Brian West Update

Concerned Onlooker writes: "Remember the story about how Brian West reported a security leak to a client of a competing hosting service and then was promptly arrested by the FBI? Well, as usual there's more to the story, as shown in this release that I got today from Sheldon Sperling of the U.S. Dept. of Justice. Sorry about the Word-generated HTML. It's just nice to follow up on what outraged many of us at the time...." West has pled guilty to a misdemeanor offense.

The worst part of it is:

[Dr.+Smeegee]

... I am the kind of pollyanna cretin who beleived the guy when he put forth the story that he was being punished for doing his competitor a favor. "Why you bad men always pick on nice hacker fellers? You mean men!"

The theft and the defacement are so banal. The really bad part is how angry I got at the "injustice" done him by the unthinking cops.

Sorry cops.

Not exactly a White Knight

[legLess]

From the article, near the bottom:

"This case generated a very substantial amount of e-mailed correspondence to our office and across the world," [United States Attorney Sheldon J.] Sperling said. "The wide range of opinion was instructive. In this case, the defendant rewrote the files he downloaded, planned to distribute his rewrite, added another page to the website, modified the password file, and misled sympathizers and others as to both the character and scope of what he had done."

This is exactly the kind of cracking that needs to be prosecuted. This jerk wanted to have his cake and eat it too: look like a hero for publicizing the security hole, then profit from stealing another's work. It doesn't even sound like he was very smart about it.

Some people posted in the original article saying basically the same thing, but were ignored or flamed. Others were obviously lied to. People wrote letters, donated to the EFF, etc.

It's nice to see such noble acts, but please folks, take cases like this with a grain of salt until the truth comes out, eh? We geeks already have enough of a reputation for being reactionary.

Re:This whole thing makes me so mad.

[Lonesmurf]

No, he should go to jail as per the law requires. He not only didn't alert the system admin, he downloaded files and changed them, got access to password files and changed them, and distributed both to a friend.

Not only that, but he afterward went around an told everyone a different story than what he had actually done. I say this guy is an immature loser that deserves what he gets.

The responsible thing to do would be to anonymously mail the admin and tell him/her that such and such exploit is open and that he/she should fix it.

Re:Think about it

[Carbonate]

Perhaps you didn't read the article. He found the security hole and then proceeded to steal scripts from them. His intention was to rewrite them and then sell them for a profit. What he did is called corporate espionage.

Re:New laws saying this is "life behind bars" offe

[XorNand]

Actually, I beleive that it is you that is misinformed. In it's current drat, the ATA would most definately apply in this case:

From Title 18, Sec. 1030 of the US Code:

(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication;

...and from the draft of the ATA of 2001:

SEC. 106 INTERCEPTION OF COMPUTER TRESPASSER COMMUNICATIONS.
(1) in section 2510-
(A) in subsection (17), by striking "and" at the end;

(B) in subsection (18), by replacing the period with a semi-colon; and

(C) by adding after subsection (18), two new subsections as follows:

"(19) `protected computer' has the meaning set forth in section 1030; and

"(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer."; and

(2) in section 2511(2), by adding after paragraph (h) a new paragraph as follows:

"(i) It shall not be unlawful under this chapter for a person acting under color of law to intercept the wire or electronic communications of a computer trespasser, if-

"(A) the owner or operator of the protected computer authorizes the interception of the computer trespasser's communications on the protected computer;

"(B) the person acting under color of law is lawfully engaged in an investigation;

"(C) the person acting under color of law has reasonable grounds to believe that the contents of the computer trespasser's communications will be relevant to the investigation; and

"(D) such interception does not acquire communications other than those transmitted to or from the computer trespasser.".

Re:New laws saying this is "life behind bars" offe

[dragons_flight]

No. He pled guilty under Title 18, Section 1030(a)(2)(C).

Only 1030(a)(1), (4), (5)(A), and (7) are the computer crimes considered terrorism offenses under the draft of ATA (See Sec. 309)

By hacking the computer he gives up the right to any privacy regarding his actions on and communications with the attacked computer (Sec. 106), but then I wouldn't really expect someone to have privacy regarding what they do with a computer they shouldn't be on in the first place.

Comment removed

[account_deleted]

Comment removed based on user account deletion