Slashdot Mirror
Busted for (L0pht)Crack Possession
TaoJones writes, "Seems like the city of Hopkins, Minn. has declared L0phtcrack illegal. The story from Channel4000 details 11 felony charges against one David Thomas Bell, including two counts of "possession of burglary or theft tools"... namely L0Phtcrack.
" What next? Debuggers?
History repeats again (see the SJG thread or Bruce Sterling's Hacker Crackdown book for more)
--Hikari
--Hikari
"Long distance information/ Disconnect me if you can/ On Detonation Boulevard..."
Strange, a story like this comes out just when I am reading "The Hacker Crackdown". Has this anti-hacker group mentality just never died down?
2nd post?!?!
When I was in my lockpicking phase (anyone have a link to the MIT Lockpicking Guide?), I learned an important point:
Having lockpicks isn't illegal. Using them in conjunction with a crime (breaking and entering, robbery, etc.) is illegal and a separate charge.
There is no difference in having cracking tools. If I'm not cracking anything, then it doesn't matter. A quick look at the article indicates they were using those tools to crack machines. Thus, a separate charge.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
What's the diffrence between that and a crowbar, or a baseball bat? Hell, we're allowed to carry arround GUNS, according to the constitution...why should a computer program which can have perfectly legitmate uses be banned like this? It just goes to show that the masses don't have anywhere near enough education about issues like these to make legislature and decisions based upon computer law.
Be the Ultimate Ninja! Play Billy Vs. SNAKEMAN today!
Duh. Get the book.
--Hikari
--Hikari
"Long distance information/ Disconnect me if you can/ On Detonation Boulevard..."
What exactly is the issue here? I expect a flame war will shortly erupt here over whether or not l0phtcrack is inherently evil, and eventually conclude that it's a tool that can be used for any purpose.
In this case, the purpose appears to have been the theft of userids/passwords from their former employers, which is already illegal under several existing statutes I'm sure.
So, please pardon my confusion, where does their posession of l0phtcrack become an issue here?
Anthony
"I think any time you expose vulnerabilities it's a good thing." -Attorney General Janet Reno
Possession of burglary or theft tools? With language like that, they can arrest people for possession of crowbars, duffel bags, and ski masks, too.
*groan*
L0phtCrack is a very important security auditing tool! I used it in my last position to determine the strength of the passwords (or lack thereof!) used by the users of our network.
Just sort of an eye-opener as to the state of our organization's security. . .
Ok, moderate me down. I really don't have anything to say other than the subject heading.
They were NOT busted just for possessing lophtcrack, they were busted for stealing usernames, passwords, and customer lists.
Just like there's nothing wrong with owning a crack pipe until you get caught with crack, there's nothing wrong with owning crack() until you get caught cracking.
--
blue
i browse at -1 because they're funnier than you are.
Would someone like to fill us in on when and where just the possesion of a specific tool became illegal. I have many tools that can be used in the process of theft and I'd like to know what jurisdictions I shouldn't carry them in.
I think this is akin to carrying a screwdriver. You can use it to fix a lock, or you can use it to break a lock, enter a building and steal the contents.
Let's not get too sensationalistic here..
ekk
We need to see more of this.
Hopefully l0pht will be held accountable as well.
Read closely and you may not feel so sorry for them. They used L0phtCrack as a tool to commit a crime, rather than to secure their own networks.
L0phtCrack is a legit tool and is legal, HOWEVER, should you use that tool, it could be called a tool to commit a crime. If he had done a physical entry they would have called his power tools, should they have been used to break in, as theft tools. Its a way to add on years (or the threat of) to their possible sentance. Somehow this is supposed to deter other criminals. Don't ask me if it works or not. I don't have a clue.
"These crimes were the high-tech equivalent of physically breaking into a business and stealing valuable documents from a locked file cabinet..."
People need to learn that the two simply don't equate. Stealing means that a victim does no longer have what was once theirs. Breaking into something means physically harming a device intended to prevent entry for the purpose of extracting data.
Neither of these things apply in this case. I understand that IP works differently, but we're going to have to work on the laws to make them apply. "[P]ossession of burglary or theft tools" just don't cut it.
-Waldo
We've known for ages that governments try to find ways around their own laws to get rid of things they don't particularly like. This is just another silly example.
It's like DeCSS all over again: "authority" cracks down on something they don't understand because they feel that it encroaches on their information monopoly. Just because something can be used to commit a crime doesn't mean that's all it's good for.
The question remains, though: is the problem that the government doesn't understand the software, or that they're afraid of us using it for our own good, and outsmarting them?
This guy was not charged because he had L0phtcrack, but because he used it to steal passwords from companies. It's like a locksmith having tools to break locks. He wouldn't be charged with a felony for possessing lock-breaking tools. However, if he used them to break into a store, and steal inventory, then he would be charged with a felony for use lock-breaking tools.
Whether it's lock-breaking tools, or guns, or axes, or 2x4's, or password-cracking tools, they can all be used ethically, or illegally. If used ethically, you won't have a problem. But if used illegally, should it be any surprise that you are charged with a felony?
-Brent-jwb
VERY good point here. Note that if you read the article, simply owning the software was not the only charge... they broke laws with these cracking tools. The city was not simply bringing felonly charges on the individuals simply for owning the cracking tools.
Quidquid latine dictum sit, altum viditur.
I only post comments when someone on the internet is wrong.
Epicor officials considered the list of user IDs and passwords to be very confidential information which they had taken significant security measures to protect
What "significant" security measures allow a widely known freely distributed security program to crack all the company's passwords? How about putting some restrictions on the password formats to make them resistant to such tools?
Don't forget that Friday is Hawaiian shirt day.
How does the trailer park demographic pulling crap like this manage to make its way into public office? It boggles my mind that these people, who shouldn't even be allowed to BREED in the interest of the evolution of our species, manage to get into office and come up with stuff like this. Did they ever stop to consider that these tools might actually have some valuable and legitimate purpose in the hands of a system administrator who might want to use them to test and stengthen the security of the systems they're responsible for? Maybe they should stop sampling the evidence room crack and start actually using their brains!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
One more analogy... Even more 'bluntly'...
If somebody has a wood chopping axe, its legal. If they use it to attack someone and bury the axe blade in someone else's back, its a crime, and the axe become a crime tool/weapon.
help me slashdot! i am in jail for using l0phtcrack! I just wanted to be 1337 like all the trolls of slashdot, and now i'm getting my anus busted by a fat niggah! help!!!
whoever made that law is obviously a big moron
Thank You,
Troll King
Thank You,
Troll King
Subscribe
I don't see this as a problem at all. They used l0phtcrack (sp?) to break into systems and steal data. That makes it a burglary tool, along with the computer it was used on in my eyes.
:))
We're hardly talking about some egregious insane clause in the UCITA, here. If you use your coat hanger to pop the lock on someone else's car and drive off in it, your coathanger's a burglary tool. It doesn't matter if someone else in the next town is using coathangers innocently to open their own car; their coathanger is completely unrelated to yours.
How's that for a wierd example?
ObDisclaimer: IANAL
These people are not primarily being charged for having L0phtCrack. They're being charged with stealing a lot of sensitive information from former employers, and L0phtCrack is one of the tools that they used to break into others' accounts to get that information.
One interesting quote from the article, though:
The company may have considered the passwords very confidential, and they may have tried to keep them secret, but they apparently didn't do a very good job of it. Their security measures may have been significant, but they weren't particularly effective. Running some standard security checking programs (not to mention requiring hard-to-crack passwords) probably would have helped a lot in preventing this.
There's no point in questioning authority if you aren't going to listen to the answers.
The summary of the article provided as the blurb here on slashdot, right down to the very title of the article itself "Busted for (L0pht)Crack Posession" is extremely misleading, and I have to wonder if it's deliberately so?
I'm not usually one to come out and accuse the
The article says they were arrested and charged with 15 felony counts not for posession of L0phtcrack, but for repeatedly hacking into the computers of their former employers to steal lists of usernames and passwords. This is illegal, and no new news.
If we could moderate the articles themselves, I'd moderate this one down as Flamebait or Troll.
Anthony
"I think any time you expose vulnerabilities it's a good thing." -Attorney General Janet Reno
I agree, I dont think they were actually charged with having the software on their computers but of the acutal act of using it for a crime. CmdrTaco needs to reword this, it throws a few people off.
kids... read the article first before flaming...
While it is perfectly legal for me to walk around with a baseball bat, even swinging it around wildly... But it becomes illegal at your nose...
Oh yeh - at this point the baseball bat would become "a deadly weapon"
So posession of these programs is not illegal, but using them to harm someone else's property is... and then they become "weapons".
As long as we only prosecute people for actions and not thoughts, we're fine...
of course... with "hate crime" legislation and profiling people to community forced anti-psychotic medication (really... its happening in california) we may have moved far away from this principle...
hopefully we can fix this system and not have to scrap it...
... hi bingo
well if it's illegal to own/possess the tools, does that make locksmithing an illegal profession?
if this story is entirely true, i guess i'll have to get rid of that handy dandy l0phtcrack, i'm in minnesota, too.
-barton
What the article does say is that someone used l0phtcrack to extract passwords from a company and then log in as other users. A case of userid envy? Probably not.
I don't agree with a $12,000 price tag for having to change passwords-- it's their fault for not teaching their users how to do that. Still, it's not l0phtcrack that is the problem (it's an auditing tool), but the guy "who thought he could get away with stuff."
The real crime is that l0phtcrack can take 400 users and break 80% of their passwords in around four hours. Meanwhile, any decent encrypted unix password (not DES) can survive days of brute force attack.
Install cfs or something. Don't wait for The Man to come and look through your stuff.
'How about I give you the finger, and you give me my phone call?' - Neo
The guy and his wife were busted for stealing trade secrets from two different companies.
They face 11 felony charges.
To quote the article
"They face three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system). "
I have no remorse for them. I don't know anything about L0Phtcrack, but if it is a program for extracting names and passwords and you use it illegally and get caught. Tough.... You made your bed and now you have to sleep in it.
If you have the L0Phtcrack software and don't use it illegaly, I doubt anybody will come knocking on your door.
Read the story, these people used L0phtcrack to break into corporate computers, which is (and should be) a crime. They were not arrested for having L0phtcrack itself.
I think you have to have some perspective here. Possession of L0phtcrack along with *.lc files from companies that you don't have authorization from is a "bad thing" ie crime.
Intruders caught with lock pick sets are caught in connection to using the tools in a malicous way. Lock smiths who use lock pick sets to resuce fluffy from a locked bathroom are arrested. Similary until I see a systems/security administrator arrested for using l0phtcrack/crack/john for auditing their own password files I don't see a problem.
Tools do not become criminal weapons until you use them that way. A rock can become a weapon if used so. L0phtcrack was not a weapon until Bell or Brelje decided to the tool in that manner.
I realy get tired of seeing claims like this from companies "They said that the user IDs and passwords provided access to proprietary information valued in millions of dollars, and they estimated the cost of issuing new user IDs and passwords at approximately $12,500. " Explain to me how in god's fucking name can someone justify that much to reissue new id's and passwords? The only way I could see this being an issue is if this also required email addresses to be changed and there was lost business messaging. Maybe costs related to notifying people of new email addresses? Some please explain to me how this number can be justified.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
The article seems to make it sound as if l0phtcrack made it possible for him to do what he did...when, in reality, it was the operating system on the server that l0phtcrack uses.
Does that mean we (they) should ban the OS instead?
With these laws in place a lock smith is permitted to carry lockpicking tools, but not the average person.
If it is something that is general purpose, ie. a screwdriver, it can be argued.
Just another right given up in exchange for security.
Fight Spammers!
The problem comes because there is a level at which something isn't dangerous enough that it needs to be illegal. Obviously we can't use the argument that something MIGHT be used to harm someone, therefore it should be illegal to possess, since just about any piece of matter in the universe could be used to hurt someone in some way. (Ban books, because big heavy ones can be dropped on people from ten stories up!)
The point is that we eventually do draw a line somewhere. However I don't think that, in general, things that aren't intended for causing injury to other people should be illegal. (Burglary tools, for example, or cracking programs.) I say SHOULD because, in general, things that aren't intended for harming people are NOT illegal. So why should software be any different? The only way I can see this being justified is if the software is designed to circumvent safety locks/overrides on, say, an elevator, or the air traffic control system, or a nuclear reactor -- things that, if they break, will almost certainly cause injury. And much as I appreciate and agree with the old saw about cracking to show that the security is weak, when people's lives are at stake, I don't think it holds up any longer.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
I see a lot of people already up in arms, claiming that the next thing to be outlawed will be crowbars and ski masks. Many parallels are already being drawn between these things, which can be user to commit crimes, and Crack.
This is incorrect reasoning. Crack's purpose is [drum roll] to crack passwords. There is no other application for the program. That's why it exists. Much like a set of lock-picks.
Here's the rub though, lock-picks and Crack can be used in a legal manner, by people who provide a service to breaching security to people who should rightfully have access. Ever lock the keys in your car? Nice to have somoene to call, isn't it?
They can also be used illegaly, to gain access to where you do not belong. This is when such tools become implements of criminal activity - when a trespasser has gained illegal entry to your home, and a set of picks is found in his posession, wouldn't you want that used against him?
Nobody is going to outlaw crowbars, flashlights or SATAN - even though any of these can be used to 'scope a place out'. But if you bludgeon a guard with a blackjack, or have a program designed for DoS attacks on your machine, and you are conclusively linked to a crime, then you're in for it.
Commiting robbery with your bare hands versus doing so whith a gun are two very different crimes, because of the potential for harm, or the ease with which harm can be caused. Similarly with means of trespass, if after being caught, your place is searched, and a map of the sewer beneath the facility you broke into is found on your desk...
Before we all over-react to this, let's read the article for what it is. The possession of Crack wasn't the crime, it was an additional charge brought against people who had commited a break-in.
-- What you do today will cost you a day of your life.
Okay yeah, Rob went a bit nuts with the summary so we need to give him a collective good kick in the ass. Someone set a date/time in Zulu time and I'll be there.
anyway, I'm puzzling over the fact that the company states that it will cost US$12 500 to issue new logins and passwords? WTF? Depending on the size of the company, it's going to be an administrative bitch, but it's nothing terribly difficult and is basically a time is money issue.
Are they embellshing for effect, or are they just morons?
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
Jesus H. Christ on a popsicle stick! A 30 second glance at the linked story would make it obvious that the charges stem from using the prog to actually break into systems. How can that possibly justify the hyperbole in the headline/blurb?
I don't expect slashdot to be the most journalistcally sound source of info, but this is pathetic.
--
If your map and the terrain differ,
trust the terrain.
The only part of the story that didn't seem criminal to me was using/owing L0phtCrack. The rest of it was clearly illegal.
Sometimes I wonder about you Mr. Taco.. Just who's side are you on? When it comes to the business world, hacking is ILLEGAL. What this person did was VERY ILLEGAL. I think a lot of us would appreciate you to stop complaining when the law is upheld correctly.
How are the actions referred to in the article even remotely comparable to either of the things you cite?
Do you actually claim that the man and woman did nothing wrong? I just can't see it. Bell was *FIRED* and then used both his contact on the inside and l0Phtcrack to break in and steal stuff. It's clear he wasn't supposed to be there. There's no way he could use the defense "I was just looking around/experimenting/playing/didn't know what I was doing". It was pretty clear he was persona non grata.
The main page headline for this article is just sensationalistic. Please, read, then THINK, then post.
They got busted for getting user databases/login/passwords from their job. They just happend to use L0phtcrack.
If I leave my front door unlocked, you walk in and write down my credit card numbers and leave it is still THEFT!!!!!!!!!!!!!!
EOF
Epicor officials said that they considered their worldwide customer list to be an extremely valuable trade secret, estimating the cost of losing the list at approximately $2.5 million per year
Another example of company's pulling numbers out of thier ass. First of all, they didn't lose the customer list. Someone had a copy of it. Second of all, it's very hard to quantify the value of something like that. It can take a company a lot of time and effort to cultivate a clientele, but if someone else knows all thier names, it does not cost that company 2.5 million dollars. If someone were to get all of a company's clients to switch to another company, maybe it would cost that much. But in reality, getting someone's clients to jump to another company, even if their names are known, is not easy to do.
This sounds like another example of a company inflating the value of it's stolen intellectual property so that an IT criminal can be charged with a greater crime. Mitnick stole information valued by Sun at 80 million dollars, and they gave away the same information to students. But prosecuters threatened Mitnick with more severe punishment based on the estimated worth of the information.
Don't forget that Friday is Hawaiian shirt day.
after reading the article, these people were not just busted for possesion of l0phtcrack. they were busted for illegal activities and for the possesion of the tools that they used to commit those illegal activities.
this is not only irresponsible, but sensationalistic on the part of cmdrtaco.
Actually, that's not necessarily true. In many jurisdictions, for example, owning a crack pipe with intent to sell the crack pipe is a felony.
Believe it or not.
Similarly, in some jurisdictions you can be arrested for carrying a screwdriver -- if the police have "sufficient cause" to believe that you're going to do something illegal with them. In the case of a friend of mine, "sufficient cause" was being black, and walking down the street after 8pm. They nailed him with a misdemeanor.
I have no
I read though the article. Sounds like they are suspected (and there is evidence) of them using the software illegally.
They weren't arrested for just having the software, they were arrested for using it to break a network's security.
I think the blup on this one is -way- off. Now if I was picked up tomorrow by the FBI for having the software, but with no evidence or suspicison that I had used it illegally, then it would be absurd. However this situation would be more similar to me being arrested after having used, or suspected to have used, a tool to break into the company. Perfectly legit.
To complain that they are arresting someone for having the tool is not an accurate portrail of what is going on from what I've read.
Come on, this story is clearly "score -1: misleading". We need to get story moderation going so that people can filter out stories like this. /. editors pay a little bit more attention to what they are posting.
Either that, or have the
Tarsnap: Online backups for the truly paranoid
Had the submitter actually read the story, the lead-in might have been a little different. The tool became a theft tool as soon as they used it to steal as opposed to securing their own machines.
Anyone can have a copy of l0phtcrack; when they use it to commit a crime, though, then they'll get nailed for it.
Oh, go on, check out my job.
Owning a crowbar for use in opening locks, it's questionable.
Owning a crowbar for possible use in killing living beings, a bit more questionable.
Owning a crowbar for bashing people's heads in plain sight, most likely illegal.
I think this is a very poor arguement. It's quite clear that these two were busted for illegal use of the 'tools' and they are just trying to bring as many charges as possible against the two. That way, that's one more charge that they have to plea bargin down.
I know I have been burned by this issue myself once or twice, but it's important to establish intent to use a weapon/tool. I might own a gun and be just a hunter. Or I might own a gun and use it to shoot children. Our country has decided that intent is more important than the possiblities of danger. And well.. that's a whole different issue. `8r)
--
Gonzo Granzeau
Gonzo Granzeau
"Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
1) I didn't read anywhere in the article (yes, I did read it all...) that the program was deemed Illegal. They used it like a crowbar to steal data (in this case customer Information). I don't care if it's data, or someone physically breaking in and making photocopies - it's still WRONG.
2) For the record, Hopkins is a suburb of Minneapolis. It's a FAR cry from being some hodunk trailerpark community. It's a small suburb (2nd or 3rd ring) with a several large national and international companies claiming it as home.
3) Using the comparison between physical theft and informational theft is not a perfect one, but it does get the intended point across. And unless I'm mistaken, a customer database and similar data could almost be considered intellectual property which is VERY protected by the US legal system.
What next? Am I going to be arrested because I have software for monitering traffic on networks?
/n./
It is interesting how the government blows the definition of a "hacker" out of proportion:
Hacker
1. A person who enjoys exploring the details of programmable systems and
how to stretch their capabilities, as opposed to most users, who prefer
to learn only the minimum necessary.
2. One who programs enthusiastically (even obsessively) or who enjoys
programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work
using it or on it; as in `a Unix hacker'.
(Definitions 1 through 5 are correlated, and people who fit them
congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy
hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or
circumventing limitations.
Opportunities multiply as they are seized. --Sun-Tzu
Why let the facts get in the way of a good story?
Stop by my site where I write about ERP systems & more
If you read the article, it appears (to me anyway) that the possession of the cracking tools was not the issue. They are being prosecuted for the use of cracking tools to steal accounts and passwords, the possession of these stolen accounts, and use of this information to manipulate email accounts that did not belong to them at a company that had fired them.
:)
Just because someone has cracking tools does not make them a criminal. However, just because someone has cracking tools, they are not automatically some kind of hero either. They might just be a petty criminal.
Funny, the slashdot article headline and the actual story seem to communicate completely different stories to me... Either the poster / editor know something about the case that is not in the cited news article, the poster / editor did not read the article very closely before publishing, or the poster / editor have some kind of alternate an agenda here.
Of course a 4th possiblity is that *I* misunderstood something. This would not be the first time
A rough analogy here is the position of the NRA relative to firearms. They will fight like crazy to protect your right to own and possess them, up until the point where you have used them in commission of a crime. They then fight like crazy to see that you DON'T have any right to possess them (for example Project Exile and the three strikes laws), and in fact work pretty hard to see that you spend a LONG time in jail for it.
Bill
Mathematically impossible requirements are technically not against policy.
Occassionally one of my friends used to pull out a little brass pipe and smoke pipe tobacco out of it just to be a wiseass. He was questioned but they couldn't do anything because there weren't any traces of anything naughty inside. You can posess a questionable item, unless its used in a criminal action. Then the posession of the guilty object becomes a felony (basically levied by the DA to increase the number of charges the prosecuter can try to nail you for).
Dr. Fardook drfardook@evilconspiracy.com
Are you people really trying to say they shouldn't be in trouble for that?
"Newsflash: boy, 6, charged with owning a gun" (forgetting to mention the fact that he actually committed a crime with said weapon is the worst kind of biased journalism.
I think the US can be so odd at times. Why do you guys elect the people you do? Seems simple to me. No more stupid lawmakers = no more stupid laws.
Stop electing morons.
No morons in 2000!
Oh wait, that's not news. Nowhere in the article does it say that L0phtCrack (spelled LOphtCrack by the news media...i guess their keyboards HAVE a capital-o character) was made illegal. It's always been illegal to break into a company (physically or electronically) in retaliation for being fired though, and I have absolutely no sympathy for that.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Stealing is taking something that dosen't belong to you. If you used a high quality scanner to copy my drivers license and return my original copy without my knowing, you have still taken something that you had no right to take.
Breaking and Entering dosen't have to involve harm to a device. If you find a store key laying on the sidewalk and unlock the door and walk in, you can still be rightfully charged with B&E. The reason? You didn't belong there. You had no permission and having possesion of the key is not a free license to use it as you see fit. It is still a crime if no damage is caused.
If someone had a duplicate set of keys to your car, would you complain when they take it only because they can? What if they decide to just keep it because they like it?
Geez, I learned these things when I was a child. Do most people even care anymore?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
"Epicor officials...said that the user IDs and passwords provided access to proprietary information valued in millions of dollars, and they estimated the cost of issuing new user IDs and passwords at approximately $12,500."
how fucking expensive is it to type adduser blah
i mean hell every multiuser Os i can thnk of has guis available incase you can't type.
Not to speak badly of the police, but the police are not law experts really. Sure they have a fantastic working knowledge of a fairly wide array of laws, when it gets down to specifics the police that I know personally err on the side of caution.
In other words; If an officer sees you doing something or possessing something he/she thinks might be illegal, you will likely be arrested/ticketed and the courts will figure it out.
I tend to discount advice saying 'a cop friend of mine says that that is illegal'. Better to look at the local ordinances yourself to determine the status of $SOMETHING.
In the immortal words of Socrates, who said; 'I drank what?'
It's not uncommon for the Police and prosecutors to heap charges apon a defendant in a high-profile case, only to drop many (even most) of them before trial. Gives them stuff to trade away in the plea-bargan stage.
Still, though, I recommend encrypting your disks.
But you're right. The caption misled me. Sorry.
--Hikari
--Hikari
"Long distance information/ Disconnect me if you can/ On Detonation Boulevard..."
I had better get rid of my Linux partition before I get labeled a 3r337 haXa-sarus!! ;)-
The real clueless fucking MORONS are the ones who leap to the defence of someone without even bothering to read the linked article which makes it clear that these are ancillary charges in a criminal prosecution for illegal access and theft.
"You know you want me baby!" - Crow T Robot
I just got off the phone with a representative of the Minnesota Attorney General's office, and have a couple points, based on what the gentleman said -
1) (criminal) "intent" is very relevant in cases such as this
2) there are no laws in the locality mentioned in the article that have any wording like "possession of burglary or theft tools", therefore, the two people could not have been charged with "possession of burglary or theft tools". hence, once again, the issue is really the "spin" that the media has put on this.
how many times have we faced this "media reporting" issue before?
-- ken williams
If someone had a duplicate set of keys to your car, would you complain when they take it only because they can? What if they decide to just keep it because they like it?
That's what makes this all so interesting. I own a crowbar, which provides me with access to your vehicle. Owning a crowbar is not illegal. They're using for many things beyond getting into cars. Using a crowbar to get into a car is illegal.
I'd hate for this to be the first step towards banning digital crowbars (read as: tools.)
I somehow remember reading a Microsoft knowledge base article advocating the use of l0phtcrack to check the integrity of system passwords.
Although I don't nescessairly agree with the emphasis on l0phtcrack that the article has, I'm fairly sure this is the usual case of underinformed slashdotites getting over excited when the see a word they recognize in a mainstream article.
Let's be perfectly clear with something. It was illegal to steal the customer lists from their two places of employment, regardless of the methods. The article has some bad wording, but it seems like they were referring to a l0phtcrack datafile found on the guy's computer, not the software itself.
In any case the software was used to commit a crime and therefore it's not like the police saying it's illegal to have the software.
What these people really should be busted for is stupidity. They got caught. They were using prefabbed tools (prolly not 100% suited to the job) and didn't use encrpytion. Geeze, what happened to the good old days when people knew how to commit computer crime.
My Slashdot account is old enough to drink...
stuff like this makes me wish there was a ranking system for the articles or summaries themselves similar to how seqfault has a story rating system.
you listening to me cmdrtaco??... we can make articles that are redundant or flamebait or whatever...
A lot of people don't take the time to find the truth out. I laugh everytime I read a post that says, "what they gonna make owning xxxxx illegal since people have done illegal acts with it? Good to see ignorance alive and well, especially among a group of readers that claims to be enlightened. Learn to read, learn to make logical analysis. By being ignorant you hurt your cause more than you do by remaining silent.
Ladies and Gentlemen, please realiz that something being considered a 'burglary tool' with regards to a crime is not the same thing as that thing being outlawed.
If you caught breaking in to someone's house, and you happen to have a bag containing a crowbar, grappling hook, climbing harness, glass cutter, and a portable blowtorch, a radio scanner, and a stethoscope, they can accuse you of having 'burglary tools' in your posession, and this adds to the charges against you.
These items by themselves are certainly not outlawed, and you can posess them all you want.
Why should computer related crime be any different?
As best as I recall, the judge threw the case out, on the grounds that cracking software could not be construed as a lockpick, that the means of gaining entry was transient (the password wasn't stored, so no fake "key" was ever really in the posession of the cracker), and no actual damage had occured (therefore there was no "breaking").
The UK introduced a "Computer Misuse Act", forbidding unauthorised use of a computer's resources, not too long after.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
--
314-15-9265
I guess the sale of your soul is finalized. That would explain the rash of article posting of inflammatory "news". I used to respect you.
Hates people who have stupid little sigs
i'll start off by apologizing for my first post pertaining to this article, i failed to read before posting...
now, i agree right on with the Virtual != Physical post... i've seen enough laws applied to computer crime that just do not fit... this is one of them. he didn't steal anything, he copied something. if he used the acquisition of that data to his advantage (example - fraud) in order to protect his own identity, yes he did something illegal. but my understanding is that he did not do anything of the sort... he just had the data.
anyway, back to this Virtual != Physical thing... had he copied the data, then removed all the usernames/passwords from the system, it would be comperable to Physical theft... he did not do this. he just copied the data... he did not "break" into the system, unless that's how we refer to sending queries to the server to check whether or not our password is right (i happen to call this "logging in" or even "trying to log in" when i fail to remember my password on the first try...)
as was stated by another post, l0phtcrack is only "compatible" with ONE server OS... can we guess what that is? that places the "tool" in the prosecutors hands... think of it as holding a gun at someone and saying "i won't fire unless you touch me" and then killing them when they do... are you justified?
there are many computer related "laws" that i would love to see go, especially laws that try to relate Virtual to Physical...
i would hope that anyone who agrees with me and others posting to slashdot finally do something about it. i think it's about time we started writing to our congressmen (sounds mega fun, doesn't it?) and explaining to them why the laws don't fit, and lobbying for a change.
-barton
A quick read totalling about 30 seconds of the story linked from this /. post proved that this guys main crime had been illegal entry into an ex-employers computer system AND the misappropriation of data.
This is clearly wrong and I agree with the charges against him. If it were innocent joe (Me) who had downloaded the utilities to learn on his own system and to help secure the network at work then yes this would have been a gross injustice but this guy done wrong and he needs to learn his lesson.
Matt Thompson - Actuality - Insert product here.
Supermen are superthinkers; anything else is a side issue.
These people were not busted for just having the cracking software, but for using it to steal proprietary data. Customer lists are a business' lifeblood. The software possesion charges are secondary.
PeterT
It's simple, really.
Let's say you're a company with 10k employees, all of whom use a central server to do their jobs.
A cracker comes in, and steals all your passwords. You have no idea if that list was sold or whatever, so you have to lock down the system, and reissue passwords.
Start the clock.
Someone has to compose a company-wide notice of the problem, and distribute it. Someone has to change all the passwords. Someone has to contact all the employees and give them their new passwords. And someone has to answer the Helpdesk calls when employees, irate that they've been locked out (and who missed the notification message) call the Helpdesk to bitch.
All the while, the employees are locked out of the system, and can't work.
If the average time each employee is locked out or working to re-issue passwords is an hour, and the average salary is $20/hour, then it cost you $200k to re-issue those passwords to 10k employees. It doesn't take a long outage on critical systems to add up to big monetary values for the lossage.
The passwords themselves don't have any monetary value, but the time spent in reissuing them most certainly does.
Want to learn about race cars? Read my Book
All, This is slightly old news, it was posted on security focus last week sometime. More importantly tho the analysis is a bit off. These two were arrested for committing a crime, not for simply possessing L0phtcrack. Since the software was used in a 'burglary' I can even understand that charge. Now IANAL but if you use a screwdriver to break into a building, and get caught with it, can you be charged with possession of burglary tools?
Absolutely. However, possession of L0phtcrack does not a criminal make. We use it here at work to determine password strength, and we're not criminals.
It should 9 counts against this extremely stupid man, not 11. 2 counts of owning a software package is silly to the point of string cheese.
--
I've never heard of LOphtCrack. Maybe L0phtCrack, but not LOphtCrack. :)
As far as the overesitimate of monetary damages, companies have an incentive to overestimate damages for insurance reasons. There was a great series of articles in 2600 a year or two ago (summer '97 issue if I recall) called "A Guide to Getting Busted" that explains how/why a company will grossly overestimate monetary damages due to being cracked and how that translates directly into figuring how much jail time an unlucky skr1pt k1ddy will serve.
So the bottom line is this guy cracked a former employer and he got caught and now they're throwing the book at him as is the case when any cracker gets caught. Don't be surprised if they charge him with the Kennedy assination and the ebay DoS attack just for good measure.
Directly from the article:
In short, as has been pointed out elsewhere in this discussion, these people weren't busted for having l0phtcrack. They were busted because they had it, and actually used it gain unauthorized access to computers. Also found in Bell's possession was the confidential list of clients for the company in question, username and (cracked) password pairs, and the contents of a restricted file on the system.
If this shouldn't be against the law, I ask you to tell me what should.
Slashdot is getting shitty
I live 30 minutes away from Hopkins, Minnesota. If the charges turn out to be true i'm going to go down there and hand out disks with l0phtcrack on it. Anyone live near here and want to join me?
- xcuse mi grammer, i lernt it from CmdrTaco -
- Think for yourself, question authority.-
If you read the article, you would see that these guys were clearly breaking the law. This really has nothing to do with lophtcrack at all.
So what if they had picked the lock on the front door and used zip disks to steal the customer lists....would we have a slashdot headline reading..."Busted for Zip Disk Possesion!"
I think not...let's try not to be so reactionary.
Depending on the business, $2.5M might be an underestimate. Like it or not, some companies make quite a bit of maney by not advertising who they sell to. If they did, it would make it that much easier for their competitors to horn in on their market.
JET Program: see Japan, meet intere
Hey Ma! Look at the two assholes on that elephant.
but two of the 11 felony counts against these two are for posession of burglary tools. So they got cought cracking and instead of 9 counts on the indictment for just breaking into the system and stealing passwords there are 11 counts, including the two for still having the programs on their computers.
So the headline and synopsis are misleading in that they suggest that someone was run in for just having the l0phtcrack software when in fact they were caught actually breaking into some system and were found to have l0phtcrack in their posession, right?
Then I guess the discussion should be about if this is legitimate to have felony counts for posession of burgulary tools here. If you bust into a store with a lockpick and are caught, you get breaking and entering, theft of goods and posession of burgulary tools as he charges against you. Should this be different? I don't really see how.
If you use a brick to break a window that you climb in, then put the brick back in your pocket, the cops probably don't charge you for posession of a brick. The question in my mind is then is L0phtcrack a lockpick or a brick? Offhand, I would say it is a specialized tool for defeating security, just like a lockpick is. Having it in your posession alone isn't a crime, but having it in your posession after having used it illegaly probably is. Debugger? Can you use a debugger to break into a server?
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
My god, you guys.. STOP POSTING FALSE MISLEADING HEADLINES!
1) Nothing was DECLARED ILLEGAL
2) Nobody was busted FOR HAVING L0PHTCRACK
3) This is no big deal.
1) people were busted for cracking.
2) One of the charges laid against them was for posession of burglary tools. THIS HAPPENS WITH ANY CRIME! THE TOOLS USED YOU ARE ALSO GUILTY OF POSESSIN!
Jeesus christ... get a grip people.
Does anyone have access to the text of the law itself so this can be clarified?
J Lessl
They were busted for USING l0phtcrack (rightly so) but they were also busted for HAVING it. It's that second part that seems a bit rotten to me. If the law really allows this (i.e. they aren't aquitted of the possession part), there's something rotten in Michigan. It would essentially be saying (to use the lockpick metaphor) Lockpicks are fine to possess, unless you use them. i.e. the committing of a crime with an otherwise legal device thereby renders the possession of that device illegal. SO - owning the lockpicks is fine until you use them to break into something, then you're guilty of the breakin AND owning the lockpicks.
mas cerveza, por favor politically incorrect stu
Does he just not read the articles he posts? These two didn't get charged because they were in possesion of the the software, they got arrested and charged because they commited a crime/s with it. If they were using it to actually test security or whatever on their own machines thats one thing....to steal user IDs and passwords is another....would it be OK if I used a similar tool on Slashdot and started posting crap from anyone/everyone here?
======== In the future, everything will be artificial. ========
Maybe we should take a leaf from the page of the NRA and form the National Hackers Association (NHA) or even the National Security testers Association (NSA)?
They'll pry my debugger out of my cold dead boxen!
The right to arm bears with L0Pht is indivisible from our other rights - they can take our boxen, they can crack our codes, but they will never take our freedom!
Will in Seattle
And it is a criminal offence because, unlike a crowbar, the *only* purpose of a crack pipe is to smoke crack. l0phtcrack, on the other hand has other uses, breaking security on your *own* machine (to test security), like kicking down your own front door, is not illegal. The tool has other legit uses, and therefore ought not to be illegal, unlike the crack pipe.
If this is the case, the company has a legitamate criminal complaint. There's good reason to believe that he would have reason to attempt to hurt his former employer.
This isn't a heavy handed crackdown. This isn't a small town declaring that L0phtcrack is illegal to possess. This is a criminal arrest where a former employee is believed to have accessed a computer system after being terminated from his job. The logical motive would be to hurt the company by giving information to competitors.
CmdrTaco, how many times have we complained of uneven, uninformed media coverage of internet and digital media issues? Wouldn't it help our credibility and our cause to not be guilty of the same thing? I read the story that was linked to in your post. Did you even bother? You post does not provide ONE DAMN SHRED of evidence that you did.
--
Intelligence is definitely a recessive trait.
Is anyone else somewhat shocked that the police actually knew what they found. I'm not trying to knock the police but I'm somewhat interested that they actually found it and knew what they were looking for. I've never used this particular tool, so for all I know it's obvious, but it is interesting that they actually found it and knew what it was.
If I murder somebody with a rock, I should get charged with murder, not possession of a rock.
The issue that I see is that many many programs can be exploited manually. What if you have a vulnerable network daemon and the attacker uses nc to feed it input. Is nc illegal then? How about if somebody writes a trojan in C, is the compiler illegal? the linker?
I'm not attempting to be difficult, I just fail to see the point of criminalizing a particular password recovery tool moreso than other methods of attack. If the alleged crimes are true, then I have no problems with them going down for what they did, but I don't see the how as being particularly relevant.
----------------------------
If I was to get arrested for breaking into a motor vehicle by using a Screwdriver, I would be charged with Attempted Break and Enter, Attempted Theft of over $5000, and for possessing Break and Enter tools. This does NOT mean that physical possession of the screwdriver is a crime, only the intent of possession.
I hope these geeks-gone-bad get nailed. They give the rest of us (and the tools we use) a bad name.
Jailbrekr.
Feed The Need[goatse.cx]
to the New World Order. The Thought Police are at your door, to make sure you do only those Politically Correct things approved by the government.
i don't think the indictment was only for owning L0phtcrack, the contentious issue is that the perpetrator installed L0phtcrack on a system to which he had gained illegal access. charging someone for owning a security tool and using it on thier system is one thing. installing it on a remote system though is more than a bit suspicious.
I agree that l0phtcrack is just like a crowbar. Use it to commit a crime and it is a burglary tool. But then so is a floppy disk and laptop for that matter. However, there have been cases where employees have been fired merely for POSSESSION of l0phtcrack. Some companies have policies that forbid employees to posses "hacking tools". My question is where does good secure admining end and hacking tools begin? weld@l0pht.com
Anyone notice how OLD this news is, FEB 17th!!!
This article has already been cross posted to death, and as usuall, Slashdot wrote the 'teaser' for this thing in such a way to inflame...
Maybe we should rename it to YelloDot?
From the article:
Klobuchar added: "It's a crime to steal, whether it's done the old-fashioned way or with new technology. And it's a crime regardless of whether the stolen item is physical property or intellectual property."
Given that L0pht Crack works on NT (New Technology), and lockpicks are the old fashioned way. Is it a crime to use say, qcrack on the passwords on a Unix box? Or would that be considered "the old fashioned way"? (j/k)
On a separate note:
They said that the user IDs and passwords provided access to proprietary information valued in millions of dollars, and they estimated the cost of issuing new user IDs and passwords at approximately $12,500.
L0pht Crack is an excellent tool, but I can only assume that the security at the company was lax as a whole. It looks like Bell use social engineering on Brelje to get an account, which is always a weakness. Still, on a system that has "millions of dollars" of information, you would think that they would use strong passwords and change the passwords on a regular basis. (I know how L0pht Crack gets the passwords) My point is that the company claims that it will cost $12,500 to issue new passwords. WTF? This is something that they should be doing on a regular basis!!!!
Not that this guy should not be nailed -he should- he broke the law. I just think that the claim issued over the cost of issuing new passwords is malarky.
Try to hack my 31337 firewall!
...its a suburb of Minneapolis
So, none of the MIT lock-pickers knew how to spell, even remotely? Since I doubt this is the case, I wonder why it was necessary for the document to be edited, as the numerous spelling errors make it obvious that this occurred?
Neopets - the best free game on the Int
You can be arrested for carrying a screwdriver if a cop thinks you might have bad intentions. It doens't matter if you have actually commited a crime or not.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Sorry, it was not a social engineering job but a crack with the assistance of an insider. Hence inside job.
Try to hack my 31337 firewall!
I own swords, knives, lockpicks, "hacking" tools, supplies to manufacture explosives, etc. and the knowledge of how to criminally use all of them. i have not commited a crime with them, and therefore, if a cop saw me with these on my person, she/he couldn't do jack about it (unless the weapons were concealed). However, if i picked a lock and broke into somebody's house, i'd be busted for breaking in and entering, and posession of criminal parephanalia... similarly, these people were busted for the electronic counterpart of this...
From the article: (emphasis is mine)
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
So, you see? Apparently (L0pht)Crack is a burglary tool, and Bell was charged with 2 counts of possession of it.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
This comparison of murder with a rock was covered elsewhere (look for someone talking about crowbars).
The point is that you're also charged with murder. Should you get out of the murder charge for some reason, there's still use of a deadly weapon. I'd bet there would be a string of charges should you kill someone with a rock.
L0pht crack when used to steal passwords is illegal. This doesn't make the compiler illegal, much like using a grinder to make lockpicks doesn't make the grinder illegal. It's the picks and using them in a crime that is.
It's just that the laws in this jurisdiction are probably broad enough to cover this. See my earlier comments for the laws in MA (which appear to be tighter). The DA/prosecutor is probably savvy enough to know cracking technology.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
So I take the bait, check out the story, and it turns out these guys likely planned and executed a simple robbery. One of the tools used in the theft was (L0pht)Crack.
Had I not checked out the story, I would have been left thinking these guys got busted for possessing (L0pht)Crack.
So when did Rupert Murdoch buy the guys who bought the guys who bought the guys who bought slashdot?
>What next? Debuggers?
What next, aliens having Linus babies?
Such is the case with pepper spray use in Michigan. If you use a normally defensive weapon in an offensive way, you've violated the public trust, thus your punishment should be more extreme.
I understand the previous example was a bit crude at least. But I think it stands that the same object can be legal or illegal based on it's use. Another example would be prescription drugs, another would be fireworks.
In my most very humble opinion, I feel this man did something wrong, and should be punished for it.
Further I agree with the damages stated by Epicor. I think the damages of $12,500 required to issue new user IDs and passwords is fair. Assuming that's a realistic estimate, I believe that the cost of total recovery is a fair price.
But one thing I would dispute, is that Epicor claims that the cost of losing their customer list would be in the amount of $2.5 million per year. All the article stated was that Bell has an email with the list as an attachment. In this case, they are claiming unrealistic damages, in where they didn't REALLY lose the list. So to these damages I would disagree.
If you hit someone with a bat, it becomes assault with a deadly weapon, but possession of a baseball bat is not a legitimate charge. Even possession of deadly weapon shouldn't be a legit charge. I mean, what's the point of making it a separate crime if you can't be prosecuted for it without committing another crime? Why not just increase the punishment for the actual crime? Bell was charged with 2 counts of possession of burglary tools for having (L0pht)Crack on his computer in addition to his actual crimes.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Spelling is Harvard. Sience is MIT ;)
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Sure, here it is:
http://www.magnet.state.ma.us/leg is/laws/mgl/index.htm
--
Drink! OHBC >O+
Hang 'em. Hang 'em high. I'm hiding my baseball bat NOW
You mean "Science"? :P
Soma: because a gramme is better than a damn.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Many previous comments have railed against /. for suggesting that they were charged just with posession. But the fact is that they were charged with posession of something that is legal.
And this happens all the time.
The fact that the police can arrest you for walking down the street (legal) while in posession of a screwdriver (legal) is a clear sign of tyranny: when the law is applied with an intentional vagueness that basically makes everyone criminals.
I think we need to seriously discuss the need for political action to end the vague powers that the law provides to the police.
(Inflammatory) case in point: Amadou Diallo (sp?) was shot to death by police officers who were not wearing uniforms. His crime? Startling them. Punishment: Death. Theirs: none.
If a police officer can shoot anyone even when he is not in uniform and get off scot free, that puts us right back in feudalism. The real citizens could kill anyone who was not a citizen (Japan under the Tokugawa Shogunate is a perfect example). Are we just going to sit around and wait as our meager freedoms disappear?
From the article (my emphasis):
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
Seems like that's where possession of (L0pht)Crack comes in.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
That's right. L0phtCrack is a burglary/theft tool when it is used to commit a burglary or theft. A crowbar qualifies too. Using a meat cleaver to kill someone makes you guilty of possessing a deadly weapon.
Knock off the knee-jerk Slashdork reactions and get a clue. All you do is make the mean intelligence on this site even lower.
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
Now, the 3 counts of unauthorized computer access will probably stick, as will the trade secrets, the attempted theft, and the computer theft charge. The beef I have with CmdrTaco is that he wrote the story in such a way as to make it sound like the city had passed a law making L0phtCrack illegal (they didn't). The prosecutor is doing what any other prosecutor would do: trying to set a precedent. If people can be busted for posession of burglary tools, then they might think twice about that.
The problem is that a wrench could be interpreted as a burglary tool. The problem with a posession law is that it does not account for legitimate use; in the case of a wrench, it could be used to break a window or loosen a nut on a car; with L0phtCrack, it could be used to find weak user passwords for the purpose of strengthening or compromising a system. I don't have hard numbers, but I would imagine that most posession laws would not hold up in court when applied to tools with legitimate uses.
I mean come on, this is just ridiculous. It's bad enough that the "quality" news has gone from 4-5 articles a day to 4-5 articles a WEEK but do we really need the whole tabloid sensationalism as well? I'd imagine that someone making the money Rob is would take pride in RESEARCHING things before posting them. But then again, when you get paid millions for a website, it may be harder to keep sight on such things.
I forgot to add, and I'm sure someone will argue this, that yes, they were also charged with crimes where they used those tools.
But this is insane. It is legal to own a fork. If I use the fork to stab someone to death, what possible logic is there for charging me with both 'murder' and 'posession of a deadly weapon?" The only purpose is to make ALL people criminals just for living their lives. Once just living is a crime that they 'forgive you until you do something wrong,' then we have tyranny.
I was busted for crack possession once. No wait, that was ESR.
This story shouldn't even be a post. Read the article, they used the software to commit a crime so they got what's coming to them. Come on slashdot, don't sensationalize this stuff.
Well gee, what are they gonna charge you with? Possession of a "SWAG BAG?" If they are going to charge you with murder, then they should charge you with murder, not possession of a knife. If they want the sentence to be longer, then they should work at getting the maximum sentence for murder to be made more severe (hmm.. in Texas, that would mean they get to fry you AND your dog :) If they can't get that done, then maybe it's because people feel that the current punishment is enough, and if that's the case, tacking on b/s charges is just wrong.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Its like convicting someone for owning a crowbar.(!)
A person commits the offense of possession of burglary or theft tools if he
possesses ``any device, explosive, or other instrumentality with intent to
use or permit the use of the same to commit burglary or theft.'' Minn.
Stat. 609.59 (1996). ****Evidence linking the defendant to any past or
future burglary is not necessary for violation of section 609.59****. State
v. Valstad, 282 Minn. 301, 309, 165 N.W.2d 19, 24 (1969).
Intent to use burglary tools may be drawn from the
character of the objects and from the circumstances
surrounding their possession. *** The intent
necessary is a general intent to use the tools in
the commission of a burglary and not an intent to
commit a particular burglary.
The statute in question can be found here. Other statutes can be found at this parent site for the legislature, or specifically at this one for the general laws.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
>I think the idea was not criminalization of l0phtcrack, but that once the guy was caught, the police charged him up the yin-yang with everything they
>could think of.
I think(tm) the idea the prosecutor had doesn't really matter. The point is that he is charged with possision of burglary equipment, and that the implication from that is that the software in question is burglary equipment and therefore illegal. The issue is the same as with lockpicks (see thread above). They are illegal, regardless of use except to a licensed locksmith. I can't wait until I have to get a "license" to program, or test security on my own system etc.
I also think(tm) that it doesn't matter what we may think about the validity of the law. The law has existed for ages, is broadly enough defined that the software can easily be classified as falling under it(as could almost anything you can own), and therefore it is a valid charge and will probably set the precedent that we most definately don't want.
Finally I think(tm) that these creeps deserve whatever they get, it's just to bad that in getting it, they're also setting an unjust precedent.
From the article (my emphasis):
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
From this we see that having the "burglary tools" is one of the charges. The screwed up thing about charges like this is that they can't seem to be brought unless you commit a crime. Once you commit a crime, they tack on this extra crime, that isn't really a crime by itself, just so they can increase your sentence. Why is this necessary? Apparently because some people don't want anyone to understand just what the penalties are for a crime. If they want to put people away for a longer time, why don't they just work to get the maximum sentence increased for that crime? Maybe because people wouldn't like that? So they just look for a way to get around what the people want and we end up with b/s charges like this one.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
The same thing BTW is true for water pipes a lot of places. Use it to smoke tobacco or to ornament your living room (think big Indian hookah) fine, but if you have some pot around then it's possesion of drug paraphenalia.
It was a rhetorical quesion, but debuggers should be subject to the same reasoning.
I'm really starting to believe that we need a consitutional amendment to handle additional guarantees of freedom, ones that wouldn't be needed without the proliferation of cheap drive space and computational power. Since that would never pass in the US, I've started fooling with a totally new consitution. My plan is to set its goals explictly, write a draft, and then open it to discussion. Maybe we can get some small countyr like Tobago to adopt it hoping to attract hi-tech industry, and then away we go!
(Score 2: Unrealistic)
Don't forget... "estimated the cost of issuing new user IDs and passwords at approximately $12,500" WTF? Are they paying their network admin $1250 per minute? It couldn't possibly take that long to send an e-mail asking people to pick a new password.
I think this is akin to carrying a screwdriver. You can use it to fix a lock, or you can use it to break a lock, enter a building and steal the contents.
Or, you can use it to carve a hole in someones skull. It's been done before. See here for the gory details.
after reading the details now i'm beginning to wonder if Malda and his boys are condoning this persons actions (he is a thief, i hope he's considered a Felon in the eyes of the law as well)... so do Malda and his boys support his actions , I dont really know, but looking at the headline, i would think they do
The real problem here, as I see it, is with the whole concept of "Possession" laws. It should not be illegal to own any object; be it a gun, lockpicks, boltcutters, or hacking tools. The crime is not owning some object, the real crime is the using that object to cause harm. The action of causing harm is what should be punished; the instrument used is irrelevant. Placing the blame on the object, instead of the person using the object, is a stupid concept which is unfortunatly accepted all too readily.
If someone runs over you with a car, you are still just dead as you would be if they shot you; but people think that a gun is somehow more "evil" than a car. If 10 people got shot standing on the sidewalk, every knee-jerk idiot will come out of the woodwork saying how bad guns are and that the government should do somthing about those evil guns. But if those same 10 people had been run down by a lunatic in a Buick, those same people wouldn't be screaming for car control, they'd put the blame right where it belongs - on the actions of a person.
"Possession" laws (of weapons, tools, drugs, whatever) are all flawed because they assign criminality to an object, instead of an action. Let's say that one person breaks into a house by picking the lock and steals $5000, and second person breaks into a house by kicking down the door and steals $10000. It is morally indefensable to say that burglar 1 deserves a harsher punishment than burglar 2 merely because burglar 1 used a tool and burglar 2 used his foot. The additional charge of "possession of lockpicks" achieves no useful purpose.
The criminal justice system is so mismanaged and overtaxed that it usually cannot keep convicted criminals behind bars for more than a small fraction of the time they are sentanced to. Rather than fixing the real problem, the politicians have decided to try and keep criminals in jail longer by creating more crimes. Police and prosecutors are rewarded (with raises, promotions, etc) for having a large number of arrests and/or convictions, providing them with a personal interest to come up with as many charges as possible for any given case, regardless if it's in the public's interest or not. These factors combine to create a system that has an enormous potential for abuse.
Sorry if this seems rambling or off-topic; I'm running on too much caffeine and not enough sleep...
"The axiom 'An honest man has nothing to fear from the police'
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Using anything to break into a car (without the owner's permission) is illegal. I could use a rubber ducky to break in and it would be illegal. The point of this is that the crime is breaking into the car, not possession of a rubber ducky. Possession of a rubber ducky shouldn't be a crime, even when it's used to break into a car. The crime is breaking into the car. That crime has a punishment associated with it. Why do we have to overcomplicate matters by trying to say that possessing a rubber ducky is a crime if you break into a car with it?
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
I do feel a need to chime in... The title of the article was inflammatory, the summary was highly misleading... I don't care if you guys just went through an IPO, no smoking pot while posting news goddammit!
--
Peace,
Lord Omlette
AOL IM: jeanlucpikachu
[o]_O
Public perception of network security tools such as l0phtcrack can only be hurt by this. The public perceives these tools to be the tools of "hackers" and not legit tools for network analysis.
We have MTV, movies, and other bad press to blame for the public not understanding the difference between hackers and crackers. The public is not educated in the fact that these tools are used by (and in same cases, were designed for) systems administrators, security officers, consultants and anyone that wants to learn about OS vulnerabilities.
I guess the point is that if there is enough bad press because a tool is misused, sometimes the tool is banned or its use restricted. I don't think that would be good for e-commerce or network security.
From the article (my emphasis):
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Hmm.. I wonder what Joike and the Bots would say...
Your Working Boy,
Well, I don't see why not. I'll admit that I do not understand why using a tool to commit a crime is somehow "more of a crime" than committing the same crime without a tool. But I've heard of strange laws where using a gun to commit a robbery is treated as worse than using some other type of weapon (e.g. katana, disintegrator beam generator, monkey wrench). For some reason, that's just how the law is in some places. Use a gun, go to jail. Use a nuclear warhead (the "implosion" model -- not the "plutonium gun" model!) and maybe you won't go to jail.
The funny thing is that logical extension, the tool definition could be applied to just about anything. Commit a computer crime, and you're in trouble. But if you used a keyboard or a monitor to help you commit that crime, you're in even worse. Maybe if you commit purse-snatching and then run away from the scene, your shoes could be considered theft tools? What about the spoon that you used to eat the Wheaties than make you run so fast? Spoon == theft tool. Since it might be difficult and distracting to commit a crime while suffering from a toothache, I would definately classify a toothbrush as a theft tool too. And, of course, the perp wouldn't have been able to commit the crime if he had stayed home taking care of the kids, so a condom is a theft tool too. And if he had died in the car crash that he had last year, this crime surely would not have occurred, so his seatbelt and anti-lock brakes are theft tools.
But let's get back to that condom thing. Dad was sloshed on beer, after a night's celebration due to winning a high school football game. Dad didn't have a condom handy, nor the foresight to use one, and when the head cheerleader saw his big football trophy, she got really excited and one thing led to another, resulting in the birth of the perp. Dad died years later, and the perp inherited his house, which includes that old trophy up in the attic somewhere. That trophy is a theft tool. He is in possession on an object that enabled him to commit a crime.
It looks like just about any crime can have an arbitrary number of sub-crimes attached to it, thanks to these using-tools-laws. I think it would be fun to be a prosecutor for a day, just to throw the book (which probably happens to be a theft tool in some way) at suspects.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Boy, I'm not sure.... I was trying to read your message when something interrupted my synaposis and my central nervous system shut down... Not sure how long I've been out.
Well, I don't know if I would say *the* original.
I chose my username to be "Elrond, Duke of URL" and I got userid #2657.
But, seeing as how this is your first offense, I guess I'll let it slide.
That, and you post way more often that I, so somebody might as well use the name, right?
Duke, Duke, Duke, Duke of URL, URL, URL....
Elrond, Duke of URL
"This is the most fun I've had without being drenched in the blood of my enemies!"-Sam&Max
Do you keep a list of names and passwords on it that you do not have permission to possess? That is what makes this a perfectly legitimate charge. Using a tool for a reason that is not illegal does not mean that another use is not illegal also.
-- toolie
It's called "irony". It's funny if you can figure it out. It's not that hard...
--
http://gammatron.weblogger.com
We already hashed this discussion out a bit on the firewall-wizards list.
Jurisdictions that make possesion of certain tools illegal refer to them as burglary tools. This is by state or by county. It is quite illegal to carry lockpicks in some places if you're not a licensed locksmith.
The definition of burglary tools is anything that has been classified as burglary tools.
There is no licensing for security professionals or system administrators.
Therefore, since L0phtcrack has been classified as a burglary tool in Hopkins, and you can't get a license to "carry" it, it's illegal to have there, for as long as the "burglary tool" classification sticks.
Quite stupid, yes?
The thing that this was done by a former employee is what makes this stuff, something more helpful for the legal guys. dont you think? i mean if this was done by some outsider, then it would be a case similar to the stolen 30K cc's. But i dunno how they could classify l0phtcrack as a theft tool. does it make the nic go into promiscuous mode, or some similar restricted methods. but even if this was done by an outsider, i think it would be difficult to prosecute just bcos of the tools he is using. i mean cant it easily be overthrown, as a software 'feature'. and just look at the legal guys comparing it with the real world.. "These crimes were the high-tech equivalent of physically breaking into a business and stealing valuable documents from a locked file cabinet," well, not EXACTlY, except that the cabinet is made of paper, and it gives u the secrets if u ask 'open sesame'.
You have a brain the size of a pea.
Die. NOW. Please.
And for Christ's sake don't breed.
As a system admin I can agree that possession of hacking tools can't POSSIBLY be a punishable offense. My computer at work has port scanners, password crackers, etc because my job requires it. If I hack into my own system using common script kiddie tools, that means I have security issues. Am I breaking the law by scanning my system for vulnerable ports that either need to be disabled or TCP_wrapped? Am I breaking the law by trying to recover someone's Wordperfect file that they password locked and forgot the password?
These are my job tools, it's that simple. These are my hammer, brushes, tape measure, etc of my computer job. According to Hopkins Police I'm now a criminal because I posess these tools and I use them regularly on my company's network. Now if you'll excuse me, I need to stab somebody with my pen. Evidently that's legal.
There is no reasonable defense against an idiot with an agenda
:wq
Absolutely. However, possession of L0phtcrack does not a criminal make. We use it here at work to determine password strength, and we're not criminals.
I don't know about that one...
I'd have to say that if you use it as an illegal entry tool, then it is an illegal entry tool.
Um.. Technically they're not stealing since the file still remains at the company's computer. You have to deprive the person of his goods to make it
stealing but that didn't happen here did it. So all those charges of stealing are bullcrap.
I agree. Why should it be illegal for me to use these programs against my own user base?
/etc/passwd file to see which users had easily guessed passwords and to notify them of this).
I am guilty. Come arrest me. I used "crack" today (actually I ran a password cracker against my
Joseph W. Breu
Get your "illegal" software here!
I love it when articles have links....
If you are carrying a screwdriver, and someone breaks into houses nearby, you will be considered a suspect, whether or not you actually did the break-ins.
Although in this particular case it appears that the suspect probably was using L0phtcrack to breakin, and therefore it would be a burglary tool (if he is found guilty, of course)... These laws are often open to abuse--Laws on possession of burglary tools can be used, for example, to hassle transients or other "rif-raff" who are passing through a rich neighborhood, if for example, the guy in question happens to have a nail clipper with a nail file attached (i.e. nail file = potential lock pick).
--
I can't stand lines of reasoning like yours, since it's the same sort of reasoning that encourages some people to keep things like sodomy laws on the books: "Sodomy laws aren't ever enforced against people who merely commit sodomy. They're only used as an additional charge to bring against violent rapists."
Quite frankly, it's a bullshit sort of reasoning. If it's so important to increase the penalty for the act in question, go ahead and increase the penalty for the act in question. Don't surrepticiously contrive additional unnecessary charges. If a person can be punished for committing a crime, then it's simply redundant to charge him with possessing the means by which he committed that crime -- of course you had the means, since, after all, you were successful in committing the crime. Laws that aren't uniformly applied reek tyrranical abuse of power.
The only thing that can be accomplished by having this additional statute is letting the state punish individuals for the mere possession of the tool in question. In fact, if you go ahead and look at history, you'll find countless examples of how states have found it much easier to punish possession of the means or knowledge of the method of committing crimes than punishing the crime itself -- for the most part, honest citizens won't put up much resistance since, after all, they don't consider themselves criminals and feel no need to possess things that are overtly associated with criminals.
Before you jump to the conclusion that no one will outlaw mere possession of these sorts of tools, ask yourself why there's so many gun-control laws and why, until recently (and technically, currently), you need special permission to export encryption software, which is, after all, just a tool.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Some days I just don't feel like smiley-captioning things, and sometimes I regret it.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Ok, didnt read much, thought a little over it, and this is what I come to:
The problem is not if he did it or not, is considering l0Phtcrack a "theft tool". Thats what
I find both ridiculous and dangerous, cause is just one more step on the stupid overreaction chain of even that Our Leaders take every time they face the "arcane" (to them) computer technology.
For instance, if you rob a bank and escape using a car, then cars are to be considered theft tools?
This is ridiculous, like Kevin Mitnick prohibition to use computers (right, he is DANGEROUS, o boy, dont let him near a computer... its that kind of thing constitutional?), and a lot of other things that show just how little politicians understand of computers and how arrogant they are, making laws and rules and what not of things they dont comprehend.
That's right. L0phtCrack is a burglary/theft tool when it is used to commit a burglary or theft. A crowbar qualifies too. Using a meat cleaver to kill someone makes you guilty of possessing a deadly weapon.
If I beat someone to death with a rubber ducky, then the rubber ducky is a deadly weapon, just like anything else would be if I use it to kill someone. What, then, is the point of it being a separate crime? Why not just charge me with murder, regardless of what I used as a weapon? How does it make sense to have a separate crime for using a rubber ducky or a cleaver or anything else to commit murder? Murder is the crime. Stupid extra charges should not be introduced when they serve no purpose.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
cmdrtaco made a very clear statement here
he doesn't care about you, about me, he just wants our hits
this isn't news for nerds anymore, more like
News from Suits. Stuff that blows.
Quoting Homer Simpson's brain:
"That's it. I'm outta here"
Cya all on some friendlier forum.
Hmmmmm........ I think I want the job of whoever gets to reassign these passwords. That's some nice money for grunt work.
h0pk1n5 k4n l1ck mY nUts4Q!!!!
5t c10uD r0x0rz j00r b0x0rz!!!
I can have all the intent in the world to do something, but until I physically do it (and get caught, though getting caught or not doesn't make it right one way or the other), it shouldn't be illegal.
When it is, what we have is thought crime.
As a previous poster noted, the punishment should be only for the actions of the person, and not on the possession of a tool.
Reason is the Path to God - Anon
i was arrested in 1986 for possesion of an etf device (a blue box) for which they could not prosecute because the box didn't really exist. it was software running on my computer at the time. according to the laws of the state of california, they couldn't charge me on possesion, but had to charge me with the act of committing toll fraud. so maybe it won't fly legally. remember, when you get arrested for something they bring you up on everything they can because the old adage says "somethings gotta stick". -cvoid
... is that a majority of /. posters have the mentality that big business is bad, the individual with Linux and hacking tools to circumnavigate controls put there by the "Big Businesses" is the hero, and that anyone who goes after "the hero" is therefore a bad guy.
It's silly to think that just because a company makes money, even on software, they're bad. They're in business to make money, period. If they feel software sales are the way, then that's their business.
If a person, such as this one, decides to stick one over on any business that is seen as "bad", then what they did was good.
The guy deserves these counts, even the software tools. Software which *ONLY* has an operation for destruction, theft or damage should be illegal. Why on earth should this, or WinNuke, or ICMP flooders, or anything else, which has no bearing in the computer world but to do damage, be "legal".
We might as well let nuclear weapons made at home be legal. After all, the person made them himself, using his own knowledge he gathered. So what if it destroys a lot of things, who cares?
Grow up. Shut up. Without these businesses, the economy would suck, and you'd be without jobs.
Illegal by what law? Who passed legislation that made this software illegal?
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
Now, it is illegal to own a device that's only use is to commit fraud, like a red box, or a tricked out cable descrambler. Simply owning one of those devices is a crime. That's because they have no legitimate purpose other than to facilitate the commission of a crime.
Now, I know that what you wrote is probably true, due to the phucked up nature of our current legal system, but...
What if I like to listen to the sound of a quarter drop (or nickel and dime drop, for that matter) tones? What if I use a Red Box for making music? That is a perfectly legitimate use! What does a Red Box look like, anyhow? A Hallmark greeting card? A Yak-Back? A tape recorder? A laptop? Any of these could qualify as a Red Box, so how can one (or a law) say that they don't have any other legitimate use?
As far as a cable descrambler is concerned, given the right software and a good DSP, a computer could be a cable descrambler. Besides, you should be able to own one, with the intent that you would rather own one, than pay the $2.50 a month to the cable company to lease one, right? Or are we only allowed to lease a cable descrambler?
Reason is the Path to God - Anon
To me holding a grudge after being terminated from a company is one thing but to have your home ISP listed as a recipient of usernames is just plain dumb. I guess he never heard of TCP spoofing or perhaps using someones email at the company as a drop off point or even perhaps in a /tmp directory that is removed every couple of dayz. The problem is not the software, its the script kiddies who aren't bright enough to use it.
You should. He just said they were using it to test password strength, which makes it quite clear that they are using it for administrative purposes.
OTOH, using it to break into your former employer's computers is clearly illegal.
The funny thing is, I checked out the article and while it did mention l0pht crack by name, possession of burglary tools was not listed in the indictments in the story. Looks like the slash-hacks should read a bit more carefully before posting inflammatory stories.
And I have l0pht crack myself, and I'm no criminal.
L0phtCrack is a legitimate tool, that is hardly ever used legitimately. It would take an extremely obtuse individual to say anything else. The fact still remains that it does have legitimate uses.
The charge of possesing burglary tools is a legitimate law enforcement tool. If a cop comes across a man walking down the street with a duffle bag fille with crow bars, bolt cutters, etc. he can be detained. This allows for the thief to be detained to either prevent the robbery he was about to commit, or find the robbery he did commit without letting the thief get away. This tool could obviously be misused also.
It should be noted that even if you arrested on such a charge, you probably won't be charged with it unless there are corroborating charges.
They are both legitimate tools, that could be misused. The cracking tool is probably more misused than any misuse of the possesion of burglary tools.
so posts using racial slurs get moderated up to funny? regular funny posts about petrification, hot breakfast cereals, etc. get moderated down? dumb bastards. yeah, moderate me down too. whatever.
This is a no brainer people. Buying a sledghammer is not illegal. Taking it into your back yard and driving posts with it is not illegal. However if you go to your neighbors house and bash his door in to steal his television then you are now using a burgulary tool. If you try and kill someone with it then the sledghammer becomes a deadly weapon. The whole point of the matter is context.
Another point to consider is often as many charges as possible are filed knowing that the defense lawyer will bargain and have some of them removed and then plea to some of the lesser charges. Don't think that this hasn't been thought out well in advance by the DA.
personally, i have nothing to hide. come to my house, look through my mail, take pictures of me in my underwear, post them on the internet. i don't give a damn.
as for charging this dude in hopkins with these offenses, that's a different case... there's a difference between knowing where my mailbox is and how to open in and actually going there and reading my mail
i would have to say that you are the immature one in this argument... in the physical sense, everyone knows where my mailbox is and how to open it, but nobody goes through my mail... and nobody should be able to. but like i said, i have nothing to hide, i probably wouldn't care. heck, i don't even know where i'm going with this argument anymore.
nobody cares until someone other than the government does it...
-barton
I expected to be moderated down, but how is my reaction to the charges considered trolling?
If you own a Redhat or Mandrake distrobution then you are in possession of a password cracking utility called cracklib. Just like L0pht crack it can be used with bad intentions. You will all go to jail! ;-)
In Republican America phones tap you.
Please do not post stories like this in the future. I will not list all of the myriad reasons why the headline here was sensationalist bullshit, please read other messages that have been previously posted for that. However, by posting headlines such as this one, you make the community out to be a bunch of Art Bell-listening, super-anti-government, militia-member crazies, and it weakens our voice on REAL ISSUES like DeCSS, net privacy, and the various patent fights.
Thanks, that is all.
Have a care, CmdTaco & colleagues. Sensationalism and bias are
two of the things that are breeding contempt for the so-called
"popular media."
These people weren't busted for the *possession* of cracking
tools. They were busted for *using* them.
It's pretty much universal that possession of certain tools violates criminal laws when the intent to use them improperly is present. This is really a mens rea issue. A locksmith is not violating any criminal laws when he carries his tool box around, but if a cat burglar is walking down the street with his lockpick set, he has committed a crime even if he hasn't gotten far enough to be charged with attempted burglary. Now, you can conisder a law that outlaws possession of certain tools silly, but it is pretty well entrenched in the anglo american justice system. So it isn't mere ownership, its ownership plus criminal intent.
Here in the U.S., the Constitution (via Ammendment 2) guarentees the right of its citizens to bear arms. This is not a surprise. However, as computer warfare becomes more prevalent and recognized by local authorities as something they are going to have to respond to, things are going to change.
As it is used in computer warfare, I would consider L0phtcrack a weapon. Ignoring the very difficult problem of what should be considered a weapon under this new definition, should the tools of computer warfare be regulated as are other arms?
In the view that security guards have to be licensed if carry firearms, should sysadmins have to be licensed to posess and use <fill in your favorite security testing tool here>?
"when it gets down to specifics the police that I know personally err on the side of caution"
I have to concur. When a police officer recieves a complaint or sees something suspicious, the first thought is to take care of the situation as quickly as possible by using whatever methods they have at their disposal.
These include:
Speaking to the subject(suspect)
Confiscation of item(s)
Arresting the subject(suspect) or taking the subject into custody (these are different things, of course).
Shooting or disabling the subject (almost always a last resort).
Anecdote:
In the State of Illinois, all knives are legal besides switchblades and ballistic knives (knives which shoot the blade). Butterfly knives are (and contrary to popular opinion), last I checked, legal. So, by extention, swords are legal. So, standing out in your front lawn with a sword, chopping on your own tree is legal.
A friend of mine did this.
And when the police officer came by, she confiscated the sword. The reason the officer was called was because an elderly person across the street called and complained.
After some hassle, including threatening legislation, he got the sword back.
So, the sword is not illegal.
However, if he went over and threatened the elderly person who called with the sword, that would be illegal, and the tool would be rightfully confiscated. Same thing if he chopped her head off.
I hope this wasn't that confusing.
later
Dan
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Read the article, then post
Let's face it, the "possession of burglary tools" charge is simply to provide the prosecutor with more charges to defend against the jury throwing other charges out for technicality. The more charges, the more 'impressive' it appears. If I break into my neighbors house with a 12 lb. sledgehammer, i should be charged with a simple b&e, not with breaking and entering, posession of deadly weapon, posession of burglary tools, etc. a different, yet congruent example of this is the silly charge of "posession of deadly weapon". If i brandish that said weapon, use the brandishment charge, if i commit an assault, use an assault charge. if battery, use battery. Let the crime fit that which is committed, not that which is to pad the prosecutor's legal pad of items to cover.
This same link was a news item on SecurityFocus days ago. Saw it in their Slashbox...
According to the article he had used the tool to download and store others usernames and passwords to his PC. This _is_ data theft. Not only that, it's a very irresponsable act. Even if he had no malitious intent, what did he expect others to think?? You have to have some social responsability. Just because you can does not mean that you should.
I don't expect to be busted for posessing my lead anti-x-ray bag.
.oO0Oo.
But when I used it for blocking the radio detectors that are used in my city center's stores to prevent shop-lifting (just pop the item with the radio "tag" inside the bag and then the store radio activated alarms can't penetrate the lead so the signal isn't frequency shifted but the goods are) if I am caught I expect to get "going equipped to steal" to be added on to the shoplifting charge.
Don't do it these days but those were the times when any item was "open source". hehehe
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
no sig
OK, we've got three things going here. He's being accused of:
1) Intending a burglary
2) Possession of tools that make a burglary possible
3) Stealing stuff with a felony level value.
The point to the "burglary tools" law: even if a theft has not already occurred, the combination of 1 and 2 together make up a different crime - possession of burglary tools.
So if you find someone attempting to install software to make a theft possible, it is NOT necessary to wait for something actually to be stolen.
This is like busting someone for speeding, then charging him with posessing 100 lbs of explosive material because his car has 13 gallons of gas in it! Breaking other people's systems is wrong, but keeping a program that can do it isn't a crime! What's next? "Possession of Piracy Tools" for having a CD burner (or a floppy drive, for that matter!), "Possession with intent to sell pirated software" for having a burn of Win98 on your desk? (remember, you are allowed to make one backup copy for personal use)... BTW, I have 4 deadly weapons in my pocket: three car keys and a 1.5" pocketknife. (Incidentally, a 1.5" pocketknife can get you expelled from high schools here in colorado. glad i'm done.)
I seem to remember the NSA sponsered (very good) Windows NT security guide at www.trustedsystems.com (avalible for free, pdf format) recommends admins use L0pht Crack. The line is somewhere in a footnote around the middle of the docuement (might be wrong, it is late and I am working from memory).
In the end, there can be only one...
The funny thing is, I checked out the article and while it did mention l0pht crack by name, possession of burglary tools was not listed in
the indictments in the story. Looks like the slash-hacks should read a bit more carefully before posting inflammatory stories.
Looks like you should read more carefully:
David Thomas Bell, 33, of Coon Rapids, faces 11
felony charges. They include three counts of
unauthorized computer access, two counts of theft of
trade secrets, two counts of attempted theft of trade
secrets, two counts of computer theft and two counts of
possession of burglary or theft tools (specifically, a
software program for extracting user IDs and
passwords from a computer system).
Mind you, TaoJones has got to be the world's biggest buffoon if he thinks that this is some sort of conspiracy to further make certain computer software illegal.
TaoJones, stop posting shit. And CmdrTaco, try checking up on your sources once in a while.
I have to say that I do not feel bad for these two people. The possession of LophtCrack alone did not do the damage. I am sure that the authorities are not going to come knocking on your door if you happen to own a copy of the software. The two jokers did use the software for something that was against the law and they deserve whatever punishment they get. -Me
If I break into (using a key I stole, so no damage gets done) a physical building and take pictures of documents I am not entitled to see, then I am guilty of theft.
The correlation is concrete. The only people that can't see that are the people that believe information wants to be free. That is simply not the case. Payroll records, trade secrets, early stock tips... This is all proprietary information. This information should not be free.
If I want to share some info with you, like the fact that I think you are an idiot, then I will. If I don't want to share information with you, then I won't, and you are not entitled to that information morally, ethically, or legally.
contrary to popular opinion, companies do pay for intellectual property. Just because they don't have to put money into every piece of reproduction of it, doens't mean they didn't put moeny into it, and doesn't mean they shouldn't be entitled to protect it. And with information, if someone that is not supposed to have it has it, even if it isn't the only copy, then real damage has been done. In this way only is the physical not equal the virtual.
Illegal by what law? Who passed legislation that made this software illegal? I don't remember seeing them being charged with possesion of Illegal software, seems it was what the software was used for. BIG DIFF.
If enough data is collected, anything may be proven by statistical methods.
Is Slashdot going mainstream??? I mean, going like mainstream media : addicted to sensationalist story that look so until you read the actual story???
--
" It's a ligne Maginot-in-the-sky "
L0phtCrack, like many other software utilities, is a valuable tool. Like any other tool, it can be used for good or harm.
While it is not the case in this situation, it will be a sad day if mere possession of software is ever categorized as a crime.
At my job I am responsible for the security of a corporate network. What better way to ensure that we are relatively safe than to use the same tools that crackers will use to compromise our security?
Sites like SecurityFocus and PacketStorm are valuable resources for the full disclosure of security related issues. I hope we never lose legal access to tools because of their potential abuse.
Did anyone else notice that it was an inside job? They didn't crack into the system from outside, they used (I'm guessing here, from the statement that one of them re-enabled the other's account), their administrator access to the systems to obtain the password file.
I think this just goes to show, that most problems are not external hackers, but disgruntled employees.
Jason Pollock
I live about 4 or 5 miles north of Hopkins - it is a western suburb of Minneapolis.
And there are about 60,000 people in the suburb I live in, not necessarily the 'small-town' atmosphere you were thinking.
Oh, and another misleading point: It is the county DA who is doing this, not some small township. Hennepin County (including Minneapolis and some of its suburbs - a few over a million folks) DA Amy Klobuchar has quite a bit of experience here.
Providing Thetan's(TM) safe-haven for over 18 years!
It's like you keep insisting the sky is green and then replying with, "See? I told you it was green!"
These aren't "pseudo-crimes". They are very real offenses. They are documented in the state's criminal statutes. You can be charged and convicted if you commit them. That's what happened in this case.
You ignored my long example in which several distinct crimes were committed.
"Breaking into a car" and "stealing a car" may actually be two different offenses. I can break into a car to steal a wallet off the dashboard. I can also break in to steal the whole car. If I do the latter, I HAVE committed two offenses and I should be CHARGED with two offenses. Law doesn't allow for assumptions or implications -- "Well, you did this, so you obviously must have done this and this." You have to spell out every charge.
If I'm charged with stealing a car, my lawyer will first say, "Well how did AC steal it?" If the prosecutor says, "He broke in with a crowbar", my lawyer may well say, "Well, you didn't CHARGE him with breaking into the car. You clearly can't PROVE he broke into the car. Therefore, you can't prove he stole it."
Nobody except CmdrTaco and you is talking about "possession of a crowbar". We ARE talking about using a crowbar to commit a crime. There is a difference. If I unjustifiably shoot someone, I'll be charged with reckless discharge of a firearm in addition to attempted murder. Your response to this would be, "Duh! He obviously was discharging it recklessly." Well, the law DOESN'T WORK THAT WAY. You have to spell out EVERYTHING.
I think we're arguing from two different perspectives. You're looking at how things should be. I'm looking at how things really are.
Finally, I don't ask my lawyer what programming language is best, but for some reason slashdotters seem to think they know more than the people who do law for a living. How arrogant is that?
Disclaimer: IANAL
A number of people have been railing about the fact possession of objects used in a crime should not be illegal. But consider that these objects can be considered EVIDENCE, and as such possessing (hiding?) them certainly might be considered in the same light as obstruction of justice....
Person A shoots Victim Z with a gun, and gives the gun to his buddy Person B. Does this mean Person B can be charged with possession? Or only if he KNOWS that the weapon was used to commit a crime?
Sorry for any blank message... "Submit" has default focus for some lame reason
Anyway, following Slashdot "tradition," I will now turn this into a gun control debate.
Seems to me the same people defending L0phtcrack as a tool, not illegal to posess, and not illegal to use for lawful purposes are the same people who want to ban guns. Guns being the same as L0phtcrack, a tool and nothing more.
So, along those lines, it doesn't bother me that some politicians are taking the stance that L0phtcrack might be an "evil" tool. (Although, assinging a moral aspect to a non-entity is illogical and stupid.) After all, if they can do it with guns, why not a tool such as L0phtcrack?
And watch it go on to include nmap, bo2k, and whatever else. Even M$ SMS.
And people wonder why other people like RMS and myself support the Second Amendment and the right to own firearms. The same principle here, guys. Don't be so blind. Once the dominoes start falling, it's hard to stop them.
Right to own firearms, right to have strong cryptography, right to have tools such as L0phtcrack. Stop assuming there is a difference. Any of these tools can be abused, and they all have legitimate purposes.
When your dominoes are all knocked over, don't cry. You let it happen.
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
First of all: uhm, yeah, I guess that lil submission was badly phrased. I ran across a "the sky is falling" email and jumped the gun a bit. My bad.
Yes, it looks like the folks in question did some stupid shit and got caught. I've got no problem with that. Prosecute them to the fullest extent of the law. What I'm worried about is the precedence this sets for law enforcement to get the "they got hacker tools, therefore they must be hackers" mentality. A few quotes from the various threads:
ConceptJunkie:
As was stated before, if you're not doing anything illegal, owning the tools (or the software) is not a crime
bridgette
The pipe would have to have at least *some* drug residue to be consiered paraphenelia.
...make me want to ask: What color is the sky in your world?
Sorry, but I have been busted for "paraphernalia", namely a pack of rolling papers. Nevermind the fact that I also had a pouch of tobacco in my pocket and not a trace of anything illegal - I was guilty of a serious crime: I had long hair and an earring. I fit a profile so I spent several hours in jail. This is the real world, and it happens all the time.
When it comes down to a decision on the part of law enforcement, you are pretty much automatically the Bad Guy. Your intent pretty much means squat - tell it to the judge.
...& as to the "if they'd just taken 30 seconds to read it" faction, when I submitted this there were 289 submissions lined up before mine. Now at 30 seconds a pop that's a bit more than 6 days of reading.
Now, as an act of penance I will pour hot grits down my pants and get stoned with Natalie Portman.
"Fear is the rootkit of democracy.." Blarkon
Meant to say ESR, not RMS. Damn people who are known by acronyms... always mixing them up :)
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
The estimated monetary damages were due to the fact that their customer database was raided!
Sheesh
...but the middle paragraph is fluff. We don't know what info is in this list, other than contact info.
And, neither of the two valuations are valid.
The first bullet is bitten by the notion that the list was not destroyed or corrupted, or released.
The second bullet is bitten by the first bullet, cost-based accounting. The list is a product, regardless of its purpose as an internal or external product. If the product is internal, or if the product is given away, there's no lost revenue cost for the list.
I've seen about 400 "Taco sux" posts, and little in-depth info. It will be beneficial to see what
"costs" and costs make up the claimed damages, then we can see how inflated that number is.
[It is legal swing a bat wildly...] but it becomes illegal at your nose....
Not quite. (IANAL, but) it is a crime ("menacing") the instant you present a credible threat of intentionally striking the other person with the bat.
This has some pretty deep consequences. If you swing the bat at me, I don't have to wait until the bat connects before acting in self-defense. This applies even if you're "spoofing" me and I misinterpret the facts in the fraction of a second between seeing a fast-moving bat and my response. Since a baseball bat to the head is "lethal force," in most jurisdictions I have the right *to kill you* in self-defense. In these cases it won't even matter that the bat is a hollow plastic toy, if I have no reasonable way to know this. (This could happen if you come up on me from behind.)
On a related note, every so often you hear about some teen killed while branishing an unloaded weapon - or even a realistic toy. They seem to think that there is some legal distinction if the weapon is unloaded (or unreal). They're wrong - and just as in the case of the bat the victim isn't forced to wait until the instant the bullet strikes his skull before he can act. In many jurisdictions merely displaying possession of a gun constitutes use of lethal force - and the other person is legally able to use lethal counterforce to remove himself from that situation. People might be able to outrun bats and knives, but not guns, and the only sure way for most people to disarm someone with a gun is to kill them first. Remember that next time some kids complain that The Man has no sense of humor about them driving down the street while waving (realistic) toy guns out the window. That actually happened here, a few years ago!
What you quoted is actually a misquote a First Amendment "protected speech" argument. Your speech might offend me (and others), but it doesn't cause us harm in the same way that a punch in the nose does. So we have to live to learn with objectionable speech, not with idiots who wildly swing their fist (or bats!) around others.
Back on point, this is totally irrelevant. Nobody said that L0phtCrack was intrinisically illegal to possess, they said that it was a "criminal tool" used while commiting criminal acts. That's no different from calling a hammer a "criminal tool" because it was used to break car windows, a screwdriver a "criminal tool" because it was used to break the lock in the steering column, etc.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
It was pretty clear he was persona non grata.
Silly question indeed, but what does persona no grata mean?
-Markus
Rainy days and automatic weapons always get me down.
The article says that these 2 people actually stole passwords with the tool. That's wrong, and they should get their ass thrown in jail! Creating tools is one thing ... using them to do wrong is quite another. People like these gives all of us a bad rap. Just because we can do it, doesnt mean we should.
Jeez people, you need to give CmdrTaco a freaking break. Come on, hes a journalist and all journalists have the mistake of being sastionalistic at one point of time in their careers. If it wasn't for CmdrTaco you would all be wasting your time doing something else.
Elijah Chancey www.elijahsadventure.com nomadic IT consultant, bicycling across america "all that you touch / and all
Doesn't the DMCA, especially when interpreted with the precedent of the DeCSS case, make provisions for regulating the possession of ICE debuggers and certain tools that could contravene protection? (The judge in said case stated that the DMCA's provisions allowing reverse engineering apply only to specially authorised personnel, or something like that.)
Here's the key point: Possessing lockpicks for the purpose of breaking into other people's houses is a crime, whether or not you ever successfully get into a house using them. If a cop catches you in my house, and the lock on the front door has been picked, and you have lock picks, he has a strong case to prove that not only have you broken into my house, but that you have those lock picks FOR THAT ILLEGAL PURPOSE, which is also a crime. But that's not the only conceivable way such a crime could have happened; if the cop catches you using those picks on my front door without my permission, the prosecutor could still charge you with possessing burglary tools, even though you weren't yet a burglar.
If some script kiddie with l0phtcrack ran it against a machine without any success, and it could be shown that his intent was to break into other people's accounts (say, by e-mail he sent out, or by recorded statments in an IRC), he'd still be guilty of possessing system cracking tools. And that would still be a crime, even though he never actually got into the system. Of course, the easiest way to show that the possession was criminal is quite simple: to catch him inside a system he's cracked. But that doesn't mean that the crime of possession is subsidiary to the crime of information theft; it merely means that the crime of information theft probably entails the crime of possession of cracking tools.
The prosecutor has a duty to charge a defend with all the crimes he could reasonably be believed to have committed, so that he has the best chance of convicting him. That's his job, even if you don't like it.
As mentioned already, if you read the article, you'll find he was arrested for cracking and stealing IDs, not for POSSESSION of (L0pht)Crack. Duh!
"After some hassle, including threatening legislation, he got the sword back. "
Give me my sword back, or else i'll pass a law?
Absolutely right. Otherwise, the majority of the USA would be charged for "possession of burglary or theft tools" for owning firearms, even though most of them will never use them to rob a bank or person. Owning and using tools like L0phtcrack is not a crime, using them to commit a crime is well... commiting a crime.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
why no update from CT or the others apologising for this bullshit?
why do they never even read the fucking thread to realise everyone has sussed them for the inflammatory bullshitters the are, and to justify themselves?
I mean... shiatttt.... they post 10 stories a day... between 10 authors... thats 1 story per author per day... and the slash code development is very slow... so WHAT THE FUCK DO THEY DO ALL DAY(!?!?) that they dont even have to read and reply to their own threads.
it pisses me off.
You have been found guilt of possesing the deadly weapon, "brain".
Your sentence: to monitor the growth of citizen unit version 2 egg sacs, who have been carefully modified to no longer include weapons. No hands, feet, arms, legs, brains or any other criminal paraphenalia. The world will be a safer place.
You are dismissed.
A gun, like l0phtcrack could be a tool in the comission of a crime. As such, In the context it was used, it was very much material to the crime comitted :/
Just my two cents.
--------
Never call a man a fool. Borrow from him.
Hey, be realistic, man. Normally, L0phtcrack would not be considered a criminal tool, but in this particular case, they *did* use it for criminal activity, which is what made their copy a criminal tool. It was used to commit a crime. This does not mean for a moment that L0phtcrack has been tainted in some way. BIOS password recovery programs could also be used to enable a crime, but neither they, nor L0phtcrack, would be brought before a court as implements of commiting a crime if they weren't used to directly commit one. Relax. The case is being handled quite properly, and no feds are going to come after anyone just because these people used L0phtcrack to break the law. It only applies in this one instance.
However, at the very end there was that dreadful quote from that lawyer:
"It's a crime to steal, whether it's done the old-fashioned way or with new technology. And it's a crime regardless of whether the stolen item is physical property or intellectual property."
I would like to ask this guy exactly why information is property. Does he have any moral reasoning for this conclusion, or is he just spouting off whatever is best for his client?
The problem with this argument is that you are assuming that the judiciary(sp?) are acting intelligently.
In the case of a particular event ten years ago, the Secret Service were the ones who were the buffoons. They busted a BBS and removed the hardware because
1). It contained the details for a new computer role playing game on computer hacking and
2). Some of the regulars on the role playing BBS were members of the Legion of Doom, including "The Mentor" ( who had already retired as a result of being busted a few years before and who had already settled down, gotten married and was sporting a 100% legitimate, payed for version of Xenix on his home system ).
As others have pointed out on this thread it would appear to be a no-brainer since in this case the software was used for clearly criminal purposes.
Unfortunatly, the authorities have a history of gross over-reaction and the point of concern here is that the possesion of certain types of software may come to be defined by default as intent to commit a criminal act.
This is not simply rampant paranoia. There has already been one case where an individual has been thrown in prison ( refer to the alt.2600 archives concerning Bernie ) for possesion of certain types of information even though there was absolutely no proof that they intended it for anything other than their own private study.
In this respect the writting is clearly on the wall - the authorities want the possesion of certain types of information ( including software ) to be a criminal offense, regardless of intent.
This particular case may well allow them to set such a precedent if it is not closely watched.
Because of this, it is a matter of concern to the whole community, regardless of what many may assume.
Not significant enough I guess.
The security "experts" at Epicor are afraid to admit their ignorance of obvious security testing tools like L0phtCrack. For real security experts, it's axiomatic that MS operating systems should not be used in any production environment. Oh well.
Weld Pond and Mudge rule!
http://www.lucifer.com/~sasha/naked_pics/
It's a conspiracy I tell you!
I don't know how precise the Latin is, but I think it means "The persons called the Romans they go to the house."
:-)
Er... actually it means "an unwelcome person."
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
If I use a stick of dynamite to put out a fire by choking it... (fires are put out this way sometimes) am I a criminal?
The message on the other side of this sig is false.
Ok, so I cannot access my employers information using a computer, but it is legal for my employer to look at my private e-mail if I sent it using the company computer?
grr, yeah, you're right. Threatening litigation. Sorry.
later
Dan
persona non grata--person you aren't grateful to see.
Going beyond guessing for a moment, The American Heritage Dictionary of the English Language, which happened to be a few feet from me 'cause I haven't gotten around to putting it back in the bookcase in the other room, says that "persona grata" is an adjective meaning "Fully acceptable or welcome, especially to a foreign government", so persona non grata would be person not acceptable or welcome. For example: "Ever since I threw up on the pool table in the middle of the tournament, I've been persona non grata at the bar I used to hang out in." (made up example, complete with grammatical error))
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Is it just me or does it seem like 11 counts is a lot for the crime? If he had gone in and stolen it in person it seems like he would have only a few...why is doing it with a computer so much worse?
Exactly, you're agreeing with me yet claiming you're disagreeing. The trouble is that they are non-technical people who are setting precedent about the legality of certain pieces of software. While you and I both logically know that stealing passwords is illegal whether done through lophtcrack or a poorly configured, ancient version of sendmail, the average jury member does not. The fear that I have is that by allowing them to get charged with possession of burglary or theft tools, that the tools will become not illegal when used illegally, but just plain illegal. This is the first case that I'm aware of where the program used in the break-in has been classified in this manner, and I foresee a possibility of a dangerous precedent. However, as with all but seven other people who regularly post on /., I'm not a lawyer. Colour me paranoid if you will, but the charge that is listed with relation to l0phtcrack does not have an obvious 'if used to commit a crime' clause. I attempted to find the actual text of the law to check this, but couldn't find the statute on-line and don't have the free time to check a library.
----------------------------
Yep. It really pays to read those employment contracts. :) Basically, if you don't want your boss reading your email, don't use your work account, use your home account. (To add a little more paranoia to the situation, consider this: even using web-based email from work could conceivably be dangerous, since your employer could cache all data coming from certain well-known free-email sites. Not that they would ever do that...)
On the other tentacle, if your employer used its power to break into your computer at home, you would have cause for complaint. (And probably a pretty darned hefty out-of-court settlement, too.)
"Early to rise, and early to bed / Makes a man healthy but socially dead" -- Yakko Warner
As long as the Internet was computer scientists, engineers, and a few students working on machines with little commercial significance, there was very little regulation. But now, you get businesses, families, lawyers, policemen, everybody moving on-line.
They are going to be asking for the same protections and laws that they ask for in the real world, whether it makes sense on-line or not. That's why you see strong efforts to combat pornography. That's why you are probably going to see efforts to outlaw the on-line equivalent of "burglary tools".
The popularization of the Internet reduces it to the lowest common denominator of society, both in terms of skills and expectations. Whether there is anything we can do about it remains to be seen; perhaps the Internet will eventually break up into distinct parts with very different rules, only sharing a common hardware and protocol infrastructure.
I would have been perfectly happy with the Internet remaining what it was and most non-technical people working on some simple commercial system like Minitel or a proprietary WebTV. But, I suppose, the way things have turned out, they are at least a lot more interesting.
Technically zig-zag type rolling papers and old-man type tobacco pipes are illegal under the current laws. Of course those items are sold openly at tobacco shops and drug stores, etc. Old geezers would never get bothered about possessing such things. The law isn't applied uniformly of course. If someone who is say under 40 had such items, they would likely be considered dangerous contraband.
I am under 40 and can assure you that I have never been harassed by the local constabulary for exposing a fine briar in public.
Now where's my Aromatic Cavendish,
Tom
Now normally I give the accused cracker the benefit of the doubt but check this:
;)
- -
> E-mail messages over the next month
> indicate plans by Bell and Brelje to
> contact Epicor's existing Vista software
> customers and turn them into clients of VP
> Projects
No matter what damned tool they use these are discussing/intending to sell trade secrets.
But, possession (or even use) of l0phtcrack definitely should not be illegal. I have used it, so am aware of it's legitimate usage
-----------------------------------------------
"If I can shoot rabbits then I can shoot fascists" -
If the following is true, and no other circumstances are true...
- What a Bitch!
From my point of view, there are two camps on this issue. The realists and the idealists. The realists argue for piling on more charges, such as tool posession, in order to ensure that a criminal does some time. The idealists argue that a criminal should be charged only for actions comitted, and burglary tools should be legal to posess.
Philosophical Discourse:
On this issue, I happen to belong to the latter camp. I believe in goal-driven management, not method-driven management. (I am the house manager for my fraternity. I tell Jon that the trash must not overflow the trash can, we cannot have flies or rats feasting, etc. I do not tell Jon to use a square knot to close the bags, etc.)
I believe that the government, as an UberManager, should by extension, legislate and mandate based on goals, not methodological details. Power plants should be required to keep SO2 emissions below a certain level, but not required to install foo-type exhaust processors. I beleive this has a certain asthetic appeal. I believe charging criminals for crimes but not tool posestion has this same aesthetic appeal.
In short, I think charging a malicious hacker with possesion of l0pht crack is a poor way to go about the business of prosecution. I also tend to agree with the slippery-slope arguments floating arround this thread. Enumerating on them further would be a waste of time, IMHO.
Sidenote:
As far as the crack pipe analogy, be careful about the word *only*. "The *only* use of spare change is economic exchange" is a false statement. I have used dimes as screwdrivers. People make jewelry and collections our of coins. I would imagine there are a few individuals who find crack pipes beautiful, but don't use crack themselves. There may be a legitimate reason to collect crack pipes.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
Err, you can also use to kill.
I am not joking. There is a country in the world where you can be arrested for carrying a deadly weapon as well. And a sharpened screwdriver is a deadly weapon. The wound does not close.
Overall: whatever you do and whatever you carry if the police wants to bust you for something they will bust you for something. Period. If you have a look through all laws, mini-laws and other regulatory crap (I had to do this a few times related to chemicals and software) there is always something that is sufficiently vague to get you busted and in jail. You have no rights. Only illusions ;-/
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Troll
hi, yes, i admit that the program could be used to potentially compromise security on an nt box. but other tools out there are also potential securit compromisers. it's not that hard to crack NT really. install a parallel NT and then delete the SAM. it's that easy. so i guess NT must also be a cracking tool itself.
let's say you use the aforementioned sword to separate jon katz's idiot head from the rest of him. i would call that person a hero.
Two questions; 1. Why didn't the perps cover their tracks? This was pretty sloppy work. 2. What was it one of the comapies said? Around 12500 dollars to change all the user login/passwords? Dosen't that seem kinda excessive/ludicrous!
Well, its not really a hard and fast age thing. It is more a cosmetic appearance thing. If you look 'dignified' versus you look like 'a punk'. Age of course plays a factor. A grizzled old bum wouldn't get hassled for drug paraphernalia no matter how scruffy he looked and a kid in his 20's would probably get hassled no matter how 'respectable' his appearance might be. A lot of this just depends on the jurisdiction in question, perhaps you live in a community that isn't quite so crazy when it comes to the 'war on drugs'.
Having skimmed the +2 or better comments in this thread, I can see that we have a parallel to my own case, although I would argue my intentions were higher.
I had crack, and used it, on my client's "ypcat passwd"-available password file. My intentions were honest - to reveal that the group I had left had fallen down on the job, because when I was there, I had run crack constantly and chastised those with bad passwords. After I had been gone for a year, 48 passwords were found out of 600, including the Vice President's password (pre$ident was his, if I recall).
However, while the State of Oregon couldn't prove that I had done anything wrong with those passwords, I couldn't prove that I had only good intentions. And the confused jury decided against me, making me a triple felon (two of the three counts relating to the "theft" of the publicly available password file, and the "theft" of the passwords by running crack).
This case is still in progress - I'm awaiting the first round of appeals, but I've spent a quarter of a million dollars of my own money on lawyers and fines, and the bills continue to mount.
If you want more info, send my bot an empty mail for a reply or visit the Friends of Randal Schwartz site. You should also check out a well-reasoned treatise by Steven McDougall about what's wrong with laws like the one that convicted me.
When a situation like that comes up, you don't just ask people to change their passwords. You run a program that changes it for them. Then you expire their passwords so that they have to change it the next time the log on. Then you put their new, expired passwords (which, ideally, should be a totally random collection of numbers and letters) down on paper, and snail mail it to them. In the meantime, they can't access their computers. If you're really paranoid, you change their userids as well, which brings up a whole load of new problems.
"Early to rise, and early to bed / Makes a man healthy but socially dead" -- Yakko Warner
Market profiling is not such an occult science. Age groups, interest groups, census information, phone bill size and such parameters can be used to tune market strategies without resorting to top- secret files. In my country the state phone company was billed for selling information to businesses PROFILING its customers. Sad but true. And a lot cheaper than &2.5M.
--Hikari
--Hikari
"Long distance information/ Disconnect me if you can/ On Detonation Boulevard..."
Well, its not really a hard and fast age thing.
Agreed.
It is more a cosmetic appearance thing. If you look 'dignified' versus you look like 'a punk'.
Bang On.
Age of course plays a factor. A grizzled old bum wouldn't get hassled for drug paraphernalia no matter how scruffy he looked
Wrong, it's precisely because of his socio-economic status that he will get hassled.
and a kid in his 20's would probably get hassled no matter how 'respectable' his appearance might be.
As a white man in his late 20's I have never been hassled by the police for carrying a briar. (And I started enjoying the occasional bowl in my teens, which I am sure contravened a statute or two) The difference is though I engage in such subversive and nefarious activities in these strange times such as; pipe-smoking, attending evil musical displays like George Clinton & The P-Funk All-Stars, going to hockey games & horse racing, defending civil liberties, advocating political & judicial reform and most subversive of all: canoeing; I look like someone who might have fallen out of a Big'n'Tall commercial, and speak like someone (in public anyway) enamoured with the Queen's English.
This is the real point, if you dress like, act like & speak like a hoodlum, don't be surprised if you attract the attention of law enforcement.
<RANT> One of the things that really bothers me are punks (the worst ones are suburban white kids) who look, speak & act like they just stepped out of a Rap Video, then wonder why they get hassled by The Man!
The great irony here is that these supposed "subversives" buy into the mass consumerism that fuels the masters who seek to oppress them.
You want a real subversive? It's someone who looks like they shop at Brooks Brothers, who sounds clarion calls against the status quo, and goes home and pops in their favourite NWA CD.(Mind you, this could just be my bias toward "Old-School")</RANT>
A lot of this just depends on the jurisdiction in question, perhaps you live in a community that isn't quite so crazy when it comes to the 'war on drugs'.
Indeed, in Canada we aren't as insane with our drug policy as our neighbours to the south, (Mandatory Minimums, Harsher treatment of "Ghetto" drugs, Vast sums of money toward a policing operation that is ineffective and has a disregard for civil liberties, Lining the pockets of a "Prison Industry", Giving Afghans Money/Arms/Expertise to defeat Communists which allow them to control a drug trade, which allows them to sell to the U.S. market, which gives them the money to fund terrorist activities against said country, with the help of "Ex-Communist Cleptocrats" who launder the funds, which gives slick politicians the ability to dupe the public into allocating more funds, which allows the Russians to also take money to combat the "War on Drugs" which...Etc...Man I'm getting dizzy.) but even the Canadian public has been duped. We lock up non-violent drug offenders (out of political expediency, and to appease our American cousins) meanwhile the public wonders why there are no jails cells available for violent criminals.
Although I sometimes wish someone might bring me his head on a platter for bastardizing one of the greatest musical accomplishments of the last century, (Jimmy Page's involvement not withstanding) I leave you with the immortal words of a certain American lyricist;
It's all about the Benjamin's baby...
Tom
The problem is that "the will of the people" is very hard to define. If most people care more for security than freedom, would that make surveillance cameras OK?
Or more drastically: What if the majority doesn't care about the rights about a minority?
The laws of any country are patchworks, each law designed to adress a problem without disturbing the system too much. Think about how hard it is to fix a computer system ten years old. Well the lawyers have to deal with "code" that is hundreds of years old. Each new fix may cause a security hole or a resource conflict somewhere. And they have their share of script kiddies, who just love to throw some dirt into the law machinery.
Of course we are entitled to have our opinions about how the law should work. I'm just so tired of all people who seem to think that you can apply a quick fix to a law and solve the problem.
That is why I sometimes wish for a /. lawyer. Somebody qualified (and honest) enough to say "Yes, this law leads to some unwanted results. However, the proposed change would be worse" or "No, that act will not grant Gates the right to monitor your disk, because of this law" and so on.
Or simply /. editorials on legal aspects of geek stuff, from someone who actually knows what he/she is talking about.
All opinions are my own - until criticized
Age of course plays a factor. A grizzled old bum wouldn't get hassled for drug paraphernalia no matter how scruffy he looked
:-)
Wrong, it's precisely because of his socio-economic status that he will get hassled.
I wasn't saying he wouldn't get hassled, he just won't get hassled for drug paraphernalia. He would most likely just get rounded up to the drunk tank or told to more or less get out of town just for being a bum.
and a kid in his 20's would probably get hassled no matter how 'respectable' his appearance might be.
As a white man in his late 20's I have never been hassled by the police for carrying a briar.
I wouldn't recommend carrying one if you find yourself down here. I've known people your age who were hassled even though they actually even had tobacco on them (the cops went rifling through the tobacco pouch looking for anything 'suspicious' hidden in there).
(And I started enjoying the occasional bowl in my teens, which I am sure contravened a statute or two)
Tons of teens smoke, but almost all of them smoke cigarettes, so a teen or 'young adult' (what a loaded term) smoking a pipe is bound to raise a lot more attention.
The difference is though I engage in such subversive and nefarious activities in these strange times such as; pipe-smoking, attending evil musical displays like George Clinton & The P-Funk All-Stars, going to hockey games & horse racing, defending civil liberties, advocating political & judicial reform and most subversive of all: canoeing; I look like someone who might have fallen out of a Big'n'Tall commercial, and speak like someone (in public anyway) enamoured with the Queen's English.
You'd probably really be in trouble down here with the last bit given the temperment of the typical redneck cops -- and their command of, or perhaps lack thereof of the English language.
This is the real point, if you dress like, act like & speak like a hoodlum, don't be surprised if you attract the attention of law enforcement.
Agreed. Sad as it may be, most of the world judges people based largely on appearances.
One of the things that really bothers me are punks (the worst ones are suburban white kids) who look, speak & act like they just stepped out of a Rap Video, then wonder why they get hassled by The Man!
Yea, I really don't get that either. There are tons of that sort of 'wannabe' punks like that around here. Its kinda weird because they are really the antithesis of the people they are trying to emulate.
Pretty soon 'the man' will get used to seeing the kids in their baggy-ass jeans and Tommy/FUBU shirts and not pay attention to them anymore. Of course once it no longer gets attention, they will move on to the next fad. To a certain extent I think they are disingenuous when they act surprised they get hassled, because a lot of them are doing it to get attention, even bad attention.
The great irony here is that these supposed "subversives" buy into the mass consumerism that fuels the masters who seek to oppress them.
Exactly. It is nothing new though, the latchers-on in the 50's all tried to be James Dean, in the 60's all the kids bought commercial pseudo-hippie clothes, in the 70's they bought all of the platform shoes, leisure suits and whatnot fake disco clothes. Its all still conformity, just conforming to something different than their parents did.
You want a real subversive? It's someone who looks like they shop at Brooks Brothers, who sounds clarion calls against the status quo, and goes home and pops in their favourite NWA CD.(Mind you, this could just be my bias toward "Old-School")
I'm not all that interested in intentionally trying to be subversive anymore, but neither can I be bothered to try to conform. I just don't care that much anymore about what other people think. I buy what I find to be cheap and comfortable, not what the fashion police say is the hot thing these days. My political views aren't that way out for Slashdot, but probably would raise a few eyebrows amongst the average populace. I'm not at all familiar with NWA, but my listening tastes aren't at all mainstream either.
Then, simply speaking, you didn't read the article.
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
Which is why I put a smiley behind it :)
Soma: because a gramme is better than a damn.
When last I check, Illinois a member of the Republic of the United States of America. I believe that this is still the case.
Where did this "confiscate personal property and ask questions later" mindset come from?
Contrary to what you seem to believe, police officers are not "the law," and, therefore "cuz Mr. police officer says so" does not qualify as "due process of law."
In short, READ THE CONSTITUTION and maybe a little HISTORY. Failure to do so is the great failure of this nation.