Home » Hacking » Creating Plausible Deniability

This topic seems confusing to most, but it will very easily save you when you need it.  I need to start right off by stating I don’t encourage anyone to break any laws.  This information is for educational purposes only.  I am not a lawyer and do not pretend to be one.  This information is a result of lectures and talks with industry professionals.

In the US constitution the burdon of proof is on the accuser and the accused is innocent until proven guilty.   As part of this processes it is up to the prosecutor to prove that there is no reasonable doubt.   In a crime the prosecutor would have to prove that you where the one committing the crime.   When computers are involved this isn’t always an easy task because usually the only witnesses are other computers.  So things like access logs and IP addresses are then used as proof.  To a degree this makes sense since if the attack came from the IP address that your ISP assigned to you then you are responsible right?  Computer don’t lie and their is no reason to doubt this proof right?  Well actually there is, what people often fail to take into account is what if your computer was hacked.  If a criminal installs a Trojan and uses your computer then it wasn’t you who committed the crime.  Also what if one of your neighbors is using your wifi and downloading music illegally is this your fault?  Well according to the DMCA of  2000 Title II creates a safe harbor for Internet providers.  It basically says that Internet providers are not responsible for the content and actions of the users.

So in the end it all really comes down to is their any reason to doubt your are the one responsible for committing the crime?  In the computer world creating reasonable doubt is actually an easy thing to do.  I’ve explained a few simple scenarios below that could create reasonable doubt.


Scenario 1

Currently hacker groups use army’s of zombie computers when they want to create a DDOS (Distributed Denial of Service) attack on their victims.  They do this by installing a Trojan Virus on someones computer that will then use the computers power/resources when they conduct their attack.  Viruses can be stealthy and often times you may not even know you’ve been infected.  Once you have been infected though, their is no way to say what actions where yours and what actions where the result of the virus.

The problem is you never know what could happen to your private data if it was ever infected with a virus.  So to make sure your computer isn’t at any real risk you could easily just download a virus kit, copy to a few different directories on our computer and delete parts of it.  You only need to leave enough evidence to create plausible deniability.  To make the evidence better after you download (don’t actually install or run the virus ever that would be very bad!) the virus, use an anti-virus tool to remove it.  Pretty much every anti-virus program I’ve ever seen doesn’t know the difference between a live virus or a safely constrained copy.  With this you have actual logs to show that you where infected with a virus.

A few things you need to understand about this defense.  On most computer systems when you delete a file you don’t really delete anything.  You just removed the pointer to it.  A data recovery specialist or forensic analyst would be able to detect the data that was previously on the drive.  It’s a scary thought I know, but in this scenario it works in our favor.  Since the anti-virus logs combined with the deep inspection of the drive both show remnants of a virus being on your computer you can easily show one form of plausible deniability.


Scenario 2

Another attack that has become increasingly common is people stealing Internet access from unsecured wifi (and in some cases even secured wifi).   If your home wifi is open to the public then their is an 80%-90% chance that someone has already used your wifi without your consent.  I know this sounds scary, but cellphones, laptops, tablets, they are constantly scanning for wifi and many devices will automatically connect to the first open network they see.  Newer vendors like Cisco and Linksys now provide wifi routers that create too networks, one for your guest (that is wide open) and one for your personal use that is secured.  This now means you have two wireless networks that could potentially be abused.  Also since both wireless networks will have the same IP once they go to the Internet their is no telling which network the abuse originated from.  As stated above if you are providing Internet access to someone (whether with or without permission) you are not responsible what they do with that Internet access while they are on it.  In fact if you were to sniff the traffic that is going through your network you could be accused of invading some one’s privacy.

So what is to stop you from just opening your network wide open and allowing anyone to use your connection?  For that matter who’s to say that your wifi wasn’t unsecured when the attack happened and then secured after the attack.  The EFF has actually recommended that a new movement starts to encourage people to open their wifi networks see https://www.eff.org/deeplinks/2011/04/open-wireless-movement All these variables come into play when it comes litigation.




As I stated before I’m not a lawyer, this information is the result of years of personal research and talks with several other industry professionals.  The only perfect legal advice I feel that I can ever really give anyone is if you EVER get arrested/charged/accused of anything.  Do NOT talk to anyone until you have a lawyer present.


Leave a Reply

Your email address will not be published.