Hacker Court is once again returning to the Black Hat Briefings! For our seventh Black Hat presentation, we will be conducting a mock court trial focused on the issues of entrapment, journalist privilege and wiretapping, titled "Hack MyFace."
What is "Hacker Court?"
Hacker Court is a loose organization of attorneys, security professionals and hackers with the goal of demonstrating the dynamics, frustrations and complexity of computer crime trials.
The Hacker Court mock trials endeavor to teach a technical audience the reality of computer crime trials.
Before joining Tenable, I was a free-lance security consultant and developed a particular interest in computer crime cases after personal experience in dealing with an intrusion. I thought I knew a lot about the process, but it wasn’t until I actually worked on a case with the Federal Defender’s Office in NY that I realized just how naïve I was on how the legal system really worked. The defendant was even more naïve and honestly thought that a “jury of his peers” meant that people like Simple Nomad, Jericho and Rain Forest Puppy would serve on the jury. After all - his “peers” were hackers!
Since then, I’ve been involved in other cases and these are a few of the major lessons I’ve learned:
1.Defendants lie, even to their own defense team
2.Admissibility of evidence is up to the judge, not the technology or its merit
3.A jurist with an infosec background would be disqualified from serving on a computer crime case
4.Defense experts cannot talk about the case no matter how much the defendant smears them to his friends
5.There are no “Matlock” moments
6.The trial is all about the attorneys’ performances
7.Technical evidence is boring, especially to the jury
8.A case will most likely not be prosecuted unless there is a 95 chance of a conviction. Corollary: if you go to trial, you're probably going down.
9.Cross examination of witnesses is brutal
10.The trial may take place years after the crime
The most important (and scary) lesson I learned is that the case will be won or lost by the side that makes their story compelling and interesting. Technical details are neither.
How it's Done
The Hacker Court mock trials demonstrate these points by enacting a courtroom environment where the audience is the jury. There is no pre-set outcome and we take great pains to make the sure the deck is pretty evenly stacked (which differs from most trials where the prosecution usually wins). Although we work out the facts of the case ahead of time, much of the testimony from witnesses is ad-libbed, often with amusing results.
Hacker Court differs from an actual trial in that we streamline the process and have some fun with it. An actual trial can take weeks - we have 2 hours, which normally wouldn’t cover the opening remarks. Most trials are also extremely boring, despite what you may see on TV. We take many liberties to make it fun, which no judge in his right mind would tolerate in an actual trial. For example, our 2004 presentation “Pirates of the Potomac: The Curse of the Bl4ck Perl” featured Simple Nomad as “Captain Jack Hack” (aka “Cracker Jack”), a hacker accused of “war-sailing” up the Potomac.
This Year's Case
This year’s presentation will once again feature Simple Nomad as the defendant, a “l33t” hacker who frequently posts to a blog run by a journalist who investigates cases of identity theft and exposure of personal information. Nomad claims to have a zero-day exploit that will work on any social networking site and is goaded by another blog poster to prove it by exploiting a social networking site called “MyFace.”
A more complete case summary, along with Speaker bios, may be found at the Black Hat site.
Both sides will argue their case on August 6, 2008 at the Palace 1 ballroom during the Gala Reception of Black Hat. Who will win? That's for the audience to decide! So if you’re coming to Black Hat, grab some food and drink from the Gala and join us in the Palace 1 ballroom!