C|Net News: Police blotter: Trojan horse leads to porn convictions
In early 2000, a computer hacker who used the now-defunct e-mail address unknownuser1069@hotmail.com seeded a Usenet newsgroup called alt.binaries.pictures.erotica.pre-teen with a clever bit of malicious Windows software.
The Trojan horse program, called SubSeven or Sub7, can look innocuous. But once installed, it installs a backdoor in the victim’s computer and can allow files to be extracted and a keystroke logger to be installed.
SubSeven did its job. On July 16, 2000, “1069” sent e-mail to the Montgomery, Ala., Police Department saying, “I found a child molester on the Net.” The e-mail included an attached photograph of what looked like a girl no older than 6 being sexually abused.
At the urging of Montgomery Police Capt. Kevin Murphy, “1069” eventually turned over more and more information that led back to a computer owned by Bradley Joseph Steiger, who had worked as an emergency room physician in Alabama. The hacker’s finds included information from Steiger’s AT&T WorldNet account, records from his checking account, and a list of directories on his computer’s hard drive where sexually explicit photographs were stored.
“1069” refused to be identified, saying he was living in Istanbul, Turkey, and did not want to be involved in any court proceedings. During Steiger’s trial, the prosecutor said “we have not seen anything to indicate that this person is other than…a citizen of Turkey.” That turned out not to be entirely true: The FBI actually had made contact with “1069” through a U.S. phone number. [Read for much more]