Busted for (L0pht)Crack Possession

TaoJones writes, "Seems like the city of Hopkins, Minn. has declared L0phtcrack illegal. The story from Channel4000 details 11 felony charges against one David Thomas Bell, including two counts of "possession of burglary or theft tools"... namely L0Phtcrack. " What next? Debuggers?

Makes sense...

[Mark+F.+Komarinski]

When I was in my lockpicking phase (anyone have a link to the MIT Lockpicking Guide?), I learned an important point:

Having lockpicks isn't illegal. Using them in conjunction with a crime (breaking and entering, robbery, etc.) is illegal and a separate charge.

There is no difference in having cracking tools. If I'm not cracking anything, then it doesn't matter. A quick look at the article indicates they were using those tools to crack machines. Thus, a separate charge.

Title of Article is BS

[Blue+Lang]

They were NOT busted just for possessing lophtcrack, they were busted for stealing usernames, passwords, and customer lists.

Just like there's nothing wrong with owning a crack pipe until you get caught with crack, there's nothing wrong with owning crack() until you get caught cracking.

--
blue

Read closely

[Duke+of+URL]

Read closely and you may not feel so sorry for them. They used L0phtCrack as a tool to commit a crime, rather than to secure their own networks.

L0phtCrack is a legit tool and is legal, HOWEVER, should you use that tool, it could be called a tool to commit a crime. If he had done a physical entry they would have called his power tools, should they have been used to break in, as theft tools. Its a way to add on years (or the threat of) to their possible sentance. Somehow this is supposed to deter other criminals. Don't ask me if it works or not. I don't have a clue.

Deliberately Misleading?

[adimarco]

The summary of the article provided as the blurb here on slashdot, right down to the very title of the article itself "Busted for (L0pht)Crack Posession" is extremely misleading, and I have to wonder if it's deliberately so?

I'm not usually one to come out and accuse the /. editors of tactics to deliberately create clicks, but how else can this be explained? If he who posted this article had actually read the article linked to, the blurb shouldn't have read as it did. It appears to be designed solely to incite a flame war over whether or not posession of l0phtcrack should be legal.

The article says they were arrested and charged with 15 felony counts not for posession of L0phtcrack, but for repeatedly hacking into the computers of their former employers to steal lists of usernames and passwords. This is illegal, and no new news.

If we could moderate the articles themselves, I'd moderate this one down as Flamebait or Troll.

Anthony

The line between tools that are dangerous...

[Dirtside]

...and tools that are not is a fine one. Obviously a lockpick is unlikely to assist in any crimes if it's just sitting there; you have to actually use it. What about more dangerous tools? Where do we draw the line? An atomic bomb doesn't hurt anyone unless you set it off, but it's not legal for an American citizen to possess one. How about a fuel-air explosive bomb (often called the poor man's atomic bomb)? Less destructive than an atom bomb but still very dangerous. How about a thousand pound iron bomb? Well, that could destroy a bunch of houses near yours. How about a hand grenade? An M-80?

The problem comes because there is a level at which something isn't dangerous enough that it needs to be illegal. Obviously we can't use the argument that something MIGHT be used to harm someone, therefore it should be illegal to possess, since just about any piece of matter in the universe could be used to hurt someone in some way. (Ban books, because big heavy ones can be dropped on people from ten stories up!)

The point is that we eventually do draw a line somewhere. However I don't think that, in general, things that aren't intended for causing injury to other people should be illegal. (Burglary tools, for example, or cracking programs.) I say SHOULD because, in general, things that aren't intended for harming people are NOT illegal. So why should software be any different? The only way I can see this being justified is if the software is designed to circumvent safety locks/overrides on, say, an elevator, or the air traffic control system, or a nuclear reactor -- things that, if they break, will almost certainly cause injury. And much as I appreciate and agree with the old saw about cracking to show that the security is weak, when people's lives are at stake, I don't think it holds up any longer.

irresponsible headline

[wavelet]

after reading the article, these people were not just busted for possesion of l0phtcrack. they were busted for illegal activities and for the possesion of the tools that they used to commit those illegal activities.

this is not only irresponsible, but sensationalistic on the part of cmdrtaco.

cracking tool?

[mosch]

If I murder somebody with a rock, I should get charged with murder, not possession of a rock.

The issue that I see is that many many programs can be exploited manually. What if you have a vulnerable network daemon and the attacker uses nc to feed it input. Is nc illegal then? How about if somebody writes a trojan in C, is the compiler illegal? the linker?

I'm not attempting to be difficult, I just fail to see the point of criminalizing a particular password recovery tool moreso than other methods of attack. If the alleged crimes are true, then I have no problems with them going down for what they did, but I don't see the how as being particularly relevant.
----------------------------