Slashdot Mirror
Brian West Update
Concerned Onlooker writes: "Remember the story about how Brian West reported a security leak to a client of a competing hosting service and then was promptly arrested by the FBI? Well, as usual there's more to the story, as shown in this release that I got today from Sheldon Sperling of the U.S. Dept. of Justice. Sorry about the Word-generated HTML. It's just nice to follow up on what outraged many of us at the time...." West has pled guilty to a misdemeanor offense.
... I am the kind of pollyanna cretin who beleived the guy when he put forth the story that he was being punished for doing his competitor a favor. "Why you bad men always pick on nice hacker fellers? You mean men!"
The theft and the defacement are so banal. The really bad part is how angry I got at the "injustice" done him by the unthinking cops.
Sorry cops.
This is exactly the kind of cracking that needs to be prosecuted. This jerk wanted to have his cake and eat it too: look like a hero for publicizing the security hole, then profit from stealing another's work. It doesn't even sound like he was very smart about it.
Some people posted in the original article saying basically the same thing, but were ignored or flamed. Others were obviously lied to. People wrote letters, donated to the EFF, etc.
It's nice to see such noble acts, but please folks, take cases like this with a grain of salt until the truth comes out, eh? We geeks already have enough of a reputation for being reactionary.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
No, he should go to jail as per the law requires. He not only didn't alert the system admin, he downloaded files and changed them, got access to password files and changed them, and distributed both to a friend.
Not only that, but he afterward went around an told everyone a different story than what he had actually done. I say this guy is an immature loser that deserves what he gets.
The responsible thing to do would be to anonymously mail the admin and tell him/her that such and such exploit is open and that he/she should fix it.
rJames.org - illustration
Perhaps you didn't read the article. He found the security hole and then proceeded to steal scripts from them. His intention was to rewrite them and then sell them for a profit. What he did is called corporate espionage.
It seems like those posting comments so far haven't read the article.
It seems that West exploited the security flaw to his own benefit before reporting it to the competitors. THAT was why he was charged, and THAT is why he plead guilty.
It also says that he hacked the Potea Daily News website, downloaded some files, then claimed that his intrusion was accidental... Oops, my cat stepped on my keyboard, and it happened to be the correct user name and password!
"Now gluttony and exploitation serves eight!" - TV's Frank
No, you are wrong.
It applies to "protected computers"
From 18 USC 1030(e):
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication;
That's basically any computer on the internet.
Brian did something. He may have done something wrong. He faces a "hacking" trial just as there's a national furor about the evils of the Internet. His guilty plea may be a pragmatic decision - accept a slap on the wrist instead of taking a chance with a judge or jury. Certainly we've seen plenty of examples of clueless judges reaching bad decisions because they don't understand technical issues.
(Or because they're owned by the entertainment industry.)
Actually, I beleive that it is you that is misinformed. In it's current drat, the ATA would most definately apply in this case:
...and from the draft of the ATA of 2001:
From Title 18, Sec. 1030 of the US Code:
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication;
SEC. 106 INTERCEPTION OF COMPUTER TRESPASSER COMMUNICATIONS.
(1) in section 2510-
(A) in subsection (17), by striking "and" at the end;
(B) in subsection (18), by replacing the period with a semi-colon; and
(C) by adding after subsection (18), two new subsections as follows:
"(19) `protected computer' has the meaning set forth in section 1030; and
"(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer."; and
(2) in section 2511(2), by adding after paragraph (h) a new paragraph as follows:
"(i) It shall not be unlawful under this chapter for a person acting under color of law to intercept the wire or electronic communications of a computer trespasser, if-
"(A) the owner or operator of the protected computer authorizes the interception of the computer trespasser's communications on the protected computer;
"(B) the person acting under color of law is lawfully engaged in an investigation;
"(C) the person acting under color of law has reasonable grounds to believe that the contents of the computer trespasser's communications will be relevant to the investigation; and
"(D) such interception does not acquire communications other than those transmitted to or from the computer trespasser.".
Entrepreneur : (noun), French for "unemployed"
No. He pled guilty under Title 18, Section 1030(a)(2)(C).
Only 1030(a)(1), (4), (5)(A), and (7) are the computer crimes considered terrorism offenses under the draft of ATA (See Sec. 309)
By hacking the computer he gives up the right to any privacy regarding his actions on and communications with the attacked computer (Sec. 106), but then I wouldn't really expect someone to have privacy regarding what they do with a computer they shouldn't be on in the first place.
He didn't have malicious intent? You didn't read the article did you? Just admit it!
Clearly his intent was to.. steal software and sell it as his own...Look at :
"Subsequent investigation revealed that WEST had downloaded the computer files, was in the process of rewriting the files, and intended to market the revised software program." -(From the linked article)
That isn't malicious?
How easy it is to seperate the Sysadmins and suchlike on here from everyone else (excepting the trolls -- we know what they are)
The sysadmins and pros and suchlike who work in IT agree this guy committed a crime or provide rational arguments as to why he didnt - they can rationally understand it and even maybe support the FBI - they understand what they did, have read the articles and post insightfull comments and thoughtfull questions and maybe even have a laugh.
The other group include those who thing all hackers are cool and that the goverment has no right to keep them out, they throw up any argument no matter how tenuous to defend the actions of Mr West and then even resort to saying he was forced to confess under duress ! then theres the conspiracy theorists and the lame he didnt steal anything of value (which is wrong guys as they law treats theft of data like theft of anything else)
How much time will the actions of someone who is now a confessed criminal who wasnt sophisticated enough to cover his tracks going to get you all in a lather ? Hasnt he had his 15 seconds of fame yet?
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Here's a hypothetical situation: What if some malicious company made a webpage that when I connected to it, it downloaded the password file to a cookie on my hard drive. I don't know it's there. Then they come after me, claiming that I hacked into their system. True, I could say that I didn't know how it got there, and if I could get a person to show that their code downloaded the file (which would probably require a subpoena to look at their HTML code), that could make a good defense that I had no intent.
But what if I can't get that kind of help? What if I get a bone-head judge? Could someone be sent to jail for doing nothing more than browsing a web-page? It does seem that this guy was an damn-big idiot at least, and a malicious cracker at most, but it seems like cops are getting overzealous in prosecuting tech "crimes" without understanding what's really going on.
Comment removed based on user account deletion
Are you sure your successor didn't see your ~/.forward and copy the address to /etc/aliases before removing your account? That's what I try to do (thankfully name collisions haven't been a problem yet).
> Can anyone give me any hint to what started people writing Perl as "PERL"
The original machine PERL was written on had a four-letter limit on names (not filenames, probably something like package names), and used all caps to boot. Larry Wall wanted to call it Pearl, and any expansions of PERL are backronyms -- it doesn't actually stand for anything. The official name for the language is "Perl", when referring to the interpreter it's perl (lowercase), and spelling it PERL can get you roundly flamed on #perl.
I've finally had it: until slashdot gets article moderation, I am not coming back.