Slashdot Mirror
Mitnick Testifies on Telco's Security
Woefdram writes "Our favourite computer criminal (?) Kevin Mitnick testified in a case against Telco Sprint that their security was like Swiss cheese: full of holes. The story on SecurityFocus quotes Mitnick, saying, 'I had access to most, if not all, of the switches in Las Vegas,' and tells how he came up with a list of 100 challenge-response codes." We've written about this case before.
Why give yet more attention to a pathological 'social engineer' (liar)?
We've written about this case before. Then STOP writing about it. Waste of electrons, as usual.
Mitnik is not such a wonderful person. He is free now, get off the soapbox and stay off it.
hire a better system administrator?
or this is a company policy to keep system insecure to gain more PR from hacker incidentes?
The only thing Mitnick is better at than hacking (or possibly eating pizza!) is publicity grubbing. Let's face it, there have been thousands of better crackers, but Mitnick manages to always claim the spotlight. Most people would want to lie low after what Mitnick has been through - but he has a career as "Celebrity Cracker" to maintain.
I liked this quote "The only way I know that this is a Nortel document is to take you at your word, correct?," asked Riley. "How do we know that you're not social engineering us now?" - now *that* guy is thinking correctly!
A little planning goes a long way...
Never EVER testify like this, no matter WHAT the DA promises you. Shit Kevin, I thought you knew better?
*FREE KEVIN*
"their security was like Swiss cheese: delicious."
.sig is wrong, so what?)
(yeah, my
667 The Neighbour of the Beast
Wasn't he forbidden to do any kind of computer related work ever again? And would testifying in this case mean breaking his parole? Just wondering...
superblog.org: all your favourite blogs on o
The article indicates that Mitnick is calmly able to lay out what he did, because the statute of limitations has expired on his alleged crimes. Anyone who has spent anytime watching LAW & ORDER (and of its spin-offs) has to wonder if there is an enterprising District Attorney somewhere combing the law for any permutation of the law WITHOUT a statute of limitations to use against him based on this testimony. For example, he can not be tried for the hacking itself, but could he be tried for Conspiracy?
...is this testimony going to come back for possible charges in the future? In other words, could Sprint now decide to go after him? You really can't take the fifth once your statements have entered the public record. You can refuse to answer any further, but only in a trial in which you are accused. This is 1) Not a trial for Mitnick 2) Is not in a court of law, it is being held in the State Public Utility Commission. Consequently, all his testimony becomes public record, and he could never claim immunity or something should Sprint decide to turn around and come after him for 'losses' or the DA for criminal purposes. His only hope might be statute of limitations.
Any ideas?
You kinda have to wonder if all of this publicity of someone getting money because their system had been compromised before will spur an onslaught of similar lawsuits, possibly from the same people who got into the system. The trend seems to be, where the media goes, the people will follow.
My other sig is an import.
Of course, the problem with the movie "Double Jeopardy" is the fact that there was no double jeopardy involved. If you kill someone and are tried for that, and it turns out the person isn't dead after all, you can still be tried for killing them again since it's a different crime. Same person, but different crime.
It's like saying that if you rob a bank the first time, you're going to jail. But each time you rob it after that, you can't be tried because you've already been tried once. Not likely, you're still going to jail again and again.
This does not surprise me at all. I work for a large telecommunications company. 4 years ago our group took over responsibility for 40 switches, 32 of which were DMS-100s. The forst thing we had to do was change the admin passwords- some were still the default password installed by Nortel when the switch was first built, others were as simple as admin:admin. All someone would have needed to do is call a NOC and pose as a Nortel engineer to get the dial up numbers and voila! Tens of thousands of customers without service and a very long report to the FCC.
What is most vital is that in this case, unlike other previous Mitnick cases, the telco is arguing that Mitnick didn't break in while Mitnick is insisting that he did. Mitnick is offering proof in the form of documents and passwords and the Sprint of Nevada lawyer is saying that the information Mitnick is bogus or publicly available. This is such an exact turnaround from the last legal tangle that Mitnick was in that I gotta wonder if it's even the same universe.
Does this have any relevance to legal cases outside the Munoz "Vegas escort" case? I don't know, but I could see it happening: Hollywood lawyers calling on DeCSS authors and users, arguing that the software they have doesn't actually promote piracy. Could be interesting!
Security through Obscurity Rules!
'nuff said
- SWM
I worked for a year and a 1/2 on a project designed to replace the DMS-100 provisioning and configuration systems. I can tell you that those systems are complex in the extreme to set up correctly. I knew people who had worked with them for 20 years and still had questions about how they worked. It's not through Sprint's stupidity that they were hackable, it is a by-product of overly complex system engineering.
This is a common problem in this industry. Having complex systems when you're the defacto standard makes a great revenue stream in your consulting and training systems, but kills the reliability of said systems. Nortel/Cisco/IBM never take the fall for it however, because they can just say "well, you didn't configure it right" and Sprint/etc can't even argue - it would take 2 years and 10 consultants to even find out.
http://kered.org
just call Mitnick a terrorist and make the rules as you go.
But you can only be dead once. You can rob a bank over and over (until they lock you up, I guess).
It is hilarious reading this ... If this doesn't bring Mitnick from Legendary to Godly I dont know what will. He still has old lockers with passwords and infos.. This is stuff that books and movies are made of, not real life! Incredible.
Is that he went and got the list from a nearby storage locker, a not-too-subtle hint that he has lots more potentially powerfull stuff where that came from.
Ryan Singer
After working for several Fortune infinity companies, I have come to the conclusion of my $5,000,000 granted study that anyone able to pick up a telephone is a susceptible hacker. It is about time the telco in every neighborhood started locking down their systems with finger-printing and place a mark on the wrist or hand of every telephone subscriber that he may not buy or sell anything over the phone without this mark. With further granted jurisdiction, the telco should be able to establish a real-time video and audio presence in the homes of each and every telco subscriber and relay this information across satelites so the whole world may be allowed to intrude on anyone's privacy in attempt to prevent people from worshipping anyone but the telco. Kevin Mitnick shall, upon appearance, be put to confinement in a maximum security stone cave, a rock rolled in front of it, and the cave sealed with wax so the telco will know whether the prison had been disturbed within any 3-day period. This is the only way people, and the telco shall have rights to your first post and first born. Anyone that has not lathered sheep's blood above their doorway shall have their building demolished by the telco. As of yesterday, the staff of slashdot.org and the users of the United Nations' oxygen on planet earth must comply or face harsh punnishment from internation agencies that don't like United States citizens. Thankyou for your time.
Sincerely,
Bob Grover
Why use a '?' in the post?
Is there any doubt that Mitnick is a criminal?
Since is when is cell phone cloning, carding, and cracking legal?
Since when is running from the law (he was a fugitive) legal?
I think there's no question as to the legality of Mitnick's actions. Weather or not the legal system handled the case correctly is another story, but he is definitely guilty of those crimes.
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
But if they found you guilty the first time and you hadn't committed the crime, then you could sue the government right?
Land in jail for 20 years.
Sue goverment, get 20 million or so.
Land back in jail for another 20 years.
Use eBay extensively.
That'd be the pattern right?
--- I used to moderate, then I read the -1 articles and decided having to filter through them was not worth it.
"Our favourite computer criminal (?)"
Are you questioning whether he's our favourite or a criminal? Never the less, he did break the law, therefore he is a criminal. Granted, spending 4 years in jail awaiting trial is pretty screwed up, but he did commit the crime. He got caught - get over it!
Have a day.
Mk.
This piece of shit should have been buried under the jail in a dark hole to rot. Now he is out FUDing up the place and 'social engineering' his way to star status, but his skillz suxor and always have. He got caught, committing crimes, and that speaks volumes as to how good he really was. No thanks Kevin, I don't think I need security advice from you.
I would certainly think that there would be at least a small story about this in the freaking Portland ME newspapers... Sorry ass AC...
Why did I even bother?? (my sig sucks, but it's better than yours!!)
Sounds like a job for Geraldo!
I'm not certain that he's exempted from prosecution by way of double jeopardy.
the statute of limitations in nevada for these crimes is 5 years (says the article, at least), and all his breakins were prior to 95. he simply can't be prosecuted for these illegalities; the clock's run out.
Facts do not cease to exist because they are ignored. - Aldous Huxley
...ski11z sux0r? (0r s0m3such, i'm n0t th4t up 0n my h4cksp34k)
jealous script kiddie.
Facts do not cease to exist because they are ignored. - Aldous Huxley
Farm out. Right arm.
-- @rjamestaylor on Ello
Does anyone find it amusing that this pr0n guy Munoz hires one of the people allegedly responsible for his interruption of service to testify on his behalf.
And so should all of his lame ass supporters. Mitnick got what he deserved. Actually, he didn't because he wasn't shot. But still, he deserved to be punished.
C - A language that combines the speed of assembly with the ease of use of assembly.
fuckfuckfuck i am angry with my skateboard
I was always under the impression that Winona got her celebrity by ... acting. And while she's received unwanted publicity with her alleged illegal acts, I'd be hard pressed to consider her worthy of inclusion of a list like Bonnie and Clyde, Al Capone and John Gotti.
were still the default password installed by Nortel
.rhosts were common between systems to enable trusting, all the usual sockets were wide open, etc.
Had the same problem with a bunch of calling card switches installed by PCM (Priority Call Management - somewhat of a bigger name in that world).
Root passwords were "root", no OS patches (SCO & QNX) were ever applied since "they hadn't tested whether their software would interoperate with a patched version of the OS",
Course, then there's the time we were paying Lucent $75,000 to install voice access concentrators and they complained that they couldn't telnet to them. Lucent set 200.200.200.0/24 addresses on all the systems they built - just made up a number - and couldn't figure out why the numbers wouldn't route across the open Internet. Boy did I get a stupid look when I asked the Lucent people what the Comite Gestor no Brasil thought about their address scheme... (whois 200.200.200.0@whois.arin.net)
Really, how do these folks stay in business?
*scoove*
First off, RTFA. Mitnick is detailing all of his Sprint Nevada exploits for the first time; why do you think they were so caught off guard? So apparently (the article itself doesn't expicitly say) this is the first time anyone's heard of Mitnick 0wning Sprint Nevada's switches back around '94. Therefore he hasn't been charged (or convicted) for these activities before, so duble jeopardy does not apply here, but due to the 5 year statute of limitations for these matters, he cannot be prosecuted anyway. HTH
-- Never hit a man with glasses. Hit him with a baseball bat.
Hacking the CueCat would only be (potentially)hurting the CueCat company.
Hacking the Phones, listening in on private conversations, using blackmale, stealing credit cards, etc. harms us all.
Your moral equivalancy doesn't hold up.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
I work for a company that makes routers, and on most of our costumer's instalations (I am talking a bout small to medium ISPs) I have found that the default root password remaind unchanged (a one letter password!)
(on the newer software update we changed it to somthing a little more secure and didn't give it to the users)
As of Postgres v6.2, time travel is no longer supported.
So one theory is that the Mafia was behind Munoz's problems. Forget legal trouble... how much trouble might Kevin be getting himself into now?
..but if a guy like him can obtain this kind of access to supposedly "secure" systems, wouldn't you think that government agencies have been using this sort of access for years to illegally obtain information that may be beneficial to them?
I live in Arizona, and I have four Sprint PCS phones: One for myself and three are for my "on-call" employees. These phones are on 24 hours a day for obvious reasons.
A disgruntled ex-employee in Delaware (who had been fired years ago), who happens to know my phone number, strolled into a Sprint PCS store in Kentucky, and asked the proprietor (or rather, the idiot working there) to bring up my account information. Now remember: All this person knew was my phone number. The Sprint PCS idiot happily punched up my account and showed the unidentified person my account details: All my phone numbers, numbers that had been called on these phones, how much my bill was... it goes on and on. In short, someone who only knew my phone number got access to all my "private" information, no questions asked.
I discovered this when the person in Delaware (who was in Kentucky at the time) called and told me, in the form of a threat. I immediately called the Sprint PCS customer support line and told them of the problem. They had some explaining to do, and I expected them to immediately change my phone numbers and account information. They refused, and explained that any such breach of security was impossible: The gentleman in the store should have asked for an account password. If the customer didn't know the password (or so claimed the customer support woman), the account information could not be accessed. This made sense, as computers do ask for passwords before showing any protected information. So I assumed the ex-employee was lying to annoy me, and dropped the issue.
Later that night, angry employees began calling me repeatedly and complaining of crank calls. Then, I got a call from the disgruntled shmoe in Delaware. Turns out, my assumption had been wrong. I came to the conclusion that private account information is protected by nothing more than a company policy: The employees in the stores can bring up any account, and the password is DISPLAYED along with all the other information. They're SUPPOSED TO ask you for the password before giving out any information. That's one hell of a security system, eh? So I immediately called Sprint PCS's customer support thing again, but this time, when they answered, I demanded to talk to a supervisor. The conversation went something like this:
Sprint PCS lady: May I ask about the nature of the call?
Me THE NATURE OF THE CALL IS SPRINT PCS GIVING OUT MY PERSONAL INFORMATION TO STRANGERS WITHOUT MY CONSENT!
Sprint PCS lady: One moment...
At this point, a supervisor lady answered, and I explained (rather angrily, I may add) exactly what happened, and DEMANDED that they change all my phone numbers IMMEDIATELY. (I was doing this as an immediate action, to be followed by any number of things, including the high possibility of cancelling my account altogether, followed by strong legal action.) Now the supervisor freaked out and got a bunch of people on my case within minutes. She explained that my conclusion about their security had been correct (that nothing is password protected at all), but that I could optionally make my account "high security", which basically means that certain other information (like a social security number or something) is needed before account details can be accessed. So I demanded that my account immediately be made high security. Then, she began the process of changing my phone numbers, and mentioned that it would cost some amount of dollars to make the change. At that point, I became pissed and said, "I'M STILL CONSIDERING WHETHER I'M GOING TO SUE YOU AND YOU'RE GOING TO CHARGE ME TO CHANGE THE PHONE NUMBERS, AFTER YOUR COMPANY SCREWED UP?!?!?!?" She realized the error of her ways and waived the fees. I continued to raise hell with Sprint PCS for an hour or so, making DAMN SURE that no errors would occur in my next bill (because every time a change is made with them, errors show up in the next bill or two and you have to call and bitch about it, especially when you have multiply phones), and that international calls won't be disabled on the phones (because enabling international calls is a long and complicated process with them, one that raised my blood pressure to the sky too), and that various other problems won't pop up. In all, they were a bit helpful, considering they did screw me over.
But anyway, that was MY story of how much their security sucks.
It doesn't harm us "all". It harms those people whose card numbers were misused, those who were blackmailed, and those who were spied upon.
Pirating music albums only hurts the RIAA....
Your "logic" doesn't hold up.
By god I love that man... He just happened to have the seed list in a storage locker he hadnt visited in 7 years... lol. That rocks.
-- -=innocent ramblings from the mind of an insomniatic programmer=-
I declawed mine, big deal. Who's to say I can't do such a thing to keep my privacy (eg; all the source IP's from the scanners are recorded, don't kid yourself for one minute)
The reason for Mitnicks' testimony was his notorious cellmate, Anthony "supershaft" Edwards
who was disappointed with Mitnicks candor.
"There goes my bitch.." edwards said gloomily as a jubilant mitnick was relocated to the "circumcised and tiny" wing of the penal institution.
This would be national, no, international news if he did indeed die today. I haven't seen it anywhere but here.
"Since I gave up hope I feel a lot better" - Steve Taylor
i think he died last night
Thank god form people like kevin . If it weren't for people like him there would be no security at all. But it seems that the US has a propensity to shoot the messenger.
After reading some of the assinine remarks about how Metnick is such a horrible criminal it just makes me want to vomit. Correct me if I'm wrong - but it seems to me that Metnick never revealed any confidential information to anyone and that at least _some_ of the confidential information he was accused of reading was opensourced before his sentance was over.
Contrast this to the clearly vicious and insane antics by the sprint employees who clearly have revield confidential informaion and the injustice makes one want to vomit.
If you can prove what you say, read up on your criminal law and demand the police file charges.
Seriously. Why is it that every time 'michael' posts a story, he adds the comment "we've written about it before" (sometimes with multiple old links)?
:)
I mean, dude, if you're already run the story, and the best add-on you can come up with is "we already did this", why run it again?
Who do you think you are? CmdrTaco?
blog
He always says this. Had me thinking SK was dead too a few weeks ago.
You clearly haven't followed Mitnick's case very closely. Kevin is extremely paranoid about falling afoul of the law these days. He's seen the inside of a cell, and an 8 month solitary confinement stint has convinced him he never wants to be on the inside again.
He checks these things with his parole officer. If he's doing it, then it must be legal and sanctioned by his parole officer.
In particular notice that he is not hacking or using a computer. He is just describing past events.
However, I always thought it was possible the jury would simply fail to convict her. If I were on the jury, and she showed up, I'd figure, hey, she already paid for the crime, and I'd let her off.
Of course, once you get the media on your side, who knows what would happen. While it might not be legal, I'll argue that it should be legal to do to a person what they framed you for doing and sent you to prison for, and a lot of people would agree with me.
If corporations are people, aren't stockholders guilty of slavery?
Oh, look! Slashdot.org is talking about the Las Vegas casino thing!
Yes, a whole bunch of new information is available, but everyone knows they covered this in the past.
Slashdot sucks. etc.
I'm curious to know how much the people really love Kevin. Do you look up to him? Would you take your life down a similar route? Would you want to see and do the amazing things he's done at the expense of your freedom as he has? Would it be worth it? Would you trade lives with Kevin?
Mitnick was allowed to get a cellular telephone, after his parole officer okayed it. Also, I believe he's allowed to use a computer under police supervision, however he's not allowed to own one.
He's a security consultant now, and I'm sure that he can get work related use of computers approved, as long as the company is wiling to keep mitnicks activites on computers as detailed as law enforcement requires.
And if he has to agree to run everything through a keylogger, I'm sure he's not going to break any laws while using a PC for supervised work related activities.
https://www.gnu.org/philosophy/free-sw.html
Double jeopardy only applies to a single jurisdiction. Ashely Judd was convicted by one state, then confronted her husband in a different state, so there would be no problem charging her again. Also, there was a Law & Order ep where the guy thought the statute of limitations had run out, but it turned out that time when you were not in the state didn't count, and he had been living in another state, so they could still charge him. "The clock stops ticking when he leaves the state." So maybe this 5 year limit in Nevada has not expired yet.
/ /It / /is / /10pm / /Do / /you / /know / /where / /your / /karma / /is / /Right / /Let / /us / /get / /startedIn / /order / /to / /get / /maximum / /karma / /from / /Slashdot / /posting / /you / /can / /follow / /a / /few / /simple / /guidelines / /The / /University / /you / /go / /to / /Regardless / /of / /where / /you / /actually / /study / /saying / /that / /youre / /at / /MIT / /automagically / /gains / /you / /2 / /Slashdot / /like / /the / /glorified / /student / /notice / /board / /that / /it / /is / /has / /a / /special / /place / /in / /its / /heart / /for / /anything / /from / /MIT / /whether / /it / /be / /a / /teddy / /bear / /stuffed / /with / /a / /switch / /or / /some / /wankers / /wrapping / /a / /yellow / /banner / /with / /elvish / /text / /around / /the / /main / /dome / /Even / /if / /you / /didnt / /go / /to / /university / /qualify / /every / /comment / /with / /a / /My / /professor / /told / /me / /to / /bask / /in / /the / /warm / /fuzzy / /glow / /of / /2 / /Insightful / /Linux / /The / /basis / /of / /the / /Slashdot / /Experience / /Claiming / /you / /run / /Linux / /also / /gets / /you / /1 / /Interesting / /It / /doesnt / /really / /matter / /if / /youve / /never / /actually / /installed / /it / /or / /your / /Red / /Hat / /box / /still / /doesnt / /have / /PPP / /running / /after / /2 / /years / /of / /reading / /FAQs / /The / /important / /bit / /is / /Youre / /part / /of / /the / /community / /You / /can / /bathe / /in / /the / /refelected / /glory / /of / /years / /of / /shoddy / /buggy / /code / /You / /are / /exempt / /from / /the / /Microsoft / /penalty / /see / /below / /as / /of / /course / /your / /Win / /98 / /install / /is / /only / /used / /for / /playing / /games / /And / /reading / /Slashdot / /And / /using / /MS / /Word / /And / /Photoshop / /And / /Microsoft / /Slashbots / /and / /the / /editors / /hate / /Microsoft / /Period / /Use / /of / /a / /symbol / /in / /every / /iteration / /of / /their / /trademarks / /gets / /you / /a / /4 / /Funny / /Even / /though / /it / /is / /far / /from / /original / /it / /still / /manages / /to / /raise / /a / /grin / /in / /those / /people / /reading / /Slashdot / /between / /episodes / /of / /Cowboy / /Bebop / /You / /will / /get / /a / /1 / /Flamebait / /or / /Troll / /for / /any / /post / /even / /hinting / /that / /Microsoft / /products / /are / /any / /good / /useful / /intuitive / /user / /friendly / /You / /will / /also / /quickly / /be / /shot / /down / /with / /replies / /about / /how / /good / /GNOME / /and / /KDE / /are / /which / /will / /then / /in / /turn / /erupt / /into / /a / /flame / /war / /Freedom / /Privacy / /YRO / /The / /bread / /and / /butter / /of / /Slashdot / /It / /fits / /in / /sublimely / /with / /the / /whole / /Linux / /thing / /Youll / /get / /a / /3 / /Informative / /for / /any / /post / /containing / /the / /Ben / /Franklin / /quote / /about / /sacrificing / /essential / /liberty / /It / /makes / /no / /difference / /that / /the / /quote / /is / /totally / /irrelevant / /in / /the / /modern / /world / /Hey / /youve / /got / /karma / /Miscredting / /the / /quote / /will / /not / /end / /up / /in / /a / /karma / /penalty / /as / /has / /been / /demonstrated / /countless / /times / /You / /will / /gain / /extra / /karma / /if / /you / /make / /reference / /to / /your / /experiences / /of / /being / /wiretapped / /by / /the / /NSA / /and / /throwing / /in / /a / /vague / /link / /to / /Echelon / /black / /helicopters / /or / /Tin / /Foil / /Hat / /Linux / /Include / /a / /link / /to / /the / /First / /Amendment / /for / /a / /1 / /Interesting / /mod / /Give / /yourself / /a / /pat / /on / /the / /back / /if / /you / /manage / /to / /include / /some / /extra / /raging / /paranoia / /with / /no / /evidence / /to / /back / /it / /up / /Nice / /BSD / /If / /you / /use / /it / /dont / /mention / /it / /on / /Slashdot / /Most / /of / /the / /Linuxusing / /friendless / /wonders / /that / /inhabit / /Slashdot / /wouldnt / /know / /quality / /and / /stability / /if / /it / /strolled / /up / /and / /kicked / /them / /in / /the / /throat / /with / /a / /size / /13 / /HiTec / /Magnum / /boot / /Any / /mention / /of / /how / /a / /Firewall / /running / /OpenBSD / /with / /pf / /is / /far / /superior / /to / /Linuxs / /pathetic / /offering / /will / /soon / /see / /you / /as / /1 / /Troll / /Much / /like / /the / /post / /youre / /reading / /now / /Yearning / /for / /yesteryear / /Although / /most / /comments / /are / /written / /by / /first / /year / /wannabeCSguru / /students / /or / /links / /to / /goatsecx / /there / /is / /still / /the / /fallout / /dregs / /of / /the / /dot / /com / /boom / /lurking / /around / /slashdot / /You / /can / /get / /5 / /Insightful / /for / /telling / /how / /you / /were / /so / /badly / /treated / /after / /the / /bubble / /burst / /Whining / /about / /the / /lack / /of / /jobs / /where / /you / /get / /paid / /to / /fire / /foam / /darts / /at / /colleagues / /is / /a / /good / /start / /Dont / /forget / /to / /mention / /how / /youve / /now / /been / /out / /of / /work / /for / /months / /It / /starts / /a / /Im / /about / /to / /graduate / /and / /theres / /nothing / /going / /fuckfest / /which / /can / /spill / /over / /into / /hundreds / /of / /comments / /Although / /all / /the / /staff / /who / /were / /any / /good / /simply / /got / /hired / /into / /another / /company / /it / /makes / /Good / /Karma / /Senseto / /hide / /the / /fact / /that / /your / /passing / /familiarity / /with / /Perl / /and / /C / /simply / /cant / /get / /you / /a / /job / /This / /is / /also / /a / /prime / /opportunity / /to / /show / /your / /egregious / /personality / /as / /Slashdot / /rewards / /arrogance / /and / /elitism / /DONT / /FORGET / /TO / /MOD / /ME / /DOWN
-pwpbot
IAMNAL+IIRC but I believe a number of states have passed legislation that means you can't sue, or if you can you have a limited right to compensation. IIRC, there was a dude in California who was on death row for 15years (or sumthen) and then it turned out he didn't do it but he can't get no money from the government...
Spreche Deutsche, aber nicht so gut, ja.