Slashdot Mirror
When The FBI Knocks, A First-Person Account
Ever wondered what happens when your IRC chatter draws the attention of the public servants at the FBI? dilinger writes: "I wrote up a description of what happened to me last weekend. The FBI confiscated my computers for checking out yankees.com, after it had been defaced. If this doesn't make you paranoid, nothing will. :)"
the FBI will only help you if the dollar amount of the losses due to the crime is anticipated to be sufficiently high.
ex. in case of something like a domain hijacking (via NSI's stupid email authentication) the limit is around $5000. if you didn't lose $5K, the FBI won't help you, period.
i suppose it's probably just a matter of resource allocation on the FBI's part, but still...
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
There's more information to be found on a computer disk than what you can get by dumping the contents
Yes, that is true. On the same note, there is more information in a wall splattered with blood than the pictures and measurements. Does the FBI come to the house and cut down the wall for 'evidence', using regular field agents to handle cutting down the wall with sledgehammers and sawzalls? Nope. They use specialized blood spatter technicians, who do the tests on the wall, photograph, sample, measure, and leave in a timely fashion. If their tests reveal that there may be more information on/in the wall, they come back and do the test. If you've washed your wall in bleach to remove the stains (and destroyed the evidence they might have liked) too fucking bad.
Why should they make an exception in the case of digital data on electronic storage?
.sig: Now legally binding!
Bear in mind that at this point, the *only* thing they have at all is you, the person who found the body. What do you expect them to do? Stand there and mutter, "Dude, that's a very dead guy."
-b
Nah, a portscan is more like taking a picture of the outside of a crimescene to see how many windows and doors the building has
When those pesky alumnus donation forms show up in your mailbox in a few years you at least have an excuse, you can just refer them back to this particular incident and flip the bird in their general direction. And then when you make your fortune on your first IPO you can call up the Dean of Student Affairs and let him know where he can shove his goddamn attitude.
:wq
You obviously don't have a clue what a modern forensics lab can do, and the FBI has the best in the country. You would need a huge incindiary device that would take out the building, and it by itself would leave more than enough forensic evidence.
--
When you sympathize with stupidity, you start thinking like an idiot.
Anyone who commits a crime and thinks they won't caught most likely will be. It's the paranoid criminals who will get away with it.
In another post of mine I mention someone who tried to destroy evidence on a floppy be cutting up the disk, his mistake was thinking that this would make the disk unusable. Why didn't he burn it? Because he wasn't afraid of being caught.
Lots of grafitti can look good. Gives some color to drab buildings
Possibly. It sounds like an EMP kinda thing. They can knock out the computer in your car with it. I don't know if you'd want to be around on big enough to kill your hd though :)
"Evidence", yeah, right. But how much of what they took can possibly be real evidence of anything? Not much, and they dont have any real reason to keep it either. IANAL, but heres why I think so...
If they booted that machine they took even once their chain of evidence is tainted. It doesnt take much C++ skill to mess around with, for example, a DHCP client that will irreversibly trash certain areas of the HD if the packet that gave it its IP addy happens to come from the wrong MAC address indicating the machine is no longer on its home network - it could even be made to look plausible by looking like a boot-time fsck pass. If they did anything but temporarily connect the media on the confiscated system to a different machine and make a raw copy of each disk (without even mounting it) they cant trust anything they see.
Of course if they are doing that once, they can do it twice and present the guy they are accusing with a copy of the evidence they collect just like in the UK the police are required to tape interviews (on a machine that records 2 tapes simultaneously) and give you or your lawyer a copy of the tape immediately the interview is over. Of course I'd bet the cops really wouldnt like that - it means if theres a single bit difference between the two images when it comes time to go to court and the defendants lawyer can prove their copy has been sitting in his safe the whole time then somebody just got caught tampering with evidence. No matter how good the police force is, some of that goes on in all of them - thats why the UK introduced that regulation about the taped interviews.
This also means that every piece of data on that computer is in their hands. They probably will want to hang onto the physical media from it in case they decide to do the more invasive data recovery techniques but theres no harm to their chain of evidence from handing back the machine(s) excluding disks, but with a complete disk image on whatever media they like. No unjust deprivation of a persons access to and use of their personal property either - and yes, I include the data in that category as well, its the most valuable component of the system because hardware is replaceable, work is not.
I, for one, am not holding my breath waiting for this to happen though. Perhaps the best we can hope for is to have the cops wake up to reality and make sure that they actually send along somebody who knows his ass from his elbow where data security is concerned to cases like these, just like they send cops trained in accountancy on financial cases.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I had a
Man oh man, calm down.... I agree... this guy should not have stolen your post. Don't worry, many people now see that he stole it and moderators should act accordingly. It was pretty shitty of him to do that even though your post was in the public domain. At least he found your post good enough to copy. Remember, imitation is flattery... I'd still be pissed though.
Fucking sheep. (possible troll) But still, half the stuff I've read here pretty much assumes the author was innocent. Not to mention assuming that the Feds are "Evil". Think for yourselves people, this isn't enemy of the state, its not 1984. Sure there are cases where the Feds and other law enforcement overstep their bounds, but that doesn't mean it happens all the time.
If anything, for those cases when law enforcement breaks the Law, we should be asking them to make sure that THEY understand the Law, and that THEY are not above the Law... how can they expect to enforce it if they dont follow it?
I ate my sig.
Idiot. SOP is the hard drives are removed and are never booted: they are copied, then the copies are worked.
You give them ERASE password: disks trashed, they load a new HD from the images, and start again. All you did is cost them an hour or two of time and pissed them off more.
--
When you sympathize with stupidity, you start thinking like an idiot.
I had a similar experience about 3 years ago. The problem was that the admin was too stupid to realize what a Smurf attack was. They did not however attempt to confiscate my machine. I explained to the admin how a smurf attack works, and how _I_ was the recipient of the attack and not the clueless admins of joeschmo.com who had their broadcast addies wide open and were accusing me of attacking them.
Dude, like it's great that we can keep our guns and all. But WTF can we do with them? We can't USE them, except, maybe as a hammer to hang a paining or somehting. You're correct aobut our rights being eroded though.
And about guns, it's the right to bear arms - which is cool, the only problem with it is, there are plenty of laws obsufcating the intent of that right.
You miss the point, my friend, and you forget the 25 years of internet history that pre-date the last five. You put a computer on the internet and enable its services because you WANT the entire world to have access to them.
Your analogy is flawed because Western society has had CENTURIES of property law. Even legally clueless people like you and me know that what you are suggesting is stupid. The internet, on the other hand, had a couple of decades of exactly what you described, followed by a corporate revolution. Your analogy would be closer to correct if we assumed that the "you" mentoned throughout the analogy is an aboriginal individual who was raised with no notion of Western-style property rights, and who therefore has a run-in with the law.
a sysadmin here at NASA accused me of being a hacker... for what? I left slashdot up on a mac one day. all i work with are spreadsheets. it doesn't matter what you do or how you do it, if people can't understand it then you're hacking...
i compiled the 2.4 test kernel once then abandoned it when it wouldn't support my network card, but i'm a hacker cos i visit slashdot. please show me where this makes sense.
http://www.nakedandfree.com
>As someone else mentioned, its like not just
>viewing a crime scene, but crossing the yellow >tape.
Except... there was no yellow tape.
-fb Everything not expressly forbidden is now mandatory.
Oh yes, it does. It keeps you, in your ignorance of the law, from telling the FBI things that they can later use against you. Maybe port scanning is illegal in the state the server resides in. Maybe that state has an extradition treaty with your state. Maybe your knowledge dazzles the FBI so much that they decide you MUST be the one. Maybe your statements match the profile of the crime. Maybe they harass you while they investigate you. Maybe you get screwed on the basis of shooting off your own mouth and trusting people whose job it is to spend eight hours a day, five days a week, 52 weeks a year dealing with criminals.
It's kind of like tech support. When all you deal with is broken computers, you start to think that all computers are broken. When all you talk to are stupid people, you start to think that people are stupid. When all you deal with is criminals lying to you, you start to think that accusation = guilt...
Hell, if I can't get him to wear a helmet when he rides his skateboard. . .
kidding, of course.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Yes, the Netherlands is the true "Free World", not the USA, where I was raised and brainwashed into thinking that I was free.
I spent 4 years as a(n underpaid) lifeguard during high school and college. I'll agree with you 100% that everyone should know CPR and First Aid. I haven't worked anywhere where I had a duty to respond in 3 years, yet I've still maintained my CPR at the Cross's PR level. In fact, I won't go off and join our (in the process of being formed for the past year and a half) first responder team just because the blanket of the good samaritan law doesn't apply for that, but I'd sure help. (What I love here is the oxygen cylinder we have that no one can use because technically its considered to be administering a drug, an ability only conferred upon EMT's and higher-ups)
:).
Disclaimer: The following is not legal advise.
In fact, it is not just the First Responder team membership that causes you to have a duty to respond. Everyone, at least in Minnesota, has a duty to respond, and provide care to the level of their training. For most people, that means checking to see if appropriate care has been called, and calling for it if not (which, naturally extends to doing whatever the dispatcher wants you to; think of it as on-the-job training). However, good samaritan protection ends at the same point your training does. (i.e., if a paramedic asks you to assist in hooking up a drip, and you do so, you're not protected).
If it were me, I'd stay and do anything I could even after EMT's showed up, and I'd probably stop if there were only cops there, in the event they were worn out from CPR, etc. Despite the fact that I killed most of my conscience a long time ago (it was getting in the way), there's still a part of it there
The purpose of moderation is to elevate especially informative or interesting points in the discussion above others, NOT to reward the poster with karma.
Was it right to copy the post from kuro5hin? It was probably done with the intent of gaining karma, but so what? The poster knew by contributing something relevant and valuable to the discussion he could get modded up. That is how moderation works. By modding this post up, it becomes more relevant and adds more to the discussion, because more people get to see it.
Once something is posted on a forum like kuro5hin or slashdot, it is in the public domain (despite the little notice at the bottom).
Was it ethically correct to copy this post? Perhaps. If you follow Kantz' ethical model and believe a greater justice is being done in repeating this story to a larger audience than the perceived injustice done to the original poster, then yes. On the other hand, if you think karma is so valuable -- a game -- then I suppose you should go ahead and mod him down, and "teach him a lesson".
---
GetSystemMetrics(SM_SECURE) == FALSE
that would require granting jurisdiction. States frown on that kind of thing.
First off, I don't for one second think you did anything illegal regarding this. Nor do I think you did anything wrong. However, You should consider the fact that if you hang around tampering with a fresh crime scene, its JUST POSSIBLE that someone is taking notes and you might get targeted as a suspect.
From what it sounds like, the FBI's actions were simply an act of evidence gathering, not necessarily singling you out as a suspect. However, your actions were sufficient to warrant "probable cause" to obtain a warrant, and once that happens, you're pretty much screwed. They can pretty much do or take anything they want until a trial comes up (and we all know how long "hacking" trials can take)
Do I think this is fair, no I most certainly do not. Do I think you could have avoided all this? Yes, I do.
-Restil
Play with my webcams and lights here
The question should be: why is that kind of "vandalism" considered a serious crime to begin with? Granted, it's unpleasant and shouldn't happen. But it is hardly the case that anybody got hurt, or that anybody made money from it. It seems to me roughly the equivalent of sticking an easy-to-remove poster to a store window.
The problem with making minor pranks major crimes is that it greatly expands the power of the police and the state. Or, as a police officer once told me during traffic school (which I had to attend for a traffic offense I didn't commit): you can't leave your front door without violating some traffic law; we can get you if we want to.
Criminalizing almost everything and imposing harsh punishments on everything doesn't lead to a safe society, it leads to a police state.
That's a good point, but when you start adding up the dollars in labour spent cleaning up some twerp's mess, as well as having to do an entire audit of neighboring systems, that $5000 can add up pretty fast.
The Yankees are still a big business, and the FBI is available for businesses who are victims of computer fraud/theft/espionage/etc. If our site was hacked, the FBI would be on the top 3 organizations we'd contact. (Actually, it'd be the first). Any time there's an "incident" that could possible cross state/international lines, the FBI is involved.
If you were in charge of Yankees.com, and your site was compromised.. what would you do? Nothing? Call all your 3R33T friends? Investigate by yourself?
This is yet more proof that the average slashdot computer dweeb has zero clue about how business really works outside their dorm or pre-IPO VC dot-com.
Life sucks, wear a helmet.
~dlb
If they seize your drugs, are you going to insist they leave you with the same amount you seized, until you're found guilty? Sheesh.
Open Source. Closed Minds. We are Slashdot.
I believe that the FBI could have been fully in their rights to take ALL computer related items. Including the valuable pr0n collection.
I don't think so. They can only take whats related to the crime under investigation. Its doubtful those porn cds would have helped him hack in. Warrents are supposed to be pretty specific, and if they find something else illegal not meanted in the warrent, they must turn a blind eye.
This can be directly equated to a situation where you hear about a liquor store that got robbed so, as a curious citizen, you drive by and take a look. Being that you left some small piece of evidence that you were there at all, the FBI or whoever comes back to your house, confiscates your car and questions you. Anyone see anything wrong with this?? Anyone???
...I returned to my IRC client, said "Looks like a dns hack...", and and the conversation went elsewhere. The entire thing lasted possibly five minutes, and occupied no more than 3 or 4 lines on IRC.
Not at all, but let me make a better example, based on what he said:
Say you were walking down the street and happen to notice the evidence of a break-in, with a policeman standing there. So, if you tell your friend, "Hmm, looks like they broke the window open with a brick," the police would be able to thoroughly question you about your knowledge of break-ins, how you obtained the knowledge, and take any property that you own that could be considered to be "break-in material"?
You are supposed to tell me to go live in the Soviet Union if I don't like how "our" government works.
It's funny how weak this old flame is these days, since U.S. government agencies practice everything that "we" supposedly hated the Soviet Union for.
On a related note: The affidavit that was used by the Penn. cops to justify their raid of the puppet warehouse included some amusing stuff about how we were funded by the Soviet Union, nevermind the fact that the ole USSR hasn't existed for 10 YEARS!
I got a personal chuckle out of the affidavit when I finally read it because it mentioned my website.
Depending on how sensitive the data on the box is, it is sometimes desirable to leave it up to watch what the cracker is doing. Observing a cracker can give you clues out his mo, and what it is he wants to do. This can be valuable in catching him. Or in this case, going after the wrong person.
This war on hacking is gonna be just like the war on drugs. Suspects have no rights. The law is supreme and those who represent the law have supreme power. Speak against them and you will be branded a deviant, a criminal sympathizer, and perhaps much worse.
The War on Drugs has resulted in a much more powerful police force and much weaker rights than we previously had. The government used the War on Drugs to justify civil forfeiture laws which allows local and federal agencies to confiscate your property merely upon suspiscion that it was used in a crime--and they never have to give it back even if you are proven innocent! Here's the real kicker: The agencies (local and/or federal) get to keep your property for their own use, or sell it. In states that restrict this kind of behavior, municipalities can team up with a federal agency such as the DEA or FBI to circumvent these restrictions so they still can get a slice of the pie. In almost all cases where the person is found to be innocent the property is still not returned.
The government obviously feels the need to police the Internet, and have expressed the need for more resources to do it. A War on Hacking modeled after the War on Drugs is the winning formula for them to accomplish this.
If you want to learn the history that we were not taught, but are likely doomed to repeat, check out:
"civil forfeiture" on Google
LibertyBoard.org
Smokedot.org - Smokedot links to a lot of great articles on War on Drug issues as well as other stuff. It's not just for stoners ya'know.
numb
OOOOh! A new karma whoring game! Look for posts on k5 or /. that are good and cut/past them to the other. Brilliant!
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
It is interesting that in most jurisdictions traffic violations are "Guilty until proven innocent". I had a scenario similar to your example. I was headed down a hill in an area notorious for strict enforcement, so I was doing exactly the posted 25 mph. This old guy in a pickup truck grows impatient and blasts past me and down the hill. Sure enough, there is a motorcycle cop at the bottom of the hill. The cop is having a cigarette and a coke and looking the other way. His radar gun beeps at him, he turns around and sees me. I'm clearly doing the speed limit (hey, 25 mph is visible to the naked eye, and a long way from 42 mph). He didn't see it that way and wrote up the ticket. When we got to court, the only questions I was allowed to ask are "are you certified to use radar", "was your radar gun calibrated" and "was the grade of the hill or the distance from the curve outside the legal limits for radar use". The question of whether he had the dang thing pointed at me at all was ruled out of order. The fact that he was looking in the complete other direction - out of order. There are only three acceptable arguments to a radar ticket, none of them have to do with "the officer made a mistake". I asked later if they would allow a videotape of the entire event as evidence. Nope, not admissible. BTW, this didn't happen in Turkey or Singapore or some other more limited civil rights area. This happened in Atlanta, GA.
Canada will stay safe until we are too "free" for the US to accept and then we will be annexed.
+1 Funny, or +1 Frightening?
Hmmm.....I think you just discovered a use for Macs. All the translucent plastic would just pass harmlessly through the frame!
Of course, you would be busted for destruction of evidance.
Actually I've seen the 5th amendment plea been taken down by the almighty "obstruction of justice"...making the fine/sentence even stiffer. But you are correct, it is against the 5th.
Don't forget the books!
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
You forget to mention that the Beowulf Cluster of FBI agents, and all sorts of references to hot grits, random Natalies etc. If you're making noise, be complete.
People replying to my sig annoy me. That's why I change it all the time.
*laugh* Hey, I've been called a facist before by this crowd, but when did I get bonafide? Maybe I could add that to my business card - "Facist as bonafide by some loser on slashdot who doesn't agree with my politics."
I don't think the trains line would get anywhere in my neck of the woods, tho. The MBTA runs on an OK schedule generally. Maybe "he'll make them stop running an express train to harvard when you're at central and already late."
Heck, he's probably a member of one of our more corrupt PDs in this country (like LAPD, for instance).
hmmm... The guy manages to err on my gender, occupation, state of residence and political leanings all in on post. Nice job, if you had managed to make incorrect assumptions about my OS as well, it could have been a loser clean sweep.
-Kahuna Burger
...will work for Chick tracts...
So many moons ago, when I was doing tech support in college, something like that happened. A bunch of students living off campus had a house fire, and lost just about everything. So one of them finds a somewhat charred floppy with a term paper on it, and brings it to us to see if we can save any of it. A co-worker of mine cracks open the disk, swabs the media clean with alcohol and q-tips, puts the media into a different floppy shell, and recovers the entire disk... Now, the media itself wasn't melted or anything, so maybe a more direct application of fire might make a difference.
itachi
Google mirrors. Your 'contract' is invalid because it is factually incorrect. Besides which, what's your point? It's posted to a public forum and now it's in the publc domain. Your argument is circular. He says, "despite the little notice," you say, "because the little notice." Great argument.
---
Bob Fucking Costas. Does anyone else hate that motherfucker?
Suspicion is enough to quietly have him under surveillance for a week or two to see if he's bragging, engaging in illegal activities, etc. That's a legitimate act of law enforcement.
That isn't what they did. They went to a judge, got a warrant and confiscated his property. If he were an organized criminal cracking Visa for cash, his mob lawyer would have these guys for lunch for not having probable cause and for removing him from the place of the search (that evidence was planted! can be a winner in court).
What was going on was harrassment, pure and simple. They wanted to rap him on his knuckles so he keeps a wider distance between himself and any crackers he might know.
DB
Nuh-huh. A suspect, possibly, but ruled out rather quickly, one would have hoped.
Why is it that when you hope somebody - be it a higher-up in corporate-land, a cop, the sysadmin of somebody else's server you have to deal with - is knowledgeable of their particular niche in computing, they aren't? Why is the VP of Operations of my previous employer incapable of checking his email with anything other than the web interface? Why do postmasters shudder at the thought of knowing anything about SMTP 821? Why do FBI investigations seem to go after the wrong guy, for doing the wrong things, if going after anybody at all?
A company I used to work for had a billing database stolen over a year ago. This was a big deal, as it involved an employee, some DoS attacks, and lots of stolen credit card numbers. It would be over six months before the SBI called any of us for questioning. I wasn't even working there when this all happened, but I did find a couple more backdoors that had been left behind on some windoze boxes there. That was in the Spring of this year - haven't heard a word from them since. And the investigator admitted right off the bat that his technical knowledge on this kind of thing was quite limited. *sigh* WHY THE FSCK IS HE INVESTIGATING COMPUTER CRIMES IF HE DOESN'T KNOW ANYTHING ABOUT COMPUTERS?! Either the guy was good at playing the fool, or I really did explain Back-Orifice to him for the first time. I couldn't offer much more than some basic theories, though, since the details were all way before my arrival on the scene.
The guy in this article obviously did enough poking around to create a noticeable amount of logfiles. But, this is all post-mortem. A second look and some thinking about the situation would cause me to think this was NOT the cracker, if I were trying to investigate this. I'd sure be a lot more interested in logs created before the break-in, if any still existed, than some TCP connects and a zone transfer that occurred some time after. Those are things the cracker would have done BEFOREhand, not after the fact. On an 0wn3d box, I would only expect to see attempts to access the backdoor(s) left behind, rather than full-on portscans and zone transfers. If it were just a simple website defacement, I might not expect to ever see the cracker try to connect again, as they've done their deed for the day and know better than to return. The fact that all this happened would lead me to believe that any evidence leading back to those truly responsible was indeed pretty much eliminated, leaving this poor sap in the spotlight after traipsing around like he did.
Which is all the more reason why this kind of seizure is not justifiable. What are they looking for on his computer, the "Log of Yankees websites I have hacked"? "HOW TO HACK AND CRACK AND DO ILLEGAL THINGS - A Guide by Dilinger"? "Top 10 Reasons Why the FBI Will Never Catch Me"? "Photo album of me cracking websites - Autumn/2000"? Follow up on leads, sure, but no need for the heavy-handed treatment based on the evidence at hand.
Sheesh.
This just reeks of people who don't know what they're doing. (God, I really hate baseball, too. I only crack hockey-team websites.)
--
And aim for the head...jackbooted thugs wear body armor.
Going against the /. mentality is grounds for bitch-smacking, apparently.
Open Source. Closed Minds. We are Slashdot.
he asked for it in the sense that any person doing anything involved with the yankees needs to be prosecuted and examined for mental retardation.
The only negative experience I've ever had with the police was when I got pulled over for doing 75 mph in a 50mph zone and had my driver's license revoked for 6 months, but that's not the cop's fault, it's the stupid legislators in my home state of Georgia.
The vast majority of police officers in my area I know personally (went to high school with a lot of their kids or little brothers), and get along well with them. When they ask me a question, I tell them the honest truth.
Stop being so paranoid.
the unbeliever
aim:dasubergeek99
yahoo!:blackrose91
ICQ:1741281
If this guy is telling the truth, he hasn't done anything illegal. But that doesn't mean the FBI did anything wrong. What this guy did was the equivalent of rooting through a trash bin and obtaining the gun that was used in a murder and taking it home with him. He may not have killed anyone, but he's given plenty of reason to suspect him. I don't see any civil liberties violation here. The FBI needs his computer as evidence. Would anyone complain if the FBI confiscated the gun he brought home?
--
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
The only warrant that was denied was one for that Chinese guy at the nuke lab
There's more information to be found on a computer disk than what you can get by dumping the contents. If he erased a file, there are methods of recovering the information even if it's been overwritten. I don't know that there was enough evidence that the warrant should have been issued, but once it's been issued you can't blame the FBI for doing a good investigation. The problem is that it's difficult to get a Judge that knows enough about computers to determine if the warrant should be issued.
Anyway, that important detail - Steve Jackson Games published some kind of H/Cracker game that bore a loose semblance to real life. And of course people discussed it on their Bulletin Boards. And that is one of the things that attracted attention from the FBI.
Oh, while waiting for the preview I noticed someone else has touched on this elsewhere in the thread. I'll take the -1 Redundant chance becuase this completes the otherwise excellent overview of what happened almost 10 years ago.
Bleh!
Well, he DID do a zone transfer of yankees.com, although it should be pretty easy to prove that he did it AFTER the hack. I'm sure zone transfers (or attempts) of large sites right BEFORE they're hacked is a very bad idea.
Aaron Plattner
How nice of the police to make it wrong to help someone...this is why i tend to think they do more harm then good.
He did more than visit the website. He took it upon himself to "analyse" the crack, sniffing around, trying to find what vulnerabilities there were. He deserved it.
Open Source. Closed Minds. We are Slashdot.
Hopefully your atty is used to dealing with the Feds.
IANAL, neither am I a cop, but I know lots of them including computer forensic guys. Standard procedure is to inspect your equipment then copy your HD's and examine the copies. Once this is done in a properly documented manner, i.e. the copies are verified as usable, the need for them to retain the equipment is minimal.
Get your attorney to write a letter petitioning the judge who authorized the warrant in the first place to get your equipment back. Stress that you are a student and the equipment is critical to completing your studies. Also point out that the logs should clearly show your accessing the site AFTER the defacement took place. And it wouldn't hurt to volunteer to talk to their forensic people to offer them info on what you looked at to examine the hack. I think everyone who works for the FBI is a sworn officer, so talking to one of their techs is talking to an investigator.
You want to show sincere humility. You are an innocent bystander whose fingerprints were at the crime scene. Suck up, just like you would to a professor. Quiet and humble, even though you were screwed. Getting mad at this point accomplishes nothing excepting guaranteeing feet-dragging when it comes to getting your stuff back.
Oh, and watch your porn collection. Different types of porn are illegal in different areas. For example, "shower" scenes are illegal in my area as is beastiality. Keep your collection at the Playboy level and you're good.
And why is the FBI involved? First, the Yankee's is a multi-million $ business, second, I'm guessing that your school is not in NY state, which makes it an interstate crime.
Again, IANAL or a cop, I just know a lot of them.
--
When you sympathize with stupidity, you start thinking like an idiot.
This kind of technology would be amasing! :-)
So, using your equipment I could save more than 10 times the space available in my winchester? Very good!
Are you planning a IPO?
Is Netherlands as nice as I picture it? =) I live in Sweden, which I love, but if I had to move somewhere, it would be the netherlands. You guys seem to be a bit like us, you even speak swedish with some german thrown in for good measure ;).
But the question basically is, do you have sensible laws and such? Sometimes I feel Sweden is the last bastion of sanity, but with some luck we're not alone. (And no, Sweden is far from perfect.)
yes, yes they are. You will notice that the people who had suffered damage in this case were also citizens. Those citizens had the right to have a crime against them investigated. The cops had an obligation to not run rampant over the rights of the citizen being ivestigated as well. The part where your response becomes strange is when you realize that they didn't.
Lets actually look at this kids story. He had just gotten fired. He still had access to the systems of the people who just fired him and accessed them that morning. The systems were maliciously compromized. Now what part of "erring on the side of the rights of citizens" wouldn't make him a suspect? The part where anyone saying "oh, this is a mistake, I'm innocent or possibly framed" causes police officers to respond "oh, sorry for bothering you, we would never continue a reasonable investigation after someone says they're innocent"? Of course he was investigated.
Saying "shit happens" is a cop out.
Sometimes, saying "shit happens" is the only mature response to a situation. Specifically, it is the mature response when the system, running as best it can in the best ballance we have come to, nonetheless fails you. The immature response is to attck the system and call the police names when their actions aren't what you like. The even less mature response is to assume that the entire system must be overhauled to avoid ever making that mistake (even if it would lead to many more mistakes of an equally unpleasant kind)
My NICOE was threatened with a frivilous assault charge by a girl subleting with us who bragged that "the police will take my word cause I'm the female" and "your life will be screwed even if you win". She knew how to use the laws in our state to screw someone. After I stayed up for 36 hours straight, crashed for 12 hours and stayed up another 36 all because I was so overwhellemed with rage at her actions that I couldn't sleep, she moved out without making good on the threat, and life returned to normal. The point of this story is that before this incident, I supported the domestic violence and restraining order laws that she had threatened my NICOE with. After it happened, I still supported those same laws. Why? Because the laws cannot be written to prevent all such possible abuses without making them totally toothless, and it would be immature for me to change my overall assessments of the risks and benifits just because I had had personal expereince with the risks. The mature response was not to rail against the system as intrinsicly broken or the authorities as evil, but to say "We had a psycho sublet. Shit happens. Glad thats over." In fact, I would say the decision criteria that needed to be changed based on the incident was our system for picking housemates/sublets, not anything in the MA criminal code.
The mature response to the orriginal poster's situation is (IMHO) similar. "Though either coincidence or malevolence, someone I had a apparent motive against, suffered damage I was capable of right after the potentially motivating situation. This caused a lot of stress, but no end charges. Shit happens. Glad that's mostly over without charges filed. Next time I will encourage them to change passwords and such the day that I leave as a protection for myself as well as them."
This is the mature use of "shit happens", its no copout, the copout is pretenting that the system could work right every single time, or at least should work wrong in the way that never causes you any trouble.
-Kahuna Burger
...will work for Chick tracts...
But then to confiscate stuff on me? No i don't think thats the right way to proceed. This guilty until proven innocent needs to stop.
"Could you be more specific? I get so many rides home from jail." -- Half Baked.
Seriously, though, yeah and you are right. The police won't even necessarily inform you that you have the right to an attorney, although they are supposed to. In my case they refused my request to speak with an attorney (my brother) since they assumed I did not already have an attorney, but only wanted to (find and) speak to an attorney. I learned later that they should have honored my request since I had the number in my head and only had to pick up a phone. Make sure you always say, "I want to speak with my attorney."
I can see your point, but at the same time, I can also see their's. You were hacking at SMTP to understand what it's doing. You were curious, and they reacted like you were picking a door lock to see how it works (bad analogy, yes, but that sounds like how they took it).
The only problem I see with that is, out of politeness (for lack of a better work) you should have tryed poking around with an SMTP server of your own as opposed to one you didn't run.
Cannabis is condoned, beer is cheap. I rest my case.
People replying to my sig annoy me. That's why I change it all the time.
Opps, i meant guilty until proven innocent. Doh.
Anyway.
I don't understand why i should allow someone to go over my things with a fine tooth comb if i haven't done anything wrong. Invasion of privacy is not a nice feeling to endure. Just b/c i want to keep my private stuff private does not mean i'm guilty of anything. If the warrent were not there, we'd have random searchs for no reason. So why is it wrong to invoke a defense against things like that? All you're saying when you want themt o have a warrent is 'you had better have a good reason for seaching me.' And i don't see anything wrong with that.
These are not the only alternatives and it is fallacious to assert that the judgement of whether intellectual dishonesty is such a cut and dried choice between Kantzian ethics and viewing karma as a game.
If Th3 D0t had given a link to the original post, or at least some sort of indication that it was from another source, I doubt there would have been a backlash. Many people have cut and pasted posts from other web logs, articles, books, writings, etc. and have been modded up with no backlash. The difference is that these people have always attributed the quotation to the author and have not attempted to take credit for someone else's work.
Even in an 'open' discussion forum such as /. intellectual integrity is important.
Even if we evaluate what happened completely along your stated lines, the conclusion that allowing intellectual dishonesty into a discussion is a good thing is quite arguable.
have a day,
-l
Oh please! You are taking a physical-world analogy and applying it to the "electron world"!
This is one of the problems with LEOs today: they try to carry over incorrect analogies.
What this guy Dillinger did is perfectly legal.
If we kill the curiosity in our college kids, where will the innovations for the next generation come from?
A few highlights from the judge's decision:
"there has never been any basis for suspicion that any of the Plaintiffs have engaged in any criminal activity, [nor] violated any law"
"a reasonable investigation of only several hours would have revealed Steve Jackson Games, Inc. was, in fact, a legitimate publisher of information to the public"
"The affidavit and warrant preparation was simply sloppy and not carefully done."
"In addition, Agent Foley must have known his seizure of computers, printers, disks and other materials and his refusal to provide copies represented a risk of substantial harm to Steve Jackson Games, Inc. -- under circumstances where he had no reason to believe the corporation or its owner was involved in criminal activity."
Any of this sound familiar yet? Read the whole text of the federal judge's decision here. Enlightening reading, especially if you're a government cheerleader. It could happen to you.
this is the year 2000. This is NOT 1800. There is no such thing as rights anymore in America. You live in a cave? lol
rm -rf /* is a poor deletion technique anyways. There are several undocumented 'unrm' utilities out there (I've seen one myself) that are basically fancy implementations of 'dd' that can easily recover data from a UFS or ext2 filesystem.
If you really want to wipe your data clean you should use sdelete (Windows) or secure delete (Unix).
The people left in the bank after a bank robbery don't go sniffing around behind the counter, examining the drawers that the robbers took money from, interrogating the tellers, and examining anything the robbers touched. That's why.
Open Source. Closed Minds. We are Slashdot.
It has nothing to do with pride.
Hey, I'd love to track some l0ser down myself and press charges and optionally whoop his ass if I could.
Do I or my peers have time for that? No.
Do I or my peers have have in-house resources to track them over state or int'l lines? No.
The FBI is available for that sort of thing, so why not make use of the service.
~dlb
That is to say, "RFC 821", not "SMTP 821". SMTP 821 is, of course, the part number for Charmin Extra-Soft 2-Ply ("Soft Motherfuckin Toilet Paper #821"), not to be confused with RFC 821, which outlines the Simple Mail Transfer Protocol, existence of which is known about by far too few admins of mailservers on this net.
--
"Today at 0600 hours, the FBI conducted raids on over 300 apartments of 'hackers.' These 'hackers' are alleged users of the satanic 'Linux' operating system created by an evil Finnish computer pirate. The FBI seized computers, printouts of articles from slashdot.org, and pictures of Natalie Portman. When asked about his opinion on Microsoft, one of the victims of the raid said 'Microsoft is the antichrist!' and was promptly beaten by 3 security guards. Next up, see how the technology industry is dealing with these evil computer terrorists, and what is being done to stop the main flow of destruction into their minds: slashdot.org, a dreadfully satanic site promoting 'free software,' and the destruction of companies which can't code..." --- The opinions expressed by my employer are not those of my own.
---
Who said it was a crime? They said he was a SUSPECT - they didn't charge him with "sticking his nose in". However, his actions are would make cause for investigation/being a suspect VERY REASONABLE, if you ask me.
Open Source. Closed Minds. We are Slashdot.
Even if there was some cooperation and log-investigation on the part of the FBI, quite possibly the site admins still could have come back pointing fingers at this guy. I'm not trying to absolve the FBI's responsibility from jumping on this guy so quick for just being curious and poking around, but perhaps this is something along the lines of what might have transpired.
It's probably also worth pointing out that after a rash of shoplifting incidents at the local store, someone is going to think twice before tucking his shirt in or pulling something out of his pocket and sticking it back in, for fear of looking suspicious. It's too bad that this happened--it shouldn't have happened--but c'mon! the site was just broken into! Don't go poking around!
Of course, the FBI will be paying all of US a visit for posting our thoughts about this on here...
"I say consider this day seized!" -Hobbes
"Tomorrow we'll seize the day and throttle it!" -Calvin
OK, here's how it works. The politicians know that if they violate the natural rights of the people too much, at a certain point they get terrorist action, assassination, and revolution in the streets. The difference between an unarmed populace and an armed populace is that the likelyhood of successful action against the political class is higher and thus the proles are more likely to try it.
The fact that the jackbooted thugs are likely to win eventually is cold comfort to the govt. agents that die before any rebellion gets shut down.
Any one person taking on the US government by force of arms isn't going to win. But it is the fear of bureaucrats that some act of theirs is going to push somebody over the edge and take them out personally that partially restrains the government's natural urge to become abusive.
This is similar to the positive crime prevention effect of concealed carry laws. Your average mugger doesn't know which person is armed or not so the fear of getting holes blown in him drives a certain percentage of muggers to refrain. Guns don't cure the problem of criminals or government tyranny, but in both cases they provide a statistical lowering of the problem.
DB
Actually, you may find it interesting to know that for the same reasons, many law enforcement officers will not become CPR certified for liability reasons. I've actually seen officers stand there waiting for the paramedics because if they attempt (and fail) to save a person's life, they may be sued and lose everything they own.
-jerdenn
speaking as a former cop turned techie.I am always appalled at the details of what should be a fine legal system (I mean, the premises on which it is built make sense).
However, the fact that state does not have any liability for seized goods, nor a burden of proof to seize it in the first place is completely flabergasting. I just don't see how this travesty came about?
It seems to me that the state should have to bond all items it seizes. If they are kept more than so long, a partial payment (rent) is made to the owner, and upon their return, any value diminishment is to be reimbursed from the bond. Thus, if a car is damaged in the pound, the bond will repair it, or if a computer is obsolesed, the owner reimbursed.
This will give the agencies the incentive to a) care for physical evidence, and b) return it in a timely manner -- for example, returning a computer after having made a certified copy of the hard drive (or keeping the hard drive and offering the owner a chance to make a copy).
Ah, yes, Sweden - wonderful place. Socialism rocks - damn I was happy when the government pumped 1$ billion (approx) into a broadband-for-all-project. Woohoo! Also, guns are forbidden here in Sweden. It may not be freedom, but the death rate here in sweden is really low, and that makes me think it's a decent tradeoff. Guns don't kill people - it just makes it really easy. But on the other hand, I sense that Sweden is being corrupted by American 'culture' (i.e. Britney Spears, Oprah, and McDonalds) "Last vastion of sanity" - I liked that.
Completely irrelevant. If you go hang out at the scene of the crime and fuss with it, and the police are already there, and they see the same paint on your hands, what do you think they are going to do??
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
To be fair, you should have labelled the FBI lines "lawyer" or "barrister". The FBI may be intrusive and power-mad and have an over-inflated opinion of their own value to society, but at least they're not the totally amoral, logic distorting scum of the earth that roam the courtroom.
The FBI are just misguided protectors of an obsolescent social order with their backs against the wall in a desperate and impossible fight to keep up with the times. They need to be kept at arms length, but ultimately some sympathy is due to them. They think they're fighting the good fight, and it just so happens that their fight is based on false premises. Sigh.
But that contrasts markedly with the lower officers of the bar, the only human social group that institutionalizes moral bankruptcy in an official medium built on professional sophistry while having the gall to call the result justice. No punishment is bad enough for them. Douglas Adams had the right idea with his Ark 'B'.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
At least, according to the text of the Fourth Amendment:
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Actually, government agents do have a positive obligation to identify themselves before they break in. Several defendants have been found not guilty of murder charges because it was shown at trial that they busted in without identifying themselves as law enforcement. Fearing that they were criminals of one type or another, the suspect started blasting (and somehow survived to tell the tale).
DB
Besides, even if you were to realign magnetic domains sufficiently to make the data unreadable to the drive itself, a determined "bad guy" could use magnetoresistive microscopy (Slashdot story here) to piece the data back together again. Magnetoresistive microscopy would even be able to recover your data if you did an "rm -rf /*" when the bad guys appeared. Maybe you could run "shred" to erase your drives thoroughly when the bad guys knock on your door, and then try to stall them for an hour or so while your data is safely erased?
Police are supposed to have warrents for SPECIFIC things. A warrent doesn't give them the right to search for anything and everything that might be illegal. As far as letting them in for any reason; well thast stupid, they should only be let in if they have a warrent. Otherwise they have no buisness being there.
Because there's a tacit assumption that you shouldn't have that computer. That you were misusing it. Think of your hardware as a cap gun you pointed at your little sister...sure, you didn't do her any harm, and didn't even pull the trigger...but for crying out loud, you scared her!
You scare the heck out of people...Microsoft can't keep these evil crackers out of their pants, and you expect John Law to be sympathetic to the plight of a college kid poking around in something that's none of his business? It's not illegal, of course, but it's just not right.
Why not take your house? Because you+house isn't a problem, while you+computer might be. And might be is good enough, because this computer crime thing is pretty darn scary. If you were a drug dealer, you'd have your boat and house and cars confiscated, because dealer+affluence is also scary.
When software vendors, who have a ton more political clout than individuals, are pushing ridiculous laws and licenses, why would we imagine that the wheels of justice are running on a reasonable track? And as others have pointed out, if there's no technological savvy in a particular jurisdiction (e.g., Judge Ed isn't interested in computers or understanding their uses), there's not going to be any sympathy to actions that are legal and reasonable, but unfamiliar and technical.
2 years later, after working with each person in the department and showing them I knew what I was doing and was trustworthy (or so I thought), I was turned down a technical job for the reason that I was a "security risk." Or too dangerous or something.. Umm.. Right.
It might not have been anything you did, it could have been a relative.
I know that I 'negativly impacted' my dad's security review at his job after my "run-in" with the Secret Service...
I like you, Stuart. You're not like everyone else, here, at Slashdot.
I used up all my sick days, so I'm calling in dead.
Please note that it is not the police who caused this... It is their job to enforce this unpopular law, but they did not create it. For that, you may thank your baby-kissing politicians.
-jerdenn
1. One of the early acts of the National Socialist Workers Party (Nazi) was gun confiscation. Hitler was a great gun control friend (as were most other tyrants).
2. I do not agree that you are automatically correct to say that the aims of the FBI are to prevent crime. An analysis of the incident at Ruby Ridge as well as how the FBI was deployed in the Travelgate scandal show in two very different ways how an agency can be turned to evil aims. As US citizens it is our duty to constantly scrutinize that *in fact* as well as on paper, the aims of the FBI are legitimate. Or was Omnivore OK by you?
DB
Here is a file I ran across when on IRC. It is written by Chad Davis or as he was known "mindphasr". I thought some of you may be interested, while on the topic. http://forbidden.net-security.org/txt/everything.b usted2.htm
I still think this is good advice, but IANAL and neither was he.
It is evidence that the legal system in the US is screwed up beyond hope that people are forced to resort to such methods.
-buma
I had friends who were planning for the anti-World Bank demo in Washington, DC last April. The Secret Service broke into their apartment and stole research materials.
I will publish and evidence, details, etc. on my website.
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Uh, sorry, the party was socialist, not capitalist. It was the german National Socialist Workers party and one of the reasons that they were so highly critical of jews was their perception that jews made such good capitalists.
DB
Why do police even bother with these seize and hold operations? They don't have the same "air of legitimacy" that civil forfeiture does. Civil forfeiture laws allow them to take and even destroy or sell a suspect's items without the "bother" of a criminal trial; they certainly do not require a criminal conviction. They also appear more legitimate because they can say, look you had a hearing, and you lost. We know civil forfeiture is an egregious abuse of rights, but average citizens do not.
Just because it CAN be done, doesn't mean it should!
Having a ZKS cookies isn't a sign that you used their service, just that you visited their site. If you're truely paranoid, delete it. ZKS isn't like anonymizer.com. The product installs on your computer and encrypts and obfuscates all internet comms. You can even go to sites that use cookies, but they can't be associated with your true identity.
As far as I can tell, this did not start out as a big conspiracy against the citizenry, but the results are equivalent.
This is always the case. I seriously doubt the people staffing the government have plans to deliver us into a police state. However, each little thing they do to increase the power of the government over citizens sends us there nonetheless. No conspiracy needed.
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Where would you go?
Belize. Enlish-speaking, tropical, better human rights record than the U.S. and no extradition treaty.
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Before this armed revolt occurs, people who act in the name of government will likely succeed in passing laws requiring registration of all weapons. G-men will see said revolt coming, and institute confiscation programs, reducing the probability of a successful armed uprising. Instead of your armed revolt ending government as you know it, I think it is more likely that people will continue to find "government" less and less relevant in their day-to-day lives, and continue to remove them from their lives. "Building Freedom" would be one term for this gradual extraction of one's self from the influence of terrorist bureaucrats.
Learn the rules so you know how to break them properly.
www.teslabox.com
Never try to fight an agent, if you see one, do what we do, run like hell.
Ahh when will the Matrix cese to provide for me a guide to life?
I mod down any one who says "I'm sure I will get modded down for this"
Assuming he's telling the truth, the FBI's actions are complete BS and they should be held accountable.
Of course, we may not be getting a completely honest story here. When I worked at a university, we had a script kiddie on the system who ran crack, found a password, logged into the account and read the email. (Unfortunately for him, his process was spotted, we monitored the log and the account he cracked was an old test account that we rigged with a trip wire before he logged into.
We had enough logs to hang him and began the procedures to do so. Our little script kiddie went on to usenet to ask advice. He claimed that he had only run crack out for curiosity and said we were crucify him for that. He specifically told them he did not log into the account or use the password at all. He managed to generate a lot of hate for us. Ultimately, we came out looking like fascists, and we were not allowed to rebut because of the university's policy.
I don't know this guy well enough to call him a liar, but I can't just take these things on faith anymore either. If he is telling the truth, I'm sure the FBI won't be held accountable for the damage they do to his life by stealing (and with evidence that weak, it is stealing) his computer and information. That's a shame.
Dan
somebody moderate that last post up for humor. I guess it's not good to put your hands in someone else's hack. Even if you're just browsing for a quick look see.
... If they seize Your food, are You insisting on another food...
If they seize Your water, are You insisting on another water for You thirst...
If they seize Your air, are You insisting on another air for You lungs..
... If they seize Your life
Mundus Vult Decipi
(The War on Some Drugs is insane, don't get me wrong. But the Republicans are every bit as much a part of the insanity as the Democrats are.)
--
--
Do I look like I speak for my employer?
Flimsiest coincidence? They move the server to a new hostname to provide an area for the cracker to be 'detected', this guy wanders in and takes it upon himself to work out what exploit they used, portscannning, checking nameservers, etc, and that's "flimsiest coincidence"?
Open Source. Closed Minds. We are Slashdot.
I've actually heard of this being done (but it may well be an urban legend). However, it didn't exactly work out as planned. The feds were either tipped to the presence of the device or found it. They proceeded to remove the computer equipment from the room through a door-sized hole they knocked into a previously door-free wall.
Well, if they had a clue, they'd have a backup to restore the site. We take a "snapshot" every day and can restore our (large) site in minutes. And it's a hell of lot bigger than the fucking Yankees site....
If Steinbrenner is paying the bill, fine. If we are, fuck it.
Didn't you learn anything from kevin mitnick?
This is exactly what he did (well I don't know if the filesystem itself was encrypted). He had a gig or two of encrypted data and refused to give over the password on 5th ammendment grounds and he sat in jail for years without a trial.
Now it is true that this is partially because he was trying to gain access to said data under discovery laws (which certainly should apply) but this should illustrate the attitude of law enforcement to encrypted data.
What you really need is some way to hide the data. Don't give me any of this BS about hiding it in the low bits of jpegs...this couldn't stand up to any reasonable analysis (the patterns in the low bits would probably stand out as not due to random pixels). Instead if disk filesystems filled a large section with random bytes then it might be possible for a real peer reviewd algorithm to make it nigh impossible to tell the difference between an empty filesystem versus one with quite a bit of data on it.
If you liked this thought maybe you would find my blog nice too:
You share a misconception with a lot of people. You are entitled to a presumption of innocence in the eyes of the judge and jury, but the rest of the criminal justice system presumes you guilty if there is some evidence against you. This is how it needs to be to make the system work. If the entire system presumed you innocent, you wouldn't even need to show up in court. Why should you? Axe murderers couldn't be held till their trials. Evidence (in the example you are griping about) couldn't be collected.
Actually, real American College students stay up until 7AM, skip class and sleep till 5, only to party all night.
But they don't recognize the notion of natural rights like we are supposed to with the Bill of Rights. Specifically, the right to bear arms.
But, the whole idea of moving out of the country is predicated on the US becoming a statist hellhole -- at which point the 2nd amendment is rubbish, anyway.
On the broader issue, I agree with you. But the USA is the only country with a Bill of Rights with the cajones ours has. I wish more countries had a Bill of Rights and Consitution like the one the U.S.A. has.
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
He didn't say anything about opening their computers up and taking a look did he?
--Fesh
"Citizens have rights. Consumers only have wallets." - gilroy
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
Doesn't waterloo have some kind of student jury system that you could appeal to? I know that we do (Georgia Tech) in case anything as falsified as this were to happen to me.
I mean, how do you steal credit card numbers off of port 25!!!
A few quotes...
... to be armed, To be prepared for war is one of the most effectual means of preserving peace. A free people ought not only to be armed, but disciplined."
... The tree of liberty must be refreshed from time to time, with the blood of patriots and tyrants,"
..."
"Firearms stand next in importance to the Constitution itself. They are the American people's liberty teeth and keystone under independence. From the hour the Pilgrims landed, to the present day, events, occurrences and tendencies prove that to ensure peace, security and happiness, the rifle and pistol are equally indispensable. The very atmosphere of firearms everywhere restrains evil interference - they deserve a place of honor with all that's good."
-George Washington
"A free people ought
-George Washington
Americans [have] the right and advantage of being armed -- unlike the citizens of other countries whose governments are afraid to trust their people with arms,"
-James Madison
"That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms..."
-Samuel Adams
"The Constitution of most of our states (and of the United States) assert that all power is inherent in the people; that they may exercise it by themselves; that it is their right and duty to be at all times armed and that they are entitled to freedom of person, freedom of religion, freedom of property, and freedom of press."
-Thomas Jefferson
"And what country can preserve its liberties, if its rulers are not warned from time to time that this people preserve the spirit of resistance? Let them take arms
-Thomas Jefferson
"No free man shall ever be debarred the use of arms. The strongest reason for people to retain their right to keep and bear arms is as a last resort to protect themselves against tyrrany in government,"
-Thomas Jefferson
"The great object is that every man be armed. Everyone who is able may have a gun,"
-Patrick Henry
"To preserve liberty, it is essential that the whole body of people always possess arms
-Richard Henry Lee
"The best we can hope for concerning the people at large is that they be properly armed,"
-Alexander Hamilton
"False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction. The laws that forbid the carrying of arms are laws of such a nature. They disarm only those who are neither inclined nor determined to commit crime."
-Cesare Beccaria, quoted by Thomas Jefferson
"Both the oligarch and Tyrant mistrust the people, and therefore deprive them of arms."
-Aristotle
"Amendment. II. A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. "
--The Consitution of the United States of America
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
It doesn't matter whether or not a Public Servant's Questionaire is authorized by law. On the contrary, is there a specific law which denies the free-man the ability to know that someone who has claimed a status of privledge over another is qualified to make that claim? Say you and I were walking down the same street. I turn to you and say, "Hello, John Q. Policeman. I suspect you of breaking law X. Show me your ID." I don't have the qualifications to require you to show me your state-issued ID. Do you know this? (Do you care?) How are you supposed to find out whether or not I'm not a bonified public servant?
Remember, anyone can ask questions. You can volunteer answers, but few are the individuals who can require you to answer. Demand your rights from the beginning, don't wait until they've already been violated to beg for redress.
Learn the rules so you know how to break them properly.
www.teslabox.com
I would guess that if you checked for traces of explosives on all cars around a large bomb, you would find them. The question is did they get there from before or after the blast.
If you check the money in your wallet for cocaine, there's a pretty good chance that it will register positive even if you have nothing to do with the drug trade and had just gotten the cash from an ATM. Is confiscating the money acceptable?
DB
The students sign an agreement to live in the dorms. Part of this agreement opens them up to the IT group's "raids." Abuse your bandwidth by running a porn/warez site and you'll get a knock on the door in the morning, a Polaroid taken of your sleepy self, and you'll have to surrender your stuff.
The IT guys also have their systems set up to page them when spammers abuse the open ethernet ports in the library. Once they spot a spammer's MAC address on the network, they get a page telling them what floor and what port to go grab the guy on. Cool.
Sorry, kiddo, as I responded to an earlier Kahuna fan, "something like that story" did in fact happen to someone I'm very close to and knocked a good deal of maturity into me. My attitude is also informed by my study of signal detection theory (understanding type I and Type II errors and how they are linked is sort of enlightening in dealing with multiple fields, including law) and my growing appriciation for acceptance of ambiguity.
I'm sorry if you find my attitude arrogent. I can't expect to communicate with people if my attitude turns them off of my message. Of course if my message is sent out into a pit of libertarian raving like /. has turned into, its hard to judge if my attitude is actualy at fault or not.
What I can't figure out is why, with the mouth foaming negitive responses I seem to be getting, I can't get moderated down to save my life these days.
-Kahuna Burger
...will work for Chick tracts...
Sir, you are incorrect. Please refer to what is commonly known as the 'plain view doctrine'. A perfect example is Ivatury v. Texas, 792 S.W.2d 845 (Ct. App. 1990). If, while conducting a legal search, evidence of another crime is found, such evidence may be seized.
-jerdenn
The whirring sound we hear up here in Canada must be the framers of the American Constitution spinning in their graves. You folks seem to be on a long downward spiral civil rights wise. We, on the other hand, never had much in the way of protection and so probably don't notice the loss as much as you folks are gonna. The 'authorities' here tap our phones pretty much at will and I'm sure read our mail too. Reading the mail must be a trip for them, given the amount of unsolicited advertising garbage the post office encourages dickheads to send me. As I see it part of the problem is that we send these ass holes called politicians off to hang around our legislatures and to justify their existance they crank out new rules or subvert the old ones. We better actively do something about this. Maybe we need a giant defense fund. What we don't need is the aberrated goofs that we both have running in our current elections. Up the revolution! A curse on all politicians and may they be reborn with warts on their sexual organs!
you mistake "not having a clue" for "having pride" not everyone runs to Big Brother because his peers are picking on him.... PS. soon everything will be a crime, but lets not worry about it monday is almost a week away!
"I know where you wanted to go today, But we decided to stop here instead!"
I don't know who initally started the war on some drugs, in fact; it's entirely possible that the first ludicrous restrictions on, say, pot were signed into law by a Democratic president, many decades ago. Also, it's fair to fault Clinton and Gore for not standing up to the drug warriors. But don't you dare let Reagan and Bush the First off so easily.
--
--
Do I look like I speak for my employer?
He was an onlooker in the restroom?
Dude, if there's some dude with a gun or a knife raping or killing chicks, I'm not going to be too happy about it, but I'm also not going to be stupid about it and end up tortured or dead.
Fuck you, residents of Nevada; may you all get killed for trying to help out, or imprisoned for living.
Wouldn't it be great if there was some group of official slashdot lawyers that could comment on stories that contain legal issues like this one? There are so many comments from people that say IANAL. Well, I want to hear from someone who is a lawyer. What if the Andover legal staff contributed to this discussion? Would be interesting.
Anyway, the guy had deleted the file and, knowing that the data was still accessible, he cut up the disk into small bits. The investigating agency managed to put the peices back together and read the disk.
Of course in the yankee.com situation here, the FBI only needs to take the harddrive, they could leave the student the rest of his hardware. They could have made backups of anything he needed, as well.
It's unfortunite that he had his box taken just for probing the site, but they are just trying to be thorough. Our profession is a different kind of animal. There is almost no physical distinction between good and bad and determining intent is hard unless you have all the facts. You can't just put a sniffer on a LAN and say that this packet is good and that one is evil. A curious person looks exactly the same as a criminal in the log files. What can you do besides being careful?
I just hope they give him his computer back or he recieves just compensation for it.
...to secure data/backups would be, as he writes in his article, off-site backups. How about VPN or secure NFS to a place like, yes you guessed it, HavenCo.
Most of my friends tell me that I'm paranoid, and maybe I am, but hey I think it's kind of cool encrypting emails, files etc, and apart from the feeling, it does keep my data safe, should it be necessary.
Any technology distinguishable from magic, is insufficiently advanced.
Why is it "entirely obvious he didn't do anything wrong", because he wrote a little story and posted it to slashdot?
Open Source. Closed Minds. We are Slashdot.
you grab the needles and the scales and get it all outta here...
apologies to steely dan
I have discovered a truly remarkable proof which this margin is too small to contain.
NOTHING!!!
Your tax payer dollars at work. :-( :-(
p.s. This is why we need to support folks such as the eff.
chongo (was here)
Pity people, myself included, don't usually find a lawyer until their in a jam. I should find one, just in the event I suddenly need representation.
--
A feeling of having made the same mistake before: Deja Foobar
Oh, and be sure to rid some sort of instant screansaver up to a network monitor, so if the computer in view goes down, the screen is insantly blanked until you type, blind, a password, just so they can't press a key when unplugging it. And not to suggest 'tampering' with evidence, but, your real computer has just discovered you've been attacked by the feds. There might be some 'things' it wants to do.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
I do understand the point. People are doing their jobs here, but I merely wish to point out that Big Brother is watching. I might even suggest that you are missing my point.
Unfortunately I do not have any sympathy for large corporations. OK, I admit it, I am an anti-capitalist.
These sorts of issues can be looked at from several different pov's ie
1) The law is the law is the law and that is the bottom line. I smoke pot, but I disagree with the opinion that regardless of whether I like this law or not I must obey it.
2) I am the victim sysadmin and I have to do my job, these hackers must be punished. Yes, they must be stopped, but how serious is altering a bunch of 1's and 0's? Does the attacker really deserve the hefty punishments pushed by corporate entities? Yes, you may stop this particular 'criminal' from offending again, but remember: there are another 500 would be hackers waiting in the wings that don't see this as a deterrent. Lessons should be learned from the already failing criminal system. The justice system (I am only referring to the web defacement departments here - I agree that rapists, murderers, burglars etc should be dealt with quite seriously - though differently from what we do today) only works in the sense that it:
a) Retrieves monetary compensation for the victim.
b) Creates political propaganda for the current government by pretending it is on top of things.
c) Gives the media some fodder to fatten up the bulls**t that it has to sell.
3) I am a human being with definite moral principles. I disagree that corporations have power over people. Capitalism was created to give power to the individual, but somehow, in the process of greed and egomania, we have created these monsters that control the government that control us. I am not bending over for MicroSoft, the Yankees, Amazon, AT&T etc etc.
BTW: I share the 3rd pov. I am not a programmer, a hacker, a scr1pt k1dd13, or anything other than a concerned member of Planet Earth. I am concerned for the future. What direction are we taking society in? This is definitely the wrong one. How many laws will there be in a hundred years? Seriously ask yourself that. How much MORE power will the corporations have in a hundred years? What role will the individual have to play in society in a hundred years. These are but a few questions that 99% of the planet have failed to even realise as questions let alone ask them....What sort of world do you want your grandchildren to live in?
Don't get me wrong, I am not accusing you or anyone else of ignorance in these areas. (Or of not having an opinion.) It is just that I see this particular story (as well as many others) as a vivid account of the perversion of humanity. A radical view I admit, but nonetheless a reasoned and educated view.
yeah...aside fomr that whole EMF frying your brains question, which remains unresolved, that is a whole lot of magnetic power. And if I remember high school bio, there is no small amount of iron in your bloodstream. Sounds painful.
At the risk of opening myself up to attack, let me say a few things about this:
This guy was doing something that, while not illegal, certainly appeared to be. The information he got could be used to commit an illegal act, he said as much himself.
To all those that compare America to a police state and to Nazi Germany, let's examine this:
First of all, America is a democratic society. As Voltaire said, people get the government they deserve. You have the power to change what's going on if you don't like it. Vote, write letters, work on campaigns. No one will stop you from doing this.
Second, you have considerable freedom. Look outside the box, there's more to life than your computer. You can get up and go just about anywhere without restriction. You can buy what you want, live where you want. If you get nailed for acting suspiciously that's your problem. If someone was poking around my house after I was robbed and I didn't know them I'd be suspicious too.
Lastly, I have to address these Nazi Germany comparisons. National Socialist Germany was the ultimate embodiment of evil in this century, if not all time. Their policies led to the genocide of six million Jews and the largest war in history (thirty-five to fifty million deaths). They threw millions of people into concentration camps where they received in bare essentials. Don't even think about getting a lawyer, he'd been in the camp with you. Don't even try to tell me it's anything like that in America.
The bottom line is stop griping. Things are reasonably alright over here. You know the govermemt is paranoid; don't provoke it!
Chazz
No statement is true, not even this one.
Wow, and I thought I had it bad. I was involved in a very similar incident. After hearing about telnetting directly into an smtp server for the first time, I pulled the total idiot and decided to telnet, from my personal non-roaming computer, into my school's smtp server and send a few friends some gag emails.
Turns out one of the sysadmins (who here at Harvard are actually pretty smart) didn't like my behavior, so he had me Ad Boarded (school judiciary board). I tried to tell them I hadn't done anything wrong, I was just pulling a gag, but they insisted that I was trying to snoop around the system. One administrator on the board tried to suspend me, but the single computer expert on the board said that would be ridiculous. In the end, all I got was a slap-on-the-wrist letter in my permanent file.
Funny thing is, a month after the incident, I got a letter from the library system asking me if I would be on a student board to evaluate their new web layout. Guess where they heard that I was a computer geek?
And somehow the boldface portion you posted shows that he did not do anything that could be interpreted as someone checking to see if their hack is still in place?
cat
What have we learned here?
Telnet - BAD
Encryption - GOOD
enof said
I have had a bad experience with the FBI (the investigation was for the kidnapping of a relative). I don't have a high opinion of their professionalism or their results (relative still missing years later). At this point, if the FBI were to falsely accuse me of a crime, it would cause great pleasure to give them the exact level of cooperation they gave my family - little to none with a few lies thrown in just to twist the knife.
bastards
DB
It was a legal seizing because they had a warrant. Which means that they had some kind of evidence against the kid.
why wouldn't someone comming there later do the same if they were guilty.
Well, first of all, the FBI's job is NOT to determine whether someone is utterly stupid or not; its to determine whether they're a suspect of a crime.
Secondly, removing an IP from the hard disk is a very difficult thing to do, since it can be retrieved even after it has been deleted. When someone (smart) hacks a box, they'll jump through 10+ machines all over the place, making it harder and harder to trace with each hop. One of these boxes will have logging turned off, so that its pretty much impossible to determine where the next hop is to.
you missed the point, yeah, they could take it, but they couldn't press charges if they found kiddie porn, as that is not what the warrant was for.
It's the 21st Century Do you know what your government is doing
Aim for the head and u'll hit their Nazi helmets. Just shoot them in the face
Which, I repeat, states "particularly describing the place to be searched, and the persons or things to be seized." There is no latitude there for any "plain view" exemption.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
forced self-censorship = thoughtcrime? orwell might be better than Nostradamus. 1984 was only 16 years off, apparently
He's gonna get (rightly) spanked over copyright violations, too. 99.9% of pr0n is a violation of someone's copyright, not to mention his DivX movies and MP3s.
Open Source. Closed Minds. We are Slashdot.
I own a red '89 Honda CRX Si. It has the usual performance upgrades. I got pulled over so many times in Los Angeles just because i'm young and i'm driving a fixed up car. One time I was pulled over and I got strip searched (out of 4 other cars that were with me, the cop changed lanes in between us for like 5 minutes and eventually pulled me over). Then they let us go. Another time I was making a left and a cop was about 500 ft behind me. He hurried up and came up next to me, flashed his lights, looked for like 30 seconds and made a U-turn and bounced.
When my house was robbed and trashed the cops took 4 hours to get there.
I could tell you at least 50 stories of how the cops are fucks. Especially in Los Angeles. Other places i've lived (MA, FL) are a LITTLE better. But there is corruption everywhere. No one really wants to help people. Why are tickets part of city budgets? How about parking tickets in San Francisco. THERE IS NO PARKING IN SAN FRANCISCO. WHY DON'T THEY FIX THAT RATHER THAN HIRE HUNDREDS OF DPT OFFICERS. I'VE GOTTEN LIKE 15 PARKING TICKETS IN FRONT OF MY OWN HOUSE!!
I have no respect for police whatsoever.
And i'm so happy there are some alternative candidates for president this year that actually agree with my views.
Well enough ranting.. :)
Deepak
Here's the text of the actual law that it's based on, 5 U.S.C. 552(a). BTW, the "Federal Register" is a daily publication of the government, available at many libraries.
U.S.C. 552
(a) Each agency shall make available to the public information as follows: (1) Each agency shall separately state and currently publish in the Federal Register for the guidance of the public-- (A) descriptions of its central and field organization and the established places at which, the employees (and in the case of a uniformed service, the members) from whom, and the methods whereby, the public may obtain information, make submittals or requests, or obtain decisions; (B) statements of the general course and method by which its functions are channeled and determined, including the nature and requirements of all formal and informal procedures available; (C) rules of procedure, descriptions of forms available or the places at which forms may be obtained, and instructions as to the scope and contents of all papers, reports, or examinations; (D) substantive rules of general applicability adopted as authorized by law, and statements of general policy or interpretations of general applicability formulated and adopted by the agency; and (E) each amendment, revision, or repeal of the foregoing. Except to the extent that a person has actual and timely notice of the terms thereof, a person may not in any manner be required to resort to, or be adversely affected by, a matter required to be published in the Federal Register and not so published. For the purpose of this paragraph, matter reasonably available to the class of persons affected thereby is deemed published in the Federal Register when incorporated by reference therein with the approval of the Director of the Federal Register. (2) Each agency, in accordance with published rules, shall make available for public inspection and copying-- (A) final opinions, including concurring and dissenting opinions, as well as orders, made in the adjudication of cases; (B) those statements of policy and interpretations which have been adopted by the agency and are not published in the Federal Register; (C) administrative staff manuals and instructions to staff that affect a member of the public; (D) copies of all records, regardless of form or format, which have been released to any person under paragraph (3) and which, because of the nature of their subject matter, the agency determines have become or are likely to become the subject of subsequent requests for substantially the same records; and (E) a general index of the records referred to under subparagraph (D); unless the materials are promptly published and copies offered for sale. For records created on or after November 1, 1996, within one year after such date, each agency shall make such records available, including by computer telecommunications or, if computer telecommunications means have not been established by the agency, by other electronic means. To the extent required to prevent a clearly unwarranted invasion of personal privacy, an agency may delete identifying details when it makes available or publishes an opinion, statement of policy, interpretation, staff manual, instruction, or copies of records referred to in subparagraph (D). However, in each case the justification for the deletion shall be explained fully in writing, and the extent of such deletion shall be indicated on the portion of the record which is made available or published, unless including that indication would harm an interest protected by the exemption in subsection (b) under which the deletion is made. If technically feasible, the extent of the deletion shall be indicated at the place in the record where the deletion was made. Each agency shall also maintain and make available for public inspection and copying current indexes providing identifying information for the public as to any matter issued, adopted, or promulgated after July 4, 1967, and required by this paragraph to be made available or published. Each agency shall promptly publish, quarterly or more frequently, and distribute (by sale or otherwise) copies of each index or supplements thereto unless it determines by order published in the Federal Register that the publication would be unnecessary and impracticable, in which case the agency shall nonetheless provide copies of such index on request at a cost not to exceed the direct cost of duplication. Each agency shall make the index referred to in subparagraph (E) available by computer telecommunications by December 31, 1999. A final order, opinion, statement of policy, interpretation, or staff manual or instruction that affects a member of the public may be relied on, used, or cited as precedent by an agency against a party other than an agency only if-- (i) it has been indexed and either made available or published as provided by this paragraph; or (ii) the party has actual and timely notice of the terms thereof. (3)(A) Except with respect to the records made available under paragraphs (1) and (2) of this subsection, each agency, upon any request for records which (i) reasonably describes such records and (ii) is made in accordance with published rules stating the time, place, fees (if any), and procedures to be followed, shall make the records promptly available to any person. (B) In making any record available to a person under this paragraph, an agency shall provide the record in any form or format requested by the person if the record is readily reproducible by the agency in that form or format. Each agency shall make reasonable efforts to maintain its records in forms or formats that are reproducible for purposes of this section. (C) In responding under this paragraph to a request for records, an agency shall make reasonable efforts to search for the records in electronic form or format, except when such efforts would significantly interfere with the operation of the agency's automated information system. (D) For purposes of this paragraph, the term "search" means to review, manually or by automated means, agency records for the purpose of locating those records which are responsive to a request. (4)(A)(i) In order to carry out the provisions of this section, each agency shall promulgate regulations, pursuant to notice and receipt of public comment, specifying the schedule of fees applicable to the processing of requests under this section and establishing procedures and guidelines for determining when such fees should be waived or reduced. Such schedule shall conform to the guidelines which shall be promulgated, pursuant to notice and receipt of public comment, by the Director of the Office of Management and Budget and which shall provide for a uniform schedule of fees for all agencies. (ii) Such agency regulations shall provide that-- (I) fees shall be limited to reasonable standard charges for document search, duplication, and review, when records are requested for commercial use; (II) fees shall be limited to reasonable standard charges for document duplication when records are not sought for commercial use and the request is made by an educational or noncommercial scientific institution, whose purpose is scholarly or scientific research; or a representative of the news media; and (III) for any request not described in (I) or (II), fees shall be limited to reasonable standard charges for document search and duplication. (iii) Documents shall be furnished without any charge or at a charge reduced below the fees established under clause (ii) if disclosure of the information is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government and is not primarily in the commercial interest of the requester. (iv) Fee schedules shall provide for the recovery of only the direct costs of search, duplication, or review. Review costs shall include only the direct costs incurred during the initial examination of a document for the purposes of determining whether the documents must be disclosed under this section and for the purposes of withholding any portions exempt from disclosure under this section. Review costs may not include any costs incurred in resolving issues of law or policy that may be raised in the course of processing a request under this section. No fee may be charged by any agency under this section-- (I) if the costs of routine collection and processing of the fee are likely to equal or exceed the amount of the fee; or (II) for any request described in clause (ii)(II) or (III) of this subparagraph for the first two hours of search time or for the first one hundred pages of duplication. (v) No agency may require advance payment of any fee unless the requester has previously failed to pay fees in a timely fashion, or the agency has determined that the fee will exceed $250. (vi) Nothing in this subparagraph shall supersede fees chargeable under a statute specifically providing for setting the level of fees for particular types of records. (vii) In any action by a requester regarding the waiver of fees under this section, the court shall determine the matter de novo: Provided, That the court's review of the matter shall be limited to the record before the agency. (B) On complaint, the district court of the United States in the district in which the complainant resides, or has his principal place of business, or in which the agency records are situated, or in the District of Columbia, has jurisdiction to enjoin the agency from withholding agency records and to order the production of any agency records improperly withheld from the complainant. In such a case the court shall determine the matter de novo, and may examine the contents of such agency records in camera to determine whether such records or any part thereof shall be withheld under any of the exemptions set forth in subsection (b) of this section, and the burden is on the agency to sustain its action. In addition to any other matters to which a court accords substantial weight, a court shall accord substantial weight to an affidavit of an agency concerning the agency's determination as to technical feasibility under paragraph (2)(C) and subsection (b) and reproducibility under paragraph (3)(B). (C) Notwithstanding any other provision of law, the defendant shall serve an answer or otherwise plead to any complaint made under this subsection within thirty days after service upon the defendant of the pleading in which such complaint is made, unless the court otherwise directs for good cause shown. [(D) Repealed. Pub.L. 98-620, Title IV, 402(2), Nov. 8, 1984, 98 Stat. 3357] (E) The court may assess against the United States reasonable attorney fees and other litigation costs reasonably incurred in any case under this section in which the complainant has substantially prevailed. (F) Whenever the court orders the production of any agency records improperly withheld from the complainant and assesses against the United States reasonable attorney fees and other litigation costs, and the court additionally issues a written finding that the circumstances surrounding the withholding raise questions whether agency personnel acted arbitrarily or capriciously with respect to the withholding, the Special Counsel shall promptly initiate a proceeding to determine whether disciplinary action is warranted against the officer or employee who was primarily responsible for the withholding. The Special Counsel, after investigation and consideration of the evidence submitted, shall submit his findings and recommendations to the administrative authority of the agency concerned and shall send copies of the findings and recommendations to the officer or employee or his representative. The administrative authority shall take the corrective action that the Special Counsel recommends. (G) In the event of noncompliance with the order of the court, the district court may punish for contempt the responsible employee, and in the case of a uniformed service, the responsible member. (5) Each agency having more than one member shall maintain and make available for public inspection a record of the final votes of each member in every agency proceeding. (6)(A) Each agency, upon any request for records made under paragraph (1), (2), or (3) of this subsection, shall-- (i) determine within 20 days (excepting Saturdays, Sundays, and legal public holidays) after the receipt of any such request whether to comply with such request and shall immediately notify the person making such request of such determination and the reasons therefor, and of the right of such person to appeal to the head of the agency any adverse determination; and (ii) make a determination with respect to any appeal within twenty days (excepting Saturdays, Sundays, and legal public holidays) after the receipt of such appeal. If on appeal the denial of the request for records is in whole or in part upheld, the agency shall notify the person making such request of the provisions for judicial review of that determination under paragraph (4) of this subsection. (B)(i) In unusual circumstances as specified in this subparagraph, the time limits prescribed in either clause (i) or clause (ii) of subparagraph (A) may be extended by written notice to the person making such request setting forth the unusual circumstances for such extension and the date on which a determination is expected to be dispatched. No such notice shall specify a date that would result in an extension for more than ten working days, except as provided in clause (ii) of this subparagraph. (ii) With respect to a request for which a written notice under clause (i) extends the time limits prescribed under clause (i) of subparagraph (A), the agency shall notify the person making the request if the request cannot be processed within the time limit specified in that clause and shall provide the person an opportunity to limit the scope of the request so that it may be processed within that time limit or an opportunity to arrange with the agency an alternative time frame for processing the request or a modified request. Refusal by the person to reasonably modify the request or arrange such an alternative time frame shall be considered as a factor in determining whether exceptional circumstances exist for purposes of subparagraph (C). (iii) As used in this subparagraph, "unusual circumstances" means, but only to the extent reasonably necessary to the proper processing of the particular requests-- (I) the need to search for and collect the requested records from field facilities or other establishments that are separate from the office processing the request; (II) the need to search for, collect, and appropriately examine a voluminous amount of separate and distinct records which are demanded in a single request; or (III) the need for consultation, which shall be conducted with all practicable speed, with another agency having a substantial interest in the determination of the request or among two or more components of the agency having substantial subject-matter interest therein. (iv) Each agency may promulgate regulations, pursuant to notice and receipt of public comment, providing for the aggregation of certain requests by the same requestor, or by a group of requestors acting in concert, if the agency reasonably believes that such requests actually constitute a single request, which would otherwise satisfy the unusual circumstances specified in this subparagraph, and the requests involve clearly related matters. Multiple requests involving unrelated matters shall not be aggregated. (C)(i) Any person making a request to any agency for records under paragraph (1), (2), or (3) of this subsection shall be deemed to have exhausted his administrative remedies with respect to such request if the agency fails to comply with the applicable time limit provisions of this paragraph. If the Government can show exceptional circumstances exist and that the agency is exercising due diligence in responding to the request, the court may retain jurisdiction and allow the agency additional time to complete its review of the records. Upon any determination by an agency to comply with a request for records, the records shall be made promptly available to such person making such request. Any notification of denial of any request for records under this subsection shall set forth the names and titles or positions of each person responsible for the denial of such request. (ii) For purposes of this subparagraph, the term "exceptional circumstances" does not include a delay that results from a predictable agency workload of requests under this section, unless the agency demonstrates reasonable progress in reducing its backlog of pending requests. (iii) Refusal by a person to reasonably modify the scope of a request or arrange an alternative time frame for processing a request (or a modified request) under clause (ii) after being given an opportunity to do so by the agency to whom the person made the request shall be considered as a factor in determining whether exceptional circumstances exist for purposes of this subparagraph. (D)(i) Each agency may promulgate regulations, pursuant to notice and receipt of public comment, providing for multitrack processing of requests for records based on the amount of work or time (or both) involved in processing requests. (ii) Regulations under this subparagraph may provide a person making a request that does not qualify for the fastest multitrack processing an opportunity to limit the scope of the request in order to qualify for faster processing. (iii) This subparagraph shall not be considered to affect the requirement under subparagraph (C) to exercise due diligence. (E)(i) Each agency shall promulgate regulations, pursuant to notice and receipt of public comment, providing for expedited processing of requests for records-- (I) in cases in which the person requesting the records demonstrates a compelling need; and (II) in other cases determined by the agency. (ii) Notwithstanding clause (i), regulations under this subparagraph must ensure-- (I) that a determination of whether to provide expedited processing shall be made, and notice of the determination shall be provided to the person making the request, within 10 days after the date of the request; and (II) expeditious consideration of administrative appeals of such determinations of whether to provide expedited processing. (iii) An agency shall process as soon as practicable any request for records to which the agency has granted expedited processing under this subparagraph. Agency action to deny or affirm denial of a request for expedited processing pursuant to this subparagraph, and failure by an agency to respond in a timely manner to such a request shall be subject to judicial review under paragraph (4), except that the judicial review shall be based on the record before the agency at the time of the determination. (iv) A district court of the United States shall not have jurisdiction to review an agency denial of expedited processing of a request for records after the agency has provided a complete response to the request. (v) For purposes of this subparagraph, the term "compelling need" means-- (I) that a failure to obtain requested records on an expedited basis under this paragraph could reasonably be expected to pose an imminent threat to the life or physical safety of an individual; or (II) with respect to a request made by a person primarily engaged in disseminating information, urgency to inform the public concerning actual or alleged Federal Government activity. (vi) A demonstration of a compelling need by a person making a request for expedited processing shall be made by a statement certified by such person to be true and correct to the best of such person's knowledge and belief. (F) In denying a request for records, in whole or in part, an agency shall make a reasonable effort to estimate the volume of any requested matter the provision of which is denied, and shall provide any such estimate to the person making the request, unless providing such estimate would harm an interest protected by the exemption in subsection (b) pursuant to which the denial is made. (b) This section does not apply to matters that are-- (1) (A) specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy and (B) are in fact properly classified pursuant to such Executive order; (2) related solely to the internal personnel rules and practices of an agency; (3) specifically exempted from disclosure by statute (other than section 552b of this title), provided that such statute (A) requires that the matters be withheld from the public in such a manner as to leave no discretion on the issue, or (B) establishes particular criteria for withholding or refers to particular types of matters to be withheld; (4) trade secrets and commercial or financial information obtained from a person and privileged or confidential; (5) inter-agency or intra-agency memorandums or letters which would not be available by law to a party other than an agency in litigation with the agency; (6) personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy; (7) records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information (A) could reasonably be expected to interfere with enforcement proceedings, (B) would deprive a person of a right to a fair trial or an impartial adjudication, (C) could reasonably be expected to constitute an unwarranted invasion of personal privacy, (D) could reasonably be expected to disclose the identity of a confidential source, including a State, local, or foreign agency or authority or any private institution which furnished information on a confidential basis, and, in the case of a record or information compiled by criminal law enforcement authority in the course of a criminal investigation or by an agency conducting a lawful national security intelligence investigation, information furnished by a confidential source, (E) would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law, or (F) could reasonably be expected to endanger the life or physical safety of any individual; (8) contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions; or (9) geological and geophysical information and data, including maps, concerning wells. Any reasonably segregable portion of a record shall be provided to any person requesting such record after deletion of the portions which are exempt under this subsection. The amount of information deleted shall be indicated on the released portion of the record, unless including that indication would harm an interest protected by the exemption in this subsection under which the deletion is made. If technically feasible, the amount of the information shall be indicated at the place in the record where such deletion is made. (c)(1) Whenever a request is made which involves access to records described in subsection (b)(7)(A) and-- (A) the investigation or proceeding involves a possible violation of criminal law; and (B) there is reason to believe that (i) the subject of the investigation or proceeding is not aware of its pendency, and (ii) disclosure of the existence of the records could reasonably be expected to interfere with enforcement proceedings, the agency may, during only such time as that circumstance continues, treat the records as not subject to the requirements of this section. (2) Whenever informant records maintained by a criminal law enforcement agency under an informant's name or personal identifier are requested by a third party according to the informant's name or personal identifier, the agency may treat the records as not subject to the requirements of this section unless the informant's status as an informant has been officially confirmed. (3) Whenever a request is made which involves access to records maintained by the Federal Bureau of Investigation pertaining to foreign intelligence or counterintelligence, or international terrorism, and the existence of the records is classified information as provided in subsection (b)(1), the Bureau may, as long as the existence of the records remains classified information, treat the records as not subject to the requirements of this section. (d) This section does not authorize withholding of information or limit the availability of records to the public, except as specifically stated in this section. This section is not authority to withhold information from Congress. (e)(1) On or before February 1 of each year, each agency shall submit to the Attorney General of the United States a report which shall cover the preceding fiscal year and which shall include-- (A) the number of determinations made by the agency not to comply with requests for records made to such agency under subsection (a) and the reasons for each such determination; (B)(i) the number of appeals made by persons under subsection (a)(6), the result of such appeals, and the reason for the action upon each appeal that results in a denial of information; and (ii) a complete list of all statutes that the agency relies upon to authorize the agency to withhold information under subsection (b)(3), a description of whether a court has upheld the decision of the agency to withhold information under each such statute, and a concise description of the scope of any information withheld; (C) the number of requests for records pending before the agency as of September 30 of the preceding year, and the median number of days that such requests had been pending before the agency as of that date; (D) the number of requests for records received by the agency and the number of requests which the agency processed; (E) the median number of days taken by the agency to process different types of requests; (F) the total amount of fees collected by the agency for processing requests; and (G) the number of full-time staff of the agency devoted to processing requests for records under this section, and the total amount expended by the agency for processing such requests. (2) Each agency shall make each such report available to the public including by computer telecommunications, or if computer telecommunications means have not been established by the agency, by other electronic means. (3) The Attorney General of the United States shall make each report which has been made available by electronic means available at a single electronic access point. The Attorney General of the United States shall notify the Chairman and ranking minority member of the Committee on Government Reform and Oversight of the House of Representatives and the Chairman and ranking minority member of the Committees on Governmental Affairs and the Judiciary of the Senate, no later than April 1 of the year in which each such report is issued, that such reports are available by electronic means. (4) The Attorney General of the United States, in consultation with the Director of the Office of Management and Budget, shall develop reporting and performance guidelines in connection with reports required by this subsection by October 1, 1997, and may establish additional requirements for such reports as the Attorney General determines may be useful. (5) The Attorney General of the United States shall submit an annual report on or before April 1 of each calendar year which shall include for the prior calendar year a listing of the number of cases arising under this section, the exemption involved in each case, the disposition of such case, and the cost, fees, and penalties assessed under subparagraphs (E), (F), and (G) of subsection (a)(4). Such report shall also include a description of the efforts undertaken by the Department of Justice to encourage agency compliance with this section. (f) For purposes of this section, the term-- (1) "agency" as defined in section 551(1) of this title includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency; and (2) "record" and any other term used in this section in reference to information includes any information that would be an agency record subject to the requirements of this section when maintained by an agency in any format, including an electronic format. (g) The head of each agency shall prepare and make publicly available upon request, reference material or a guide for requesting records or information from the agency, subject to the exemptions in subsection (b), including-- (1) an index of all major information systems of the agency; (2) a description of major information and record locator systems maintained by the agency; and (3) a handbook for obtaining various types and categories of public information from the agency pursuant to chapter 35 of title 44, and under this section.
I am not a lawyer.
Enjoy
ASCII tastes bad dude.
Binary it is then.
Nah, the REAL reason the FBI acted so quickly is that the Commander in Chief's wife is a Yankee Fan
My next door neighbour wants to be a mechanic. Am I gonna be pissed if I come home and see he's decided to pop my bonnet and have a poke without asking?
Open Source. Closed Minds. We are Slashdot.
The problem then is what happens if you get a power surge and the government's hardware is fried? In addition I wouldn't want an FBI drive or other computer equipment. It would be a very easy thing to modify the hardware for surveillance.
I believe that a reasonable compromise would be to copy the data out, seal the evidence, advise the suspect that breaking the seal or tampering (via very large magnet) with the equipment for the next two weeks is commiting felony crime scene tampering, and go on their merry way. The container they put the computer in can have a magnetic field detector that would register said magnetic field if the suspect tries to wipe his own system (useful only if he has no illegal materials on his magnetic media but has illegal materials erased on his drive).
This takes care of 90% of the problem while giving the police a decent window to decide whether they need to go through the expense of applying advanced techniques to reassemble the erased contents of magnetic media.
DB
It's not the same thing. The UK law refers to somone withholding an alibi or other information which may get them off until court, or charge, so they can then claim wrongful arrest or unlawful imprisonment etc.
Open Source. Closed Minds. We are Slashdot.
Oh, so just b/c i'm the first thing they see, i'm under heavy suspection. How about investing the crime scene first, and see if that would lead to me?
It may be up to you to file a claim for the return of the property, and short deadlines may be involved. Definitely talk to a lawyer soon.
A trunk could have been open when the blast occured, ditto for the cabin (rolled down windows, door was open).
As for RICO, it's beside the point. I specifically said acceptable, not legal. I guess that devolves to the question of whether legality determines acceptability or morality/ethics are what guide your definition of what is acceptable.
DB
Wouldn't counter intelligence be a job for a national police force? Perhaps even counter terrorism.
-Just because you're not paranoid doesn't mean they're not out to get you.
If a murder is committed in an apartment you own, the police take similar measures. If you have never seen a crime scene, you must have at least seen it on TV. The police can, and do, keep legitimate owners out of crime scenes for limited periods. To do the same thing for computers isn't taunting, it's making sure that evidence is preserved while avoiding a repeat of the travesty of Steve Jackson Games. What comes back from those evidence rooms isn't allways everything that went in and once it is in a government building gathering dust and depreciating in value, it's hard to get it back before the value of your property goes down to zero or close to zero.
With the equipment sealed and tamper resistant, all that needs happen is the police come back for there tampering checker at the end of two weeks or, given enough technical ingenuity, you mail the tamper record back to the police at the end of the two week period and voila! You have your equipment back in use after two weeks without the need for expensive lawyers to file writs to get your stuff back.
While there are an equal share of positive and negative responses to the student's actions and the consequences, his/her original point hits home with me. None of the ports hit would have triggered my IDS. They would have generated logs, but, it would have been clear that the curiosity-seeking occurred after the fact. I've seen this type of activity so many times, I don't even pay attention to it anymore.
I probably wouldn't exert the same effort in my curiosity seeking, and, would have probably just looked at the sight and noted: "Yeah, looks like it was hacked." He/she dug a little deeper. A year ago, that probably wouldn't have triggered the interest of law enforcement. But, a year from now, would a web-log at attrition.org with your IP in it offer similar grounds for a warrant?
Maybe not; but, the trend is disturbing. I hope other curious folk out there aren't missing this message. I happen to be pretty curious, too. Just too busy, right at the moment to raise these kinds of flags.
Linux rocks!!! www.dedserius.com
www.dedserius.com
VB != VisualBasic
Umm. I'm entirely correct.
The company in question was incorporate in the US, and, though the FBI has no *jurisdiction* here, they certainly have the ability to work in cooperation with the RCMP.
Of *course* the legal power to do the raid came from the RCMP. That goes without saying. It was an RCMP warrant. The fact is, the FBI was involved, as it was a joint us/canada investigation.
The real point of the comment, though, was about how they dealt with the company's data, not who was involved.
If the LEOs go to the heavies in Maryland, information can be recovered from deleted (and rewritten) sectors. For this they need the HDs. However, this is a non-trivial process so the computer will probably sit in a corner gathering dust (as in Steve Jackson). The rest of the computer is really irrelevant and should be returned immediately. New HDs cost money but what are the cops doing with your Geofx graphics card?
See my journal, I write things there
someone should market a little button on cases that basically trashes a HD when hit. It could be out of the way, but if you get in a situation where you do have stuff you don't want the man seeing (not saying you're guilty of the crime they're looking for ;-) this would really help out.
"excuse me...do you mind if i just take 5 seconds to grab the stuff i need of my system for school"
grab files, press button, thank you ma'am.
"ok. i'm done - have at it."
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
ah. so he's guilty untill proven innocent i see.
there was absolutely no justification for seizure of his computers. Think what might happen if you try to go to a site, see that it looks a little different. maybe you do an nslookup on the site to make sure that you're getting the right one (right IP maybe?). Then you maybe ping an traceroute the site just to check that it's up and running (i probably ping showme.missouri.edu 3 or 4 times a day for various reasons).
knock knock. it's the feds. they need to borrow your system for a few months.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
One cannot (yet) be arrested for posessing a computer.
In other words, by your so-called logic, if I see an article about a site hack on Wired News or attrition.org and check it out, I deserve to have my door kicked in and my computer ripped off.
I might have been more polite about this if they'd merely copied the guy's hard drive and files using one of many forensic software packages on the market. . A warrant is supposed to allow a reasonable search under defined circumstances. They used it to take punitive action against him without proving him guilty of anything in a court of law.
While I doubt you are capable of doing anything more important with your computer than websurfing, some of us make our livings with our computers, others "merely" need them to finish our education.
Brain-damaged assholes like you making excuses for police state tactics are a fundamental precondition for the operation of a modern police state.
"They are only doing their jobs" "Don't ask questions." "They know what they're doing" and other rationalizations for conduct which if you had been educated properly, you'd know was wrong are the kind of thing seen in the early stages of a police state. The "good German", i.e., somebody like you, is the ideal citizen for a totalitarian state, you make excuses for police action that the police won't even bother to make for themselves.
People looking the other way and telling other people, "it's not that bad" are the sort of thing that keeps the herd asleep until it's too late to do anything about it.
In a free country with people in it who want it to stay free, your only possible purpose is as fertilizer for the lawns of your betters. I would advise against using your body however processed as food products, prions are amazingly persistent and most of us would rather not find out from experience what's wrong with that mass of reeking pus you call a brain.
The highest form of civic action you are capable ot taking is suicide, and if you want to do a good thing for America, you'll act on my suggestion immediately.
The nicest thing I can say about you is that you're a tard, and whack-a-tard is one of the more amusing things to do on the Net.
Tech Public Policy stuff
It almost sounds like you say it is okay for the FBI to grab your stuff because you were intelligent enough to look at the site and see why it was hacked. AFAIK things can be confiscated if and only if they have clear evidence that it could have been used in the attack.
In this case there is only evidence that he looked at the site, which I'm willing to bet there are many of you that could duplicate the same effort. It comes down to whether or not we should have to worry about looking and learning about things and having to fear that the same knowledge can implicate you. Just because you know how to make a bomb doesn't mean you bombed a building. You may have driven by and noticed how they put it in the corner of the building such that the structure collapsed, but there is nothing wrong with that obviously.
-jerdenn
I'm very well informed. I spent 25 years in BC.
It also involved the RCPM & Vancouver City cops.
the supreme court has ruled, for instance, that if officers have a warrant to search your house for guns and they find drugs, they can bring you up on drug charges (or vice versa).
In fact, in the Bowers case in Georgia, officers had a out of date warrant to search Bowers' house (for drugs, I think). They didn't find any drugs, but when they entered the house they found him with another man and prosecuted him on sodomy charges. Bowers appealed, trying to get the evidence thrown out; but the Supreme Court upheld the ruling.
The simple truth is the government is big and strong - you are not - so you lose. The government gets away with a lot of things it is not supposed to do; the Constitution forbids involuntary servitude - but that never stopped them from drafting people.
*shrug* I agree about the 'make sure there's no obvious kiddie porn' thing. That's wrong.
However.. there is such thing as 'plain sight'. I forget the exact terms, and it probably varies from jurisdictuion to jurisdiction.
If they were searching for one thing, and there is a bag of pot laying on the table in plain sight, they *can* sieze it and *can* charge you for it. Same goes for kiddie porn. If he's searching CD's for evidence, ie "Logs" or something, and he sees 'Kiddie Porn III", he *can* sieze it, and investigate.
I once heard of a person being sued because they helped a citizen out of their car that had crashed. Low and behold their back was broke and it caused permanent damage. What are you to do, let them burn?
There should also be a rule about infringing on the normal everyday life of the suspect.
What they should do is.. take the original hard drive, make a copy, and return the computer + copy to dilinger for his use, while they inspect the original drive, if it matters so much to them.
Would it be possible to use information from a GPS card for an encryption key? It seems that if the kernel got the location from the card at boot time and used that as the key it would be possible to limit computer access to that location. Because no information is ever entered into the machine, there would be no brute force method.
You could even have it boot a small disk image if the key was incorrect, and write random data over the disk in the background.
If you use a good encryption algo and encrypt the entire drive( including partition table etc. ) wouldn't it be impossible to crack the encryption?
These are just ideas that I pulled from somewhere and I know very little about encryption so don't flame me for being an idiot.
If you have the consent of the owner of the box, you can do what you want.
An analogy:
Friend: I just built this garage, I want to see how much force it can take on the door before it starts to buckle, want to try pushing it for me?
You: Sure. *push*
If you break it, or if you don't, your friend has consented to your actions will full knowledge of the potential consequences, so you're fully in the right.
Besides, it's the responsibility of your friends to notify the authorities if their boxen are hacked, so why would they if they knew it was you?
One thing to be careful of: some ISPs run firewall auditing scripts that check for certain types of packets that look like "hacking tools". For example, a friend of mine is head sysadmin at a largish ISP, and him and I wrote a set of scripts that automatically logs all common trojan packets. (like BO, Sub7, Netbus) So you might not want to be hacking over the net if you're not _sure_ that you're safe.
--
'A lie if repeated often enough, becomes the truth.' - Goebbels
So, I'm just contemplating (in awe again), just what the fu*k would or should have happened if one of us, the 120,000 (annual quota) H-1B's in this country stumbled upon that site this guy described, which I won't even mention here :) (Carnivore eh? :), and we all are basically on work visas and 'readily deportable' for any felonies or misdemeanors?
And let's say that we even got off the hook like this guy did, how do you think the INS is going to view "has been taken in for questioning by the FBI, on a suspicion of "cracking, hacking, blabla" and had equipment confiscated for evidence purposes" or something along those lines?
Shit, by the time the EFF or ACLU or anyone can even assist my immigrant ass (as if I wasn't entitled to the same civil liberties as anyone else, right?), the INS will be buying me a one-way ticket and exporting me like an NFS UNIX partition out of the country ASAP! :)
So, is _THAT_ fair? You are all getting petrified that some agent breathed down your neck a bit, but what can they ultimately do to you? Suck your .... I don't wanna say it. But to me, or other immigrants? They can _raise_ hell and get us deported, solely on people's superstition and belief in adages like "once a criminal/suspect/pick your favorite adjective, always a criminal/suspect/pick your favorite adjective".
And then what happens to my 8 year invested in education/job/life/etc in this country? Should it all go down the drain? Well, damn, I smell a U.S. Supreme Court case getting accepted here for review for violating my constitutional rights... that is, IF and ONLY IF, I can get a Tourist visa to get back into the country and get past the U.S. border :-/... Scary you think? You're lucky you were born in the U.S. of A...
--
'A lie if repeated often enough, becomes the truth.' - Goebbels
Wrong. That should read: "in addition to the lawyers fees for SJG being paid by the taxpayers." Everyone should have a crystal clear understanding that this one of the big reasons it is so ruinous for individuals and small businesses when a federal agency jerks their chains. The attorney fees for the federal government are funded by a virtually bottomless honey pot of taxypayer funds, while you and I have to gulp hard, turn to savings, friends, pro bono legal aid, or contingency legal arrangements and such. The largesse of the peasants' labor taken at gunpoint for the King's agents, and whatever scraps that may be had for the peasants; and may the Kernel in The Sky help you if your assets are attached "as part of the investigation".
It is a positive feedback loop for the feds, and worse, there are no market disincentives for going fishing and losing. Even when they lose, they use that to their advantage, by pointing to the expenses incurred running people into the ground in court as justification for larger budgets, make our wallets that much thinner every April 15th, and go after more people on flimsier crap next year to pad their resumes. When a geek pads a resume, they might screw up a contract or project; when a fed pads a resume, it puts into ruins for years and decades or even terminates lives.
I feel sorry for this guy. Unless he has pension-busting/career-ending/agency-budget-axing political connections, is the Mafia or a drug cartel and can personally threaten the lives of the agents involved, or in an equivalent manner carry a bigger f*ck-you stick than the feds, there ain't a stale /tmp file's chance in a skulker session that he's getting his stuff back without time consuming and expensive legal assistance. Good luck, dilinger.
The smtp server I'm developing isn't quite ready for that kind of abuse *grin*, it just responds '502 Command not implemented' to anything it doesn't recognise...
My main point is that before I started developing the server, I didn't try to log onto another one, I dug into the RFC's:
http://www.rfc-editor.org/rfc.html
to learn what I was getting myself into. In this case rfc821 (and rfc822) would be on target.
This is true. This is also why you will often see warrants with phrases such as (1) Glock 19 pistol, and parts thereof.
This way, not only can the officer search in a desk drawer and find the revolver there, but they may also search your wife's jewelry case for the spring assembly. If they happen to find your stash of pot there, it is called the 'plain view doctrine', and they may seize the evidence and use it against you. This is well tried case law.-jerdenn
Was he foolish to go poke around? Probably so. Lesson learned, the hard way. But he went there well AFTER the fact. He committed no crime and there was nothing indicating that he was involved in the original crack. So what reason was there to confiscate his equipment? I could see somebody coming by and asking him some questions, perhaps.
The other question I have is, why was the FBI involved in the first place? This was an act of vandalism. No real damage done. No list of credit card numbers comprimised. No trade secrets or source code endangered. Just a sports web page defaced. Fire the system administrator if it was a known security hole or sloppy set up, and tighten up your site security. Aren't there enough real crimes out there to keep the FBI busy?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
If you ever find yourself in this situation, you're definitely best off getting a lawyer immediately, and you may want to try to get some legal assistance, possibly just a contact for your lawyer to talk to, at some place like EFF, if you're in this sort of situation.
I think it's appropriate to mention that if you are in a job where you feel at all vulnerable, then legal insurance is a must. I work for one of the U.S. National Laboratories, and most of my colleagues here and I have at least one form of legal insurance. (The inexpensive legal insurance available through the lab doesn't cover "on the job" occurrances that can land oneself in jail). After the Wen Ho Lee (who now faces many millions of dollars in legal fees) and the infamous Los Alamos hard drive incidents (where many employees have had to take out second mortgages on their houses to cover their attorney retainers), prudence suggests that the thirty bucks a month you'd spend on cable tv might be better spent on legal protection.
Don't say I didn't warn you.
The difference between MP3s and VJ kennedy's post was that kennedy specifically choice to broadcast her message on a public medium. Most MP3s were ripped from a privatized medium such as CD. You "property of poster" tagline is meaningless. But please, don't take my word for it. Does k5 have a legal team yet?
And, yes I*A*AL.
Should you always pay for your own lawyer? No. If a good public defender system is available, as it is in New Jersey, Philadelphia, and elsewhere, you'll do fine with them. But if you are in Texas, you better hire your own lawyer no matter what. It depends on how much money you have, and what you're tried for. For example, a murder case costs about $100,000 to defend. If you're charged with murder, and a lawyer offers to take your case for $500, you're better off with a public defender.
Don't hesitate to call lawyers out of the Yellow Pages. They will either take your case or refer you. They might refer you to a lawyer who is willing to take your case "pro bono" (for free). A lawyer is more prone to this if the case is interesting (like, computer-related), and where a strong moral case can be made (like, "the FBI is violating my rights").
Good luck.
I am not a lawyer.
Ah, I see you didn't read his website fully. He actually says that he isn't debating whether he deserved it or not, rather that it was extremely unprofessional of the FBI to take his stuff.
However, he does provide a great analogy of his so called "poking around", which can be found here. Furthermore, your "insightful" comment (I don't see it like that) was actually answered, with quotes such as these:
"Many of you seem to think I was 'asking for it' by snooping around yankees.com so shortly after the hack. To those, I say: you're missing the point of why I wrote this. This was not written to defend my actions, only to point out how easy it is for people to misconstrue your actions, and get law enforcement involved. This is not a problem, in itself, but when the aforementioned law enforcement has the power to just yank away weeks, possibly months, maybe even years worth of effort.. This is the problem. "
Isn't that a coicidence? It looks like hes directly talking to you! Read before you speak, young child.
yarn seems very lame... i will go with the piano wire theory.
I have always wondered why breaking into cars is considered a crime. It seems to me that if I put a car on the road which isn't 100% theft proof, I am liable if it gets broken into. BFD. If someone is smarter than me and figures out a way to open my door, good for them, I am stupid...
Open Source. Closed Minds. We are Slashdot.
Does a judge really have enough knowledge to make a decision on what constitutes cracking? I doubt it. Will this ever change? No.
People who know nothing more about computers then IE will look on things differently then a computer hacker (or cracker for that matter) will. It is two completely different perspectives of the world.
You can not explain what you did to a judge or general group of people like a jury that your portscans, digs, probes, etc were not malicious.
This quest for further knowledge due to general interest by yourself will always be looked at with a keen eye
A couple of years ago I sent an email to a guy in our Linux user group that was crafted to look like it came from "root@localhost" that stated, "You are owned, I finally got your root password" or something similar. I manually sent the mail by telneting to a mail server that would forward and not attach my ip information (I found this server from some spam that I had recieved, haha, there actually is a good use for spam). Well that mail server had now started forwarding at least the originating ip address info. So my IP was attached in the mail, big deal I thought. Well two days later my internet account was terminated for a violation of the user agreement. I had absolutely no recourse, I was cancelled for hacking, which I think they ment cracking, either way neither had happened. I tried to explain what I did but the cust serv people and their manager wanted nothing to do me. I thought that if I could just get to talk to someone that knew something about networks, computers or at least a mail server, I would be good to go. It never happened. The point being... If your dealing with non computer people you will NEVER get your point across and anything other then browsing the web is considered above and beyond normal use. It is fear of the unknown. This fear leads to knee jerk reactions. Try explaining to your mom that if some windows user shares out his c drive world writable with no password and you happen to find it that you are not doing anything wrong or breaking any laws if you download or delete stuff from it. No password, writable, available on the internet? This combination of events was no accident, not a bad judgement default condition, or the result of any bugs or cracking attempts. Hello!!!
Bad boys rape our young girls but Violet gives willingly.
score: 2, Informative?
/.
you've got to be kidding me! who the hell cares if it's on kuro5hin or not? if you love k5 that much, what are you doing posting on slashdot?
people: i like kuro5hin as much as the next guy / girl, but i try to make a habit of not telling other slashdotters how much better k5 is that
arrrghhh.
I asked someone in the know about this and he says that there's a clause in the law that says if you claim the data is pre-publication, it's covered under first amendment rights and they can -copy- it but not take it all away. Basically, since we all publish stuff on the web, it's very plausible.
:) Hope this helps folks if it happens to them.
Oh, and call a lawyer, he says.
You've never been an admin, have you?
Most admins practice the "first time's a warning, second time we go to the switch and remove his connection" method of dealing with people ****ing with their systems. Take the hint and play with your own server.
BTW, something like a "Replacement of Property Taken As Evidence Act" is badly needed in the USA.
I am not a lawyer.
...make sure you're playing Counter-Strike as a Counter-Terrorist... and winning."
If someone was to push me for my encryption keys I would claim the human rights act - I think there is a section of that which suggests that I have a right not to incriminate myself. Of course, claiming that right would be enough to suggest that there was something incriminating there... I believe the Human Rights Act, being european law, will override the RIP bill.
One more thing you forgot to mention...
Those proprietary 911-system information documents could be ordered from an official AT&T catalog for a price of $33 ($20 for catalog, $13 for document, the ordering call was a toll-free number), which is a bit less than the $24,639.05 that they claimed they 'lost' because of the copying of the 12-page document.
--
Soma: because a gramme is better than a damn.
Wouldn't the computer case work like a faraday cage and sheild the hard-drive?
But they don't recognize the notion of natural rights like we are supposed to with the Bill of Rights. Specifically, the right to bear arms.
Goddam that makes me angry.
Just when you think stuff like this can't happen in your country it does. (It can happen anywhere)
I must admit that I have considered joining the RCMP specifically for computer crime. I like the idea of "hacking", I wish I was a "grey-hat" but I really am a white one.
I don't know if I want to join the RCMP for computer work now. I like the idea of prosecuting REAL computer criminals. I strongly dislike the idea of the types of things that occured in your case. I don't know if I could work for an organization that is supposed to UPHOLD the law, but actually breaks it.
Try to hack my 31337 firewall!
Thanks, I do understand the difference between signal and noise. Applying simple technical understanding to complex societal phenomena is a mistake I made many years ago - and one from which I learned. In order to understand why people behave in the ways that they do you have to understand the ways in which they think.
For example: it is obvious to me that you think in a simplistic, primitive, Aristotelian, the world is black and white fashion. As such your thought patterns do not match the far more complex Yin and Yang nature of reality.
Evidence of arrogance on your part: your condescending use of the word 'kiddo' indicates a contemptuous attitude toward anyone who is not 'sophisticated' enough to agree with you. More evidence: the use of the phrase 'Kahuna fan' to contemptuously describe someone who disagrees with you. By using this phrase you are evidently seeing yourself in the position of famous performer - addressing those 'beneath' you in the social structure. You evidently believe that anyone who disagrees with you does so only from ignorance. It never occurs to you that you have only taken the second step along a multiple step journey to understanding. I have been where you are. I have discovered the errors in those thought patterns and moved on to a better level of understanding.
Your message is not very profound. It is: the world is exactly what it appears to be; no interpretation of what happens is ever necessary.
For example: Let's look at your shit happens perspective in the original post which prompted my reply. If a lightning bolt strikes you, that is an example of shit happens . If you are walking along and you sprain your ankle because the earth beneath you feet gives away due to a naturally occurring weakness in its structure that is shit happens. If the police confiscate your computers that is an example of a deliberate human action against you; it is not 'shit happens'. The distinguishing factor is not 'bad things happening to you', but rather whether those bad things are random or deliberate. Your failure to make this distinction indicates a lack of clear thought and understanding on your part.
Your posts are moderated up because they appeal to people who are proud of having taken the first (big) step toward understanding and who now believe that they know how the world works. Let me suggest that you try pulling your pompous head out of your arrogant ass and look around more carefully; there is more yet for you to learn.
...because it cost the taxpayers (me) money.. its just a web site not the pentagon. the FBI should worry about real crimes..... remember "when everything is illegal were all criminals!"
"I know where you wanted to go today, But we decided to stop here instead!"
Second, for some crimes, the victim's consent is not a defense. For example, even if someone really, truly consents to murder, it's still a crime. OTOH, if you consent to me defrauding you of money, that's just a contract, and no crime has taken place. Which type of crime would computer break-ins fall under? Not sure.
As long as you do your activity offline, disconnected from the Internet, you are probably fine. If you're doing it over the net, then as long as everybody in your group owns their own boxes 100% and their net connections 100%, then you are probably fine.
One thing you might want to do. Take extensive contemporaneous notes on what you are doing and your purpose. That way, when the FBI shows up, takes your computers, and tries you, can point to your notes as additional proof that your intent was benign.
If you're a commercial security company, you need to hire a good lawyer and get a proper legal opinion. I'm a law student, not a lawyer.
I am not a lawyer.
Face facts, they'd catch you on a legality if you did, that, you'd be hung. You just wouldn't get away with it.
So as long as you're goin' down, why not use the data-destruction method that truly works - a big f*ckin BOMB! Like, you remember, somewhere in Gibson, in this "employee-extraction" thing the computer guy has a lump of plastique stuck on top of his box, with a happyface smile and eyes pushed into it - if the deal gets blown the plastique eradicates all the evidence together with whoever's in the bunker - "and they're getting paid for it too". Bomb goes off, of course - never bring a prop on stage unless you use it - but in the end the bad blond guy who pushed the button, this hacker girl who was the blownup tech's partner, she fires an artillery shell right into Blondie's apartment...
Bombs away! WDK - WKiernan@concentric.net
Depends on the issue. it is never as simple as that. Sure Democrats want more restrictions on Guns but they also want less restrictions on the first ammendment (as a general rule). Republicans want less regulations for bussinesses but more for private life. No gay mariages, no abortions, no drugs, no alcohol under 21, etc... (these are all blaket statements but in the end people in parties tend to follow party line)
you said "knob", hehehehe, huh-huh, hehehehe
You asked: "Where exactly are you getting this from?"
I can't remember, it's something I've known for a long time. Do a bit of searching, I'm sure you'll confirm it.
Here's a few things I found with a quick search:
IF YOU ARE VISITED BY THE FBI
http://www.jannah.org/articles/fbi.html
Rod's Experience with Government Harassment
http://www.animalliberation.net/security/rod.html
-stephen
Apparently we have a disagreement about how important they were.
For example: it is obvious to me that you think in a simplistic, primitive, Aristotelian, the world is black and white fashion. As such your thought patterns do not match the far more complex Yin and Yang nature of reality.
hmmm.... and here I, actually having access to accurate information about how I think, was thinking that my responses were based on my growing appriciation of the ambiguity of the real world, and an annoyance at the orriginal poster who seemed to conclude that if he didn't do anything wrong but still suffered, that it must be the result of evil, malevolence or a fundemental flaw in the system. Now, why would pointing out that a system, running as well as we can run it can still make mistakes, be a result of a black/white worldview.
Evidence of arrogance on your part: your condescending use of the word 'kiddo' indicates a contemptuous attitude toward anyone who is not 'sophisticated' enough to agree with you.
Actually, it was aimed straight at a person who was arrogent enough to believe that he could assume knowlege of what I had or had not been through in my life by whether or not my end conclusions matched up with his. It is not your disagreement with me that is causing my (admittedly not polite) responses, it is the level of disgust I have built up towards people who presume to tell me what I think, how I think, what I have seen, what I have expereinced, because in their black and white world, no one could have the same amount of expereince, the same level of intelligence, and the same willingness to look at things objectively and yet come to a different conclusion than they have.
I don't know anything about you. I don't know if your comments here actually reflect your actions in the real world, or if you go into an "ultra-ideological" mode on line, as some do. I don't know who you plan on voting for, I don't even know if you live in america. I don't know if you have spent years in prison for a crime you never committed, got away with a crime someone else served time for or have never even gotten stopped for a traffic ticket. All I know, is that on the basis of a few comments thrown out into a specfic part of the net to clear my brain between bouts of writing an article on pet photographers, you have presumed to know my worldveiw, my personal expereince with injustice, my stage of philosophical maturity, and my own assumptions about how much I know or have yet to learn. And on the basis of what I do know about you, I don't like you much.
Your posts are moderated up because they appeal to people who are proud of having taken the first (big) step toward understanding and who now believe that they know how the world works. Let me suggest that you try pulling your pompous head out of your arrogant ass and look around more carefully; there is more yet for you to learn.
Maybe I get moderated up because even in my most flamish moments (which this isn't one of, but my previous response to you was) I don't use phrases like "pompous head out of your arrogent ass". Just a thought.
Actually the usual reason I get moderated is that around here, my attitudes are a bit contrarian, and people find it interesting and insightful when someone challenges their assumptions without using obscinities, insults or lables. I know I do, and I wish more people arround here could do the same for me. Instead, its a pretty sad statement about the level of discussion here that your post "arrogent ass" and all, is one of the more polite disagreements I have recieved.
Kahuna Burger
...will work for Chick tracts...
So, if our members are hacking from their homes, on their own computers, and they own the connection, ie broadband or dialup, they are OK. What about if they did it at work. Would it be OK if they had permission from their company? What if they did not have permission from their company, but telnetted out to another system to run diagnostics on a test machine?
I think you're right, we should have a statement to clarify the group's intent. Nothings is done without paperwork.
Did they offer any reason why you should lose your property just because you are accused of a crime?
I wasn't accused of a crime. I wasn't losing my property, it just was "evidence" for a few years.
Do they compensate you for the value of that property at the time it was taken if they don't bring charges or lose the case? If not, then why?
No, because the law doesn't say they have to.
--
What happens when you outlaw guns
I doubt this post will get much attention since the article is already at least a day old, but how much of this is in public record? The search warrant itself must have a judge's name on it, and the guy had to sign the warrant and get his own copy of it. Can he contact the judge's office and get additional information on why the warrant was granted?
Even if this type of request has to wait until the investigation is over, I would still be very interested in the information law enforcement provided to the judge to make him/her agree that the search warrant was necessary. I think, with that information, we will either know some true/additional reasons behind this, or we will know that something in our legal/judicial system needs to be addressed.
Here's a desciption of my little science project: At first, I figured I could take a small dime-store magnet and pass it within few inches of a VHS tape, and it would wreak total havoc. Nope. Nothing happened. There was no noticeable degradation of the video signal at all. So, I went to Radio Shack and asked for some bigger magnets. I discovered that a device existed for just what I wanted -- a high capacity bulk eraser. This was a small hand-held device that contained a monster electromagnet and was powered by plugging it directly into 120V wall socket. Apparently it didn't even bother converting the power to DC, since it had a very loud 60Hz hum when turned on. To give you an idea just how powerful this sucker was, I was able to place a set of keys on the floor, then hold the bulk eraser in the air about 6 inches above it, when I turned it on the keys would jump up and stick to the magnet (rattling very loudly with that same 60Hz hum I mentioned).
So I bought one of these erasers and took it home to try it out. The instructions said that in order to truly erase information stored on magnetic media (that is, sufficiently randomize the data so that the media became indistinguishable from blank, unrecorded media), you needed a decaying magnetic field. To produce this using the bulk eraser, one had to start with the eraser right up against the media to be erased, then while moving the eraser in circles, slowly pull back to a distance of a few feet. So I decided to try this using the videotape. When I turned on the eraser, the tape actually stuck to the damn thing, it was so powerful. Wow. What little metal there was inside the VHS tape was still enough to actually lift it off the table when it was within reach of the bulk eraser's uber-magnet. I figured the tape must have been erased instantly, so I didn't even bother with the decaying field bit -- I just turned off the eraser and popped the tape in the player expecting to see static. To my suprise, the test pattern I had recorded was virtually unscathed! There was just a little bit of signal degradation visible, and that was it!
Turns out, the instructions for the bulk eraser weren't kidding. In order to erase a VHS tape I had to very slowly pull back from the tape while moving it in circles, starting with the magnet right up against the cassette's outer shell and taking a good 30 seconds to a mintue to pull the eraser back away from it while going around in circles. Even when I did this as carefully as I could, I found that although the tape was reduced to mostly static, there was still a little bit of signal left behind on the tape -- enough, in fact, to tell what was once on it. No matter how much I tried, I was never able to completely erase a VHS tape, even with an extremely powerful electromagnet at close range. I also found that if I put the tape inside small lockbox so that I could only get within few inches of it, the eraser was pretty much useless, even when I pressed it right up against the outside of the lockbox's surface. Just a couple of inches of distance were enough to prevent erasure from one of the most powerful magnets I'd ever seen. The conclusion I reached from this project was that magnetic media is actually quite durable, and that all you need to protect it is to just keep people from getting to close to it.
If you were to install something in a doorway with the intention of erasing a computer's hard drive as it passed through, the magnets would have to be so powerful that they would yank people's keys out of their pockets. The FBI goons would probably be able to feel their firearms being tugged on, which might make them a wee bit suspicious. And even with extremely powerful magnets, you still would have a hard time creating the "decaying" field effect necessary to sufficiently randomize the data.
Now, I know what some people reading this are going to think. A VHS tape is a very different beast from one of today's high-capacity hard disks. For one thing, a hard disk has its information stored digitally, meaning it's an all-or-nothing situation. The data doesn't get degraded, it just becomes unreadable. Also, if any of the filesystem's metadata gets erased, it will also render the disk unreadable. Finally, information on hard disks is recorded at much higher density than the VHS tapes I was experimenting with, so they are much more sensitive to erasure my magnetic fields. Well, all of those points are valid, and yes, it probably would take a little less to erase a HD than a VHS tape, but even damaged or partially erased disks can be read by data recovery facitilties, which have clean room equipment and can go through and scan disks at the lowest possible level. To prevent the Feds from getting any data off your disks, you would have to make absolutely sure that the magnetic media were totally randomized, and that would take some pretty elaborate and specific conditions. I just don't think it would be practical to set up a doorway device that could erase a disk that passed through it.
One other bit of anecdotal evidence: I've got an iMac sitting on my desk at work, and it performs a monitor degaussing every time I wake up the display. The degaussing coils are so powerful they produce distortion in a 17-inch monitor sitting about two feet away. Now consider that the iMac's hard drive is inside the same case as those degaussing coils. In fact, it's just a few inches away from them. Yet it remains intact through all those magnetic disturbances.
I think a much better scheme would be to have a "kill switch" on your machine. Put a small battery-operated circuit board inside your computer that is capable of powering up the hard disk and sending it low-level format commands. Make it remote controlled. Then, using your remote control, activate it as the feds are taking your machine out the door. The hard drive would be erased by the time they got to it back to their offices.
Free Hans!
The situation described sucks, but Mozai (the original poster) needs to accept some of the blame for the misunderstanding. Any time someone new (i.e. "W.") enters the scene, make damn sure that you have them explain to you exactly what they think you have done. Had Mozai done this with the dean, a lot of the trouble could have been avoided.
Moral.. Don't rattel the doorknob on the back of the bank after it was robbed just to see if someone else jimmied the lock. The door may be watched for a return visitor.
The truth shall set you free!
Plain view sounds to me like you can see it without the effort of opening things/moving things. I would call the TV Guide on top of my coffee table in plain view. I would not call the ethernet wiring thru my house in plain view (assuming its in the walls).
At any rate, (1) Glock 19 pistol and 'anything computer related' are different ends of the spectrum. And the easy with which this warrent wsa granted is frightening.
Just as citizens should not obey an unjust law, law enforcers should not enforce unjust ones.
But with the police, you can answer any questions you want, and shut up about the rest. Of course, if you demand to talk to your lawyer, they're not supposed to ask you anymore. Cops aren't allowed to sit there and badger you with questions if you choose not to talk. It's usually okay if they ask you one or two after you said you want a lawyer, but once you've clearly stopped answering, they have to stop pestering you, even if you are under arrest.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
http://dailynews.yahoo.com/h/zd/20001031/tc/fbi
i might've been born yesterday, but i stayed up all night
Now, why would pointing out that a system, running as well as we can run it can still make mistakes, be a result of a black/white world view?
Answer: because of your automatic unquestioning belief that the system is running as well as we can make it run.
I note once again that you had nothing to say when I pointed out your obvious failure to understand in the 'shit happens' part of your original post.
Question: Is that failure to respond because of an unwillingness to admit that you might be wrong?
People in this forum only have your written words on which to make judgments. Your words represent you and your thought patterns. I pointed out examples of arrogant behavior in those words. You respond that it is arrogant of me to presume to do so. That is not arrogant behavior on my part: I could be wrong in what I had to say, but it is not arrogance to make those statements. Your response appears to be a variation of the childish: "I know you are, but what am I?"
If you are unable to understand why people give you - angry - impolite - responses, then I will ask you: Has it ever occurred to you that there might be something wrong with the way that you present your views; that perhaps you do come off as arrogant and condescending? In my experience people are unlikely to call someone a "Pompous arrogant ass" unless they have reason to do so.
If you are experiencing a "growing appriciation of the ambiguity of the real world," I offer you my applause: that is an important step. The next step is an understanding of why that ambiguity must be there and an appreciation of what that knowledge implies about existence. I suspect that once you reach that stage - if you ever do - your views of the world will change.
I mean, it's not every day that you see a webpage defacement... OH WAIT YES IT IS!
And this did cause a big financial loss to the target... OH WAIT - IT DIDN'T!
And a large database with financial info was compromised... OH WAIT - IT WASN'T!
And the target was a major national site like Yahoo, Amazon and CNN... OH WAIT - IT WASN'T
And there's no significant servers hacked into on a daily basis... OH WAIT - THERE ARE!
Can we please spend my tax money on solving REAL crimes that actually impact some taxpayers? Like - go hunt down some pot smokers. We've wasted 3 TRILLION on the war on drugs why not waste another 3 TRILLION on busting website defacing script kiddies!
People who say "money does not buy happiness" are just people without money trying to make themselves feel better.
Posters will have to take that up with Google, if they have a problem with it. It's nothing to do with me.
Your 'contract' is invalid because it is factually incorrect.
How so?
Besides which, what's your point? It's posted to a public forum and now it's in the publc domain.
So, I can go to Salon and take any article posted there because it's posted on the web? That's "posted to a public forum" just as much as any K5 comment is. It's text, which is available on the web, and under copyright. If my copyright notice is invalid, then so is theirs. That's absurd, and any lawyer would tell you so.
--
There is no K5 cabal.
There is no K5 cabal.
I am not the real rusty.
Sinister power indeed! Why, some sneaky M$ monkey could try to crowbar NetBIOS names onto the Internet by aliasing all their underscored UNC names to real names.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Why shouldn't a 12 year old have as many computers as he/she wants? Last time I checked, this was a free country.
Quoth the poster:
Why then, pray tell, have you posted as an AC? ;)
This is your life, and it's ending one minute at a time.
(One would think that such plain english would not lend itself to such convoluted interpretations, wouldn't one?)
-jerdenn
Then you are asking the Police Officer to become Officer, Judge, and Jury by selectively enforcing whatever each person considers 'just'. Such selective enforcement is not what our system is build upon. While I am supportive of 'civil disobedience', 'police disobedience' seems to take on a little more sinister connotation for me.
-jerdenn
>Huh? Assuming what this person wrote is the
>entire truth of the situation, explain to me
> where there is anything suspicious that he did?
>Is checking ports suspicious?
Another question you can add to your
list is: "how do you know this story is true?"
There are a number of elements to this
story which seem quite contrived. Can you
spot them?
Read The Hacker Crackdown. Written in 94 about this sort of thing being done to BBS users/operators. An important book for anyone who goes online.
Best Slashdot Co
I know this is a complete flamebait and I shouldn't answer it, but I have to mention how *stupid* your analogy is.
What would be the equavalent to that would be if he first did his port scan, found out where the cracker got in, GOT in himself, then went looking around for what the cracker changed.
What he did was more like look in the window, and maybe leave a hand print on the window-sill as he peeked in ( at MOST..).
Since he explained to the police what he did, they should be able to dust the rest of the house, and see that yeah, his prints aren't anywhere but on the window-sill.
-- What doesn't kill you hasn't tried hard enough.
*give up so quickly*?
Dude, if they also had a warrant for RPI logs, they wouldn't have a choice.
Perhaps I'm just reading this differently, but it seems to me that this guy didn't come in "after the cops had got there". He was on IRC, someone told him that yankees.com had "just been hacked", and he immediately went on over to see what's up. And he then proceeds to start snooping around the site, and 5 minutes later announces how it was accomplished.
It seems to me that he was snooping around where he shouldn't have. I can certainly understand the curiosity factor, and don't really condem him for wanting to find out how it was done. But what you've got to remember is that web sites are big business now. A companies going to get pissed if there's is tampered with, and they certainly won't want you nosing around there as well. Best to let sleeping dogs lie.
Again, you assume that because my belief disagrees with yours that it is "automatic" and "unquestioning". This is the arrogence that I object to. You focus on my arrogence of tone, because of the way I phrase things and your assumptions of why. Do you worry at all about your own arrogence of content?
I note once again that you had nothing to say when I pointed out your obvious failure to understand in the 'shit happens' part of your original post.
"obvious failure of understanding" again because I have not agreed with you. I have nothing to say, because I have spelled out my thoughts on the matter in detail in another post in this thread, and you have said nothing that I regard as needing reply. Not because I am obviously right, but simply because you and I seem to disagree on the issue on a level that isn't worth running my head up against.
Question: Is that failure to respond because of an unwillingness to admit that you might be wrong
I might be wrong. So might you. For whatever reason, you have been largly talking past me rather than to my actual beliefs, so I don't see any value coming of exchange on that topic.
I pointed out examples of arrogant behavior in those words. You respond that it is arrogant of me to presume to do so. That is not arrogant behavior on my part: I could be wrong in what I had to say, but it is not arrogance to make those statements.
No, what I object to is your assumptions about parts of my charecter that you could not have hoped to know from my words. You stated that "if something like that happened" to me is would knock out my pseudo sophistication. This was not a comment on my words, it was an assumption that they were without any expereince or contemplation. It is in fact incredibly arrogent. It is no different than a poster who once commented that my attitudes on staying together for the sake of the children were probably due to my "lack of expereince with these sort of family problems". There was a (completely erroneous) assumption that since I disagreed with him, I must not have any actual knowlege, and that assumption was arrogent, in the same way that your constant assumptions about my expereience or consideration have been arrogent.
In my experience people are unlikely to call someone a "Pompous arrogant ass" unless they have reason to do so.
*laugh* we are both talking about the internet aren't we? The reason to do so is called a flame. It is almost valueless in terms of content, and would only have any real meaning to me if it had been backed up in the more polite terms of the real world by people who weren't flaming me. I could just as well say that in my expereince no one calls someone "kiddo" unless they have been given a reason to be condesending, but you would just blame that exchange on my charecter traits and not your own. I have no more reason to take your flames seriously as comments on my charecter than you do mine, less, because of the overthetop nature of your insults.
Do you think I spent one moment sitting back and thinking "I wonder if I really am a facist?" when several posters flamed me that way? Why should I take your "critiques" any more seriously?
Anyway, I've had enough bouncing for a dead thread, see you around the dot.
-Kahuna Burger
...will work for Chick tracts...
that is ridiculous... I can go as far as him being a suspect, b/c his "fingerprints" were all over the box hours after it had been hacked. however, the firewall logs that they supposedly got his IP from should have vinidicated him had anybody looked closely. talk about an elite hacker, they are saying he hacked the box hours before he even connected to it.
either the story doesn't tell the truth or the fbi is flexing it's muscles w/o looking into the actual situation, if it is the latter then he has been screwed as they will undoubtedly pin something on him so they don't look like idiots.
as far as sticking his nose where he doesn't belong.... that is the point of the network, many security advance, coding advances, hell, linux, came from the same combo of curiosity and intelligence that he was displaying.
ej
I thought a search warrant was a warrant to search a particular place for particular things.
Seraching 'a dorm room for a computer' is not good enough. Searching for 'logs indicating xxx on a computer in the dorm room' should be fine... but they should in no way be able to sieze it!
To think of one solution, I know a company in BC that was raided by the cops/fbi/irs/ and a few others in a big sting. The admins were cornered (so nobody would erase anyhting) and then, under supervision, were permitted to keep running the system, while the cops had experts take copies of relevant information.
(as an RPI Alum)...
ITS/ACS/CIS/whatever has always been very helpful to the law enforcement types (even Public Safety when they questioned me for...- but that's another story, I digress). In this case, it doesn't seem like ITS had anything to do with it, though... The firewall logs sounds more like the ones from the yankees.com side, not the relatively new dormnet firewall. ITS does not have keys to the rooms - Res-Life (a former RA speaking here) is compelled to comply with any legal warrant... not much they can do, either...
Legal warrents carry a lot of weight at schools - it's not a matter of rolling over easily, as avoiding charges of obstructing justice and the like. Not a fun situation to be in.
tower@CANNED_MEAT_SUBSTANCEalum.rpi.edu
--
"It's tough to be bilingual when you get hit in the head."
Such selective enforcement is not what our system is build upon.
Oh, its not? Why is it i've gotten a ticket speeding in the same area as my friend did, who was pulled over, but no ticket. We were doing about the same speed (10 over, like most people on that road actually). Why are there laws that prevent citizens from installing servellence equipment in thier home for security put buisnesses are expected to? It seems to me the more money you have in this country, the less the law applies. I'm sure you don't need me to point out lots of cases where this has been true.
Who claimed he was arrested? His computer was seized as evidence on REASONABLE GROUNDS.
Open Source. Closed Minds. We are Slashdot.
Crap. If your house is unlocked, is your TV fair game to me? No.
Open Source. Closed Minds. We are Slashdot.
That's different from "I know this site's been cracked. Let me try a few different probable methods to see how they did it". He did a bit more than nslookup, ping, traceroute... He examined their DNS for exploits, the ftp server, etc etc.
Open Source. Closed Minds. We are Slashdot.
What, probing their DNS server, and other services on their machines isn't the equivalent, all of a sudden?
Open Source. Closed Minds. We are Slashdot.
If you think that is bad, you should see what they are trying to sneek into the US via the "treaty provisions" backdoor - US gov interests are lobbying for europe to adopt the english RIP bill as a european measure, so they can then "reluctantly" adopt it in the US without having to worry about that bothersome constitution getting in the way;
One of the highlights of the new bill is that they can demand your encryption keys from you (on pain of 2 years emprisonment) and if you decide to mention it on your website as this guy has done? that's a five year prison sentence. Paranoia, you haven't begun to flow....
--
-=DaveHowe=-
Huh, ? And just when did "sticking ones nose in a place it shouldn't be" become a crime ??
Please name one, JUST ONE, important event in history, where it can't be argued that somebody wasn't "sticking his nose where it shouldn't be".
No, I'm not claiming that this is such a thing, just that curiosity isn't a crime.
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Then, if you are found lurking around a bombed building 6 hours later, why don't they confiscate your car and wallet and run those through a forensics lab? It's the same sitution.
Confiscating everything in the world, and running them through a forensics lab, is a good way to get evidence. It is also unreasonable. Somewhere there is a balance, and it does appear that where computer crimes are involved, the balance they have chosen is very, very different from what they choose in other realms.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
>The moral of this story should be: it doesn't matter that you have nothing to hide. The FBI does not trust you, does not like you, and has little interest in protecting your rights.
How did you get this? They were investigating a crime which they suspect him being invovled. How should they act? They let him get his notes, keep some computer stuff. (which was clearly illegal)
Try abit of social enginnering. If they wanted to be "hard" they could have. Talk to a cop what they can and can't do.
>If you truly have nothing to hide, you have everything to lose by talking to the FBI without a lawyer
Think about this; guilty parties don't freely give police evidence they know is incriminating.
Start crying about not wanting to talk and the agents "suspection level" will rise.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
They can't. No warrant.
The only exception I can think of this is the Vietnam War, where lightly armed VC pulled the US Army's pants down.
Oh, yeah, and Afghanistan, where slam-fire guns and homemade barrels humiliated the Soviets for years on end.
Um... and I guess that the ANC managed to get their point across in South Africa, too.
Switzerland? Forget about them... maybe nobody invades them for some reason...
Yeah, I guess the various partisans in WWII accomplished a little bit..
The more I think about it, maybe "hicks with guns" have accomplished a little bit :) Sshh, don't tell Rosie O' Donnell...
Carefree highway, let me slip away on you.
Uh huh. Sure, THAT'LL fix it. You know what the cheapest way to solve crime is? Invasion or privacy, and ignore the civil rights (if THAT'S too expensive, ignore guilt an innoncence, although we aren't nearly at THAT point). Carnivore is a very cost effective way of dealing with electronic crime, and the more it's abused, the more cost effective it becomes.
It's a real simple deal--give people a job to do, give them guidelines on how to do it, and give them the resources to do it. It's easy to skip the 3rd step, but the more it's done, the more steps 1 and 2 will get skipped (particularly 2). Thus, we get the FBI, in it's current state.
Here's a clue. If giving too few resources is a problem, even fewer will be a bigger problem. You can effectivly punish puppies--not large bueracracies.
Most of the agents in the FBI previously served in the military or police force. They are not geeks. When a site gets attacked and the FBI come in they set up and start auditing logs. If this guy's IP shows up all over the place, NO MATTER WHAT HE WAS DOING, he is going to become a suspect.
They would need the computer for forensic evidence gathering. The books probably just looked interesting (kernel *hacking*) to them and they thought that it could possibly be used as evidence. The agents were most likely there to take a statement and grab his stuff... no matter what was said. As far as they were concerned, they had probable cause to suspect him of wrongdoing and gathered evidence for evaluation. This *does* happen. This is not a case of the big bad FBI picking on someone who was innocent. This is a case of the FBI doing their *job* and investigating a suspect.
There is just too much damn noise on Slashdot anymore. I used to actually come here for news. It is getting to the point of becoming a collective of people who do not express their own thoughts and ideas... rather they instead use this once great page (Thanks Rob) to voice their idiotic crys for attention, or to just reiterate the same garbage. I am starting to think that Slashdot has become a collective of people who all think exactly alike, minus the trolls and the *very* few who can actually think for themselves. This is News for Nerds... not News for Nerds Who All Think Alike and Rant About Beowulf Clusters of Hot Grits Down a Petrified Natalie Portman's Pants.
I truly understand now that this really is not Rob's fault. No matter what he does there will be those that choose to attempt to exploit it and ruin it for other people. That is the nature of the world at large. Aside from ridding Slashdot of the AC or creating some form of censorship, it is truly beyond Rob's (or anyone else's) control.
I now ask everyone to please think before you post. Why do you insist on acting like an immature baby and incessantly attempt to ruin something which other people enjoy?
wolf31o2 Developer, Gentoo Linux Games Team
I will leave it for everyone to judge who is arrogant - the words are there for anyone to read.
Checking out defaced websites is both fun and funny. (Running a vulnerable version of a ware on a live box is pretty funny - we all do it occassionally, but you can't cry when you get hacked).
It is the admins responsibility to secure a box. If it gets hacked it is the admins problem. Sure, if one can catch the hacker then great! Bust them whatever...the hacker accepted that risk when he/she alters the first file.
This IS big brother, this is about rights. Don't be fooled into thinking otherwise. We are fast becoming dopey little sheep that kowtow and bend over every time the "government" (corporations such as m$ and the Yankees) want to sodomise us.
'#72524!!!! Stand up straight!!! You are being charged with crimes against the state!! You are sentenced to......'
I was not thinking about the retrieval of the backups. Obviously, if the FBI has your equipment, you'll most likely be replacing it anyway.
D'oh. I meant 'where do i get an encrypted filesystem', not a program that writes 0/1s...
---
Unto the land of the dead shalt thou be sent at last.
Surely thou shalt repent of thy cunning.
https://www.accountkiller.com/removal-requested
Hmmm, sounds like he got what he deserved.
This is true, however he was picking up the murder weapon, checking its caliber, etc. He had knowledge of where it was, regardless of how he figured this out. It looks suspicious, and the FBI acted accordingly. I would expect nothing but that from them. The kid made himself a suspect. Further more, he put himself at risk of taking the blame for something that he claims he did not do. He's just plain stupid to do that.
how hard would it be to add some encryption to the system? I think it would be really cool to have to type a password during kernel boot that would allow the kernel to do anything further, including IO on the hard disk. Especially if it were on such a high encryption scheme as to make it nearly impossible to guess the password and successfully decrypt the data in a useful amount of time...
Obviously this would require the filesystem to be encrypted too, but it sounds like a lot of people would be willing to sacrifice speed for data integrity.
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
Andres Salomon is a fool for putting his explanation on the net. He should get a lawyer and SHUT HIS MOUTH.
So far, the "everything you say can and will be used againt you" has given the FBI a lot of evidence.
FBI: "Your Honor, I present the following quotes from the defendant's website into evidence. You will see that the defendant in his own words has admitted that he used the Yankee's computer in very irregular in improper ways."
*I'm simply an RPI student, admin, and programmer
(C/perl/whatever) who likes to dabble in cryptography, kernel hacking,
FBI: See, he's a hacker, by his own admission
*I know my way around
FBI: Bragging is typical for script kiddies.
*my initial reaction was "oh shit, someone's pissed about my 30 gig mp3 collection
FBI: The defendant also admits that he pirates music in large quantities.
* I then began a post-mortem inspection; I always find this to be very interesting
FBI: Get's his willies by trespassing. He's a criminal who loves crime.
*The last time I did this, I discovered the intruder had gotten in through...
FBI: The defendant did this on more than one system.
*I first checked port 21 of www.yankees.com, noticing that it was running wu-ftpd-2.6.0;
FBI: The defendant has stated exactly how he hacked the yankee website.
*So, I did a zone transfer of yankees.com (host -l
-t any yankees.com), and noticed an old.yankees.com.
FBI: The defendant admits to yet another trespass command. He is letting us see how his criminal mind works.
*I got no where with this (whether it was due to a firewall, I do not know), so I
returned to my IRC client
FBI: The defendant is describing how he dealt with an obstacle put in place by the yankee sysadmin.
*The entire thing lasted possibly five minutes,
FBI: The defendant is doing some more bragging. It is common among hackers to brag about being able to root a box quickly.
If tits were wings it'd be flying around.
Ignorant people, while primarily with the FBI agents it includes the judges who issue warrants. So the result of any mistreatment you have received/will get is mostly because of this. It is unfortunate that precedents may be set by ignorant people.
This being said, say somebody spray paints "Yankees Suck" on the stadium walls. The police haven't arrived yet. You go up to see what kind of paint they used so you can tell where they bought it from, you touch the paint and get it on your fingers. Just as you do so, the cops arrive and see the paint on your hands. Who are they going to arrest and why???
The digital divide just does not extend to those people who have computers and those who do not. But to those who have computers and don't understand them versus those who have computers and understands them.
One might also argue that understanding them means safeguarding your data.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Those who desire to give up Freedom in order to
gain Security, will not have, nor do they
deserve, either one.
--Thomas Jefferson
--
The above post was inappropriately moderated down as "flaimbait," probably by someone either in law enforcement, or someone with friends and relatives who are and was offended by the original posts very accurate (and gloves off) commentary on the FBI.
Someone with mod priveleges today please rectify this.
And for the loser his modded this down as "flaimbait" I look forward to tearing you a new one in meta-moderation.
The Future of Human Evolution: Autonomy
uah?
as i recall, all he did was grab version info from a couple of the daemons running on the server. That hardly qualifies as suspicion of cracking. To be frank, i'm pretty concerned about the prospect of living in a world where telnetting to a server on well known ports for ANY reason could be considered reason to confiscate my equipment.
the "exploits" you talk about are pretty iffy. He basically did a manual port-scan on several hosts on the network which is not considered a very harmful thing (i probably get port scanned 10 times a day) and is definitely NOT illegal, or suspicious on the internet today. fuck, i port scan boxes all the time just to do network latency performance tests.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
Not in my book. For one thing, they're meant to be used anyway. For another, they're not physical things (like your hypothetical car).
Sure.....
/me reminds self to quit feeding you fuckers...
My point exactly. You can be arrested for merely posessing illegal substances or paraphenalia[sp] associated with them. Then there's almost no shadow of a doubt that you've been doing something illegal.
In the situation related to this slashdot story, though, the authorities had little or no justification for seizing his equipment, let alone proof that he did anything that was against any law, past or present.
Your (and the authorities') "reasonable grounds" argument doesn't pan out since the only evidence they had was of some minor (ie harmless) network probing only AFTER the attack had taken place.
In my opinion, the authorities that use such frivolous investigation tactics only do this so it makes them *look* like they're doing something with the case... and of course the numbed-brain media take it hook, line, and sinker.
It's extremely suspicious just after a site's been cracked. How does port scanning help you determine network latency?
Open Source. Closed Minds. We are Slashdot.
So I guess everyone who wants to come into my house is going to have to crawl through a little two-foot diameter tube and pass their keys and credit cards through in a sack afterwards, if any sort of scheme like this is to work.
I guess you'd like to make sure that all FBI agents are also fully trained as sysadmins for every OS/Harware combo known to man
Yes, I would. I'd settle for agents who know enough to use the standard forensic tool 'dd' and carry their own export media. If you wish the evidence, take the friggin evidence. The hardware is a different matter..
.sig: Now legally binding!
from some friends who go to rpi. alot of people use irc who are not script kiddies.
This guy did nothing wrong, and will never be convicted of doing anything wrong, yet he will summarily punished. When his computers come back, they will be wiped clean of all of his data, including school projects and whatever other projects he was working on. He will have crummy grades this semester (since he projects are gone) and will have to buy his books again.
He will never receive any compensation for his time or his losses stemming from this incident.
This is a great example of how america is transforming into a police state. The most disgusting thing is that most people either don't give a damn or say something like "he's just a script kiddie", etc.
Someday you will be violated by our out of control government, and then you'll understand what a travesty this incident is. You'll probaly wonder why they call it "The Department of Justice" too.
Conformity is the jailer of freedom and enemy of growth. -JFK
Black in my 31337-Script-Kiddy Days of Yore, I made a rule of never even sending a _single_ packet to a box directly from a personal box or account. I would always bounce through a box where I knew I wouldn't be monitored, a wingate/telnet proxy (OVERSEAS), at least one public system, another proxy and finally through a cracked UNIX box (so I could use all my cool packet shaping utils). Doing Pen-testing is so much easier. :)
No, seriously: while our police force isn't as bad as your FBI, they now have even more worrying powers. If I have my computer equipment confiscated, they can demand passwords for all encrypted files - and I face 2 years in jail if I can't provide them, or a valid reason for not having them!
Of course, this hasn't been tested in court yet on such ideas as 'I forgot it'. But still, the fact that this got through parliament is very, very worrying.
And: either my government uses the term 'Hacking' wrongly in their documents, or they want to arrest all computer scientists...
We are in deep shit. Every week I receive portscans from "known" or "major" companies IP segments. (whois ip@arin.net) When this happens, I tend to "gently" reply the portscan. Not because I'm a fucking terrorist, I'm just curious. (It's not an automated script, I do it when I'm bored) Now: Imagine that "Bigcompanyfullofshit.com" website is craked, and the perpetrator decides to install a script there, and because the twisted destiny I get scanned, and I reply the scan. This means that the FBI, Police, or any clueless idiot will be the next day, knocking my door and confiscating my hardware, wich turns to be a legitimate bussiness, that feeds me and my family, just on the sole basis that they logged a portscan???? I HAVE HOUNDREDS OF THEM!!! And nor the FBI, CIA, Secret Service or anyone give a shit about them!!!! I don't know if this guy really made something bad, if he likes to archive tons of porn, scripts or anything, but if the only thing the Feds needed to get a warrant was something like this: Oct 31 10:00:01 host kernel: Packet log: input DENY ??? PROTO=6 id.iot.ip:65333 myhost:12345 L=48 S=0X00 I=19781 F=0X4000 T=119 SYN (#1) And what about port 139???? Every idiot in the planet is scanning that port. Will the FBI put in jail all of them??? Or is it that a baseball team's website is a matter of national security? Andres got all my sympathy, just because I could be the next idiot trying to explain an Ape the diference between a portscan and a intrusion. Just my 2cents...
You just need to buy a computer made by G. Gordon Liddy Systems, inc. You know, one of those 9-mm "autoloader" point-and-click devices.
;)
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
And puts itself in a much more likely environment to be shot when reaching for their ID...
"He was reaching inside his jacket pocket, Your Honour! My buddy got shot like that last week."
People, guns are not the way to hold on to your rights.
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
is there any way to tell your being monitored? did the fbi poke around his machine before hand?
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
That's why they question you. To find out if you are legit or not.
You are prefectly free to say "I wanna lawyer", or "Fuck you, fed bastard!" of course.
The cake is a pie
no. just keep moving. the body is none of your business. sheesh. you should know that already. where do you live ? in a city inspecting a body in an alley is the LAST thing you want to do. move on.
PUBLIC SERVANT'S QUESTIONAIRE
Public Law 93-579 states in part: "The purpose of this Act is to provide certain safeguards for an individual against invasion of personal privacy by requiring Federal agencies...to permit and individual to determine what records pertaining to him are collected, maintained, used, or disseminated by such agencies."
The following questions are based upon that act and are necessary in order that this individual may make a reasonable determination concerning divulgence of information to this agency.
1. Name of public servant...............
2. Residence......City.....State......Zip......
3. Name of department, bureau, or agency by which public servant
is employed........supervisor's name......
4. It's mailing address...........City......State....Zip......
5. Will public servant uphold the Constitution of the United States?
6. Did public servant furnish proof of identity?
7. What was the nature of proof?..............
8. Will public servant furnish a copy of the law or regulation which
authorizes this investigation?
9. Will the public servant read aloud the portion of the law authorizing
the questions he will ask?
10. Are the answers to the questions voluntary or mandatory?
11. Are the questions to be asked based upon a specific law/regulation,
or are they being used as a discovery process?
12. What other uses may be made of this information?
13. What other agencies may have access to this information?
14. What will be the effect upon me if I should choose not to answer
any part or all of these questions?
15. Name of person in government requesting that this investigation be
made...............
16. Is this investigation 'general' or is it 'special'?
17. Have you consulted, questioned, interviewed, or received information
from any third party relative to this investigation?
18. If so, the identity of such third parties..........
19. Do you reasonably anticipate either a civil or criminal action to
be initiated or pursued based upon any of the requested information?
20. Is there a file of records, information, or correspondence relating
to me being maintained by this agency? If yes, which?
21. Is this agency using any information pertaining to me which was
supplied by another agency or government source?
22. May I have a copy of that information?
23. Will the public servant guarantee that the information in these
files will not be used by any other department other than the one
by whom he is employed? If not, why not?
If any request for information relating to me is received from any
person or agency, you must advise me in writing before releasing such
information. Failure to do so may subject you to possible civil or
criminal action as provided by the act.
I swear (affirm) that the answers I have given to the foregoing
questions are complete and correct in every particular.
X ____________________________ Date: ________/_________/_____________
Witness:________________________ Witness:__________________________
Authorities for Questions:
1,2,3,4 In order to be sure you know exactly who you are giving the
information to. Residence and business addresses are needed in case you
need to serve process in a civil or criminal action upon this individual.
5 All public servants have taken a sworn oath to uphold and
defend the constitution.
6,7 This is standard procedure by government agents and officers.
See Internal Revenue Manual, MT-9900-26, Section 242.133.
8,9,10 Title 5 USC 552a, paragraph (e) (3) (A)
11 Title 5 USC 552a, paragraph (d) (5), (e) (1)
12,13 Title 5 USC 552a, paragraph (e) (3) (B), (e) (3) (C)
14 Title 5 USC 552a, paragraph (e) (3) (D)
15 Public Law 93-579 (b) (1)
16 Title 5 USC 552a, paragraph (e) (3) (A)
17,18 Title 5 USC 552a, paragraph (e) (2)
19 Title 5 USC 552a, paragraph (d) (5)
20,21 Public Law 93-579 (b) (1)
22 Title 5 USC 552a, paragraph (d) (1)
23 Title 5 USC 552a, paragraph (e) (10)
You can find more interesting information on your rights here: Frog Farm Faq
"Destruction of Evidence", and then my friend you are in a world of hurt even if the hard drives were blank
This system is truly fucked now.... I want to leave the US soon at this rate.
Perhaps I'm just too optimistic, but this guy still has his freedom and won't be spending any time behind bars for his non-crimes. To me, that's a lot more important than replacable "stuff". But maybe that's just how my priorities are...
Ita erat quando hic adveni.
hmm. that holds up.
hmmm. so let's see here. you found out that your neighbor's place had been broken into (legal). you removed evidence from a crime scene (illegal). you went into your neighbor's home without their permission (tresspass. illegal). and now you think you have nothing to worry about??????? If the FBI just "questions" you, you've gotten off easy.
let me tell you another story.
this guy heard that a website had been hacked on irc (legal). So, he visited the site (legal). He then proceded to check the versions of some of the services running (legal). He did a DNS lookup to see which boxes were running on the network via such sinister and ill-used binaries as nslookup and, dare i say, dig possibly? DEAR GOD!!!!!!! (btw - also legal).
at that point. the FBI felt that they had enough evidence to make this gentleman a suspect. They seized his computers (illegal). The way i see it, the only thing this guy did wrong was not making sure he had a lawyer present.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
Think about this; guilty parties don't freely give police evidence they know is incriminating. Start crying about not wanting to talk and the agents "suspection level" will rise.
So now everyone is innocent until proven guilty? If i am, i don't think i'd need to 'hand over evidence' to prove i'm not.
However, the REAL reason was because Lloyd Blankenship, the author of the book, was running a bbs to discuss cracking, and they assumed that it would have incriminating evidence on it against SOMEONE (the best they came up with was a stolen bit of code from the 911 dialing system that is available for $0.75).
So SJ Games sued, won, got a bunch of money and got most of their computers and some of their equipment back but of course lost all their data. This is also interesting because it was an early EFF case.
So now we just have to figure out the REAL reason why this guy got busted...
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
That's a reasonable attitude if the police/FBI are really your friends. Unfortunately they're usually more interested in finding evidence for a conviction. Remember what happened to Randal Schwartz.
In particular, see Randal's comment on the police interviewing.
--adrian.
What about creating waves in the field pulsing up and down a couple hundred times per second or something?
Is a crime to do what this gut did? Is it a crime to inspect publicly avialable servers for possible ways to attack it? If I look at a server just to see why it was attacked is that so wrong. I do not know. I guess the only reason it was done because he was a possible suspect. But is I you can not blame the FBI for doing what they did. I guess the moral of the story watch what you do they are always looking and keep a copy of your important data offsite.
if you want your data out of the gubmint's view, you have to overwrite AT LEAST 3 times. They US federal gubmint requires SEVEN overwrites on their data (the physics behind this stuff is pretty impressive). Additionally, regardless of overwrites, they require any scrapped drives to have the surfaces ground off (or dissolved in an acid bath). The UK gubmint even keeps the magnetic dust as classified. If the gubmint is this paranoid, how paranoid do you figure you should be?
After the FBI raid and confiscation of Steve Jackson Games for allegations that were clearly off-base, the EFF was formed to attempt to combat this.
At one time, as I recall, the EFF was a pretty strong and respected organization. I even contributed back in the 0ld Sk00l days.
Then, its support has seemed to dwindle over the years to where most people haven't heard about/don't really care about it.
The last I heard of them, they had some sort of fairly expensive dinner/black-tie event at the Harvard Club downtown. Whether this is what it actually was, I don't know -- some dot-com lawyer tried to push it on me. At the time, it seemed like a schmoozing fest for dot-coms and their venture capitalists.
Looking at their website now, it seems like they are a lobbying organization or something rather than a progressive activist group. It appears to be a far cry from their roots... and the people who were their main supporters.
I would be interested to know if the EFF still handles or supports cases like this or are they through with trying to fight it?
flamebait ? this is actually the BEST advice ive seen in this article. in our good old US of A lying to a public servant is a crime (5 years jail - although rarely enforced). So if you were half asleep from a LAN party and answered something silly youre in deeper shit than if you actually committed the crime. e.g. cop asks you - do you smoke? if you say yes and you dont thats a one way to jail ticket. if you say no but they can prove you smoked even once - same deal. if you say 'i dont remember' or 'i think i'll wait to call my lawyer' youre ok. when in doubt - DONT ANSWER. it may look suspicious but youre in deep shit as it is - no point giving em leverage.
you have to remember that the protesters were string up paino wire up just high enouf that it could do some serious damage to somebody who happened to come in contact with the wire thats why the copys in phili came down soo hard on the protesters, they asked for it in short, and they got what asked for
Actually, if you do go see if they're alive, or especially if you call the police, you probably will become the prime suspect. It's the problem of the killer calling the cops and saying "Ahhh, I found a dead body... no, I don't know how it got there."
Maybe they're learning about computers? Besides, this wasn't a 12yr old, this was a college student at RPI, very near to me in fact.
If your school has any type of Policy (whether it be network/computing or even academic integrity) you can be pretty severely punished.
This doesn't have a thing to do with the law, so doing things you might consider 'legal' can easily get you censured, expelled, etc.
Yes, well when shit happens those in power are more often on the producing end. They are *supposed* to err on the side of the rights of citizens. Saying "shit happens" is a cop out. We employ these people with our tax dollars.
It's 10 PM. Do you know if you're un-American?
(Freedom of Information Act request). It would be interesting to know if you, a typical and benign "real hackers", already had a file. In fact, it would be very interesting....
I favour my solution: A large, loaded crossbow hanging by my bed and a home-made Taser in my back pocket!
I'd be a bedwetting liberal if you burst into my room at night with a loaded shotgun to 'stop me', because you 'have enough guts'. I don't think 'having guts' is a reasonable excuse for being allowed to have a gun.
Gun nuts always go on about the one appropriate use of firearms (other than for sports, which is quite OK) is to protect property. What I want to know is whether they rank their amended constitutional right above that of their obligation to follow the laws of the country?
Does my bum look big in this?
Think how much easier it is now to get OTHER people screwed:
1)Crack a site
2)Do what this guy did (talk about it on irc and spend 5 minutes poking around the network) from your "pigeon's" machine
3)Watch the fun begin!
No,it might not work every time but it is far too easy for the payoff. #2 could be done either at the machine or using BO2k. Hell, you could write a trojan
that would do all of this automatically.
I mod everyone down who says "I'll get modded down for this." I hate to disappoint.
The security guard was also watching while the crime was committed. Why didn't the FBI question the guard, determine that this person was not fiddling with the paint while the crime happened, and leave him alone?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
...aim for their heads?
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
That is really unfortunate, but freedom is not cheap.
The scary trend to me, is that innocent people are busted all the time for crimes they didn't commit. But how many people here are sysadms who have tracked down hackers, presented the FBI with all the evidence they need. (Logs, ethernet captures, the crook's physical address, etc) and nothing happen?
A few years back I received a 16 point distributed DOS attack, (before most people knew what it was), i verified with each sysadm(mostly colleges and small business), their machines were verified being broken into. The worst hit site was lsu.edu, I spoke with their admins, and they checked their boxes and founds thousands of dollars of damage.
To this very day, a guy lives in new mexico, never got busted for the attack. (He was threatning from irc from his dialup account as he was attacking me). Why did he attack me? I was using "his" nickname. Turns out I went on vacation for 6 months from the net, came back, used my old nick, and some "hacker" decided it was his, and would flood me off the net to take it back. *rolls eyes*
(just like if the police have a warrent to look in your closet for a body but find a box with drugs, I belive that they they can't do anything without getting another warrent to specifically search for drugs.
Right, but the reverse is allowed. That is if they have a warrent to search your closet for drugs, and find a dead body they can take that. The reason is someone searching for drugs would reasonabbly be expected to see a dead body while searching that closet for drugs. If Their warrent is for a body and they find a walk in closet full of drugs (Severall million dollars worth I'd imangine) they could count that because the sear quanity in that place means they have to search the drugs for the body. But if they are searching the closet for a body and find one joint it would probably be thrown out. (If the joint was on the coffee table in the living room though, and obviously illegal they could take that because a reasonable person would find it while looking for a body.
There are other situations, but the point is that if someone would reasonabbly find it while searching for something else they can take it. Cracking tools can hide on a kiddie porn CD, but they would have to convince a court that a reasonable person searching for a cracking program would look at a .jpg to verify it was a picture as opposed to trying to run them as a program.
is that if the FBI is wasting its resources on this guy (or even wasting its resources on a commercial hacking period), who is investigating the real criminals hacking into something more life-threatening than yankees.com? This is back to the idea of cops sitting on the side of the road pulling people over for speeding instead of preventing someone from getting raped or murdered.
From the webpage:
During a conversation about Microsoft's break in, and how the stolen source code would affect things like wine, a friend mentioned that Yankees.com had also just been hacked (I found out later that he got that infomation from The Register, specifically here, which in turn found out from here).
It is clear from the text that the guy poked around after a reported had got the news, written a story about it, but it up on the web, it then propagated to a different news agency (the register) where his friend read it.
Yes I know that nothing travels faster than the speed of bad news, but this is not a question of minutes, much more like hours.
And the FBI *IS* waisting it's time because of incompitence.
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I am involved in a linux security group. We are working on cracking our own boxes, to learn about security and hardening of systems.
What implications does the law have on us? Under the law, are we allowed to crack our computers? After all if we force our way into our own house, is that breaking and entering?
One important implication would be, what happens if one of our members should be suspected of cracking system(s). Do we automatically become liable in any way?
How do hacking sites handle this problem?
From your story, it sounds like you didn't do anything wrong except try to log into the system after you had been fired (as a kid you wouldn't know better, but you probably should have asked to arrange a time to come back and transfer files with a current sys admin) but just because you didn't do anything wrong doesn't mean that there is something evil or incompentent about suspicion towards you. Sometimes shit just happens that way.
I hope that someday you will get a little perspective and be able to think about this unfortunate event maturely, but for now, your story is an example to us on the interactions between computer users and the law - just not neccassarily the example you intended.
Kahuna Burger
...will work for Chick tracts...
a goatse.cx link just got modded up.
All is lost. The Trolls have won.
</JOKE> (if you couldnt tell already)
-inq
The Steve Jackson Games case isn't all happy endings...they were illegally raided by the U.S. Government in 1990, had their computer equipment confiscated, and received their equipment back in 1994. By that time the 286s that the government stole were useless. The damages? $300,000, of which $250,000 went to attorney's fees. Who really won this case, I ask?
So why don't the police ticket all the people rubbernecking on the interstate? Why don't the police arrest everyone left in the bank after a bank robbery?
If they didn't want anyone viewing what was done they should have shut down the site...confiscate the server hosting the site. I bet that machine isn't in the fbi's hands.
I wonder if they took the lamp too, since it was plugged into the same power strip as the computer?
If ignorance is bliss, the world is full of blissful people
Please tell me, how is a zone transfer cracking? It seems to be a way to find out what hosts are in a domain, which i doubt is illegal. Even if it was an attempt at cracking, it would be a poor one, sincei doubt he could suddenly make his IP the DNS server for everyone..
Unfortunately they probably already have their weapons drawn, and are just lookin for someone to shoot. The police could be waving a blank piece of paper in the air for all anyone knows.
Steve's Computer Service, Hobbs, NM
From his account, (to continue with your analogy a bit) he saw the building, poked around a bit, found the spraypaint & the ladders used, picked 'em up, sorted through them, etc.
All while there's a security guard watching the scene.
Feel the fear and do it anyway.
Yeah, but what actually happened was that somebody "grafitti-ed" some private property. If I went and scrawled "Yankees suck!" on franchise HQ, I'd expect a response, but not a full-scale FBI investigation.
Their response was so out of line with the crime, I can't even believe it.
/bluesninja
You are correct - I worded that poorly. What I meant was hopefully he can provide an alibi and get himself eliminated as a suspect. If he is no longer a suspect they have no reason to keep his stuff.
Could have been worse, he could have be in a country where they shot you first - then took your stuff.
I have great faith in fools - self confidence my friends call it. - Edgar Allan Poe
Interesting idea. And since such a court would probably only hear a very tiny percentage of all cases, it surely wouldn't make sense to have one in every jurisdiction. So why not make it a true technological court using the internet? The court could be physically located in some place, wherever, and would hear cases from all over the country. It could have satellite courts or "stations" around the country which would be little more than a room with a webcam and computer linked back to the main system. Hmm...
Just thinking out loud...
Say hello to zMac.
It doesn't matter if you are guilty or a threat to society, the FBI is all about impressions. The FBI is looking for someone to make an example of. The FBI is all about terror, see Waco and Ruby Ridge. They came in your home(dorm) and seized your property...so what is more freightening? Only if you have never read the history of the FBI would you not be afraid. Check out COINTELPRO. And dude they have enough on you to get a conviction because you are not going to be on trial with a jury of peers (other programmers) but with a jury of the general population which might not know a thing about Linux except what the FBI will tell them. And who will most people trust the FBI or some hacker? Get BestCrypt and encypt everything!
But therein lies the true problem. The burden of proof in any criminal investigation is on the State, not the individual. He should not have to prove that he wasn't involved, but rather the State has to prove that he was. Unfortunately, that often is not how things are carried out...
If I could only live my life with my threshold at 4...
But for them to be allowed entry into his dorm room without either HIM present or the school present.. I can't see that being ANYTHING close to legal.
UPS Sucks
This is entirely wrong. It is impossible to increase their suspicion level. The authorities already think you did it and -anything- you tell them can and will be *manipulated* for the use of incriminating you. Keeping your mouth shut until you get a lawyer is -always- the best course when you are being investigated.
Sigs are awesome huh?
Also, I'd recommend having a good hiding place for your hard drives. Coppers love collecting storage media as evidence. When they find that computer sans boot device, you're almost scot free.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Why not write to their boss, President William Jefferson Clinton, the Chief Executive of the Executive branch of the United States Federal Government (as FBI -> DOJ -> Exec Branch)? I'm sure you'll find that he's a reasonable freedom-loving American who cares deeply about the thoughts, feelings, and basic rights of all Americans (especially those hackers too stupid to stay away cracked sites before an official investigation begins). If he's not too busy renting out rooms or training interns, perhaps he could filter your complaint down to the appropriate supervisorial personnel in the FBI. I know that when I've written to him to express some point of dissatisfaction with the job the Federal Government is doing that he wrote back promptly, with an in-depth explanation of why he thought he was doing everything he possibly could to ignore the obvious solution to the issue at hand. I couldn't have been more pleased, and I think you'll have a similarly good experience!
Or, you could donate money to a group like the ACLU, who spend their time and efforts working in the legal system to address concerns about the erosion of our rights (with the possible exception of the rights that may be granted by Amendment Number Two to the Constitution- but that's got it's own watchdog group). And while the ACLU has a poor reputation because they defend the freedom of people not many other people like, they also do a lot of hard work on cases that just need to be fought (like this one, where a girl was suspended from school for casting a spell on a teacher). They do a lot of work surrounding search and seizure. Especially since some police departments apparently manage to gain considerable revenue by auctioning seized goods.
I do not have a signature
Last year I got a phone call paired with an email saying that I needed to make an appointment to meet with the Dean of Student Affairs of my smallish liberal arts school (and yes I realize I'm an idiot for even thiking about doing CS at a liberal arts school, but its too late now.)
Anyway I figure its something to do with my grades or something and I go to his office that afternoon. I'm sitting out in the waiting room, waiting for him to get done with whatever he's doing and I picked up one of the newsweeks on the Yahoo DDoS stuff and look at how the mainstream media presents the issue to the average Joe. Then he calls me into the room and tells me that they have evidence that I launched a DoS attack on a "Canadian Website". I am completely dumbfounded. They said that they needed to find out what happened or I would have the FBI knocking on my door.
I'm not script kiddie. Never have been. I have a little bit of an interest in security, but more in the areas of detection and protection, definitely not exploitation. Anyway, they want me to sign forms permitting the school to search my computer. This really freaked me out all these stories of people's equipment being raided flashed by in my head. I almost said no so I could call my parents and a lawyer, because I didn't know if that was the best thing to do, but then I realized I didn't have anything to hide.
So we march back to my dorm room and meet up with the people from the campus Computer Center (Motto: COBOL is our friend) who are going to search my PC. Well we get to my room and they want to have a look at my computer. I opened up a terminal window and their "UNIX guy" sits down stares at the screen for a few seconds then gets back up and asks me to pull up the machines IP address. I type ifconfig and highlight the address for him. Then there's some confusion. They figure out that my rommates Pentium 133 laptop running Win95 has the source address of the attack. I find it funny that their hard evidence thats pointed to me is the source address of a computer that isn't mine and on a DoS attack where it is most likely spoofed. They then start lecturing me for running Linux on my computer. They said they don't support Linux. I said that's great, I don't need support. In fact, I am paid to be their support in the dorms.
Anyway, they confiscated my rommates' computer, who is the classic stupid user, and "searched" it. They claimed that there was a virus on it that did it. You know, those pesky Canadian Website DoSing virii.
I had a meeting with The Dean of Student Affairs later and told him that I thought it was pretty crappy that they accused me basically because they knew I was a geek. He told me "thats what I get for being on the edge of technology". Yeah, that would be a shame for me to learn at an institution of higher learning. Then again, what do I know? I'm just a college student.
---- sonoffreak
Ok, As a former Resident assistant that worked in the system and had various encounters with the campus public safety, the local police, and yes the FBI. I can tell you that it is not YOUR room. It is the universities room. They can enter the room when they believe that you are violating the policies set by the university. As far as them actually taking things, that is a whole different ball of twine. My main point is, it is not your room, you just "rent"
Consider yourself lucky, kid. They could have come in blasting on auto and burned down the whole dorm just to get you. Can't be too careful with religious nuts....er, hackers.
If you aren't part of the solution, there is good money to be made prolonging the problem
The way things are set up, you only win on search warrants if you are guilty, the more guilty the better, and the warrant is bad. In the early 19th Century, the ideal was that it was hard to get a judge issued search warrant, but you did not have recourse. On the other hand, most searchs were done on the authority of the searcher and you could, and people regularly did, take them to court for the tort of treaspass. The court order search needed probably cause and the cop-initiated search needed to be reasonable, a lesser and more flexible standard. Since the mid-19th century, the courts have weakened the rules for court-ordered search to reasonable but put a lot of technical constraints on what is reasonable. The result does not serve us well either in the criminal justice (sic) system or as free citizens of a Republic. As far as I can tell, this did not start out as a big conspiracy against the citizenry, but the results are equivalent. Solving this problem takes no more that a good bill on the subject passing Congress. Sure! My statements here are my interpretation of a detailed analysis recently in either Harpers or Atlantic Monthly, probably Atlantic Monthly.
A somewhat boring story, but it illustrates my point. I could have turned off on my normal street. I was committing no crime (at least that I was aware of). However, realizing that being anywhere near a crime scene is a bad idea for anybody, I exercised common sense and avoided the scene.
This idiot started doing the very things a cracker would do to a site that had been cracked. Was he breaking the law? No. Was he being smart? NO . The site didn't ask him to do this. He had no authority to do this. He fit the profile of a cracker. He was dumb.
I'd love to learn more about how to crack cell phones - I work in the cellular industry, so it is of some bearing to my job. However, because I work in the cell industry, I have all the tools to turn that knowledge into action, and I'd have a really hard time explaining why I have that gear around (they're engineering prototypes. Honest!). As a result, I don't go to the cell phone cracking sites.
I'm not saying the FBI isn't wrong here. The way our current government conducts itself is shameful. But if I poke at a lion with a short stick, the lion may have been overreacting, but I'm still going to be the one bleeding...
www.eFax.com are spammers
>Yeah! I saw an accident the other day on the >highway before the cops got there. They should >have confiscated my car - I was driving at the >time after all.
.... no crime. You didn't get out
You drove by
of your car and search around to try and find out what happened. It seems so blatently obvious to me, yet my post gets moderated as a troll.
Out of curiosity he purposly snooped around a crime scene trying to figure out what happened. This whole time he is filling up logs with his IP and making it harder to find the real perpetrator.
i agree. i have no issues with his being questioned. I have no issues with being questioned about any crime. It's the cops' right to question me, or him, or anyone. And i have no problem with that. But this guy hasn't even been CHARGED and it's entirely obvious that he didn't do anything wrong.
questioning him is one thing, but taking his shit is and entirely different matter. not to mention the fact that he'll probably never see his boxen again.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
"Public outcry" though, resulted in the passing of a "Good Samaritan" law that says if you don't help crime victims, they you are de facto as guilty as the one committing the crime.
So if I see a hacked web site, the law requires me to help. Find the cause of the crack, yes, even patch the site if possible to prevent future cracking, and maybe even hack back at the cracker to stop his activity.
It sounded like me he just found out what hosts were on the domain, and looked to see what was open. He didnt even attempt to get in. So if i see a body in an ally i'm not to look at it or even see if the person is alive?
Viewing the page is different than poking around in the computer after the crime. He left logs of actions of port scans, of ftp logins, of DNS zone transfers.
Now I will ask you this, how many people will actually do those activities on a server that they do not own, for the purpose of "just looking". I'm sorry, but 99% of the time, it is a hack in processes.
As someone else mentioned, its like not just viewing a crime scene, but crossing the yellow tape. Whether or not he did the original crime, tampering with what may have been used to cause it, which then resulting in his IP in the logs, could easily be found as either a hacker looking back over his work, or, how about this: Tampering with evidence. By adding hack-like activity to server log, which is on a server being investigated, activity as such could be done to purposely fool investigators. If they decide to charge him on tampering with evidence, I would certainly support the government.
There is a definate line between looking at the page, and digging through the server. He definately crossed it, and whether an attack was carried out or not, if it appears an attack was in progress he can be arrested or sued, Sure, port scanning may not be illegal, but attempted breakins are. The line is very fine, infact its more or less decided by a 12 average citizens who know nothing about computers, who are given evidence that someone was snooping around inside the server. Guess what, 99 out of 100 times he would be convicted.
I'm sorry, just blatently bad decisions on his part. You people should get a reality check.
www.atacomm.com - The Leader in VoIP Product Distributi
I am trying to figure out what happened between the time you learned that three systems were down and the time you were served with the warrant.
Did you try to get in touch with the ISP? You said you were on good terms with them. Did you call them up and offer help or did you just figure they would come to arrest you?
- (c) 2018 Hank Zimmerman
I hope you are using hyperbole to make a point with this post. Commenting on public knowledge on a published story cannot be compared to actual scanning of a server computer.
I will agree that passive scanning and some probing of open ports on a computer isn't nessiaryly a crime with no other action, it is behaviour that can warrant further investigation especialy after a crime has been commited on that same server.
The point I want to reitterate here is that perhaps you shouldn't go snooping around computers that aren't yours. Over the years "I am just curious." and "I wanted to see if I could do it." have been used as escuses for hackers that have done everything from simple probing of a server to breaking into the phone system. The criminal justice system and most of the public have grown tired of these escuses and their use as a defence has been refuted numerous times in court. You would want the police to take notice of a thug going around your parking lot trying car doors with a slim jim in his hand, and System Admins would like the police to take notice and investigate people who "shake the handles" of their servers.
I swear I'm not trolling. But I really find this to be an idiotic idea. Don't take it personnally h3x0r.
1. You would need alot of electricity. Like a city block worth.
2. The agents would feel the magnetic pulse on their guns and pens etc. They would know something would be up.
3. Can you say destruction of evidence in front of FBI agents? Even a normal agent would get angery over this and really try to nail you. Think about this: Police raid my home because they suspect I'm selling illegal drugs. They catch me flushing something down the toilet. I insist that its only my homework and various Pokemon toys. What do you think a resonable agent would think? How would they then treat the case?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Please tell me you're not calling him a criminal based on these two acts. Think of his actions as walking down the street, noting that the door to some random house was standing open, and continuing along his way. And then being brought in for questioning in relation to a burglary at that house which occurred hours before he passed by. Seeing that there is a vulnerability is not a crime. It is only using that vulnerability that is wrong.
please tell me why you need to...
Please tell me why you need to read Slashdot. Answer: you don't. /. doesn't provide you with food, oxygen, water, or shelter, and that's really about all you *need*. Lack of necessity is perhaps the worst reason I've ever heard to not do something. The guy is curious; there's no reason whatsoever to punish someone for harmless curiousity.
If only the FBI hired some /. geeks to do their investigations, then maybe there wouldn't even be a need to check out innocent people.
Also, it doesn't make sense that the FBI wipes all your data after they investigate. If it were a business and you had critical information on there (i.e. billing information, etc) couldn't you sue them for deleting it?
The FBI seems to have lost their objectivity when it comes to requesting search warrants.
They are intended to be used for INVESTIGATIVE purposes only. That's not what happened here. If the guy had logged in 20 seconds after the server was cracked, then yes, I could understand why the Feds would take a special interest in his box, however, this is like walking into a convenience store the day after it was robbed by someone of a completely different height, weight, body-type, race, etc. And getting strip searched for it.
Right now, the FBI is under an enormous amount of pressure to catch "The evil online people who will steal our credit cards or hurt our children." The old adage, "You shouldn't be worried if you've got nothing to hide." doesn't really apply anymore (as if it ever did). Search warrants have become PREVENTATIVE measures. To scare people who have shown an interest in something illegal, even if there is no evidance to suggest they have actually done something. These days if you say or do the wrong thing online, you can get raided just like that. Even if what you did was not actually illegal itself. The search warrant saves the FBI the trouble of actually investigating you and spending some of their time following the innocent until proven guilty mantra. Just knock on enough doors at 5am and you can be sure that you will find someone guilty. The innocent ones can go back to their normal lives like nothing happened (yeah, right) and the guilty ones can give agents the professional boost they need.
Of course not. what i'm wondering about though, is that a warrent is for specific evidence for a specific crime. why were they also checking for kiddie porn? Believe me, i don't want kiddie porn to exist as much as the next person, but i also belive very stongly the police need to follow the rules that have been set. If the police are searching your house for illegal copies of a movie and find pot, they can't do anything about the pot (except go back to the judge and say we saw some pot lying around, can we have a warrent for that?). The police must be held to these strict rules lest they begin trampling the rights of all.
Who told you to spy on your neighbour not to mention sell him out to the cops? What did this guy ever do to you?
Well if you must know, I found out because one day he asked me to help back up some mp3's for him using my burner, and he shared his hard drive using microsoft file sharing. I mounted it with RHUMBA. He was assuming I wouldn't look in every directory. Enough said.
And just how did you know he was running an ftp server with kiddie porn? Downloaded it yourself, didn't you? Hypocrits.
Well it's hard to tell someone's doing something illegal without seeing it. Of course, when you see a directory with about 11,000 jpg's in it and they all have names like 01123hgf-11-23-89.jpg you really don't know what you're in for till you open them. All I can say is it was a truly horrible 60 seconds.
Why did I call the cops? Because he spent a lot of time on AOL and on the phone trying to get kids to meet him in our dorm room. And that was something I couldn't let happen.
I know you're trying to provoke me to respond, so there are the facts, and I stand by my actions.
--
What happens when you outlaw guns
Could this work? Maybe, but you'll have trouble explaining all the poor pacemaker-equipped door-to-door salesmen dropping dead on your front stoop.
Dude, read the article. He didn't just *view* it, he connected to the FTP port, and did port scans on the primary nameserver. That's not criminal behavior, but it's *going* to look suspicious -- at least it does when someone I don't know does it to my machines.
He just picked a very bad time to poke around at those machines, is all.
Make me aerodynamic in the evening air
according to your opinion then, i am doing a criminal act for doing zone transfers to random domain servers?
:) , try and stop me
i can do a zone transfer to anywhere i want to
hey, if the dns server allows me to do a zone transfer, great! it shouldnt have let me to do that if they wanted the dns zone to be a secret.
Cybie! aka Ralph Bonnell
the fbi's role comes (as almost all legitimate fed gubmint power over states) loosely from the interstate commerce clause. State police are fine and dandy for in-state crime. What do you do when you have crime on a broader level in multiple jurisdictions (or NO state jurisdiction, as the case may be)? The FBI is CERTAINLY corrupt, but it is CERTAINLY necessarly in some form.
You might want to be more careful with your lucky little +1 in the future. Such massively unfair comparisions might get you modded down.
Seeing what public services a site is running is in no way similar entering someone's home. You set up DNS, FTP, and other servers because you want people to use them. If a business has an unlabelled door, it's reasonable to assume that it's publically usable. If the door isn't for public use, it's either labelled as such ("Employees Only"), or locked. This guy didn't even generally port scan (it sounds like), he looked for common and generally available doors. He didn't attempt to actually gain access through those services in any way not intended for the public.
Your babbling on about taking the rock is even more inappropriate. Did he steal any evidence? No. Did he destroy, remove, or otherwise damage any evidence? No. He was just an irritating rubber-necker.
Lastly, problem isn't even that the FBI questioned him. The problem is that they seized his property on questionable grounds. Given the nature of evidence, he may not see his property back before it is close to valueless. Even more importantly, much of his data is probably gone.
Search 2010 Gen Con events
IMNSHO, there is absolutely no reason why LEOs should have a warrant to seize disks, CDs, etc. when on a fishing expe... uh, investigating a crime. They can copy whatever they need to another drive. Even books could be taken to the station to scan/microfiche any marginal notes that might seem relevant, and then returned promptly to the "suspect".
This is the difference between gathering information for an investigation, and asset forfeiture (spit).
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
You might not agree with the FBI actions but you do ultimately agree with the aims of the FBI - wipe out crime - The difference come in a) what counts as a crime (b) the methods that you can use to achive the aim. Lets say that he shot the FBI to protect his rights [I'll miss out the " " as not to be labelled a bedwetter] and keep his PC. He'd have either been arrested or shot. In all likeliness, public opinion would be turned against him. Instead let them take the PC. Let the FBI do crazy things. Turn public opinion against the FBI and get the rules changed.
Just because something comes into law by way of treaty adoption doesn't mean that it doesn't have to be constitutional.
Sorry, but you are in error - treaties override the constitutional protections provided they are ratified - which requires very little.
--
-=DaveHowe=-
...the agents were probably Yankees fans!
-MR
-Michael Roy Some people are like Slinkies. Not really useful, but you can't help smiling when you see one tumble down
http://www.mynipple.com/
-- Tom Rathborne
Also, lets say the war on drugs was a valid fight for the government to fight. If someone sneaks drugs from Mexico up to Arizona, then eventually crosses the state line to New Mexico, the crimes committed were in Arizona and New Mexico. In this case, rather than having the FBI or someone go after this person, they would be liable by both the Arizona and New Mexico police. The person has committed crimes in two states, making the possible punishment even stronger (should be appealing to the people that think they are safer by stronger punishments.) I guess I am naieve, but I don't see a use for a federal police. The purpose of the federal government was to basically let the states have some semblance of unification, but not pass any real laws other than very basic things to protect the rights that were given to people in the constitution.
Mas vale cholo, que mal acompañado.
Also, see Kevin Mitnick's and other's comments in interviews on this issue. If your systems have encrypted files, the feds will want to see what you have. They will want the keys, or you will probably never see your shit. Ever.
'Hail Eris, baby, hail Eris...pfffffffttt.' *cough* 'Yeah.'
"an armed populace not only protects the nation but protects itself from the government and keeps it from getting out of line."
hmmm nope I don't see the word gun or firearm there , did I miss something?
Speaking of grounds, I believe my coffee is ready.
Being investigated is a long way from being a criminal, so I suggest all you mind readers out here pipe down with all the rants "innocent till proven guilty", etc.etc.etc... Nobody is saying this man is guilty of anything at this time. It could be that the only reason FBI wants his system is to have a look/see if someone was bouncing traffic off his system.
cat
So he pokes around in a crime scene before the cops get there, and leave some fingerprints. Of course he'll be a suspect.
Of course, whether the FBI should actually be allowed to take his computer stuff (even his books) is a different question.
--
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
Downloading MP3s isn't a crime. Distributing them publicly is a crime. I can send some to my friend and I've done nothing wrong, but if i put them on my public ftp server and post the address in irc, then i'm distributing. According to Hillary Rosen, the RIAA isn't concerned with you sharing music with your friends.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Does this guy have any history of censure from a school or company for any type of "hacking"? I know guys who have gotten in trouble, but not arrested, for reading people's email, port scanning, etc. The reason I ask this story is that I wonder schools or businesses give information like that to the FBI. If this guy had a history like that, and the FBI knew about it, it could explain why they showed up at his house.
I think a story like this is far more effective than attempting to hold off the FBI with firearms (the equivalent of committing suicide).
I have to pipe up here. I'll tell a nice tale of anonymous woe. It goes a little something like this:
NASA gets hacked. NASA cracker connects to a persons box at their house off their t1 running an irc server. The irc server, as many do, auto connects back -- gets ident, and checks for open 1080 or 23 (and will deny if either is open). The person is let on irc. A matter of days later, the FBI is contacting the individual's employer. The persons VP of security has worked with the FBI before, and explains that minus his cajoling, the person would be arrested. The person is forced to make an image of the whole computers drive -- a very fortunate swing, and the VP advises that confiscation of the box may follow anyhow. The person is advised to cooperate fully because "they have broken the law". IE, the automated port checking process constitutes violations of anti-hacking provisions. (If you look up the statues, most say 'willfully and knowingly')
The fact that the true cracker set of the connections? Irrelevent. The whole thing blew over with nothing more than the taking of the image of the computer, but still, the incredible willingness of the VP to agree with the FBIs twisted interpretation that the automatic hacked-box-checks constituted hacking in itself, was unbelievable.
If you ever find yourself in this situation, you're definitely best off getting a lawyer immediately, and you may want to try to get some legal assistance, possibly just a contact for your lawyer to talk to, at some place like EFF, if you're in this sort of situation.
On the plus side, for every horror story, the FBI does a clean, competent investigation, but these issues are the sorts of thing that need a lot more activism from this community in the legal circle in order to make sure things don't go awry. If everyone in the country who held the slashdot view of the DMCAs bad provisions were talking to their elected representatives about it, we'd be much more heard. We need to police the laws that are passed related to computer crime, because too many are overreaching. If you're the FBI, its easy to say: we'll aim for overbroad, and just let the innocent people slip through the cracks. Appealing because you can decide, and you can use the overbroad law as leverage against anyone reluctant to help you who may be involved. That's unacceptable, and the legal advice many congressmen and senators get is dismal. They need good advice AND good analogies they can carry into their work to convince others and make a convincing argument.
Um, innocent until proven guilty? Oh wait, I thought we still had rights.
Funny how in an age of technology rights don't matter at all. If someone hit an old lady with a car the same make as mine, could the government seize my car until they proved that I didn't do it? It seems like that's what they are doing to this guy. Why do they get to sieze your equipment until they 'prove' that you didn't do anything wrong? Something just doesn't seem right about that.
Bite my yammer.
Jes, I'm scared now Joe
Search warrant. Rights waived by judicial system. You have the right to bear arms, not use them indescriminantly. There is no conflict here, it is set up so 2 distant parties, one of them neutral, must come to an agreement before this can happen.
Although I do see another poster in this threads point that you might have a smidgen of a case if you pursued the fact that you shot them do to trespassing without giving opportunity to inspect the warrant. You'd lose of course, but its a good point.
Alot of mention has been made on the rights we have, is the US like Nazi Germany. I personally believe we do in fact, live in a police state. To wit, ask yourself these questions:
1) Does the United States follow, in spirit and in letter, the concept of innocence until proven guilty?
No. The broad application of warrant, search and seizure laws, and the total absence of the legal premisis of "narrowly construed" has been slowly eroded away. These days, if you have been served with a warrant, and, have been questioned by the police, the usual assumption is that you are guilty.
2) Do the police actually investigate a matter without bias, and with impartiality?
No. This has always been a major problem for both local and federal authorities. When they feel they have a prime suspect, all other leads become trivial. And not worth investigating. Even if evidence of innocence of the prime suspect could be uncovered.
3) Do we live under an unspoken law of guilt by association?
Yes. Terms like "hacker" and whatnot are used to vilify and persecute people who are innocent.
4) Are there severe loopholes in laws which allow police to run rampantly over individual liberty?
Yes. Carnivore is an example of this. If the EU type ISP laws get into the act here in the US, then we are really screwed. Because, if your forced to hand over your encryption keys, you are no longer secure in your person. And any law protecting you from unreasonable search and seizure are moot.
So lets see, unchecked police and political power, guilt by association, persecution due to label, so far so good. Sounding alot like Nazi germany to me. Lets go further:
5) Are uninformed people attempting to pass laws which label people with terms like "hacker" and "hacking" and prosecute them for associations?
Yes. In fact, there are several countries attempting this. Im sure it will only be a matter of time before this mindset gets to the United States.
Gee, whats next, will someone who is a geek be forced to wear an armband in public? How about a scarlet letter?
And, now for the kicker:
6) are the minority in almost firm control, in one way or another, of the majority.
Yes. With things like the DMCA, and minorities trying to kill off things like Reverse engineering, Donna Rice trying to censor the web, you have alot of minorities, trying to subvert the majorities. All in the name of profit, morality, and narrow mindedness.
There was a time when the law was to be kept narrowly construed. In order to make sure it wasnt used as a hammer. Now, the only thing being narrowly construed is thought and reasoning ability.
I was born an american citizen. I am embarrassed to be one these days. My father was an Air Force Vet, he fought for this country, and the way of life. Before his death, he saw this police state coming about. It upset him greatly, that police got warrants, based on suspicion, and conjecture, and, went about ruining people's lives, and they dont apologize when they are wrong. Nor are they forthcoming in returning what they steal.
Its getting worse. The United States is becoming a police state, run by corporate america, and, narrow minded politicians, who care more about themselves, their wallet, and what they want. In an ironic way, we are faced with the same dilemma as the original 13 colonies.
We once again, have a situation where we have no representation. We elect people who dont listen to those who elect them. We choose the lesser of two evils. And, we have no other recourse.
I give it another 100 years tops. Before you see armed revolt. *sigh*. The great experiment is at its peak, and will start its decline. Harry Truman warned that if you want to know how to avoid decline, in the United States, keep the history of the Romans close to your heart. Nobody in government has done this. And those who do not learn history, are doomed to repeat it.
Supernaut
The most irritating thing our friend will find out is that his computer is now evidence. He's not going to get it back any time in the near, or not so near future. See Steve Jackson Games.
Warrents are about the only thing that's actually fairly close to reality in TV crime shows. They aren't hard for the cops to get. Judges don't know any better and take the DOJ/DA's word for it as far as if it's needed.
The piano wire thing was bogus disinformation from a police department that also treated the press to stories about our convergence space having bomb-making materials. Our pepper-spray preparations turned out to be some seized peppers from the kitchen and molotov cocktail was a plastic bottle with a rag in it. As any retard knows, molotov cocktails require *glass* bottles, but this was lost on the press.
Oddly enough, I heard the "piano wire" report on the police scanner while I was heading downtown to rendezvous with the black bloc. I have to wonder if this story got distributed based on a misunderstanding within the police comms network. Activists engaged in lockdowns WERE stringing up YARN to block intersections, which could have been mistaken for piano wire from a distance, but close up it was easy to see.
Thank you for the suggestion. I'll try and find it.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
"Everybody with half a brain knows that a bunch of hicks with guns ain't never stopped shit."
;)
Don't forget the Revolutionary War
This is on k5 also. K5
>People, guns are not the way to hold on to your rights.
They're not until the whole society has gone to hell in a handbasket, until there's nothing to lose and everything to win -- and then they are the ONLY way.
Most pro-RKBA people aren't advocating crazy stuff like shooting FBI agents who are serving a search warrant. Instead, we are trying to hold on to this essential liberty so we have some insurance should the "dark times" come upon us. Which isn't going to happen in a year, or 5, or 10, probably -- but what about 100 years in the future? 500? Can any of us see that far ahead? Of course not.
Things could get REALLY bad, even in America, given enough time. Bad enough that Joe Average Citizen Taxpayer might contemplate violence to protect himself from the state. And in that case, Joe better have a rifle.
I think that is the pro-RKBA argument in a nutshell.
heres some other good books :o npublishing.com/criminal/catalog/lawenforc ement/index.shtml+0-87084-348-6&hl=en
http://www.google.com/search?q=cache:www.anders
That's when you give them the OTHER password... the one that wipes the filesystem by writing random data over it a few times, then 0's
>This is the equivalent to coming upon a murder
>scene, picking up the weapon and getting your
>fingerprints on it, putting it back down and
>continuing on your way while whistling
>innocently.
Let's all get one thing straight: A WEBSITE IS NOT A HUMAN BEING. This is *nothing* like a murder case.
Also remember if you want to use you 5th amendment rights (against self incrimination).. you must decline to answer ANY/ALL questions (or you have waived your rights).
UPS Sucks
I live 5 blocks from the RPI campus.
The FBI should look at some things...
#1: Look at some timestamps on log files... If what was written is true he wasn't into the webpage until after it had been posted on various news sites.
#2: The that might possibly in 3000 years turn out to be evidance and now it's the governments crap of confiscating computers is ludicrous. How could looking at a site be considered grounds for a search warrent?
Things like this are pathetic.
Do you Gentoo!?
get too thick, I would like to point out that your average FBI field agent is clueless when it comes to computers. They are there to get a statement, and grab anything that remotely looks like evidence. Frankly, I'm surprised that they gave the guy back his box of junk parts.
The reason they grab everything is that unless proper forensic analysis is done on a computer, it is possible to innocently overwrite what was up to that point evidence. FBI field agents know this sort of thing look very bad on their records.
Now, assuming the original poster is innocent, his problem will be getting his stuff back from the feds after they decide he is not a suspect and anytime before the case goes to trial. If you want more information, click one of the links to the Hacker Crackdown that are destined to appear shortly (if they haven't already).
But if you say "Eat a dick, pig!" there wouldn't be any way they could use that as evidence against you.
While it isn't nice to take ones computer, I'm a little surprised they were able to get a search warrant (the judge should be faulted, if anyone). It's possible as others have said that the 'return to the scene of the crime' possibility was the reason they were looking and probably taking a close look at anybody who showed up at that site and did more than just 'look'. If whoever altered the site was also capable of wiping out the logs, then they only have those going forward to see who was 'visiting' . Not saying I agree with them, but I can understand their logic. I think they exceeded the bounds of search warrant when they checked the 'porn' CD. IANAL, but isn't a warrant usually fairly restrictive as to WHAT is to be searched for? and if something else is scanned/searched outside of that in the warrant, aren't they SOL in trying to prosecute even if they DO find something?
See the same article on Kuro5hin - the responses there make interesting reading as well.
Richy C.
--
Because this wasn't the Olympic bombing, I guess.
You're all missing the impetus behind all this! The Yankees are a high-profile organization right? The guys who run the Yankees are VERY rich people right? So imagine this, you're the manager/owner/whatever of the Yankees, you wake up one day, roll out of your four thousand dollar bed and turn on your computer. Your homepage is Yankees.com (how cute) and you notice it's been tweaked. OR you're the webmaster @ Yankees.com and you notice upon routine checking of the site/availability/whatever that it's been tweaked... you call the owner or the owner finds it on his own. Point being, the funnelling stops here and it's now the owner who makes the call to his buddies who pull some strings in the FBI to get this stuff investigated ASAP! Not tomorrow, not after breakfast, RIGHT NOW! So they do, they expedite the warrant process and get right down to business. I mean come on people, you think every hacked page gets the FBI's attention in as little as 48/72 hours? Or that they routinely pair up a field agent with someone who actually knows computers? Whether or not this guy should or shouldn't be doing his forensic checking is a WHOLE other issue. My point (cuz I think I have one) is that the Feds treatment of this is RARE! The only time the Feds take this shit seriously is when it's high-profile (i.e. big MONEY losses or GAINED) or when there's an interpersonal tie with the feds themselves. A personal relationship with someone in the bureau. I myself have been/or are currently under their "watch" and it's ONLY because of a personal tie one person had with them directly... if not for that, nothing would ever have come of my "wrong-doing".
I am not going to go into details on this as I have the sites bookmarked at home and forgot some of the facts, however, since it was initially put into service by J. Edgar Hoover, the FBI has always been a corrupt force. Hoover himself was a very dangerous man, and had he lived to see the computer industry we have now, he would probably be keeping his index card files in a database instead. He basically caused the harassment of many people for having "unamerican" opinions and points of view. He was one of the main people that fueled McCarthy to his witch hunt as well. Basically, the FBI serves no purpose, as it is the duty of the states to have the police and other forms of law enforcement, not the federal government. Also, it is a sign of the fact that the federal government is too powerful, because originally they did not have enough laws that they would need to enforce them with police. I would think it is consistant with libertarian logic to eliminate the FBI, but I have not seen anything from Browne or other people within the Libertarian party saying that. I guess the tradition carries on, and the FBI probably has some information to blackmail them with just like Hoover did with all of his enemies.
Mas vale cholo, que mal acompañado.
he port scanned it. that seems to constitute suspicious activity to me. that's like walking into a murder scene, poking around and then trying to explain to the cops that you were just curious. Of course they are going to quetion everyone who was behaving suspiciously in the vicinity of a crime scene.
.^
.^
Of course, Having the FBI investigate this is kind of silly too, I mean would they investigate grafitti on Yankee Stadium too?
^.
( @ )
^.
I bet the guys in St. Petersburg, who cracked into Microsoft were running Cagey BeOS!
--
A feeling of having made the same mistake before: Deja Foobar
.. but when people with badges are asking you questions, your only respose should be to reply with a question or to not reply at all. This is especially true in traffic cases, as the first thing the cop will try to do is get a confession out of you - "Do you know how fast you were going?" If you say something like, "I think I was going 75 or 80", even though his radar gun said 83, he can write you down for 80 and get it to stand in court (radar tickets can be easy to beat) because that's what you said. So you've answered the Public Servant's question (who you don't even really know is a public servant, he could be an imposter - just 'cause his car has a light bar in no way means that he's valid) with the very best of intentions, hopefully making him so pleased with your obedience to his will that he'll let you off. It's never worked for me. In this case, they were out to hang, details didn't matter, they were going to take your computers, no matter what you said. The side of the road is not a courtroom, and people shouldn't treat it as such.
Learn the rules so you know how to break them properly.
www.teslabox.com
This guy pokes and prods a machine that has been hacked, riddling his IP all over the machine... of COURSE they're going to confiscate his stuff! They know two things about him: he's a stupid hacker who returned to the scene of the crime, OR he's a stupid student who doesn't realize that he's putting his fingerprints all over the smoking gun.
This is not a case of the FBI abusing their power, its a case of a student stiking his nose in a place he shouldn't be. I'd expect this sort of reaction from the FBI.
Kiss your computers goodbye
My roommate and I called the cops my junior year in college, when we found a guy in our suite running an ftp server with kiddie porn.
When the FBI comes to take your computer, you don't get it back. They didn't just take this kid's machine, they took my machine too - since our ethernet ran through the same hub, they were able to extend the search warrant. I got my computer back 2 years later. It's still sitting in my basement, running bsd, like it was before they took it.
Remember, you live in a free society until you don't. Due process for you is going to mean that they will duly detain your computers and schoolwork till it is useless to you.
Shame on you for being so smart.
--
What happens when you outlaw guns
I got raided by the fbi and dyfed powys police in the UK. They were not so nice. They removed everything from my room including my phone socket! (go figure) and even made my bed when they left?!
But I did bring it on myself because of some hacking activities=)
It was still quite scary because they woke me up two and I thought I was dreaming for the first 5 mins!
- "One fry short of a Happy Meal."
And
Carnivore Lite for making hasty decisions based upon the flimsiest coincidences!
A Reno® product
--
A feeling of having made the same mistake before: Deja Foobar
"Does this guy have any history of censure from a school or company for any type of "hacking"? I know guys who have gotten in trouble, but not arrested, for reading people's email, port scanning, etc."
:-)
Even if he did, would it prove anything? Or a better question would be, should it prove anything?
When I first went to school, I had my first experience with a network. I started working in the computer labs and decided to check out the network. We were running a Novell network on DOS systems. I had no idea whatsoever what anything was, but I did what I viewed to be the most efficient way to find out what a program does. I ran everything (on a lab machine, of course). I was not able to do anything important, but I learned a lot about the capabilities of the network. About 10 minutes after I had finished, the head of the Tech Services department came into the lab and asked if I was . He told me I shouldn't be playing with the programs. I told him I thought they were okay (they were in a "public" directory!
2 years later, after working with each person in the department and showing them I knew what I was doing and was trustworthy (or so I thought), I was turned down a technical job for the reason that I was a "security risk." Or too dangerous or something.. Umm.. Right..
My point, if you're still with my rambling, is that something may be counted as "hacking" even if it doesn't make any sense to anyone who knows a flip about computers. So chances are, everyone here has a "hacking" record of some sort..
I traded in my angst and all I got was this lousy ennui.
The first thing to keep in mind when the FBI knocks on your door is that you shouldn't talk with them. Don't try and crack jokes or explain what might be going on. Don't answer their questions. Don't say anything other than you want to see a lawyer.
These guys are trained professional terrorists. They have all kinds of behavioral science training and they have experience with PsyOps, which you all should read up on.
I'm glad that this brave hacker has the balls to relate his experience. The FBI wants us to fear them. They are the bad guys, but don't think you are ever in this alone. There are many people out there who don't like the FBI.
It's also important to realize that those of us who are Americans aren't living in some enlightened democracy where the cops are just our good friends because they keep the streets "clean." No, the United States has more cops than any other country and it just completed an expensive effort to militarize the police. If any of you have paid attention to the recent anti-capitalist protests, you can see that they've taken the gloves off. I had friends who were planning for the anti-World Bank demo in Washington, DC last April. The Secret Service broke into their apartment and stole research materials.
In Philadelphia, during the anti-Republican Convention protests, the police sent undercover cops into the organizing spaces being used by activists. Some cops even helped some friends of mine build a float.
So the watchword is: be careful, but don't be afraid.
Someday we'll defeat these guys.
I'm a proponent of the second amendment, but why in the world would this help in this particular case? When the FBI knocks on the door, are you gonna start blazing away?
The knowledge that people own guns CANNOT keep the police force from doing what it must to uphold the law. If that happens, then crime takes over and the anti-gun freaks are suddenly correct.
-- Mojo Tooth : exploring our world as only an idiot can.
Ok.
What about ORBS.ORG?
They scan, looking for exploitable holes in e-mail programs. And log for vulnerabilites. Post the found vulnerable systems on the internet.
If it was said on slashdot, it MUST be true!
Define "Plain Sight"
You have CDs that are not mounted. Are the contents in plain sight?
But the fact that they STILL have his stuff and have not charged him (and probably won't) is totally ludicrous. Is there anyone we can write to to yell about this? Not that it would do any good...
If you are curious on what the FBI has on it's files regarding you make a FOIA request. They are obligated under law to provide you with your file unless it compromises national security or an impending investigation (which tells you almost as much as if you recieved it!) Packetstorm has the instructions at the URL below.
Getting your FBI file
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
1. Publicly available. 2. One had NOTHING to do with the problem (Kernel Hacking??? I understand the BIND book but Kernel hacking?? Mebbe, but I doubt it.).
He was doing what others might deem as suspicous things. DNS lookups are cool and some of the other things but connecting to semi-random servers isn't (I know, they are not totally random, but they aren't things a normal person would do.).
Gorkman
This is just an example of what a non tech savy FBI can do.
- Reading logs franticly. Under pressure from yankee corp none the less.
- Needing a scapegoat.
- Getting a scapegoat.
- Finding that said scapegoat is not a typical "Evil warez kiddie bent on global destruction [EWKBOGD](TM 1993 US Goverment)"
- Searching his things for "Kiddie Porn"
- Ending up charging them with something and most likely getting somewherd with the case because the judge will not know jack about the subject or even the particular law they are using.
ARG!
---------
Defraggle
Keeper of the monkeys
Not.
The average person reading that article, no matter how unbiased it tried to be, would automatically leap to the "Evil hacker, he must've fought 'em because he's guilty as hell" mindset. And that's simply not beneficial to anyone except for the true hacker, who suddenly finds himself with a convenient scapegoat.
Sounds to me like this guy responded appropriately.
-Llew "I've wrestled with reality for years, and, I'm proud to say, I won" Silverhand
did they simply look at the log of yankees.com and see the schools firewall ip, then request the schools firewall log for that day, then simply wrote out a warrent for the ocupant of the room that held that IP? is suspicion enough to issue a warrent? since when does scanning ports and dns routes deem illegal, how do they justify a warrent on these grounds. obviously no illegal break throughs were commited through his IP. What grounds do they have to confiscate private property.
-= Briareos =-
Why don't we just shoot those bastards and take a bite out of the United States of Corrupt America ? We don't see the RCMP raiding dorms or overreacting in any similar style to computer crime. It's akin to sending a swat team for a speeding ticket, except security geeks don't cause fatalities. Time to turn off Corporate MindFuck TV and get back to reality.
-Billco, Fnarg.com
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759 there ya go REMEMBER THIS PEOPLE
Some instructions on what to do if you are stopped by the police and a handy card to carry in your wallet.
Do you ever feel like there are people watching you? You're not alone.
The FBI managed to get a search warrant based on logs from a firewall, that showed my IP only connecting, not even logging in, hours after news of the cracking had appeared on news sites.
So essentially the FBI doesn't have a hard time getting a warrant. Does this scare anyone else concerning Carnivore? I mean, if they can get a physical search warrant this easily, what's to say it'd be more difficult to get an internet-sniff warrant?
So this guy was "Shocked! Shocked" that the FBI would find his testing of know exploits as suspicious and worthy of inquiry. If I was snooping around my neighbors house the day after they got robbed giggling all the doornobs and seeing if any of the windows were open I would get run in by the police too. You can't go around scanning other peoples' servers for exploits no matter how curious you are. If you want to play those games you have to accept the possible consequences. Maybe he can complain that the FBI hasn't been prompt in the return of his equipment, but he is under investigation for a crime. Also, it isn't the FBI's job to make sure they let you wake up and have breakfast before questioning you. They said you didn't need to answer the questions and you could have told them to ask all questions through your lawyer.
To all Hackers: Stop your whining. You want to play at being edgy and faux criminal in your actions be prepared to for what that brings you. Grow up.
Mermorize this, "I would like to talk to my lawyer"
Well at least all your MP3s and pr0n is safe. And what message does that send? The FBI doesn't give a damn about artist copyrights and the explotation of women (unless this dude bats for the other team) but for God's sake, DON'T PING SOMEONE ELSE'S BOX!
Im sorry but passing by is simply looking at the URL. What he did is more like picking up the gun looking at the chamber going around the room and trying to figure out the trajectory of the bullet and conducting and entire ballistics study
I go to a large institution, look at the email address, and this sentiment seems to be prevalent. College students these days have very few rights. Our rooms can be searched with no warning, we are forced to sign a computing center policy that gives up all rights, and if we dont fit into the khaki and white shirt stereotype, we are considered differant. And this is at a top 10 engineering school. I can't even imagine a liberal arts school.
-- the computer doesn't want any beer, no matter how much you think it does. NEVER, EVER feed your computer beer.
Hrmmmm.... you mean when all the 'well-regulated militias' turned tail and ran, leaving only the Regular Army? Yeah, I remember that.
my karma ran over your dogma
"Anyone that has ever gotten an idea based on any of my work and done something better with it-good for you."--J.Carmack
They took his frickin BOOK?
I'm sorry, but his books are not evidence. The fact that he possessed such books might be, but this did not in any way require the actual siezing of the books themselves.
As a CS student the fact that he was * required * to possess the book is probably even a matter of record.
This was a pure harrassment measure, period.
As I noted in my post the other day he should have invoked his RIGHT to * shut the hell up.*
He should have called his lawyer and insisted on his right to have his lawyer present. If he didn't have a lawyer he should have picked one out of the phone book and told them " I have FBI agents in my premisises and I need a lawyer NOW."
BEFORE all this happened he should have had off site backups. One set of those backups should have been BURIED in a capsule somewhere. He should have had backups stored using stegenography in his porn and/or Mp3's. He should have burned every note that was no longer needed. He should have written 0's to his entire HD every time he did a fresh install. He should have done this every few months even if he didn't need a new install.
Once they were there he should noted to them that his monitor, speakers, keyboard, mouse, CPU, video card, etc, were NOT evidence, only his possession of such was, and they had no right to sieze them. In fact, ONLY his HD was technically evidence. If nothing else his having noted it to them could be used as evidence against THEM in a civil suit should they ignore it. He should have noted that the supreme court has extended the protection of printing presses DIRECTLY to computers that are used for printing and thus cannot be legally siezed as evidence. He should have noted that his HD contained personal corespondence totally unrelated to the crime under investigation and that they were thus under obligation to have a warrant for SPECIFIC documents to sieze, which he would then cooperate in handing over, they have no right to sieze EVERY document. He should have noted that the supreme court has ruled that EVERY person whose e-mail is compromised by siezure without a specific warrant is due a cash settlement from the government.
In point of fact, he, and his lawyer, should have actually READ the warrant and only complied with legally SPECIFIC items contained therein.
He might even have insisted on being charged. This probably wouldn't have worked in this case, but more often than not it ends the whole damn thing right there. In any case his insistence, and their refusal, would have been more evidence for his following civil action.
"Officer, if I am suspected of a crime kindly charge me with such so that I may invoke my right to a public trial by a jury of my peers in confrontation with my accusor, otherwise I'm afraid I may have to consider this an illegal fishing expedition in violation of my civil rights and take appropriate legal action."
In fact, he could have noted that even though they have a warrant the * warrant itself might not stand up to legal scrutiny.*
Again, many of these things might not have helped him at the time, but could be invaluable in a later civil suit.
Oh yeah, he should sue the bastards. We should ALL sue the bastards every chance we get, pro se if we have to, just to make them think twice about the hassle and paperwork they'll be facing if they step out of line.
Nothing to see here, people. Please return quietly to your cubicles and continue your bean-counting activities.
Just because something comes into law by way of treaty adoption doesn't mean that it doesn't have to be constitutional. The federal government would have no power to enforce an unconstitutional treaty provision (i.e. a treaty that says all Americans must be stripped searched for Hot Grits). Oh, and IAAL.
I'm a lawyer with excellent karma. Something's gotta be wrong.
A long time ago in a town far away...
I was a young sysadmin for a very small mom and pop type isp. I had been working there for just under a year and had quickly move up the ranks from support lacky to full out director of operations. Now i'll be the first to say, at that point in time i was extreamly underqualified. After i was promoted, i worked at this isp for roughly 6 more weeks until i was fired because i couldn't keep up with the work (i was 16, in high school, and working another job). When i left that night i made sure to shake hands with my boss and thanked him for everything and did my best to show them there were no hard feelings then removed myself from wheel (for any linux nuts who don't know what wheel is, it's the BSD equiv of the group root). and went home and went to bed. The next day i noticed that about 3 systems weren't responding (i was trying to remove any data i had left on my accounts but alas couldn't). At that point in time my stomache fell. Something bad happened and i KNEW my name was going to come up because i had been fired the night before so i got rid of any grey material i might have had (ie- crack and any other sysadmin tools that well all use). And not 2 weeks later the cops came a knocking with a search warrrent. they took all my coputers (2 macs and a freebsd box) as well as lots of floppies and hard drives and anything they could find. Before i go any further let me tell you that this is one of the worst feelings you ever get... knowing that these pigs are digging thorugh your entire room in front of your parents, trying to find evidence of a crim you (i) did not commit. what's even worse is my parents actually didn't belive me. i felt so violated. Anyway, the pigs took it all and tried to get me to come with them downtown for questioning. i told them flat out, not with out a lawyer. the enext day i contacted a lawyer in hopes that they would try to question me and such... but they never did. They only returned about half my equipment and kept the rest as "evidence".
This happend 4 years ago. I haven't been questioned nor has the case been offically dropped. They were trying to pin a class a felony on me, so the statue of limitations is in thier favor if they ever do decide to charge me. (i know it's some insane amount of time.. something like 10 or 20 years). OIh and also most of the returned equipment was broken. The cops actually lied to me and my parents in saying i had removed a ahrd drive in front of them and that i broke things in my freebsd box when in fact i had not (at least my parents backed me up there).
the moral of my story? trust no one. not even your parents. people are afraid of what they don't understand and you know what? they don't understand what we as geek/nerds/hackers do. they think jsut by hearing the word hacker you are automatically braking into computers and stealing information.
As a side note... someone close to the "case" started spreading the news around the town i use to live in. i couldn't go anywhere with out people asking me about it. this was so humiliating.
I honestly think that i was framed. and if/when i find out by who i will be ready to serve any time that will result in our meeting (not that i condone this kind of action, but this country needs more justice).
rip the fucking system.
---
I am the dot in slashdot.org
As other responders have replied, the magnetic-field idea is impractical.
However, if you are REALLY serious about this, you CAN set up a device that, when triggered by lifting the computer off the table (without first disarming the device), dumps a corrosive, adhesive, or abrasive into the drive through its breather filter, effectively killing the drive. (Shaped charges are too messy, physically hazardous, and laden with legal hassles to use for this application).
Some aspects to keep in mind in such a case:
1. To effectively dodge destruction of evidence charges, the system MUST be preinstalled before they come knocking, and MUST be totally automatic in operation - NO positive action on your part to trigger or arm it.
2. This will seriously piss The Man off, so killing your data had better be worth A) having them never EVER return your stuff, and B) come back in a huff and turn your house upside-down with extreme prejudice, breaking many things and confiscating all backups and everything with more transistors in it than a Walkman.
3. You WILL need to somehow defend yourself against the destruction-of-evidence or obstruction-of-justice charge they will try to hang on you. Have a lawyer primed and ready to launch on warning; he might fill his trousers upon suddenly learning of your hard-drive-destroyer, so make sure he's informed in advance. After all, it is NOT illegal to make your computer commit seppuku when stolen.
Frankly, I cannot think of many people this would be worthwhile for.
For myself, I would rather tell The Man, "You can have my computer right now, untouched by my hands, without flashing a warrant or incurring the legal obstacles my lawyer will put in your way, BUT ONLY if you supply me, in advance, with a new system of equivalent capability as a loaner until you return my equipment. Your technician will also back up my data under my supervision before removing anything." This approach might not work either, but it's less hazardous and well worth trying.
Hey, that gives me an idea. Anyone wanna lobby for a "Replacement of Property Taken As Evidence Act" mandating the immediate replacement of confiscated computing hardware and data?
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
Typical bedwetting liberal. You put "protect his rights" in quote as if it were a joke. How do you think the German army was stopped in the 1940's? Do you think we called them gun nuts and they finally ceased their actions because they felt bad? No. Don't take those that have enough guts to protect their rights, and the rights of a country, for granted.
is do a complete backup of all information on the "questionable" drives, including "deleted" files, and so on, and then give them back. IANAL, but isn't there some rule about the defense having equal access to any information that the prosecution has? This guy says that some needed information that was not on any other source was lost because his computer was confiscated. I believe that the FBI, CIA, cops, etc. should have the ability to confiscate information, in order to process a warrant, but that information should also be speedily returned to the subject of the warrant unless charges are immediately filed. This would give anyone falsely accused the ability to continue their life, and still allow all the evidence to be in the right hands. If something incriminating WAS found, they could get a warrant for any new data and confiscate it again. my .02
Do not confuse duty with what other people expect of you; they are utterly different.Duty is a debt you owe to yourself.
the one that wipes the filesystem by writing random data over it a few times, then 0's
Does this really exist? If so, where do I get it.
---
Unto the land of the dead shalt thou be sent at last.
Surely thou shalt repent of thy cunning.
https://www.accountkiller.com/removal-requested
What is worse, the SC ruled (don't remember the case right now) that after Miranda rights, the officer DOES NOT have to tell you when you are free to go. The specific application was traffic stops...but this means that once you have answered whatever questions they have reason to ask you, they don't have to inform you that you are allowed to shut up. Be careful what you say (and how much you say).
Since I first read about it, I have wanted to install the physical security system mentioned in Cryptonomicon -- you know, the one that turns the door frame into a giant electromagnet. Sure, the "bad guys" may get your hardware, but that's about all they'll get. (And probably even less, if you can set up the magnet to pulse its field so it spikes through the electronics...)
Just out of curiosity, though, is something like this realistic? That is, would it really work the way Stephenson describes it?
At any rate, it'll have to wait until I get my own place. I think the apartment manager would get pretty pissed if I suddenly started remodeling the door to my flat.
---
GetSystemMetrics(SM_SECURE) == FALSE
it may be a bit off topic from the subject matter, but its hardly flamebait.
Which moderator has lead in their water?
rosie_bhjp
A radio maverick jumps to internet only. The Future of Rock n Roll
This person sounds very familiar, kinda like someone I once worked with, but ended up selling me out to those very same people that screwed him in the end.... :)
What goes around, comes around....
Because you stole this entire story verbatim from a poster on Kur5hin (which he has also mentioned in reply to you). I provide evidence against your pathetic, karma-whoring, plagiaristic ass.
Please note the time on this message (10:02:33 AM CST), and then note the time on the parent (12:06PM CDT).
You didn't even have the decency to change it one bit. If karma means that much to you, at least use your own effort and imagination, don't steal it from someone else.
"We obviously need a new moderation category: (-1, Woo-fucking-hoo)" --Mr. AC
If you have off-site copies of your data just restore from backups and you are off and running as if nothing ever happened.
Sorry, but having to shell out enough money to buy an entirely new computer does not fall under "nothing" where I come from.
People replying to my sig annoy me. That's why I change it all the time.
Uhhh... The militia's everyone, my friend.
Now my question is, where's my training and regulation? I think the government owes me a few weeks weapons training...
If An Agent Knocks
FYI- I was on the other side of the fence here a few years back, when we called in the police to help with a 17 year old employee who'd logged into the network after being fired, and proceeded to download all of our companys source code before wasting our source control systems (the little idiot even wasted our backup machines...but he forgot to delete the transfer logs). Two days later I received a call from the police asking me to identify some of the code they'd located, so I went down to the police station. After I got there, I was quite shocked to see that they'd not only confiscated the kids computer, but also his dads desktop machine, his dads laptop, their webserver, their DNS server, their network switch, and a ton of other crap (they even grabbed the mice!) The cop explained that when they raid a house for a computer crime, they essentially grab Everything and sort out what is, and what isn't, evidence later.
Because I'd met the kids dad and I knew he was a professional programmer, I managed to talk the police into returning the rest of the equipment. In other words, his dad got lucky in the fact that I'm a nice guy. The police wanted to hold all of the equipment as evidence at least until trial.
So yes, there is a danger there. If you are worried about your kids putting you at risk, I'd suggest doing what I've done. Put a SECURE firewall on the network and block all ports except those needed for regular mail and web usage. If you have a home office, make sure the server is located within that room and that it is LOCKED when you are not around. Then check your logs on a regular basis to see if your kid is trying to hack the firewall or bypass it...if he is, sit him down and explain the ramifications of what he is trying to do. That kid ended up spending 10 days in juvie, and working 6 months in community service for what he did...I certainly don't think you want your kid facing the same thing.
There is nothing so pathetic as seeing a beautiful young theory roughed up by a tough gang of facts.
As a parent of a child, (age 7) who is getting to be quite computer savvy - I guess this is probably a rather important question;
If the cops come in and bust my kid, whether or not he did the crime, can they, or do they usually also take the parent's computer(s)? I mean, a guy could lose his job if his company laptop is gone, with all of his data, etc. This is most unsettling.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
This is nothing new. My visit from the fbi and phone cops came during the early '80s (my 'phreaking days' with black and blue boxes). Gawd, what memories of the '80s...at the time, they were interested in some crap I hadn't even read on my 10 meg hard drive like the anarchist cookbook and some modems I found with a demon dialer.
Anyway, many others share your pain.
It is fairly easy to obtain a search warrant. It is likely that there was a likelihood (it doesn't matter how remote of a likelihood) that you were somehow connected in some way to the hacking of yankees.com. Obviously, this connection arose during your snooping of the site during its 'hacked period.'
As far as 'temporary' government confiscation of equipment? Agreed, this is a sad thing. The only hope I have seen on the screen for preventing such confiscations was the opinion in the Steve Jackson Games case where the feds took away the company computers and equipment on the basis that an employee may be hacking from their job. Because the feds sat on the equipment for an ungodly amount of time, Jackson Games sued and won $. BTW, I looked everywhere on the net for the text of this court opinion, but couldn't find it. If someone knows of a link please reply.
Without the password(s) to mount them they're boned. No evidence == you walk.
And forcing you to divulge the password violates the 5th amendment (self incrimination).
And just to be safe my filesystems are multiply encrypted through 3 loop devices each, with three different passphrases with three different strong crypto algorithms. So even is a trivial crack is "discovered" for one crypto alg, I'm protected.
That is supposed to be an impossibility.
"Congress shall pass no law..."
That prevents the laws of the country from butting heads with the rights of the citizens. Any laws you break while still within the scope of your constitutional rights are, quite simply, unconstitutional laws.
rosie_bhjp
A radio maverick jumps to internet only. The Future of Rock n Roll
This guy is clearly a Russian spy, no red-blooded American college student gets up at 7AM for no good reason.
Even though this is rather *bad* that they CAN do this and I do not like it.
I am impressed with the fact that they are that on top of some stuff.
It is shitty that they are going to have his computers until they are useless and outdated.. that needs to change some how
However I have mixed emotions about this, on one hand this is a federal agency tracking down all leads on a cybercrime most people would not give the feds credit for even being able to comprehend
On the other hand, its SCARY. I dont think i have to point out why...
Jeremy
Your judges are coming up for re-election this year. Wouldn't it be nice if the EFF or some other group got together and did a little research on how many computer-related warrants they've issued that've come up with nil..?
On the flip side, you might want to do a little research yourself, as to what each of these judges thinks, and how bright they are whenever it comes to internet matters.
I think everyone here will agree that it seems when it comes to technological issues, the courts are vastly under-educated. Look at the recent I sue you, you sue me patent scuffle over 1 click shopping.
What is needed? a seperate technological court to deal with isues of hacking, copyright etc? I think we all would have felt better if the DeCSS linking issue was handled a little better.. along with many other recent technological issues.
but who would back such a thing? (only the geeks) I'm sure authority likes to abuse its own ignorance, so that they can get these kind of unresonable seizures... how do you protect yourself from an ignorant government??
If the police are searching your house for illegal copies of a movie and find pot, they can't do anything about the pot (except go back to the judge and say we saw some pot lying around, can we have a warrent for that?).
Don't you watch any of those law shows? If the police have a warrant for the area, or are let in for any reason and find evidence in 'plain sight', it can be used. (Law & Order does this often - cops go to door with super, say 'If he's not been seen the past few days shouldn't we check on him?' and super lets them in where they grab evidence and suspect.)
What it comes down to is this: Know your rights. Keep your rights. And make dead certain that you don't attract the law's attention, because the US is a police state.
Do you like Japanese imports?
http://old.yankees.com/ ?
Odd that it's "the official site of the Anaheim Angels" , does this seem odd to anyone else? I'm not a big fan of baseball but I did not know that Anaheim angels preceeded the New York Yankees :-)
.sig --
--
...its not all that different. Granted, we don't have draconian laws like the DMCA and such, and we don't (to our knowledge) have the RCMP with records on citizens, but that said, we don't have the kinda rights on individual freedoms that you do. While we are guaranteed protection agains "unreasonable search and seizure", no one is exactly clear what comprises this, especially when it comes to computers. Now, I know people who were charged with computer-related offenses, and didn't get their equipment back for years afterwards. However, I haven't heard of hacking offenses up here like in the US. However, i think that in light of all the laws outlawing "hackers" and "crackers" in both countries, I think that some law or precident needs to be set to apply freedom laws to people with computers. I mean, if my boxen got confiscated because of firewall logs, i would be sitting on a judges ass to get it overturned.
Just my $0.02
-MR
-Michael Roy Some people are like Slinkies. Not really useful, but you can't help smiling when you see one tumble down
The thing that scares me isn't the FBI, or their tactics. They have been the same and will likely remain the same. What bothers me is that we have a Judge stupid enough to grant a search warrant on the basis of a hit logged AFTER the story had hit the presses (I read that Reg. story, and was going to visit the site, but got busy. I'm glad I didn't).
We ABSOUTELY, without a doubt, NEED judges who are clued in to technological issues, and make SURE that these types of warrants go through them. No more asking Judge Joe Bob Technophobe for a warrant baised on server logs.
Where are we going, and why am I in this handbasket?
"Hmmm. There's a small rock, like the ones they put around their plants in their front yard. They might want to know this. I think I'll just put on in my pocket."
"Whoa. Look at the mess the robbers left. I think I'll just go straighten things up a bit. Ah, man! They took the new DVD player. I was looking forward to tonight's Halloween party. I hope they left the "Blair Witch Director's Cut" disk."
"I wonder if they got the jewlery.... Let's see, I think they kept it in that box on their dresser. Well, there's no jewels in it now. I guess I just go home."
Later that day, the cops came over to ask me some questions. "What's that in your pocket?" "How did you know the DVD player was taken?" "Can we finger-print you?"
Now I'm afraid that I may be suspected for something I didn't do. The Nerve! I was just curious and trying to help.
I'd rather have someone respond than be modded up.
Moderators? Anyone? Bueller?
kc.
kc.
"You'll have to speak up, I'm wearing a towel." - Homer J. Simpson
You're right. Vote for Gore, the lesser half of Clinton-Gore, the people that brought you DMCA, UTICA, COPPA, CDA, Generalissimo Reno... Yeah, you're on the right track there!!! Whoo-hoo!
Seriously, I although I can sympathize, I really can't feel too bad about this particular case (other than that the Justice Department asked for and GOT search warrants on this flimsy of evidence). The reason why is that those of you crying a river for this poor soul would be the first calling the Fed's if you thought someone was attacking you. Well, maybe not all of you, but enough.
The pr0n issue is another story entirely. It's possible that they just wanted to make sure that the disks did not contain files related to the case (which is an OK thing to ask. These were burnt CD's), and mentioned that they better not contain kiddie pr0n, just possibly letting the guy know what the law is on that issue. Or maybe they wanted to see if it would appeal enough to the white house staff to get them a raise in the DOJ. Who knows? Regardless, HAD they found anything and taken it, the case would have been tossed out quite quickly on illegal search and seizure grounds.
PS: I believe, but am not 100% sure, that AlGore voted for Scalia. Does that mean that he APPROVES of this Judges actions? Guess you'd better not vote for him either. And, BTW, Scalia is actually appears to be a decent judge.
- No matter how subtle the wizard, a knife between the shoulder blades really cramps his style.
[ This message does not state or imply an accusation of misconduct by the man dubbed 'bofh', so put those lawyers away. This is an opinion piece -- the events as I remember them. ]
... you got caught."
Heh. I guess we all have these stories. I didn't know the whole story of what happened to me until two years later.
First, I was a student at the University of Waterloo, Canada. Very respected place, top-notch mathematics faculty that actually gives out Bachelors of Mathematics. The Computer Science Club is actually quite famous too. Anywho, U of Waterloo has a co-op program and thru co-op I got a job as a Unix Sysadmin at the Univesrity of Western Ontario, an hour's drive away. Four month contract, then back to school. I fell ill during my work term, and I had to telecommute for the last two months, but I still got stellar marks and a glowing evaluation in the end. During my time there, I spent ten minutes getting help with an SMTP server with a man reputed to be an RCMP (Americans: read FBI) toadie I'll call 'bofh' for reasons that will later become apparent.
Back at Waterloo, I was going thru a bad episode (breaking up with live-in girlfriend), and during spring break I faked a USENET posting. Not a spoof, because I wasn't pretending to be anyone, just a faked "From:" header line. I did it (in the "let's see if I can do it" fashion) by telnetting to a mail server at U of Western Ontario, faking a mail message to be sent to U Waterloo's mail-to-news gateway. The message itself was a public announcement that some newsgroups were going to be banned due to high traffic -- Waterloo had a recent big stink about newsgroups being banned because of a feminist student group complaining about objectionable content (alt.sex.fetish.lolitas somehow escaping their scrutiny). I was successful, even though I misspelled "displatch", so I went back to slouching and playing too much Xpilot.
Next morning, I get a call at home. It's bofh (I still don't know how he got my home number).
bofh: "This is bofh. Did you telnet to port 25 on machine xxxx.uwo.ca yesterday?"
me: "Uh... yes."
bofh: "You'll never touch another machine at Western again. *click*" (that's the exact quote)
Phone rings again.
Peter (of the CompSci Club): "Moses? This is Peter. The Math Department sysadmins are bloodhounding you, but Ian [a friend] found you first. Why are they tracking you down?"
So I told Peter about the mail-to-news business yesterday.
Peter: "Oh Moses, Moses, Moses.
So there was the ritual dragging me out in front of an authority figure, some tounge lashing, and a formal request to have me ousted from the CompSci Club because I was their sysadmin and couldn't be trusted (that was on the record -- off the record, nobody expected me to get kicked out over something so trivial). The CompSci Club said no, the Math Department made a politically safe "no comment," and life continued.
A week later, I'm summoned before the Asst. Dean of Mathematics, whom I'll call W. Seems the U of Western is raising a big stink, and 'something' must be done. I assume he's talking about the "displatch" event. W tells me that I can't return for a second work term at Western, and my marks will be changed to a failure for the term that just went by. I protest that this isn't fair (but actually my knees were shaking like Jell-O). He says he has to think about it. I take the chance to talk to a student ombudsman, who knows about the "displatch" event and he's surprised W. is overreacting. He suggests I approach the Student Disciplinary Committee. When next I'm summoned before W, he suggests that I be failed for the upcoming term; I protest again that I shouldn't fail something that hasn't happened yet, and it will unduely affect my chances at getting a work term somewhere else. I suggest the SD Commitee should get involved, and W threatens to expell me if I talk to the SD Commitee. I break, sorry, I was really scared. I plead that he merely suspend me for the upcoming term. He says he'll think about it. A week later when I meet with him, he tells me that he's come up with a better idea: he'll suspend me for the upcoming term. Can I agree? I point out that I gave him that idea, and I agree. I'm to be taken off the list of eligiable students for job interviews.
A week later I found out I wasn't taken off the list, and I missed three interviews. I was almost punished for not showing up to these interviews, but I badgered and pushed my way thru the department (we called it "Needless Hall") until I met a director. I told him my story to date, and he laughed and agreed to sort things out. So, I was suspended, I accepted a job offer in Toronto (which was bogus, but that's another story), and didn't have enough money to return to school for years. I got a letter from my former employer at U of Western Ontario, saying he was disappointed in me for what I've done. That kinda hurt.
Now... 2 years later, I'm working at a Toronto company, and I'm recognized as that kid who was a sysadmin at the U of Western Ontario. He says he heard what happened, so I tell him my story. He's quiet for a while, and says "That's not what I heard. Everyone at UWO was told that you were using Western computers to steal credit card numbers through the Internet."
Jumping Jehosaphat. No wonder W overreacted. And this must be what bofh ment by "You'll never touch another machine at Western again." It still burns my buns to know that W was ready to expell me when he had not even circumstantial evidence, and he wouldn't tell me what I was accused of nor listen to my side of the story. I won't return to U of Waterloo until W is no longer employed there, but I will still speak highly of it as an educational institution.
It's a frame job that changed my life forever. Thank goodness I turned it into a positive change. My friends still refer to it as the "displatch" event. I'd rather not chase after bofh for justice, beacuse I'm certain he could create some evidence against me (like the firewall logs mentioned above) and the RCMP are likely to believe him because of rumoured student-expelling 'favours' he's done them in the past. Besides, I think the false 'hacker' reputation actually helped in one job interview.
According to APBnews.com, the reason that the box was not yanked is that "most team officials were sleeping off the victory" and were slow to react because of this. Always good to know that your support staff was too hung over to fix the problem. At least poor security wasn't their only problem.
Not to excuse the deplorable behaviour of the FBI but what kind of a jackass do you have to be to start messing around a site right after it has been hacked? That is a sure way to get them (FBI, NSA, etc...) in your life asap. As for them getting the warrants. There are judges who's only job is to produce warrants for searches and seisures. Literaly they are brought the papers and all tehy do is sign them. Is thisa violation of our rights? Sure it is. If you guys are so worried about this dont vote for bush. he said he would appoint judges like Anthony Scalia. Recently Scalia wrote an opinion which seriously undermines our Miranda rights and provides very ambiguous powers to officers of the law when involved in a search. If we get three (thats how many judges the next president will probably get to appoint) more like Scalia we will be one vote short away from losing the Miranda rights. Im not saying that it would be much better under Gore just that they would at least still have to maintain some sort of legal pretense which can make a difference if you choose to take them to court.
He should have known better than to be running Freeh® BSD!
--
A feeling of having made the same mistake before: Deja Foobar
Imagine the old, computer-illiterate judge that issued the search warrant. Now picture how many judges there are like that all over the place. Like it or not, the FBI and other enforcement agencies are getting more tech-savvy. The extent to which they exploit that knowledge remains to be seen. Unless and until judges get up to speed, however, it should come as no surprise that the enforcement agencies will be able to get search warrants for "fishing trips" on pretty flimsy bases -- like, for example, evidence of web site activity that occurred after an apparent hack.
Now, really, like SJ Games, like the "War on Drugs", this is a great example of how the government is getting out of hand with its control of the people. No, he won't get his computers or data back, even if he never gets charged. The Feds just harassed and put down a non-conformist, one of "those hackers."
So what the hell does this have to do with Nader and politics? Second Amendment. If people had as much right to bear arms as the Second Amendment claimed, warrant or no the Feds would be a lot more skittish about busting in if any random citizen had firepower. Reading Jefferson, that was a significant part of the intent of the 2nd - an armed populace not only protects the nation but protects itself from the government and keeps it from getting out of line.
-----
Klactovedestene!
Aluminum foil under your hat.
And always, ALWAYS the shiny side outwards.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
And someone comes up to you with what appears to be a valid warrant. What are you supposed to do? Okay, so you call your supporvisor - what's he supposed to do? "Uhm, well, we support our student's right to privacy. We're not going to let you in." Right. It's what happens when you live in a campus environment, where lots of people have the key to your room.
Learn the rules so you know how to break them properly.
www.teslabox.com
I am not sure if I could sleep at night if was not for the FBI investigating the hack of the World Series Champs..... What would this world do? Could we possibly function as a society if web servers get defaced? God help us....
Who is the master of foxhounds, and who says the hunt has begun? -Pink Floyd
I needed to grab a compiler and other useful programs, so I started hitting FTP sites. One of which was swedishchef.lerc.nasa.gov, a major SGI distribution site at the time (LERC is/was Lewis Research Center in Cleveland, Ohio). I was also looking to configure my machine to be an FTP server for our department so I did some poking around to see how to set up an FTP server (doing anything I can looking through an anonymous FTP login).
It turns out that a few weeks later the machine was compromised, and they noticed that I had downloaded basically everything on the machine a few weeks earlier, so they came to my mom's house looking for me. I was at school at the time, nearing finals. They actually cut me some slack and came back after finals were over to come back to question me. Thankfully they didn't take anything, but it did scare the sh!t out of me for a good long while.
George!
What you describe here is exactly the kind of self-censorship they want us all force into. I've lived for most of my life in communist country where they used oppression and terror, not for the sake of it, but to make people to start with self-censorship. And it worked great. You should come and see the mental damage that is done to the people here even now...
If programs would be read like poetry, most programmers would be Vogons.
I have always wondered why hacking/cracking is considered a crime.
It seems to me that if I put a system on the "net" that is unprotected, I am liable if it gets hacked. BFD. If someone is smarter than me and figures out a way to crack my system, good for them, I am stupid, and I will die - end game. There is no crime that occurred other than me not providing the necessary safegaurds. To the victor goes the spoils. I am sure if there were no "cyber crime" lwas out there, there would be a heck of a lot more secure systems. Log evience is great for tracking down the offender, but should not be admissable in court. Yes the net is convenient, and it's a great place to do business etc, but people keep forgetting it can be dangerous too, and instead of accepting reality, they invent stupid laws. Stupid laws for stupid people.
Why are there laws in place to protect stupid people?
And another thing, It's a "CYBER" crime, why should that result in a real-world punishment? The only thing that was potentially hurt in the process were a few electrons.
It is a federal crime to lie to an FBI agent at any time. And of course you are not the person determining whether what you say is a lie. If you say something that can be misinterpreted as a lie then you open yourself up to serious charges. It may be best not to talk at all.
-stephen
Thank God the FBI is protecting us from those informative O'Reilly texts! Without them, someone may learn to actually USE the tools of the technological trade.
</sarcasm>
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Your lucky, you are legally obliged to stop (at least most states have good sameratian laws). However the law for normal people has little teath.
When I joined the emergency response team at work (Good way to learn CPR and first aid, which everyone should know) I was told that because I'm on the team it is a fellony for me to drive by an accident scene without helping. However the law is written so that I only have to be there helping until the pros show up. In other words I have to stop and do first aid but if there are any police there I don't have to.
Even still, you should make it a point to stop and help every time you are the first to a scene like that. Who cars that you are late to your plane, or whatever, a life is more valuable then anything else you could do.
Except that the "real-world" analogy doesn't hold.
Port scanning and connections cannot be considered the same as trying all entrences to a house.. If it could, then it should be compared to trying on different shirts in a shirt-store: The Yankies offer connections on one port, whats wrong with trying other ports? If they didn't want any connections on these ports, then they should firewall them....
Apart from that; it doesn't show lots of intelligence to poke around right after a crime has been committed. Not that curiosity=stupidity, but with the luddidite FBI on the loose, it's just asking for someone to take away your toys.
The '=' comparison? VHDL!
Am I the only one who thought it was odd that a hacked website was *still* up and in it's hacked state, even after the news made it onto several large news sites? Normally the first thing that people do in this sort of situation is take the site down, either by fixing the problem or pulling the power plug ...
"running something through a compiler? "
That's illeagal if you don't have the proper C# certification from Microsoft.
Are you inciting mr AC to commit an illegal act?
Microsoft needs to protect it's corporate interests. And those interests are not served by allowing every JoeBobJanDean to write their own software.
What do I have to do to get Special Agent Dana Scully to show up at my door?
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Are you sure the search warrent was based off of firewall logs? Did they tell you this?
From what I've seen, most of the crackers/script kiddies they catch are based off of "evidence" they find on IRC chat logs. A web site gets defaced, you talk about how you think it was done on IRC, and it appears you judgement is right. The feds take a shotgun approach to solving the crime and you get caught in the process (whether you did it or not). Are you really surprised they came knocking on your door?
When are people going to learn that there are some subjects which they SHOULD NOT DISCUSS on IRC, no matter how innocent they are? Consider them TABOO!! Those discussions can be used as circumstantial evidence, whether it's true or not. As wrong as it sounds, the FBI is going to place the burden of proof on you (and your computer).
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
2. If you think the requirement for a warrant is any sort of obstacle, think again. Law enforcement develops relationships with tame judges, who will issue a warrant on virtually any pretext. You might later manage to get it and the evidence it turns up suppressed, but that isn't going to stop them from coming in and taking whatever they want.
3. For any sort of controversial access (or maybe all the time, if you don't mind the small delays it causes), use a service like ZeroKnowledge Freedom. It masks your identity completely, and allows email, chat, and web browsing.
4. Encrypt your entire hard drive (keep offsite backups, because you likely won't ever get the drive back if you refuse to hand over the key). You have no idea what might be lurking on there. I have an automated program that scans newsgroups for items of interest. If it accidentally downloaded kiddie porn, I might not know it until the Gestapo has my hard drive in its hands. If you ever sent a humorous email to a friend about cracking a system, or killing your girlfriend, it might end up used against you.
The author of the article is right, you can't overdo the paranoia.
Assume you got to OJ's place that day before the
police did come in. Would you go look around,
touch knifes gloves and whatnot? Nooo... so your
carelessness has got you into trouble now, even
if it is just Internet and "real life".
My advice, don't do any really illegal shit and
don't let your curiosity push you too far into
possible trouble. If police comes to ask
questions, you should have nothing to worry
about. If they still insist on taking your stuff,
you should have a DAT backup from at most one
month away at your parents house anyway.
(in case your flat catches fire, eh Hemos)
I'll start worrying when they start hauling out people's PS2's for fear of hacking attacks.
Guvment: "We hear tell you got one of them cheat codes for SSX."
Kid: "Yes, but, but..."
Guvment: "Off we go" (hauls off the system). "See now, son, them chips can be used for missile targetting systems. Not to mention my boy Billy Joe Bob Jr. wants to play UT."
I really, honestly feel bad for this kid. He wasn't doing anything anyone else wouldn't have done (well, he did poke around a bit more than I would have, but still..) and he *apparently* wasn't malicious in his poking... They are going to either keep that damn machine and shit for the next 5 years and mysteriously misplace it, or they are going to just keep it forever outright... That sucks.
.02
I don't feel bad for him b/c of what everyone else is saying.. He fucked around in a crime scene and they came to question him about it.. This isn't Jessica Fletcher's Murder She Wrote.. He is going to lose this shit he was poking around w/even though he found out what someone else did. Tough shit for him.
No, I am NOT scared. I don't go poking my nose around a crime scene on the street wondering where the bullet entered/exited. You shouldn't have either.
Just my worthless
It is very important to understand, the FBI or DA dont care if he's guilty or innocent, they only want to make themselves look good. They want to solve the case bring swift justice to the 'hacker'. Their job is to prosecute, not defend. They will ignore everything that contradicts their case and do what they can to put this guy behind bars. Even when you know you are innocent, ignore the 'good cop' game. You should say and do nothing except get your lawyer ASAP.
-Scott scott@surrealistic.org
Ain't that Crazy! I've always figured that if the suckermint brew o' cats wanted me, then they will find a way to pin me down. The only thing I could do then would be to do myself in hari kari style taking several fools wit me. :-)
Seriously though, I used to be a real bonafide tree hugger type of cat til one day, my eyes were opened to the corruption that corporations & goverment bring to the table. Now I've become 360 degrees of living breathing "Don't tread on me".
Slowly but surely, our rights are being scraped away so much like the worn out midas brakes on my car. Yea, I tell you brethren, The right to own a gun is the last and only right that we have in this country. Should we lose that right, this country will be torn apart at the seams.
I see a day when all good and honorable technology gifted people will be forced to physically go underground due to the goverment shelling out a price on their head.
"Though Ted lost it, he was still right"
http://www.blackpeopleloveus.com/
Remember, if it doesn't say Claymore(tm), you're not fraggin' with the best.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
even if you plead guilty, he might be able to get you a lesser sentance.
Agread. I spent an afternoon watching court once (everyone should do this once in a while to check up on the legal system as an outsider!) I saw a guy who plead gulty to some minor offense and was given 7 days in jail. His lawyer was able to get the 7 days as follows: enter the jail directly after work friday night, stay all day saterday and sunday, leave money morning and go to work. That is 4 days. The judge was starting to schedual the next 3 days, but the lawyer pointed out two days were already spent when he was arrested (one night in jail). Then then judge said "No sense in one day, I'll call that a suspended sentance, if you don't get in trouble for a year you won't have to searve it. See what why you had a lawyer."
Obviously for more serious charges things will be different, but still a lawyer will do a lot for you. Get one.
Try rubberhose
Any sufficiently advanced man is indistinguishable from God
Actually, it's more directly equated to:
1) You hear the liquor store got robbed
2) You jump into your car and head over
3) Once there, you get out and walk over to the building
4) You rattle the front door to see if it's locked.
5) You rattle the back door to make sure it's locked too
6) You climb onto the roof and make sure the air ventilation shaft is properly secured.
7) You go into the sewer and check to make sure that no one tunnelled into the basement
8) You notice that a window is open in the back and try to climb through. You can't fit so you shimmy back out.
9) You go home and tell your buddies... I think they got in through the window.
You wonder why you get picked up by the cops. hel-LO. It is NOT his right to poke around someone else's system to see how it's secured. Nor is it his job. If he wants that job, put in a resume, don't just start doing the work.
- No matter how subtle the wizard, a knife between the shoulder blades really cramps his style.
port scanning, DNS lookups (whois, nslookup, etc.) are NOT illegal.
the whole point of the story is one of a very big brother-esque denial of our civil liberties. I see alot of people who know next to nothing about computers in general beyond double-clicking on IE to get an internet connection. Nevermind that they don't know how their own box works - i don't care. But they have begun to vilify those who they do not understand simply because of a few crackers.
This can be directly equated to a situation where you hear about a liquor store that got robbed so, as a curious citizen, you drive by and take a look. Being that you left some small piece of evidence that you were there at all, the FBI or whoever comes back to your house, confiscates your car and questions you. Anyone see anything wrong with this?? Anyone???
unfortunately, hackers' rights are in serious jeopardy right now. I don't see this trend stopping as more and more 'ignorant' individuals get online. they are scared of that which they do not know, and every time they hear that someone is a 'hacker' or knows what they're doing....they will instantly brand them as criminals. The only thing you can do....get a phone number of a good lawyer and make yourself comfortable here in Salem. It's gonna be a looong witch hunt.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
>which contained MP3's, DIVX's, and porn (they just wanted to make sure there was no kiddie porn) that were clearly marked as such.
:)
Ok who marks their pr0n ask pr0n and not as "Stuff"?
I believe that the FBI could have been fully in their rights to take ALL computer related items. Including the valuable pr0n collection.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
If the FBI suspect that you are armed, then they just go in with weapons drawn, making for a much more dangerous situation. If you draw your weapon to "defend" what they have a warrent to take, then you get killed.
Can I bum a sig?
Every time I hear about computer seizures by law enforcement agencies, a cold chill runs down my spine. The common perspective seems to be that a computer is an amalgam of files simply like a filing cabinet might be, and because of this, the FBI or whoever can simply cart it off for whatever reason. I don't know about you, but my computer is so much more than an amalgam of files to me. If I were saving everything in hardcopy, I wouldn't be putting it all in one cabinet. The letters to familiy and friends would go in one box, the tax forms would be stored in another, and my games would be in the toybox. Seizing a computer, in my opinion, is the equivalent of someone seizing my entire house and everything in it, simply because they think that one of my boxes contains something incriminating. If its the data that is needed, why not simply make a hard disk image? Police snap photos to use as evidence, so why is it necessary to have both the data and the simple hardware shell that it happens to be located in?
These are breasts; this is source code.
Why do you have a problem with those two things belonging to one person?
That doesn't mean that it isn't a crime. Making a mix tape for a friend is a crime. It's just that the RIAA isn't concerned about it.
-no broken link
Maybe I'm missing something obvious here, but what the fsck was the yankees.com machine doing still connected to the 'net hours after it was known to be compromised?
If they were even halfway serious about preserving any evidence on the machine, the first thing to do is _yank_the_network_cable_. Then (depending on policy) you might dump the memory before switching the machine off.
reverend lola
the titanium sheep
provider of steel wool
College student? Keep your laptop in a cerial box in your pantry. ALWAYS keep it there. and have a Piece of crap with nothing on it on your desk.
You like to back things up? HIDE THE DISKS.
Unless you are in YOUR own home they can raid you.
I suggest that you act like an old school hacker and keep decoys out for them and hide everything else.
Now in my home, they can just come in un-announced. they have to knock. (no busting in the door, or some dean giving them the keys.) Time for you to see who it is first.
Do not look at laser with remaining good eye.
What the fuck? A baseball team's WEB SITE is defaced, and my goddamn tax dollars are paying for a massive investigation to pay for it??????? You have to be kidding me!!! It's a web site, people! For a sports team! It's not the White House, for Christ's sake. Thanks, Men in Black, for eating up my taxes.
This post by Th3 D0t appears to be a clear cut case of plagarism.
Over at k5, user kennedy made this exact same post.
Given that kennedy's k5 post is time stamped about an hour prior to Th3 D0t's /. post, it seems to me to be a clear case of plagarism. Consider moderating it accordingly.
have a day,
-l
This highlights the problem with White Hat hackers. Just because you say you were only looking around to see how the site was exploited, doesn't mean you should be believed.
Call me naive for believing in the system, but I am sure you will be exonerated if you are truly innocent. As for your computer equipment, who knows how long you will be without it.
Maybe this will make you think twice about poking around what is ostensibly a crime scene shortly after a site has been hacked.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
Time for another one!
This trend will only escalate with every major break-in or crack of some company like MS. Eventually someone will get the bright idea of trying to outlaw any online activity that isn't logged and traced to an individual. See this article for how the gov't might try to justify this.
The only cases where the authorities "knock down the door"are for speciallly warranted cases like
drug dealers and known to be armed violent criminals.
The best policy if you are none of these is
to take head shots as they may be wearing armor.
Knock downs in recent years have been conducted by those posing as cops for purposes of robbery.
Also do not open the door till the cop produces
a ledgible warrant.same scenario.
the best advise i would have had for our author would have been to have replaced his lock on the sly.i now pass that on to ANYONE living in a dorm.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
This, more than anything else, just points out this: know your rights. And keep your mouth shut, stupid. Say as little as possible, and talk to a lawyer ASAP.
t ml
If you ask them if you need to tell them something, and they say "no", THEN SHUT UP! They've already decided you're a suspect, don't give them anything to help prove or encourage that. Just say "I'd like to speak to a lawyer."
Here's a link to a helpful pamphlet on this. Don't try to beat the cops at their own game, just don't play it:
http://www.shadeslanding.com/firearms/cops.no.h
It's a strange world -- let's keep it that way
One day (last week) While telling some anti-pine friends how much I love pine (over email), I decided i'd telnet to the local SMTP port of my university's mail server and teach myself SMTP headers, and send them an e-mail with telnet. Well, after attempting (it would not let me relay) i recieved a nasty email from the NOC telling me to never do it again, and that i am a hacker, etc etc. Point being, I was merely attempting to teach myself SMTP headers, not trying to hack into the system but they immediately labelled me. I replied back, explained my side of the story and never heard from them again.
The F.B.I. has been spending shitloads of your money to get technically savvy. Does it surprise anyone that now that they're armed to the teeth with extraordinary powers and means that they'll come after any target that presents itself with both barrels blasting? Meanwhile, it's no comfort to note that your elected officials and their opponents are at this very moment falling over each other to propose even more sweeping police powers and even more draconian punishments. If you thought that your white skin, your college education, or your economic status would save you from the prison industrial complex, guess again.
Of course they let the FBI into his dorm room. They had a warrant to do so.
This is the equivalent to coming upon a murder scene, picking up the weapon and getting your fingerprints on it, putting it back down and continuing on your way while whistling innocently.
I wonder how many federal agents (or law enforcement officials of any kind for that matter) read slashdot. I mean, obviously there are the ones that im sure the FBI have monitoring slashdot for the "Popular Subversion of the Day" link, code snippit, or technology on this which more and more is in danger of being viewed as this day and age's H/P/C/A BBS message section, but i'd like to know how many of them read it for the same reason we do, and perhaps post a thought provoking response from the point of view of the "enemy"? Perhaps, for the sake of argument, taco should create an "Anonymous Public Servant" account?
How bout it then? Will all the Agent Smith's in the audience please raise their hands? You may come out of the gun closet now.
through my internet-enabled car of the future, will the FBI drive off with it?
Everybody, just out is the news that microsoft.com is hacked. Do a whois and you will see what I mean. happy day everybody
Things Fall Apart
Steve Jackson sued and won against the Secret Service. He got his equipment back and also got damamges. I don't think the SS has yet apologized, but they ate enough crow to mean something.
The issue was more complicated than just writing the Cyberpunk supplement to Gurps: there were people who knew people who were cracking Ma Bell, it trickled down to Steve, and ultimately saw him raided.
The full story is here.
Steve Jackson Games by the narrowest of margins avoided going out of business due to this raid. It had one tremendously good effect, however: it was one of the events that spurred the creation of the EFF.
--
When you sympathize with stupidity, you start thinking like an idiot.
If you want to see the hostnames of all systems under yankees.com
Portscanning is not illegal either, nor is noticing vulnerabilities. If i looked around a house, and noted which doors and windows were opened would i be guilty of a crime? Is that enough by itself to even suspect me? No.
I reguarlly portscan machines. Why? B/c an ip i don't know trying to connect to a service i may or may not offer. I know all the ips of people that have a legit reason to connect. I also like to learn about just what is out there on the net besides web sites.
Cool. Spread the word. CNN?
Well, since you obviously aren't familiar with what the law says on personal, non-commercial fair use and copying, why don't you look up the copyright law on that point and report back.
Stop being such an asshole. Are you saying that as long as a person isn't a saint that they deserve whatever happens to them? MP3s had nothing to do with why the FBI siezed the computers.
Pete
You can't do that with fingerprints.
The poor cook he caught the fits
The poor cook he caught the fits
And threw away all of my grits
Jurors are obligated to find you not guilty of disobeying an unjust law.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Plagarism! I've never seen a post so badly plagarized!
For those interested in seeing how this Karma Whore PLAGARIZED this post, please check out these links.
This is the original post on Kuro5hin.
And, this is what the original poster was advised to do.
What out for such blatant Karma-Whoring and Plagarism next time!
That's completely untrue. Here is the relevant copyright notice from K5:
Anything you write is automatically under a copyright, owned by you. By posting to K5, kennedy implicitly agreed to the above. That means that by stealing the comment and posting it here, TheDot has infringed on kennedy's copyright. No permission was ever granted to reprint that comment here. If kennedy wanted to sue, it'd be a pretty easy case to make.Now who to sue, or how, is another matter. I don't think that would be easy. But just because the law is hard to enforce doesn't make it no longer the law. This is the same attitude that makes people think MP3's are "in the public domain" just because they're easy to copy and the laws against it are hard to enforce. It's not true in that case, and it isn't here either.
--
There is no K5 cabal.
There is no K5 cabal.
I am not the real rusty.
HEY !!!! I agree 100%,.. Your thinking the same thing as me ! I think I'm going to sue you for stealing my intellectual property.............. we shouldn't call hacking, "hacking" its really just "Cyberpeeping".Cyberpeeping sound so much nicer :) . ....... soon there will probably be laws to dictate in what ways you can interact with a website. Stealing wallpapers and adding them to you backgrounds folder will be illegal, or is it already
"I know where you wanted to go today, But we decided to stop here instead!"
Any sufficiently advanced technology looks like magic. In effect, we are modern-day "witches". Fortunately curcumstances today are such that we aren't burned at the stake right away - people tolerate us because we make their stuff work. When their stuff stops working they go back to piling up the tinder.
Be careful out there.