in police interviews.

With reference to the IRC logs he said hackers – often Turkish – regularly took over chatrooms with other users names and when quizzed about the Unicode hacking tool "coded by Aaron" found on his PC he said: "Aaron is a very, very common name".

But DC Stunt investigating the case, said in court today: "I see no evidence of your machine being exploited."

The case continues.

ZDNet UK's Munir Kotadia contributed to this report.