Site hosted by Angelfire.com: Build your free website today!


Analysis of witneses statements in the court

I believe that jury has not been properly instructed by not including as the points for their consideration all the issues shown by me . On rare occasion when something brought by me was mentioned it was not presented in a fair way .

875-20- judge said that my exhibit 35 'purports to show ' information about faults on SCADA when in fact this exhibit was based on data from Exhibit 13 and correctness of my presentation  was verified  by  Stringfellow   ( his  graphs –  exhibits 31,32,33 – were designed to provide misleading information )
583-0 – Stringfellow confirms correctness of information in my spreadsheet detailing SCADA faults on different days

 Lewer statements from 28.07.00time in Buderim monitoring file              page 33-34
            
484-20 admits that a part of his statement was incorrect – most likely he was looking at a different version of the file  than that which was presented to court as evidence
619-10 – Stringfellow says that Lewer was dialling in from Newcastle ( using program PCAnywhere ) to Maroochy SCADA and this  way he could download files or make changes to files  remotely without anybody knowing   what he did
………………………  Lewer said  that cables ( for establishing communication ) were not available unless bought  from HWT ( page 14 )   in fact these are not only common cables but also schematic connections of them are displayed and are available on HWT Internet site  

                    statement from 26.2.00use of  default address  ( also - committal hearing 80-10 )

360-45- admits that his assumption was incorrect as it was pointed to him during committal hearing when  he jumps to false conclusions to create a proof of my guilt  especially in Nambour area

Stringfellow first complaint to police ( 4.3.2000 ) he claimed that problems , as happening from 24.12.99 , were caused by hacking – after it was found that I was at that time overseas the charges were removed             

179-10 Zohn  agrees that I was initially charged with offences committed from 24.12.99 , based on information provided by HWT and MSC, later it was found that  I was not even in Australia when problems were happening on Maroochy SCADA  ( which were identical to problems occurring later  and with which I was charged )
549-50 Stringfellow provided the list of problems allegedly caused by hacking  which  started  from 24.12.99 –

Stringfellow statement from 01.09.00,
555-30 he is  making excuses why accusations from his first   statement to police  were proven 
to be wrong  ( and I proved that for many of them I could not have been responsible , or they were technically  impossible )
557-20 I am proving that I could not be responsible for some problems,
558-30 admits that he made silly accusations by claiming hacker responsibility for faults  which were technically  impossible  to be done by a person                

Stringfellow statement from 07.10.01,
541-50 from the minutes and his recollection he implied that I did unauthorised changes to the SCADA system ( in fact I showed the correspondence and I proved that it has been approved by Lewer and MSC knew  about those changes )
 544-50 he   admitted that what I did  could have been temporary measure ,
570-10 he is giving excuses why in faxes to EPA about overflows – he describes the amount  as
' unknown '
Exhibit 34 – proves that he knew about the amount of overflow and he lied to EPA

Yager  had limited knowledge of the telemetry and system used in Maroochydore
( only 3 months after finishing his study ) also exhibit 43  ( pier to pier communication )

716-40 – he answers my questions incorrectly showing his lack of knowledge of HWT equipment – in fact - 'pier to pier ' communication or 'communication blocks'  can be used both for data  registers and  configuration registers
717-40- he still did not about the need to reset PDS after making changes to   configuration
719-40- he is trying to cover up the fact that even in HWT manuals there is a warning that it
is easy to  make mistakes when making changes  over the network – due to peculiar setup of PDSCONF  it is easy to  write to different address than intended
699-0 – he claims that hacker changed on his unit the same registers as he changed on hacker ,when in all likehood , due to his inexperience , he was writing to his own device and not noticing that
721-30- I am proving that his observation of ' trends ' and making comments about values in registers  based on his observation is technically and   logically ' crap '
706-50 – he did not know if configuration registers were based on 12 hour or 24 hour format - this is significant in the view of the later claim that the differences in time in monitoring files in respect
to the real time , were several hours in one area and 24 hours in another area ( in fact the time
recorded by devices was anything but reliable )

  • HWT equipment provided for Maroochydore SCADA  had continuous problems before and after my arrest ; in fact old problems are still being rectified  , over 2 years after ' practical completion '  .

** admitted by Lewer problems with batch of COMPACTS sent to Maroochydore ( possible of 50 faulty )
 396-15admits that there was a batch of Compacts with a faulty component which sometimes      
produced corruptions ( of ISAGRAF programs ) ( residing in one part of the same memory
as PDSCONF )
396 – 30 – he said there may be still some units from that  batch but they ' are likely to continue 
operate  correctly '
589-40- in response to that I provided information received from MSC electrical department saying
that in the period from 1.10.00 to 30.06.01 ( months after my arrest ) there were :
12 Isagraf fails , 3 overflows , 12 problems with UNIOP  - MAXIMO report

* 364- 30- I am showing that failure rate on Compacts was about 40%
364-50 – Lewer admits that Compacts were tested twice before arriving on site
366-0- Lewer said that he was not particularly interested how many units failed ????

This is the statement made by one of the directors of the HWT . If HWT withdraw all the faulty
COMPACTS it would add up to already made  loss on the job ( admitted $100 000 ( 501-50 ) ,
They took the chance knowing that MSC is tied up to their equipment due to commercial reality

**     problems with HWT equipment on Maroochy SCDA are still happening
74-15 O`Kane got indication from MSC about Isagraf problems between May and September 2000 – that is - after  my arrest,
125-55 – Wilkins admitted that he  is still coming to rectify problems on MSC SCADA (October 2001)
231-50 Tripcony   said  that even now ( October 2001 ) ,1.5 years after my arrest ,  they still are
working on rectification of problems on the SCADA system
589-40- I am quoting information from MSC electrical department about faults still occurring on
Maroochy SCADA
147-10- Wilkins , when asked by prosecution  -  Hanson - confirmed that eg. fault which happened  on  11 of May on PS 1 ( after my arrest ) was the same as faults observed in  February , March , April – when such faults were  attributer to hacking )
402-40 Lewer admits that there were the same type of problems at the same time on Nambour repeater  ( for which neither me nor anybody was charged)                                                    
*  the same problems  , as attributed to hacking , were after my arrest  hidden under different
descriptions in the ' Fault spreadsheet ' produced by Stringfellow  to prevent showing that
identical problems are still happening
488-20 - I am proving that problems with ' configuration not for this address '  were still occurring
few months after my arrest but this time were not attributed to hacker and an attempt was
made to hide them in the spreadsheet of faults prepared by MSC
790-20- Taylor admits that after my arrest there was still serious problem with  COMPACT`S
' displaying configuration not for this address ' which was previously claimed as caused by hacker . They believed it was a serious  problem          ( exhibit 13  and 47 point 14 )

**identical messages as attributed to hacking were being sent and there are conflicting explanations as to the nature of them
 
443-20 Lewer never saw a record that HWT people  would send a  message over the network in the field – committal hearing ( page 133-10) ' he ever saw them doing that  from  CMF computer '
444-40 admits that in his previous statement (1.09.00 ) he said that it is  possible that a
faulty Compact  could send a message to another   Compact
586-30 Stringfellow  is giving excuses why the fault ' PDSconf not for this address ' initially credited
to hacker later disappeared  from the list of faults so  not to show that problem existed after my arrest – but record of  re-occurring problems is existing in the minutes of the meeting from 14.12.00
765-15 – YAGER - after I showed him messages sent on different days and which were not claimed to be sent by a hacker he ' suddenly ' remembers that it was him sending them (and pages 766 as well)  (  exhibits 27 , 28 , 35 )
HWT – in technicians diary from 08.03.00 descriptions of problems during storms, and some problems were selected as accusations but others were not                            
775-30 – Yager said that ' it appears as though the person doing the hacking liked to do the
hacking doing  storms ' – silly statement as I lived in Brisbane and  I would have to know what kind of  weather was on  Sunshine Coast at that time ( 140 km  away )

**  Hwt equipment ( Compacts ) have built in feature enabling them to automatically send   
messages from one unit to another in the same fashion as attributed to hacking    
141-10  Wilkins said that he seen faulty messages being sent on occasions from one unit to another when configuration   have not been set correctly
442-30 – Lewer admits that COMPACTS have built in feature allowing stations to communicate with each other
443-15 – Lewer says that messages with op code 1E are from unit set to ' pier to pier communication ' but 2E must be from hacker
298-40- he claims that the  messages with opcode '04' and ' 200* ' could not be generated by Compact itself  
* file Nambour 20_4_00 with messages having code 1E and 2E , extract from  exhibit 21
( copy of  the page 1691 of the file Nambour 12_4_00  where messages with opcode 1E and 04
are present next to each other )

Since pier to pier communication was not used in Maroochy SCADA  these messages must have
been  generated due to a fault ( no accusation of hacking in this case ) .
Lewer admitted that messages can be easily edited ( 486-40 ) – it may be possible that messages 
presented as the work of hacker with opcode '04' or '02' may in fact originally been '01'

**   faulty messages from addresses '0' or to RTUM pigeon hole '0' exist on various days
465-0 – Lewer   confirms my findings of other unusual messages in that file , most important  being
that there  was a station with address '0' on the   network  sending and receiving messages
( presence of  '100' in the  address  for  timetag messages )     
467-15 does not have any explanation for the presence of messages with the  address '0',   
471-0 I proved that the messages from the address '0' were also sent on  other  occasions ( files  
Coolum_ 27-3-00 , Coolum_28-3-00 ) ; he -  ' they were associated with the rectification work '
473-30 he admits that it looks to him that someone set the Compact address   to '0'
477-20 he agrees that messages from pigeon hole  '0' in RTUM were also sent  on days  other than
hacker is accused of doing anything –  says that hacker changed configuration  and  
somehow did not reset  the station and  the maintenance people few  days later ' partially
repaired the damage ' and did not notice that ( rectification of corrupted  configuration  in a unit
consists of reloading completely the whole configuration file – as detailed by entries in diaries )
( also   exhibit 29 )

**   times and dates claimed for events by HWT and prosecution were proven  incorrect