Note: This site will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device.

It's a weblog! ... sort of.

Friday, April 19 2024

Main Menu

Home
Topics

News Links

Transvasive Security
OpenBSD Journal
daemonnews
MacRumors
MacSlash
Surfin' Safari
Slashdot (Apple)
Slashdot (BSD)
Slashdot (YRO)
Slashdot

Campaign

Browse Happy logo

Access

If you do not have an account, you can create one.

Hacker Case Files

Hackers

Just poking around, going through my old mail. (OK, like from 2 years ago...) Anyway, I came across a few old news articles I never got around to writing about. There's the accidental wirless hacker, some fitting comments on hacking in general, and the rather interesting case of a hacker arrested not for hacking, but for authoring hacking tools.

The Accidental Wireless Hacker

First off, there's the case of Stefan Puffer, whose biggest mistake was demonstrating to a Harris County official how vulnerable their wireless network was... with a reporter present. Fortunately, it was apparent to the jury that Puffer was merely a scapegoat, and acquitted him in only 15 minutes.

Although it's true that the intrusion he was charged for happened 10 days earlier, it was pretty clear that this case was more about retribution and less about actual damages. It's something like arresting someone for walking around the courthouse checking to see if the doors are open, and walking in after finding an open door. It's good to see that reason sometimes prevails in hacker cases.

Hackers Face Stiffer Penalties

On the other hand... here's the summary of an article mentioned in SANS NewsBites:

The US judicial system has become more aggressive in prosecuting cyber criminals. The passage of the Patriot Act increased the maximum sentence for breaking into a computer from five to ten years in prison, and the Cyber Security Enhancement Act could bring a hacker life in prison for recklessly causing or attempting to cause death.

While that's not all that interesting by itself, (although it is pretty depressing) I thought that the editor's comments on the story was quite fitting:

(Murray) Most hackers are never caught. Most that are caught never see a court room. After being threatened with the maximum if they go to trial, they cop plea. (I have one client serving four years for the moral equivalent of joy riding. When he gets out of Federal prison he will be deported to his country of origin, Panama, a country he left at the age of two and has not seen since.) Often they do not see a courtroom because the state does not have a very good case. The sentence is often more a function of the quality of the state's case than of the offense. Welcome to modern justice.

I agree. What's different about juvenile delinquents who use computers to cause trouble? Hopefully, this is something that society will recognize and adjust to over time. Right now, it's still fear of the unknown. "Watch out -- the hackers will use their magic powers to destroy the world! HAHAHA!"

"T0rn" From The Headlines

Finally, there's the case of T0rner, a hacker whose arrest caused something of a stir, since (it seemed) he was under investigation not for hacking, but for writing code, specifically the then-popular T0rnkit, a "rootkit" designed to allow hackers to gain & keep control of a system after it has been compromised, by hiding the hacker's presence on the system. However, Wired news later reported that there was more to the story than simply writing software. Apparently, T0rnkit was designed so that whenever it was run, it would secretly notify T0rner and his friends ... allegedly, none other than the infamous Fluffy Bunny and X-org web defacement groups.

As a security professional myself, I share the concerns voiced in the SecurityFocus article. Banning security tools is a bad idea; not only does it set a bad precedent and makes a number of security researchers outlaws, but it takes valuable tools away from the security community. Yet, it's pretty clear that that's not the whole story here, since the tool turned out to be a trojan horse, and writing (& releasing) such malicious software is generally considered wrong. Regardless, it begs the question: Where is the line between security tool and "virus" ?

Unfortunately, in this case, it is an unanswered question, at least to me. I have been unable to find any further news on T0rn's arrest (over a year ago). If you do come across something, please let me know. (loki at technomagik)

posted by Loki on Thu, 18 Mar 2004 20:00:44 -0600

Powered by OpenBSD Powered by Apache Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS Valid RSS!

xml News aggregators can get a full RSS feed from rss.php.
RSS browsers supporting the feed URI scheme can get a full RSS feed here.

All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the Poster. The Rest © 2001-2005 technomagik.net