US courts turn blind eye to hacking in order to convict child porn criminal, Sophos Anti-Virus comments

Sophos Press Release
United States Court of Appeals, Fourth Circuit

Sophos, a global leader in anti-virus protection for businesses, warns that last week's verdict from a US federal appeal panel could have far reaching implications for the IT security industry. During a child pornography case, evidence supplied by an anonymous hacker was deemed submissible.

Reports on US news site CNET explain that an anonymous hacker, known only as Unknownuser, planted a malicious Trojan horse, Subseven, on the computer of William Jarrett, a visitor to an internet message board. The hacker then used this Trojan to remotely search Jarrett's computer for pornographic downloads and followed up by sending tip offs to the FBI.

"Some people might think it's a good idea to let Trojan horses which are being used to trap criminals to slip through the net. In the future law enforcement agencies may even try to apply pressure on vendors to deliberately not detect certain Trojan horses. The reality is there's no way of knowing whether code is being used for good or bad, so we have no choice other than to flush it all out," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "The Subseven Trojan has been used for subversive purposes in the past; this decision to turn a blind eye to it in some instances but not in others is completely unworkable for IT security vendors."

The US District Court of Virginia originally ruled that the hacker's evidence could not be considered as it was in breach of the Fourth Amendment (which forbids US Government officials from undertaking unreasonable searches or seizures). However, under appeal, it was ruled that the hacker was acting independently of the Government, so the Fourth Amendment did not apply. This was found even though a string of email correspondence between the hacker and the FBI was uncovered.

Indeed, an email from FBI agent Faulkner to Unknownuser, described in the Appeal Court as "the proverbial 'wink and a nod'", explained: "I can not [sic] ask you to search out cases such as the one you have sent us. That would make you an agent of the Federal Government and make how you obtain your information illegal...but if you should happen across such pictures as the ones you have sent to us...please feel free to send them to us."

The emails between the FBI and the hacker were described by the Appeal Court as a "'pen-pal' type correspondence". At no time did the FBI tell the hacker to halt activity, which the Judge described as "discomforting". However, in summing up, it was ruled that the anonymous hacker's evidence should stand.

The full appeal judgement can be found on the court's website. It can also be downloaded in PDF format.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at