Slashdot Mirror
Schwartz Case Upheld on Appeal
RichardtheSmith writes: "For those of you who followed the prosecution and conviction of Randal Schwartz back in 1995, you might be interested to hear that the Oregon Court of Appeals finally ruled on his appeal. The gist of it is that they upheld the three convictions, but overturned the approx. $70,000 restitution award to be paid to by Schwartz to Intel. There was also some language in the Court's decision holding out a ray of hope that a future appeal based on a slightly different legal tack could succeed. For background on this case look at the Friends of Randal
Schwartz website. Regardless of what you think about what Randal did, or whether it rose to the level of criminality (I certainly don't), it's certainly a fascinating and chilling tale."
HE:
1.) installed aprogram so that he could access two intel machines from a remote location
2.)copied a password file from a machine
3.) cracked the password file using a cracker tool
There are no legitimate reasons for doing any of these things, and it was clearly unauthorized use of the system. IOMNSHO, his punishment fit the crime perfectly, and there is nothing to debate here.
Uh, this is the real Randal.
Someone cracked my slash password.
I think it's ironic that you felt qualified to audit intel's password security, yet used a password of "slashdot" for your slashdot account.
Idiot.
--Shoeboy
From Intel's Prosecution of Randal Schwartz (linked from Friends of Randal Schwartz):
Some Highlights from the Ongoing Farce
-- No, no -- Not that one!
So should you also be charged with three felonies and be forced to pay a huge fine for your crack?
Python
Python
BTW, you might want to try some of the links in the story. They're informative; far more informative, to put it bluntly, than your post.
Stating on Slashdot that I like cheese since 1997.
It seems there's a great reluctance on the Net to say what he actually did. It took quite a bit of work to find it.
The law in Oregon is wrong. It's far too broad. However, I'm going to have to support Intel on this. Schwartz should have told them what he was going to do, if he had no criminal intentions. By compromising the computers without forewarning, he put the rest of the company in not insignificant danger.
Yes, as it turns out, their system security was crap. That's not an excuse to go cracking it without warning them that you're going to do it.
Do I think he should go to jail for it? No. But I believe Intel's within their rights to fire him for it, and to demand compensation for fixing the mess. Had he only told them what he wanted to do (heck, call it a "security analysis by simulated break-in" even, if he really thought they wouldn't let him do it) the whole mess could have been avoided.
----------
Well, here's information from a police report where a cop actually talked to him: it's found at this address:
I asked Randal why he was using the "CRACK" program to obtain passwords and asked if he realized that these passwords would access
the SSD system. Randal advised that he did realize this and that he wanted to get his E-mail quicker
Weird, eh? But check this out:
I asked Randal why he would need forty to fifty passwords and he said, "I needed them in case they caught me doing it and knew they would shut
me down so the more passwords I had, the longer I could continue doing what I wanted to do." Randal advised that he had the capability to do it and he knew he could do it. I asked Randal if this was wrong and in violation of Intel policy and Randal said, "Yes it is, but I knew I could do it anyway." Randal said that he wanted to do it because he wanted to be efficient in getting his E-mail very fast and he felt was important and when they shut him down, he wanted to continue doing what he was doing and since he had the capability to do it and knew he could do it, he did it without permission.
Well from that, what he himself said to a policeman, he comes across as a dirt-common script kiddie.
-- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
He also used crack(1) to attempt to get passwords. If it isn't your computer, that's "hacking" (in the media usage of the word) and a felony under many state's laws. That's basically it. Probably Randall didn't mean any harm in it, but he did it, and even admitted it.
BTW: Randall wasn't an Intel employee -- he was a contractor.
There are no end of recent examples that merely staying innocent of wrongdoing is not sufficient to keep you out of jail, if you get unlucky or piss off the wrong people
No. Pissing off the wrong people in *combination* with wrongdoing can send you to jail. Merely pissing off Intel drones wouldn't have meant a damn thing if Randall hadn't been cracking Intel computers at the time (a wrongdoing at least in Oregon).
http://www.lightlink.com/spacenka/fors/police/inte lrep.txt
For the lazy, I take an excerpt below :)
The reason for making this report public is that it specifically mentions that Randal was using Intel resources to crack password files from at least one other company.
On Thursday, October 28, at 12:30 in the afternoon, I noticed an unusual process running on a Sun computer which I administer. Further checking convinced me that this was a program designed to break, or crack, passwords.
---
In the meantime anyone with the slightest interest in effective communication would rather an article that contained within it's body some reference to the course case R.S. was involved in.
That's not telling you "what to think" nor do I see how you could confuse it with such (perhaps you're confusing this with some "issues" of your own?) Rather it's just common sense to give folks the basis upon which to judge if the article is likely to be of any interest to them before they go off clicking willy-nilly.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
In case anyone's wondering: no, Randal hasn't gone bonkers. Someone's managed to hijack his Slashdot account. He even got the "Your email and password have been changed" email from the system, and has the IP address from which it was done, for all the help it will do him.
To whomever did it: You're a great example of humanity. The guy just took it bending over again from the legal system, and you feel the need to play pre-pubescent 31337 haxx0r tricks to screw with him even more. Not that I expect the highest standard of decency from Slashdot trolls, but this *is* a real person you're impersonating.
He's a nice guy, and he's helped a lot of people. Not in a UNICEF or Amnesty International sort of way, but he's done his bit. Hell, if CmdrTaco read any of his O'Reilly books, he helped this place get made. That's irony.
But, in the end, this is "only Slashdot". I see amazing crap like this here, and I see amazing discussion here. Unfortunately, things like this are making me take this place less and less seriously.
Anyway, if you know Randal, you know this wasn't him anyway...
In case anyone's wondering: no, Randal hasn't gone bonkers. Someone's managed to hijack his Slashdot account. He even got the "Your email and password have been changed" email from the system, and has the IP address from which it was done, for all the help it will do him.
To whomever did it: You're a great example of humanity. The guy just took it bending over again from the legal system, and you feel the need to play pre-pubescent 31337 haxx0r tricks to screw with him even more. Not that I expect the highest standard of decency from Slashdot trolls, but this *is* a real person you're impersonating.
He's a nice guy, and he's helped a lot of people. Not in a UNICEF or Amnesty International sort of way, but he's done his bit. Hell, if CmdrTaco read any of his O'Reilly books, he helped this place get made. That's irony.
But, in the end, this is "only Slashdot". I see amazing crap like this here, and I see amazing discussion here. Unfortunately, things like this are making me take this place less and less seriously.
Anyway, if you know Randal, you know this wasn't him anyway...
> Basically, internal politics at intel played an important role. Intel is a very large company with many divisions, and some of
> them get along about as well as the Israelis and Palestinians.
Whether or not these are Randal's actual words, this is much the case: Intel is a place where the concept of a team rarely extends beyond the people who report to your immediate boss, & sometimes not even that far. (A very effective way to ensure one's continued future at Chipzilla is to eliminate your competition.) A screw-your-neighbor mentallity I have not seen in other workplaces.
And now for an OT question: is this Heidi Wall, whom the pseudo-Randall talks so much about, Larry Wall's daughter?
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
It's important because due to a recent Oregonian anti-hacking law, I was tried and convicted in a criminal court over what was, essentially a civil matter.
In the words of Jello Biafra, "Welcome to Oregon, land of tolerance." And to think I often dreamed of bringing Heidi here, and living a peaceful, Oregonian life together.
OK... This was not me. But this now is!
But the perpetrator just gave it back to me (THANK YOU). Ignore the few articles
that have references to Heidi Wall, but the rest are mine.
Keep spoofing, shoeboy. Someone might believe you some day. The real password was much more secure.
Basically, internal politics at intel played an important role. Intel is a very large company with many divisions, and some of them get along about as well as the Israelis and Palestinians.
I made the mistake of getting involved in helping a group of sysadmins in another division. This was a fatal error. Ordinarily I would not have suffered such a lapse in judgement, but I was busy thinking about that sweet, divine piece of blonde femininity, Heidi Wall, and wasn't thinking too clearly.
Then, Tom Christiansen came and chewed them all out.
--
Vidi, Vici, Veni
Well, I don't know how you can condone it just because it is speech either, but in the case of the anti-doctor web site a court seems to agree that it is protected speech. (Last I heard. I don't know if that's the final decision.)
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
But the perpetrator just gave it back to me (THANK YOU). Ignore the few articles
that have references to Heidi Wall, but the rest are mine.
Uh, you aren't going to press criminal charges against me, are you?
--Shoeboy
Geeks, especially ubergeeks, tend to have a perspective that they know better than their management how computers should be run. I think this is understandable, and makes sense from a geek point of view. As a geek and manager, I also understand the management point of view.
Frequently, conflicts arise between policy (management) and desire (geek). Management usually wins the war of words with their geeks, but it does not always win the war of intentions.
Randall fits a classic ubergeek profile, from reading his responses -- he apparently
- values convenience over policy
- sees himself as a (potentially) anarchic do-gooder
- likes to create clever hacks
- wants to keep his computing options open
Also, please remember that it was 1994; the internet was a wildly different place. Computers with net access were harder to find; security was viewed differently. There wasn't even such a thing as web based e-mail in 1994.A gateway allowing e-mail checking was a compelling application for him. It also would be a compelling application for someone intent on distributing Intel chip design secrets, worth multi-tens of millions. It's not hard to connect the dots, and see why they would prosecute so aggressively, from a different department than the one he worked in. Reading Mark(last name?)'s written comments in the FAQ are pretty illuminating -- he understands exactly what's happened; Randall's mostly do-gooder, some skirt-the-system work was noticed in a particularly sensitive venue in a particularly sensitive company. The rest was just bad bad news.
It fits a pattern that many geeks fall into to comply with the letter of a management law, and skirt the intent for their own convenience. I just call this bad judgment, not criminal intent. (Given the Oregon law, this is not even a valid point where he's being tried, but I believe it is probably personally important to him to make the distinction.)
In any event, regrets / congratulations on the decision, and may you overcome the giant in the end. Also, may your admin duties be either ratified by management, or subdued in the future!
There is an informative FAQ on the case.
--
The best reason to boycott intel, is simply that AMD has done a far better job of implementing intel's brain-dead x86 architecture.
How about fitting the punishment to the crime, here? When a headhunter (or better still, an in-house recruiter from intel) calls you because they need a sysadmin, tell them that you're familiar with the Schwartz case, that that working for intel is simply not worth the risk of being criminally charged because some empty suit gets his panties in a bunch.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
It took a while to find anything that actually said what this man was accused of doing. Finally, I dug into the newspaper articles refered on the "Friends of Randal Schwartz" site, getting this from the Dr. Dobb's link:
http://www.lightlink.com/spacenka/fors/press/ddj96 03.html
In his defense, Schwartz said that he was only trying to show Intel how inadequate its security system was. At the time, Schwartz was working under two Intel contracts: one to deploy DNS servers for the entire corporation, and another as a system administrator for some network-support machines. Since both contracts were running out, he'd hoped to generate a new contract to improve Intel's security. To that end, Schwartz ill-advisedly ran Crack, a commercially available password-breaking program that uses brute force to discover vulnerable passwords. His plan was simply to put together a proposal - based on real data - for improving Intel security. The sort of information he intended on presenting in the proposal included nearly 50 network passwords he'd discovered (including that of one ambitious vice president whose password was "pre$ident").
Before Schwartz could put his proposal together, however, an Intel employee noticed an unauthorized program was hogging computer time. Upon discovering Schwartz's Crack run, he notified security, and in the flip of a bit, Schwartz went from being an "independent consultant" to an "industrial spy." Even though management recommended that Schwartz simply be confronted because there was clearly no criminal intent at work (Schwartz ran Crack under his own login and didn't try to dissimulate his efforts), Intel's jackbooted security team (maybe needing to justify their jobs) opted to call in the sheriffs department.
Schwartz admits that he made a number of '"bone-headed" mistakes - not clarifying the rules about Internet access, not reporting the first cracked password, not immediately reporting the results of the run - for which he probably deserved termination. However, he also says that his actions "were motivated by my desire to give Intel the best possible value for the money they were paying me," adding that none of his acts were based on malicious intent. In summary, Schwartz said: "I am sorry that I caused Intel any grief or hardship, and that in hindsight, I should have been clearer about my intention and actions."
The upshot of all this is that Schwartz is in a financial bind. There's little chance he will ever work at Intel again, even though he has given the company five years of good measure. Nor is he likely to work at any company that agrees with Intel's beliefs about him. With dim employment prospects, Schwartz has so far spent about $135,000 on his defense. When it's all said and done, he will probably end up paying $160,000 before even considering appeals.
[
Merlyn's /. account was hacked. He received the message 'your email has been changed' and is unable to access the #9918 account.
Do not believe the rantings originating from #9918.
This is an unbelievable insult heaped upon the injury of losing.
You can't count time spent securing a box as damage - it was insecure before the cracker arrived.
~~~~~ BigLig2? You mean there's another one of me?
Can someone, who has spent more time on this, please explain to me how this could happen? I have been trying to understand this and I still can't... :(
.forward in his home directory re-directing his email off-site. And yes, Intel owns his email on his Intel account.
Basically, Schwartz did one thing really wrong - he ran crack on the password file to check for bad passwords, and he didn't immediately report his results (or his intent to run crack in the first place).
As for copying files against instructions and stealing files, he basically had a
Really though - any decent sys admin worrying about security today gets clearance and runs crack, and forwarding email doesn't really seem like a crime - unless you are an over-ambitious security person at Intel.
If you ran crack on a system at your company (without written permission) where you do systems for the Govt, don't whine when they prosecute you...
You are right - it is kinda dumb. However, hashed passwords are world readable on a system, and good passwords cannot be reasonably broken with crack. Security affects ALL users, and crack is a reasonable security tool. There is no evidence it was used to break into accounts.
As a different example, I sometimes portscan machines on which I have accounts. If there are gaping holes, I tell the administrator. Am I a criminal for portscanning machines because I am legitimately concerned for their security ? Is it less of a problem if I simply run `netstat -al` instead of `nmap -sT` ? My real concern is that my work is not interrupted because some admin set up a machine running an old version of BIND. Because then a re-install is required, and sometimes worse.
Copying password hashes that are world readable is not a crime. Forwarding email could be illegal at anal enough companies though... His other crimes (running crack, copying password hashes) are things any user with reasonable concerns could do, and require NO special access to machines ie: he uncovered no information that anyone with an account could not easily uncover.
--
--
I like to watch.
I find it highly amusing that as a "convicted felon", Randy is now more employable than when he was a "Perl hacker".
--
--
I like to watch.
Yes, I know that Hemos is married. In fact, I put up this site when it was first announced:
Enjoy!--
--
I like to watch.
Michael, get the feeling you are trying to avoid "editorialization flames", but a better description or link would be appreciated.
# 1 is debatable. certainly fiing material ... always get permission in writing.
#2, #3 :
My former ISP often runs crack against their user space, looking for weak passwds.
this guy was a paid consultant of Intel. His error was FAILING TO GET PERMISSION from a superior, in writing, or having a contract that specifically granted him the right to nondestructively test corporate security.
He also exposed a VP's weak, potentially embarrassing passwd -- "pre$ident" -- which will get you fired in almost any corporation, just for political reasons.
He doesn't sound all that savvy to me, if he did not discuss his plans with a superior first.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
...nobody proved that he actually did anything damaging and the penalties are so draconian. While I agree that the penalties seem severe, a cracked box is damaged from the standpoint that many man-hours must be expended to secure it (or likely rebuild it).
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
I wish him luck on further appeals, but I wonder why Intel is so interested in him.
Because his schwartz is bigger than theirs, ofcourse!
--- Spaceballs, the tagline.
Ok. So then when during the trial it became known that an Intel VP did something even naughtier a while back, one would think that this fine Oregon Computer Crimes Law would be immediately applied to him too, right? Hmmm... How odd, it wasn't. Also odd, in ten years, only two other people have been charged with violating that law. Maybe, just maybe, it's being used to target people on the whims of Intel and the like.
--
Dyolf Knip
Schwartz, against Intel's instructions, made a portal that he could connect to from a different computer... grounds for firing, certainly -- this was not grounds for criminal charges!
:(
Schwartz copied files from one intel computer to another one... yes against instructions... and it is grounds for firing but not for criminal charges....
Can someone, who has spent more time on this, please explain to me how this could happen? I have been trying to understand this and I still can't...
I'm a consultant and free-lance writer, so I don't have any big-company bias. I've read all the links associated with this article, at least as much as I was able to in the limited time I devote to /. reading. So let's review the bidding, shall we?
Unlike other people of opinion on /., I disagree that the Oregon law as envisioned by the Oregon legislature is overbroad, but that the lax definition of terms is what makes the law appear overbroad. In this particular case, given the usual level of knowledge by state law enforcement in 1993 of matters computer, it's not surprising that the State of Oregon decided to prosecute. It was the use of this law in the first place by the prosecutors that leaves me cold. According to my own experiences, the proper place to prosecute this case would be in civil court, if Intel felt that it has sustained substantial loss because of Mr. Schwartz's actions.
Lessons to be learned
Your client is not your friend. Your client is not to be trusted to "do the right thing". Therefore, in all written consulting contracts, state that any disputes arising from the execution from the contract, including any alledged criminal conduct alledged by either party, shall first be submitted to arbitration.
If someone in your client company "asks you for a favor" insist that the employee write you a letter formally asking you to perform that favor. One of the gray areas in this case had to do with whether Mr. Schwartz had authorization to do what he did, so make sure you have sufficient proof that you as the contractor believed you had authorization. Such letters should be channeled through your primary contact.
If part of your contract involves tightening up security, ensure the contract includes clauses authorizing you to perform the operations required to test and measure security. Make sure this clause is as specific as possible. Name program names, if you have favorates. This is an amplification of the authorization point above.
Don't communicate with the company with a company-provided and -administered e-mail account, EVER. Your contract should specify that all electronic mail communications shall be sent to your personal e-mail account, and that only communications from your e-mail account shall be considered to be from you. Negotiate appropriate SMTP access for contracts involving on-site activities, and also get them to agree that traffic to and from your personal e-mail account is owned by you and not the company.
As much as possible, use your own equipment to perform work for your client. The only time you should use client-provided equipment is when there is no alternative; e.g. you have to use a proprietary ICE as part of your work. Consider renting equipment that you will use under your own name (reimbursed under invoice by your client) so that YOU, not the client, owns any data generated by the instrument or equipment. Alternatively, specify in your contract that you own all data until you have received payment from the client.
Your contract should also specify what use you may use of company computing resources, including network connectivity. Insist that you be able to use their resources for your e-mail, for Web browsing for the purpose of research, and for any other application that you feel necessary to perform your duty for your client company. If your contract calls for you to be on-site during specific hours, as opposed to being on site only when performing specific tasks, your contract should also specify that you may make reasonable recreational use of their network resources.
Ensure your contract identifies a single individual as your point of contact. Insist that all company requests be funnelled through that single individual. Even better, have the contract specify a primary and an alternate, with specifics as to when the alternate may take the place of the primary. Your reports on your activities goes to your primary (or alternate). Any delegation of contact responsibility needs to be in the form of a letter from your primary -- accept nothing less.
Disclaimer: I am not a lawyer, nor do I play one on stage or screen.
If you write a book on assassinating government
employees and then start driving by their houses,
expect to get into trouble. The behavior is
DERANGED. This man needs psychiatric help.
C//
Alan C. Bonebrake, Judge.
This guy was just plain STUPID! When somebody tells you to stop doing something, and then you continue doing it, then they tell you to stop again, and you resume doing it on another computer, and then you are reprimanded yet a THIRD time, and then you go "I'll show them!" and access things you shouldn't using somebody else's account, you'd damned well better be prepared to accept the consequences!
What a moron! So many chances to change his behavior, yet he totally refused to do so. If he didn't like their policies, he should have simply left.
The most disturbing thing is the restitution award, which was fortunately overturned. If someone breaks into your house that's bad, and it's punished, but not as harshly as if someone breaks into your house and actually steals or destroys your stuff. It's clear that Intel wanted to make an example of the guy, and poured money and effort into a prosecution which the police wouldn't have been capable of mounting on their own.
That bothers me. A lot.
There are no end of recent examples that merely staying innocent of wrongdoing is not sufficient to keep you out of jail, if you get unlucky or piss off the wrong people. Any new opportunities for putting people behind bars when they haven't noticeably harmed other citizens should be resisted on general principle. Do you really want the insane War on Some Drugs to be extended to Some Hackers? Friends, if this goes much further it's time to sell the computer and take up the violin.
Brackets contain world's first nanosig, highly magnified:[.]
...to avoid creating posts like this one.
Brackets contain world's first nanosig, highly magnified:[.]
Let's see, he stole some passwords which he didn't even use. That's worth $70,000 and 5 years of his life? You have one fucked up idea of "humane," my friend.
Brackets contain world's first nanosig, highly magnified:[.]
I have read the paper, I have also corresponded with Jim Bell at length on other lists. He is in my opinion a dangerous and obsessive lunatic. Jim is not charged with 'writing a paper'. Anyone who relies on the articles by Declan McCullagh is hearing only the parts of the story that fit Declan's own anti-establishment nihilist politics.
The reason Jim is on trial is
He wrote an article about killing government officials
He wrote a series of letters to federal agents making unspecified threats
He admits to pouring a noxious chemical of some kind on the doormat of a federal agency
He attempted to obtain materials to make sarin gas
He was subsequently charged and plea bargained
After his release he compiled a list of government officials home addresses, and visited their houses to conduct surveilance.
Now that may be a weak case for conspiracy etc. However it iws misleading in the extreeme to claim that the government is prosecuting him for the Assasination Politics article alone, that Bell is an entirely detached academic observer who did not take any steps to attack government officials. The AP article is only one piece of evidence that demonstrates that Bell is a paranoid crazy who is very likely to kill someone. The fact is that Bell admitted in the previous case to going beyond talking about murdering government officials to actively planning attacks - albeit attacks well short of murder.
On the specifics of the paper itself, it was nothing more innovative than observing that Chaum's Digital cash coupled with an auction scheme would be a good way to hire hitmen. The scheme is pretty Rube Goldberg and has a number of problems, not least the fact that no US court is likely to consider the auction site as a legitimate exercise of the first ammendment, nor is any foreign government going to tollerate it. Beyond that as several cipherpunks have pointed out the scheme itself does not work since the hit man has no assurance that they would be paid the cash rather than an impostor. In fact if the board was set up it would be filled by the same federal agents who post the 'I solve problems' classifieds in soldier of fortune.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Note the date. At that time shadow passwords were being denounced in much of the UNIX community as security through obscurity after all Moriss had written the gospel on the subject, trust in cryptography not access controls. The fact that Moriss was head of the NSA at the time the argument was going on was beside the point. I agree that the system admin should have used shaddow passwords, and at the time I was making that very argument. However the amount of shite we got for going against the weenie types was substantial, it is not surprising that the sysadmin was not running shaddow passwords at the time, in fact Sun may not even have supported them when the system was installed.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
snippet taken from Wired article
other Wired article
360 degrees of Karma
So even though you can get it online, (the jury list) it wouldn't matter to the judge he'll lock any media up for posting it.
Obtaining someone's address and driving by ther homes does not constitute a crime, they don't even have any proof he did it to begin with, so please read about the case before posting irrelevant information. If it were your life on the line, you would want people to know the truth if you were getting shafted, and help out by any means.
360 degrees of Karma
Getting permission before testing security is crucial; however, it's not always protection against overreaction from the powers that be. What Schwartz did was foolish and the prosecution was a massive overreaction, but I think that enough has been said about his case. Something similar happened in our IS department, but the people involved *did* have permission - and weren't prosecuted.
When I worked for Information Systems at my university, I discussed password security with my supervisor which led to a demonstration of L0phtCrack and a revision of our security policy. We occassionally use it to recover forgotten passwords on NT4 workstations. A year or so later, a pair of colleagues asked permission to run a security audit and test NT system security. After permission was granted they broke out the latest version of L0phtCrack and a few other tools, then demonstrated results to their supervisor. The climax of the demonstration was when one logged in to her workstation with her password. It seemed that few people were taking security seriously, including higher-ups (little surprise).
Anyway, their supervisor became extremely irate - she didn't mind them running the audit, but was incensed that they'd cracked *her* password. She terminated both of them on the spot. They were fired for doing their jobs. Go figure.
Anyway, about a week later when tempers had cooled (and work orders were piled sky-high) IS asked one of the guys to come back. In the interim my department hired him, for better pay and working conditions. He's one of the best techs I've ever worked with and we were lucky to get him. Needless to say, he declined to return to IS. The other guy wasn't asked back (conflict of personalities with his supervisor), but found a much better position the same day he was terminated - again, for higher pay and better working conditions.
I guess the moral of the story is that there's really no protection against getting canned. But if you do your job properly, things will turn out in the end.
Why should you worry about this if you don't run Crack? Because there are lots of other mistakes and activities that could be misconstrued as illegal computer activity:
You have to be able to rely on your employer to behave reasonably even when you make a mistake. When it comes down to it, a company like Intel will be able to present enough evidence and experts in court to make just about anything look like illegal activity to a non-technical jury.
Intel didn't have enough of a clue to distinguish harmful activity from stupid mistake in this case. That means that if you are going to do anything non-trivial with software (like run Linux, run X11, run VNC, write scripts), given their past performance, there is a good chance that they will again behave in a haphazard and unpredictable way.
Working for Intel seems to expose you to the risk of getting a criminal record for a mistake. I don't think that's the kind of "benefit" I want from an employer. I'd look elsewhere for a job.