Today, in an unusual Christmas ruling, Judge Phantly R. Bean
of the 14th US District Court ordered the release of Dietrich
Sorensson who had been arrested this summer by the Federal Bureau of Inquiry
for the HighTempOverride attack
on the Rafael Ravard Refinery last year. Bean’s ruling came on a defense motion
to throw out all evidence that was related to the computer records of the
attack.
Bean’s ruling noted that:
“The defense has rightly noted that
there is no computer record available of the attack that has not been altered
by company employees trying to correct the problem, private investigators hired
by the company to determine the source of the problem and finally FBI
technicians trying to reverse engineer the changes made by those personnel.
Thus, the computer record of the attack is so tainted that it has no evidentiary
value.”
Defense lawyers had claimed that the prosecution’s identification
of Sorensson’s involvement was based solely on that tainted evidence. This
means that the FBI search warrant that allowed for the seizure of Dietrich’s
computer was illegal and the evidence from that computer could not be used in
trying the case. Bean agreed with that argument and ordered the release of
Sorensson.
Johnathan Quest, the FBI spokesman, had no comment about Bean’s
ruling. A source in the FBI technical services who was not authorized to speak
to reporters, noted that the FBI internal procedures had long called for
maintaining original, unaltered copies of malware, but that those standards had
not been applied to the altered copies of control system device programs that
had been recovered after the attack. It was information in that programing that
had led to the identification of Sorensson as the attack author.
Cesar Chavez, President of the Rafael Ravard Refinery, told
reporters that he was disappointed by Bean’s decision today. He said that the
company would look at other options for dealing with the alleged attacker,
including possible civil actions.
Immanuel C. Securitage, spokesman for ECS-CERT, told reporters
today that the organization was working on a guidance document that would
outline procedures for recording the attack-state of a control system, before
work was begun on recovering the system from an attack. This forensic record process
would pre-empt rulings like the one today. He did acknowledge, however, that
the problem would lie in determining whether or not a cyber-attack was responsible
for a manufacturing process upset, and thus trigger the recording of the
attack-state, or if the upset were due to some other type of cyber event.
Cautionary Note: This is a Future News Story
No comments:
Post a Comment