The hacking trial of Gottfrid Svartholm and his alleged 21-year-old Danish accomplice concluded this week in Copenhagen, Denmark. Gottfrid is most well known as one of the founders of The Pirate Bay, but his co-defendant’s identity is still being kept out of the media.
The sessions this week, on October 7 and 10, were used for summing up by the prosecution and defense. Danish language publication DR.dk, which has provided good coverage of the whole trial, reports that deputy prosecutor Anders Riisager used an analogy to describe their position on Gottfrid.
Prosecution: Hands in the cookie jar
“If there is a cookie jar on the table with the lid removed, and your son is sitting on the sofa with cookie crumbs on his mouth, it is only reasonable to assume that it is he who has had his paws in the cookie jar,” he said.
“This, even though he claims it is four of his friends who have put the cookies into his mouth. And especially when the son will not reveal who his friends are, or how it happened.”
Riisager was referring to the evidence presented by the prosecution that Gottfrid and his co-defendant were the people behind hacker attacks on IT company CSC which began in 2012.
The Swede insists that while the attack may have been carried out from his computer, the computer itself was used remotely by other individuals, any of whom could have carried out the attacks. Leads and names provided by Gottfrid apparently led the investigation nowhere useful.
Remote access unlikely
That third-parties accessed Gottfrid’s computer without his knowledge is a notion rejected by the prosecution. Noting that the Pirate Bay founder is a computer genius, senior prosecutor Maria Cingari said that maintaining secret access to his machine over extended periods would not have been possible.
“It is not likely that others have used [Gottfrid’s] computer to hack CSC without him discovering something. At the same time the hack occurred over such a long time that remote control is unlikely,” she said.
And, Cingari noted, it was no coincidence that chatlogs found on Gottfrid’s computer related to so-called “zero-day” vulnerabilities and the type of computer systems used by CSC.
Dane and Swede working together
In respect of Gottfrid’s co-defendant, the prosecution said that the 21-year-old Dane knew that when he was speaking online with a user known as My Evil Twin (allegedly Gottfrid), the plan was a hacker attack on CSC.
Supporting their allegations of collusion, the prosecution noted that the Dane had been living in Cambodia when the attacks on CSC began and while a hacker attack against Logica, a crime for which Gottfrid was previously sentenced, was also underway. The Dane spent time in a café situated directly under Gottfrid’s apartment, the prosecution said.
Why not hand over the encryption keys?
When police raided the Dane they obtained a laptop, the contents of which still remain a secret due to the presence of heavy encryption. The police found a hollowed-out chess piece containing the computer’s SDcard key, but that didn’t help them gain access. Despite several requests, the 21-year-old has refused to provide keys to unlock the data on the Qubes OS device, arguing there is nothing on there of significance. According to the prosecution, this is a sign of guilt.
“It is very striking that one chooses to sit in prison for a year and more, instead of just helping the police with access to the laptop so they can see that it contains nothing,” senior prosecutor Maria Cingari said.
Cingari also pointed the finger at the Dane for focusing Gottfrid’s attention on CSC.
“You can see that [the Dane] has very much helped [Gottfrid] with obtaining access to CSC’s mainframe. It is not even clear that he would have set his sights on CSC, if it had not been for [the Dane],” she said.
Defense: No objectivity
On Friday, defense lawyer Luise Høj began her closing arguments with fierce criticism of a Danish prosecution that uncritically accepted evidence provided by Swedish police and failed to conduct an objective inquiry.
“They took a plane to Stockholm and were given some material. It was placed in a bag and they took the plane back home. From there they went to CSC and asked them to look for clues. This shows a lack of an independent approach to the evidence,” she said.
Furthermore, the mere fact that CSC had been investigating itself under direction of the police was also problematic.
“The victim should not investigate itself. CSC is at risk of being fired as the state’s IT provider,” Høj noted.
Technical doubt
Computer technicians presented by both sides, including famous security expert Jacob Appelbaum, failed to agree on whether remote access had been a possibility, but this in itself should sway the court to acquit, Høj said.
“It must be really difficult for the court to decide whether the computer was controlled remotely or not, when even engineers disagree on what has happened,” she noted.
Why not take time to investigate properly?
Høj also took aim at the police who she said had failed to properly investigate the people Gottfrid had previously indicated might be responsible for the hacker attacks.
“My client has in good faith attempted to come up with some suggestions as to how his computer was remotely controlled. Of course he did not provide a complete explanation of how it happened, as he did not know what had happened and he has not had the opportunity to examine his computer,” she said.
Additionally, clues that could’ve led somewhere were overlooked, the defense lawyer argued. For instance, an IP address found in CSC’s logs was traced back to a famous Swedish hacker known as ‘MG’.
“The investigation was not objective. I do not understand why it’s not possible to investigate clues that don’t take much effort to be investigated,” Høj said. “The willingness to investigate clues that do not speak in favor of the police case has been minimal.”
A decision in the case is expected at the end of the month. If found guilty, Gottfrid faces up to four years in jail.