US Busts Military Network Hacker

yorgasor writes " KATU has an article announcing the case of a mysterious hacker who has broken into roughly 100 military networks has been solved. The hacker is a British citizen and authorities were considering extradition for the case. Although no networks containing classified information were compromised, they do consider the hacker to be a professional rather than recreational due to the large number of networks he hacked."

zerg

[Lord+Omlette]

Huh? Something must have been left out of the blurb. If I wank 100 times a day to porn, does that mean I'm a professional wanker?

Re:zerg

Yeah, you're right. That's nothing for a slashdotter...

Re:zerg

Well, if that's what you'd like to be referred to. Then again, after wanking 100 times in a 24 hour period and causing all that stress on your wang, I think it'd be more accurate to say you 'were' a professional wanker.

Re:zerg

No it means you can arm wrestle an elephant.

Re:zerg

[pyrote]

and you said it was the keyboard that gave you Carpal Tunnel.

Re:zerg

YES! I'd say if you "wank" one time a day to porn then you are at least a "amatuer spreading"...

Re:zerg

I wish I had as much spare time on my hands as you do.

Re:zerg

That's not what's on his hands.

Re:zerg

[cscx]

Hey, no matter how many times a day you do it, you're not a professional wanker unless you do like Ralphie on The Sopranos and... um... "use a cheese grater on your dong."

Re:zerg

Only if you are British :)

Re:zerg

[Scaebor]

i believe they included something about "grating it raw" or something to that effect. :::shudder::: oh well, guess that won't be a problem for him anymore...

Re:zerg

Yes.

Re:zerg

[Metalhead01]

If you want 100 times a day, then you're either:

• 1. A loner who really has nothing better to do with his time
• 2. Trying to convince people that werewilves exist due to the massive amount of hair on your palms
• 3. Single-handedly (no pun intended) keeping the pr0n industry afloat
• 4. A guy who's worn his nub down to a nub
• 5. REALLY tired at the end of the day.

Re:zerg

if you wanked that often, you wouldn't have anything left to wank.

Re:zerg

[nanoakron]

Sounds like 5g = personal consumption, 10g = dealer...

-Nano.

Re:zerg

5g = personal consumption; black = dealer.

Re:zerg

6. ???

7. Profit!

Re:zerg

Well I think you`re a wanker if that`s any help.

Re:zerg

[Uma+Thurman]

I'd say it's more like a metacarpal tunnel.

Re:zerg

[kasperd]

I wank 100 times a day

What do you do the rest of the day?

Re:zerg

dealing & home secretarys son = not guilty

http://news.bbc.co.uk/2/hi/uk_news/46890.stm

Re:zerg

yes, yes it does wear your title with pride as for me call me orgyBoy

Re:zerg

[acecoach]

owch ... err no - either a dead man, professional porn star, you have no imagination, seriously need a life or your d**k's worn out.

What did he exactly get into?

[vasqzr]

couldn't have been anything THAT serious

Any military insiders/Brit HaX0rs care to describe some US Military systems?

Re:What did he exactly get into?

They're a bunch of computers connected together with "cat-5" cable. We run high tech programs like "MS Outlook" and "Microsoft Office" coordinated by a really fucking slow "Exchange Server." Pretty trippy huh?

Tracer
USMC
Not Commanding

Re:What did he exactly get into?

[steve-san]

You're right. It couldn't have been anything "THAT" serious.
Want to know why? Do a google search on SIPRNET.
There's a nice, safe air-gap between your local Internet connection and anything "THAT" serious on military networks.

Re:What did he exactly get into?

[EngMedic]

There's a nice, safe air-gap between your local Internet connection and anything "THAT" serious on military networks.
yeah, until some yahoo with clearance takes his personal laptop and plugs it into SIPRNET. And yes, it has happened. I think Bruce Schneier mentioned dumb stuff like this in a cryptopane issue...

Re:What did he exactly get into?

It's a pretty MS-centric environment, at least from the user end. Outlook, MS Word, IE, etc, etc. Somebody already mentioned Exchange.

However, there are some non-MS systems in use, including some unix variants. Geeks are geeks, military or not... they need something to play with.

I'm not a systems guy, just a geek in an allied field. I have not even attempted to look around our network for one main reason: Even looking will get you a visit from the OSI, or some other type of spook... not fun. I would rather not be doing my job in a federal prison complex somewhere.

I always rap with the systems types when they come around to reimage a system or some other support task. They were NOT supportive when I was discussing the feasibility of running NMAP behind the firewall. Nice guys though...

Re:What did he exactly get into?

[jonbrewer]

There's a nice, safe air-gap between your local Internet connection and anything "THAT" serious on military networks.

Of course there is a safe-air gap, but unless every machine allowed to connect to those networks is physically locked down, every IO port disabled, and every removable media drive locked with a physical device, you're going to have people downloading sensitive material and moving it on to unsecured networks.

Granted it's been a few years, but I have seen young underpaid geeks walk up to such systems wearing paper badges with "NO CLEARANCE" stamped in red ink on them, and proceed to insert floppy disks into said systems in order to defragment drives or install drivers.

A chain is only as strong as its weakest link.

Re:What did he exactly get into?

[Zarf]

And I've seen sysadmins with twelve years experience on "classified" systems accidentally break their security systems... or deliberately break their systems... for the sake of convenience.

It makes me sick.

Re:What did he exactly get into?

[Minna+Kirai]

Fine if they're inserting the floppy disks. Just as long as the guard at the door doesn't let him take it away. (Course, according to the badge you mentioned, he shouldn't have been let in at all... badly run place)

If they did things right (some do), all "Classified" work would be done in SCIFs (Secure Computer Information Facility?), which is not only surrounded by a faraday-ish cage, but is also a roach-motel for electronic media: "Discs check in, but they don't check out".

(Except for every 3 months, when the security guys come around to march the accumulated tainted materials to the incinerator)

Re:What did he exactly get into?

[Tet]

but unless every machine allowed to connect to those networks is physically locked down, every IO port disabled, and every removable media drive locked with a physical device, you're going to have people downloading sensitive material and moving it on to unsecured networks.

When I worked for the British Ministry of Defense, yes, every machine on sensitive networks had physical access restrictions, none of them came with any form of removable media, and there was an air gap between them and the rest of the world.

Re:What did he exactly get into?

[digitalsushi]

s/Coward//g

Re:What did he exactly get into?

[troc]

In a lot of MoD places the hard drives in sensitive machines are removable.... and are locked in a safe overnight.

Troc

Re:What did he exactly get into?

Lame. I poke around all the time. Have for 4 years now. No OSI visits yet.

Re:What did he exactly get into?

[Tet]

In a lot of MoD places the hard drives in sensitive machines are removable.... and are locked in a safe overnight.

When I worked there, the hard drives for non-sensitive machines were removed and locked in a safe overnight. They were in what they called 4-hour storage cupboards -- fireproof, and rated to take at least 4 hours to break in without damaging the contents. I remember when the keys were lost for one of them. It took many, many hours to drill out the lock to gain access. The sensitive machines were already effectively in a safe anyway. Physical access to the main server rooms was nigh on impossible in the first place.

Re:What did he exactly get into?

Yeah, well, "Air gap" won't mean much after the advent of wireless networks. Supposedly the military is, and has been working on secure versions for years. I've heard they're doing some neat things with security using some sort of single particle encryption that cannot be read changed or intercepted in a data stream without being "changed" in some way. Has to do with whether the particle is "up" "down" or whatever. read the article a while ago here in fact, but yeah... Security is a major concern of the US government... DUH!

Re:What did he exactly get into?

SCIF - Sensitive Compartmented Information Facility.

And it's only as "secure" as the local commander will let it be made.

Re:What did he exactly get into?

yeah, OK hardass... you running NMAP? putting sniffers on the network? Installing keyloggers? Cracking passwords?

I thought not.

Even testing security measures (unless specifically authorized) can land you in hot water... go reread the service terms you signed to get your computer access.

Maybe your sysadmin is clueless, but they transfer every couple of years, as you should well know.

If you wanna play the "Look at me! I'm ballsy! I poke around and nothing happens!" game, then fine, but don't encourage others to do so... even if they haven't come calling, they may know about you. You are giving them an excuse to mess with you.

I'm not trying to be your dad, or mess up your chi, or anything like that, but be very careful. The spook types can really make life difficult, no bullshit.

100 penetrations later...

Wow! It took'em 100 or more tries to notice something was not quite right?

They probably had to bait and switch to catch him...

Re:100 penetrations later...

That sounds dirty...

Re:100 penetrations later...

Yea, I was going to tell him that it takes his girlfriend a long time to notice 100 penetrations but decided against it. God I'm getting too nice in my old age :)

Re:100 penetrations later...

[the_2nd_coming]

100 penitrations!!! wow...the millitary sure is a slut.

Re:100 penetrations later...

[machine+of+god]

More likely they're trying to screw him. Like he got into a box connected to a couple of networks so they count each one against him.

Re:100 penetrations later...

[kubrick]

That's odd -- usually the military is referred to as "The Man" and it's when you go against it that you get screwed. :]

Re:100 penetrations later...

Another point; did he get trough with a back door, or did he go in the front?

British Hacker ...

[SuperDuG]

hehehehe okay ... even though the term hacker was used "incorrectly" I do find it amusing to be phrased in a new feared term of "BRITISH HACKER".

Obviously a pro, anyone who bats higher than 100 hacks is destined for the pros. Is there sponsorship for this wonderful sport of hacking?

Re:British Hacker ...

[m4vrick]

anyone with British Prefix is a Pro :)

Re:British Hacker ...

Not really, the silly bugger was caught.

Re:British Hacker ...

Over 100 before he was caught out. That's better than the entire England cricket team...

Re:British Hacker ...

Not "100 before he was caught out".
They know of 100, and to catch him they probably had to watch him during several attacks while he was traced. Many of those 100 events might have been while he was being monitored...and the information not overly dangerous or he'd have been cut off.

Of course, we have to remember "The Cuckoo's Egg", where a bunch of fake documents were created so as to waste the attacker's time and give more time for study of the attack. We also don't know how many of those attacks were actually against deception systems, honeypots set up to divert attackers from real systems.

By George

[IEforLinux]

He must've been looking for the secret blueprints for the prevention of tooth decay...

Re:By George

gawd! from 5 to 2? ITs FUNNY! FUNNY I SAY!!!

better than that "all your base" bullshit

Re:By George

[eggsovereasy]

All your base are belong to us!

Re:By George

OW!!!

MY BRAIN HURTZ!!!

Re:By George

If you wanna play by stereotypes, maybe he was looking for the blueprints for the prevention of obesity... oh wait a sec, that'd be a waste of time wouldn't it.

Re:By George

[sql*kitten]

He must've been looking for the secret blueprints for the prevention of tooth decay...

Just be thankful that the geniuses at MIT invented the elasticated waist and made America safe for Truth, Justice and the Chicken Parm Sub.

That guy kicked the military's a$$

[dirvish]

I know the military is a big target and all but 1 GUY, 100 NETWORKS? Those military network security folks must be pretty lame. Seems like the could have tracked him down a lot sooner if they knew what they were doing.

Re:That guy kicked the military's a$$

[jsse]

One might not imagine how loosy office networks are, no matter what kind of department behind it. Policies usually restrict the transfer of confidential data from restricted area to office environment. However, no security policies can safeguard confidential data from human stupidity. :)

I'm pretty sure this guy has gathered a lot confidential information(aka profitable) this way. :)

Re:That guy kicked the military's a$$

I do consulting computer work in the military... the ones that I work at, the network admin should be shot for the big holes. Like giving desktop client computers fully qualified internet ip address just for the hell of it. allowing external access to internal equipment that doesn't need to be accessed externally. The information that can be accessed is sensitive. I am no pro, but I secure my home computer better. I don't want to go into much detail, but it is pretty sad.

just my 2 cents

Re:That guy kicked the military's a$$

Well, jokes about "Military Intelligence" aside, there's also the possilility that they took that long to gather enough evidence to create an airtight, "slam-dunk" case.

I work for a company that's cooperating with the FBI in a particular financial investigation. They know exactly who the bad guy is: name, address, MO, everything. They've known for a while, they're just waiting to gather more evidence, and are probably hoping the bad guy will lead them to more bad guys...

Keep in mind also the potential difficulty of getting foreign ISPs and LE agencies to cooperate. Even if they're willing, that kind of organization is *very* difficult, when there aren't pre-existing lines of communication, procedures, etc.

Re:That guy kicked the military's a$$

[dirvish]

I thought of that, but a 100 break-ins is excessive. I am pretty sure they are just lame.

Re:That guy kicked the military's a$$

FYI, the base networks are about as secure as the average company's network (in other words, not very). However, all the clasified materials and systems are on secure networks with physical presence required to access, and physical devices (such as keys, or having comps in secure locations and terminals (accessed by account,passwd,key,etc.) located elsewhere (such as the commander's office (usually in a rather secure spot in the building anyways)). hmm, too many parantheses.

Re:That guy kicked the military's a$$

[jared9900]

Also, you should consider that they don't mention how long he'd been attacking the networks. He could've done it slowly over a longer period of time. Many of the break-ins may've only been connected to him after they noticed a pattern somewhere down the line.

Re:That guy kicked the military's a$$

[zmooc]

NAT cripples TCP/IP-functionality and was only invented to work around the lack of IP-addresses. It is not meant as a security-measurement and does not really add much security over a decent firewall. There's nothing wrong with this approach though it happens to be less safe when there is not decent firewall (which should be there).

Re:That guy kicked the military's a$$

[SoftwareTechie]

Ah, but the more networks he hacks the better the case they have against him. They may have known about him for a while and have been watching his activities. Then as soon as he has clocked up enough penetrations, or is getting a bit too close to sensitive data - WHAM!

Re:That guy kicked the military's a$$

[YrWrstNtmr]

FYI, the base networks are about as secure as the average company's network (in other words, not very).

Actually, no, they are probably more secure. The average military base takes hundreds, thousands of unauthorized hits every day, simply for being what they are. A fat juicy target. Far more than the average corporate network.

.mil sites are the Holy Grail of crackers/hackers. Far more street cred if you can gain entrance to whatever.mil, rather than JoesFlowerShop.com.

My last base, Langley AFB, was a HUGE target. ACC headquarters, and also a bit of name confusion (people were thinking CIA HQ in Langley, VA). We had a special team set up, whose only function was to ward off intrusion attempts, and DoS attacks. For a couple of week stretch once, we were getting 10's of thousands of spurious emails per day. I believe someone got busted behind that too.

Re:That guy kicked the military's a$$

[SacredNaCl]

We had a special team set up, whose only function was to ward off intrusion attempts, and DoS attacks. For a couple of week stretch once, we were getting 10's of thousands of spurious emails per day. I believe someone got busted behind that too.

Did they have titles like: Enlarge your penis 811%? Horny College Sluts Waiting For You? Lowest Mortgage Rates Ever!

I want that guy busted too.

Re:That guy kicked the military's a$$

It is not meant as a security-measurement and does not really add much security over a decent firewall.

I think you mean: NAT doesn't provide any security in addition to a properly configured firewall.

Re:That guy kicked the military's a$$

[n3z0rf]

Before I became a UNIX admin in the Corprate world. I used to a be Navy guy running there Networks and Servers. Lets just say there is not much in training. No wonder they where broken nto. I know now I could have easlisy broken in now if everything remainded the same.

Re:That guy kicked the military's a$$

[slamb]

NAT cripples TCP/IP-functionality and was only invented to work around the lack of IP-addresses. It is not meant as a security-measurement and does not really add much security over a decent firewall.

True, but as a practical matter, I'd say that NAT has improved security in general. NAT requires a connection-tracking firewall to work. So it means many people have them who wouldn't otherwise. And it enforces a specific good practice in setting up the firewall: no incoming connections to any of the internal hosts unless you explicitly configure them. Nothing people couldn't get otherwise, but something they probably wouldn't get otherwise.

There is one thing it adds over a properly-configured firewall: hiding information about how many computers you have, which one opened a connection, etc. You might or might not consider that information sensitive.

Re:That guy kicked the military's a$$

[Martigan80]

Seems like the could have tracked him down a lot sooner if they knew what they were doing.

And that is why he got caught, he kept going. They just threw him the rope and wanted to see how much he would take. Besides he might have some "friends" they could catch too.

Not Again

[0111+1110]

I think he'd better take a much needed vacation. I'm tired of hearing about crackers going to jail. The Falkland Islands are rather nice this time of year.

Re:Not Again

[coryboehne]

not that it really matters but what is up with the parent's nick? binary for 7 and 14? or is it 126? ASCII for V? I don't get it, please explain...

Re:Not Again

[platypus]

Maybe because it's the greatest non-trivial 8 bit palindrom?

Probably not ...

Re:Not Again

[N+Monkey]

I think he'd better take a much needed vacation. I'm tired of hearing about crackers going to jail. The Falkland Islands are rather nice this time of year.
Ahh there's no need. Given that article (and many others like it) doesn't seem to know the difference between England and Britain, he could probably just move to Scotland, Wales, or N.I. and they wouldn't find him ;-)

Re:Not Again

It's not that we don't know. We just don't care.

Why must we persist in...

[BrokenHalo]

calling crackers hackers?

Re:Why must we persist in...

because this guy was?

web defacer = cracker

anyone who can intelligently hack into a network, especially a military. hacker

Re:Why must we persist in...

[wadetemp]

That's how American English functions, dawg. You have to be forceful with incorrect syntax, dank new phrases, and like, just plain wrong usage of words, and eventually you have your own little "who's who" entry in the dictionary (and it's free too, which is totally sweet.)

Re:Why must we persist in...

because not all of us are ESR ... by choice

i mean, going from a nancy boy, frolicking with guns, to picking up chicks. it's a choice my man.

oh, and so to not be OT, here

Re:Why must we persist in...

[Waffle+Iron]

calling crackers hackers?

This morning, after a set of tennis, I set out to find the set of TV sets that are small enough to set on my new cement porch. I brought the TV home and set it up, but now there are dimples permanently set in my porch because the cement hadn't fully set. I was all set to watch a show, but when I tried to set the channels, my circuit breaker reset.

Without TV to watch, all I could do was sit there and ponder why human language has so many overloaded words. I decided I was happy that people *usually* don't have problems understanding overloaded terms, and I was happy that they *usually* don't complain about their usage, because that would sure make it hard to tell a simple story.

Re:Why must we persist in...

[Capsaicin]

Why must we persist in calling crackers hackers?

Give it up. This one has been lost, just like split inifinitives or latin plurals. Why must we persist in calling fora forums?

Guess you just have to accept that the word 'hacker' now has more than one meaning, it happens to words sometimes. One of them is a synonym of 'cracker,' the other(s) is(are) something quite else.

Re:Why must we persist in...

The difference between fora and forums is completely different than the difference between crackers and hackers. The latter have two completely different meanings, while the former is just two different forms of the same word.

Re:Why must we persist in...

[madcow_ucsb]

According to the Oxford English Dictionary:

hacker, n.

3. a. A person with an enthusiasm for programming or using computers as an end in itself. colloq. (orig. U.S.).

b. A person who uses his skill with computers to try to gain unauthorized access to computer files or networks. colloq.

Apparantly hacker is a valid term for this...

Re:Why must we persist in...

[istartedi]

Because it's gauranteed to elicit responses like yours, followed by more page views, followed by more ad revenue. Frankly, I'm surprised I had to scroll this far down to read this post, which I anticipated as soon as I read the headline.

Do you think the /. editors aren't aware of this little linguistic duel? This, BTW, is also the same reason they don't really care about polishing the stories, and may in fact be intentionally putting little grammar and spelling gaffes into them--more page views, more ad revenue. I put forth that theory many posts ago; though I don't claim to be the originator of it.

At any rate, "cracker" is already reserved for crazy people, a racial slur used against Whites by Blacks, and most commonly a crunchy snack food. Overloading it any further just didn't make sense. Hacker can be used exclusively for those who break into computers as far as I'm concerned. We already have many thesaurus entries with less sinister connotations: geek, nerd, guru, and hobbiest, all of which may be modified with "computer" as an adjective when the context is unclear (which it usually isn't). Speaking of context, when modified with the name of something (e.g., Linux hacker, assembly hacker) the word regains its positive connotation; but you still need to be careful when using it in the company of laymen.

At any rate, I seem to recall a time when the /. editors were on the side of the purists; but that time has passed. Some may choose to look back to a time before /. "sold out". I prefer to think that the battle is over and the "cracker" advocates lost.

However, I will give you guys something in your favor. Use of the term "safe cracker" persists so we have introduced yet another context-sensitive rule into the English language, making it that much harder for people to learn the language.

Could it be simply that "computer cracker" is too aliterative and just doesn't sound right? Also, a safe cracker may literally have to crack (break) something to get in, whereas a hacker (a good one anyway) usually doesn't break anything.

Re:Why must we persist in...

Well, to be accurate the correct term is 'alleged' hacker.

Re:Why must we persist in...

[Capsaicin]

The difference between fora and forums is completely different than the difference between crackers and hackers.

And you point is? What they do share (and indeed share with split infinitives, my other example) is the quality for which I invoked forums/fora as an example. Namely that despite what the purists might have wished for, common English usage has moved on to where it wanted to go.

The latter have two completely different meanings

Yes, but at the same time they also have equivalent meanings now. That was my very point.

Re:Why must we persist in...

Because the press thinks it sounds better than "wannabee".

In this case it's probably correct too - a script kiddie wouldn't have got in so easily.

Re:Why must we persist in...

[zbeba]

[paraphrased from someone's alt.2600 post. apologies to the poster; I can't remember who it was]

The term Hacker vs. Cracker is just an attempt by a bunch of pompous, self
righteous, tie wearing dorks to separate themselves from the unruly upstarts that
have surfaced in the past 10 years. Hacker isn't a name that solely belongs to
those people who somehow think that they're Marvin Minsky's grandchildren. It's a
name for whatever a person happens to call themselves. I'm sure there's a great
number of professional Axe Murderers who are dismayed that a bunch of computer
nerds are calling themselves 'hackers' too, but you don't see THEM acting all
indignant over it.

Re:Why must we persist in...

I was looking into the CISSP certification process a week ago and their website (during the registration process) asks if you have ever had involvement with hacking or been associated with hackers. It seems a respected security industry organisation has fallen to media jargon.

Also, members of the Honeynet Project (www.honeynet.org) use 'hackers' in the same way the media does. I don't think you can educate the masses about the differences between hackers and crackers and phreakers so perhaps it's time to accept that the english language is evolving.

Re:Why must we persist in...

[SEWilco]

Only "alleged" when referring to a specific individual whose crimes are not proven.

Whatever term you use won't change what the thing actually is. "A rose by any other name..."

Re:Why must we persist in...

We don't know he "got in" any further than a script kiddie. Maybe he actually was just manually sending one of the well-known email worms to a bunch of military email addresses.

Re:Why must we persist in...

[jeremyp]

Yes, a hacker is a person that breaks into computer systems or is simply good at programming. A cracker is a dry flat biscuit that goes nicely with cheese.

Unfortunately, English is a living language which means that the meanings of words depends on a consensus of the people that use them. The word "hacker" means "person who breaks into computer systems".

Professional Hacker?

[ejunek]

Does that come with a 401k plan and a good dental plan? It still probably has a better retirement plan than Enron :P

Re:Professional Hacker?

[mr_z_beeblebrox]

Does that come with a 401k plan and a good dental plan? It still probably has a better retirement plan than Enron :P

Best 401K around, you invest all the 'half cents' that are left over from other transactions.

Re:Professional Hacker?

What does a professional hacker wear? Shoes? A suit?

I know this is going to be off-topic, but when you're brushing your teeth, don't do it near your computer. Toothpaste in the keyboard is really hard to get out.

Re:Professional Hacker?

Underwear, duh.

Obviously you are new at this.

Re:Professional Hacker?

[jcknox]

Actually, if extradited, he will get to participate in the Federeal Government's only truly successful retirement plan. He will stop working and have all of his housing, meals, health care, and boyf^H^H^H^H recreational activities provided for free.

He also won't have to worry anymore about the latest fashions or gasoline for his car.

Better link

[Anonymous+Cowdog]

Here's a link to the story on Yahoo!

http://story.news.yahoo.com/news?tmpl=story&u=/ap/ 20021111/ap_on_go_ca_st_pe/hacker_investigation_1

100 Sites?

[dubious9]

He must have been pretty damn good to evade capture and continue to crack 100 sites. Makes me wonder home they caught him. If you are a professional and can break into 100 US military sites, what's to stop you? I figure if you are good enough to crack 10 or twenty without messing up, they are probably not going to catch you.

Anybody have any good stories of catching elusive hackers, or insights into how they might have got him?

Re:100 Sites?

[nich37ways]

The more you hack/crack?? into a set of networks more and more information will be stored about how you did it, presumably.
Thus it should be easier to figure out where you are from after 100 than it is with 1.

This is also true with reality attacks.
eg. For recent news the Washington Sniper as he shot at more and more people more and more information can be gathered making it easier and easier to figure out who he is.

Re:100 Sites?

[Minna+Kirai]

Yeah, and that shows he wasn't a professional, but someone out for fun. A professional cracker would've gotten his data, got out, and collected his paycheck.

Same with the snipers- the police can hardly claim to have beaten them. (the number of bodies they left behind made it a phyrric victory at best). A professional assasin would've killed his target, got out, and collected his paycheck.

So far we can barely defend ourselves from recreation "hackers" and gunmen. If some real terrorist group starts funding some, it will be much much worse.

Re:100 Sites?

[nlinecomputers]

100 sites seems a bit much to me. I wonder if they let him work for some time before moving in just so they could judge how good he was or perhaps who else he was connected to. Sort of a military honey pot.

NO! NO! don't mod me! I'm too young to die a troll. {click} Oh the pain, the pain...

Re:100 Sites?

> Anybody have any good stories of catching elusive hackers, or insights into how they might have got him?

The Cuckoo's Egg by Clifford Stoll is an engaging story of a grad student assigned to track down a 75 cent discrepency in computing resources. He eventually uncovers a ring of crackers working out of Germany for the KGB.

Read a review .

Re:100 Sites?

[pVoid]

So far, I haven't really heard any details on what kind of cracking has been done.

For all we know, the guy gained root access on some web or mail server. Or maybe he did get deeper in...

Maybe 99 out of those attacks were simple break-ins by bruteforcing someone's user id... and the 100th time, he actually got to something sensitive.

*Or*, maybe the government is hiding this, but this guy actually got root on a whole facility... kidnapped the firewalls, and databases... And removed traces from logs etc.

Really, there's nothing mentionned out there that shows either. Just the fact that he chose to mess with the wrong bully in town. and he's probably going to become some fat biker's bitch somewhere in a high security state pen.

Re:100 Sites?

[scotch]

He must have been pretty damn good to evade capture and continue to crack 100 sites.

Actually, he cracked one site consisting of a 100 node beowolf cluster. Imagine ... his surprise when he got caught.

This post broght to you by the laws of physics.

Re:100 Sites?

[ArmedGeek]

This is the problem with the criminal mentality (unfortunatley it sometimes affects us geeks as well). I have worked in law-enforcement in the past and there is something that people who break the law really should understand.
Just because they haven't come for you, doesn't mean they don't know.
Generally, law enforcement (usually with organized crime or the white-collar variety) will track a suspect for a while, gathering evidence. You'd be amazed at the truckload of intelligence data amassed during a large narcotics investigation. (I never worked computer crimes).

The point is, why bust the guy after the first "penetration" so he gets probation? If you feel he's a threat, then you wait, let him continue to add to the charges, then pop him and put him away for a long stretch. They probably "had him" long before they busted him.

note: anyone cracking US government networks, either has an agenda or is incredibly self-destructive.

Re:100 Sites?

[Zarf]

If you are a professional and can break into 100 US military sites, what's to stop you?

The key here is that he broke into "unclassified" sites. These sites can often be adminstrated by people who are just learning how to use a computer. Well, I currently work at an unclassified site and it sure feels that way around here. Unclassified sites often will not even have a properly functioning firewall.

It sounds much more impressive than the actual task really would have been. The real trick is to learn about the sites. My site (for instance) doesn't even really think about computer related security... there's nothing here anyone would want anyhow.

Now the trick is, you break into a horde of "unclassified" sites and hope you caught one that is going to go "classified" then you have a backdoor into a classified network. But, even this wouldn't get you anything truly juicy.

The really good stuff is kept on an isolated network and even the cat 5 wires have to be kept a minimum of six inches from any other electronic devices not on that network. So, if you want the real stuff you have to cross an "air-gap" and I don't know of any networking protocol that can do that.

Re:100 Sites?

[riclewis]

This'll get modded troll for sure--but what does 'phyrric' mean? I gather from context that it means hollow, or unsatifactory, but I can't find any references which explicitly define the word. Just curiousity. "...like a joke, words were spoken, to provoke me, and to toss me, nude and empty, to the sea..."

Re:100 Sites?

Internal unclassified military IT support was largely grown in-house for many years, often from troops who were computer enthusiasts. Fairly recently admin troops were shifted into IM (IT) and given minimal training. The consequences of taking J Random Enlistee off the street and making them low-level admins were predictable, especially since the IM field ("secretaries") is full of uneducated minority females without any geek background.

Re:100 Sites?

[Art+Tatum]

It comes from the Phyrric Wars (280-275 BC). See this.

Re:100 Sites?

AAAAGH!

Pyrrhic. Pyrrhic. If you're going to use big words, use 'em right.

Re:100 Sites?

[oliverthered]

If they are 'helping' the hacker to gain entry (by making there systems less secure than they would be) Isn't that aiding and abetting?

And how can it be a 'crime' if your deliberatly letting someone to you?

It's like leaving a pile of gold on your front door step and then screeming blue murder when someone takes it.

Re:100 Sites?

[keyne9]

Two words:

no soap.

Re:100 Sites?

[Anonymous+Custard]

The really good stuff is kept on an isolated network and even the cat 5 wires have to be kept a minimum of six inches from any other electronic devices not on that network. So, if you want the real stuff you have to cross an "air-gap" and I don't know of any networking protocol that can do that.

802.11a/b? Of course, that would take significant carelessness on the part of the classified network's administrator.

Re:100 Sites?

[kiwimate]

A professional assasin would've killed his target, got out, and collected his paycheck.

Yes and no. Mostly yes -- a professional assassin is typically hired to kill a specific target. A true mercenary does the job purely for financial gain, not for ideological purposes, and so the motivation to escape is obviously high.

But what if your aim is to instill fear? Suicide bombers don't care about getting out; they want to take as many with them as possible. Similarly, I wouldn't be surprised if we discover the motivation for the snipers was to instill as much fear as possible in the American population. To that end, it was a big success -- no apparent link between the targets, which meant anyone could be next, and they just kept on going day after day with no-one having a clue who they were.

So, the lesson is that, while professional is usually taken to mean that one gets paid for the task, that's not the only definition. It can refer to someone who performs a task to high standards and with a certain degree of expertise (look it up on Merriam-Webster).

(Oh, and it's Pyrrhic, not phyrric. Even without the correct spelling, it still refers to Pyrrhus, so you should at least capitalize it as a proper noun. Classical education ain't what it were.)

Re:100 Sites?

[AndroidCat]

Anybody have any good stories of catching elusive hackers, or insights into how they might have got him?

Slashing back in time...

Hack the Army, Brag About it, Get Raided
A Spammer's Luck Runs Out When She Forges The Wrong Domain from SEC Institutes Proceedings Against Rodona Garst

I'm sure that there are plenty other stories out there about elusive "hackers" and catching them.

Re:100 Sites?

[AndroidCat]

And covering the legal/social end of things: The Hacker Crackdown or The Hacker Crackdown Read a good book for free. (I bought the hardcover.)

Re:100 Sites?

Actually it depends on how well bannered the systems are. It is more like leaving a pile of gold on the front doorstep next to a sign that says, "Fort Knox - Property of U.S. Government - tresspassers will be prosecuted."

Re:100 Sites?

If they are 'helping' the hacker to gain entry (by making there systems less secure than they would be) Isn't that aiding and abetting?

I didn't read anything about helping the attacker.

And how can it be a 'crime' if your deliberatly letting someone to you?

Are you less of a victim if your building gets vandalized by spray painters 100 times, just because you didn't try to keep them away? If you don't put up a fence around your department store to keep everyone away, are you guilty of something?

It's like leaving a pile of gold on your front door step and then screeming blue murder when someone takes it.

A thief who simply picks up a pile of gold is still a thief. The owner of the stolen gold might have been stupid, but it's still theft. When you leave your car at the curb, is it OK if I take it just because you didn't park it inside a guarded building?

You're probably confused by the large number and somethow think quantity changes the situation. They might have noticed the attacker on one system, watched him attack a dozen others while they tracked him down, and found his IP address in dozens of old log files. Or maybe they actually watched him break into 100 systems which had no classified data and busted him when he stopped showing them their weaknesses.

Re:100 Sites?

[kevlar]

However great this guy may seem to appear, he is more than likely a moron, simply because he got caught. The feds like to let a hacker run amuck to see who else he brings into the picture. The mere fact that they KNOW he hacked 100 machines (or networks or whatever) means that he was extremely obvious about it (bragging, nuking machines, etc).

Re:100 Sites?

"Anybody have any good stories of catching elusive hackers"

Takedown and The Cuckoo's Egg (try Half.Com if you don't care for Amazon policies)
Although Mitnick was elusive only due to police bungling several situations.

And as we're talking about someone who got caught, your references to "been good to evade capture" and "without messing up" don't make sense.

Re:100 Sites?

[oliverthered]

If I leave my doors unlocked and the key in the car my insurance won't pay out, it's called negligance.
If they could have stopped the hacker after a few hackes (or attempts) but didn't because they wanted to watch the attacks then that's aiding and abetting(you are doing everything in your power to encourage the hacker to hack the system)

Re:100 Sites?

[2short]

"If I leave my doors unlocked and the key in the car my insurance won't pay out, it's called negligance"
But if I take your car, it's still called Grand Theft.

"If they could have stopped the hacker after a few hackes (or attempts) but didn't because they wanted to watch the attacks then that's aiding and abetting"
No, it's not. Buying him a better computer would be aiding and abetting. Telling him he should try to hack you a bunch more times would be entrapment. Watching and taking notes, even though you could stop him is neither.

Re:100 Sites?

[inKubus]

Cliff Stoll is not a grad student. He's an astronomer. The cuckoo's egg is post cliff stoll grad student days.

It's good stuff. He's a hippy tracking a hacker and the government won't do anything. So, his sense of duty keeps him going, and eventually he goes to visit the NSA and stuff like that.

It's tiiiiiiight.

Re:100 Sites?

[UserGoogol]

Imagine a Beowulf Cluster of those things!

No wait.

Hmm... maybe I should learn what a Beowulf Cluster is before I start making these jokes. :)

Re:100 Sites?

Maybe it was 4 sites, but in binary

Re:100 Sites?

[ArmedGeek]

Watching and taking notes, even though you could stop him is neither.

or better yet, call it an investigation.

Re:100 Sites?

The more sites you crack, the less cautious you become and prone to error. The
second hack is ALWAYS the cleanest one, after that, you need to go back to your
kitchen and come up with a nother shot.

The first hack should always be on your own pet systems, not the intended targets.

*kisses*

Re:100 Sites?

He is a prefessional hacker because 100 is a magic number, after which breakins become very embarrassing. So they have to invent a new and more sinister name for the guy who twisted their balls.

Re:100 Sites?

[Zarf]

802.11a/b? Of course, that would take significant carelessness on the part of the classified network's administrator.

Good point. I'd forgotten about wireless. But then again we're not even supposed to have cell phones or wireless phones inside the "secure" environment. I say "supposed to" because the boss allows a lot of stuff that we're not "supposed" to do.

No

His name is: Thomas C. Greene in San Francisco

This is a ploy by the Vultures at El Reg

Re:No

[oliverthered]

Yep it's aiding and abetting. I always though that 'law enforcement' was supposed to prevent crime, not wait for someone to commit enough crims that they can be locked up.
Maybe if they'd stoped him after 1 hack he wouldn't have hacked again, just maybe, but instead they let him do 100 hacks so they could get an extradition order and lock him up. That's a plan if ever I saw one.

This fits here..

[RebelTycoon]

All your bases are belong to us...

Extradition

[funkdancer]

It will be interesting to see if the US are actually able to extradite a Brit for having commited cyber crimes. Wouldn't the penalties be a fair bit harsher over the pond than in Europe?

Re:Extradition

[pVoid]

from the article:

The United States and England were among 26 nations that last year signed the Council of Europe Convention on Cybercrime, an international treaty that provides for hacker extraditions even among countries without other formal extradition agreements.

It seems so...

Re:Extradition

hmm the US isnt great for its human rights record in the courts.

Re:Extradition

[SysadminFromHell]

Strange..., I thought it was forbidden to extradite someone to a country where the death penalty still exists? (Which is the case in the U.S., no?) Is this not against Human Rights?

Re:Extradition

[LeftOfCentre]

It routinely happens in cases where the US promises beforehand not to seek death penalty.

Re:Extradition

The United States and England were among 26 nations that last year signed the Council of Europe Convention on Cybercrime

So he'd have been safe if he'd been Welsh?

Re:Extradition

[Rolo+Tomasi]

This strikes me as extremely odd. I don't think any country would extradite its own citizens to a foreign government. E.g. it's written in the German constitution that German citizens can't be extradited. But then again, the Brits have a weird justice system.

Re:Extradition

[FeloniousPunk]

No, it's only forbidden for (most) European countries to extradite when the accused faces the death penalty.

Re:Extradition

[sql*kitten]

It will be interesting to see if the US are actually able to extradite a Brit for having commited cyber crimes. Wouldn't the penalties be a fair bit harsher over the pond than in Europe?

It depends on the exact wording of the law. I can't remember if the EU forbids extradition if there is a risk of the death penalty, or to any country that supports the death penalty. If it's the latter, then he'll be safe from extradition.

The system is pretty strange tho'. For example, the British government offered no support to its citizens arrested in Turkey for photographing an air show, but it protects foreign terrorists from extradition because of aformentioned EU law.

In practice, I suspect that if the hacker is an "asylum seeker" Britain will protect him, and if he's an otherwise law-abiding tax-paying citizen, they'll serve him up on a plate.

Re:Extradition

Get the facts right, they we're arrested in Greece! and yes our governement interceeded on their behalf.

As for the "asylum seeker" comment, agree with you there.

Re:Extradition

[Anonymous+Custard]

it's written in the German constitution that German citizens can't be extradited. But then again, the Brits have a weird justice system.

Ok... so Germany by law harbors international criminals (if they're german citizens), and you claim Britain's the country with the weird justice system?

Re:Extradition

[missi]

the german constitution allows to extradite somebody to another EU country or to an international court...

Re:Extradition

hmm the US isnt great for its human rights record in the courts.

You'd prefer Saudia Arabia, Iran, or China?

Re:Extradition

[jeremyp]

He meant the UK. Lots of people have trouble telling the difference (including many of us English).

Re:Extradition

[jeremyp]

I don't know about the EU, but Britain will not extradite anybody for a crime where they'll get the death penalty if found guilty, which is probably why they wouldn't extradite terrorists to the US unless GWB asked Tony nicely (although I don't know what case you are referring to there). Quite a lot of Brits take the view that the death penalty is morally unacceptable.

For the record the Government offered plenty of support to the plane spotters in Greece for writing down aircraft numbers. Unfortunately, they were arrested in Greece, so extradition didn't come into it and they were up on a charge of spying so if they had got back to the UK, they may have been extradited on the grounds that we expect our citizens to be responsible for their actions when abroad.

Asylum seekers are another question altogether. People seek asylum here for two reasons a) they think they'll be richer, b) they might get killed if they stay in their own country. We can't send them back until we know that their reason for being here is definitely (a).

Is it just me...

[alargeduck]

Or is this really dirty:

Once, the FBI tricked two Russian computer experts, Vasily Gorshkov and Alexey Ivanov, into traveling to the United States so they could be arrested rather than extradited. The Russians were indicted in April 2001 on charges they hacked into dozens of U.S. banks and e-commerce sites, and then demanding money for not publicizing the break-ins.

FBI agents, posing as potential customers from a mock company called Invita Computer Security, lured the Russians to Seattle and asked the pair for a hacking demonstration, then arrested them. Gorshkov was sentenced to three years in prison; Ivanov has pleaded guilty but hasn't been sentenced.

Why not just extradite them? The US has a extrdition treaty with Russia I'm sure. Now I'm not saying that arresting them was "wrong", but why resort to deceptive law enforcement tactics like this?

Re:Is it just me...

[serps]

Is it just me... Or is this really dirty: [snip]

You mean, you don't read slashdot?

Re:Is it just me...

[nich37ways]

They needed the Russians to give them access to their home computers to prove that the russians had been the ones threatening the other banks.

To get this information the Russians accessed their own computers from the demonstration computers which had key logging software running on them. Then the FBI accessed the Russian computers in Russia to gain evidence that proved that the two Russians had been the ones demanding money.

The only dirty part is that they illegaly accessed the Russians computers in Russia, without Russian permision which is in effect cracking/hacking? and used/are going to use this information as evidence against the two Russians

--

Is it just me or did i type in Russian too many times...

Re:Is it just me...

[reallocate]

Well, one reason to lure them to the States would be a certain lack of confidence in the Russians' ability or willingness to arrest and extradite the pair.

BTW, luring criminals that way isn't "dirty". As far as I knw, it's fairly common. I've read of local police forces doing something similar to herd together folks who have skipped out on their child support payments.

Re:Is it just me...

[totallygeek]

Why not just extradite them? The US has a extrdition treaty with Russia I'm sure. Now I'm not saying that arresting them was "wrong", but why resort to deceptive law enforcement tactics like this?

Stings like this are done all the time within our own country. Creating a "new" crime that has a well-documented beginning and arrest becomes a more solid conviction. Proof of activity across the Internet by multiple people at undocumented times leads to reasonable doubt in the minds of jurors.

Re:Is it just me...

[ArmedGeek]

This is NOT an uncommon scam by law enforcement. It's generally done if there either HAS been difficulty capturing a suspect or it is BELIEVED that there will be difficulty. Local police will sometimes hold "contests" with wanted subjects as the "winners". It's actually kinda funny when a guy comes in thinking he's won concert tickets and he's arrested for an outstanding warrant, then STILL asks if he really gets the tickets. (I've witnessed this very thing)

Re:Is it just me...

You expect him to be familiar with every article thats posted then?

Re:Is it just me...

[nickclarke]

That happened on the Simpsons with speedboats didn't it?

Re:Is it just me...

Not giving him the tickets, would of course be fraud, and land the officers in the same prison cell. In any civilised country at least.

Re:Is it just me...

Yes! That's what he's paid for.

Re:Is it just me...

[jhunsake]

Bullshit. I call you up and tell you "I have some free concert tickets for you, come over and pick them up". Then you come over, at which point I tell you "dude, I was kidding". That's fraud? You're full of shit.

Re:Is it just me...

[TarPitt]

Such as sending them bogus notices that they have won a valuable sweepstakes prize, then busting them when they show up to collect. Bruce Schneier was right, there is no such thing as a "criminal genuis"

Re:Is it just me...

[SEWilco]

Police are paid to lie, it's part of the job. They just aren't allowed to lie in court. Or do you believe that an undercover cop is required to answer truthfully the question "are you a cop"? Or "I'm not going to arrest you, stay here and talk" must be true? Is it mandatory for the police officer to give someone a "fair" chance to run or stab? (You wouldn't believe the fuss when someone is shot merely because they're threatening with a sword...perhaps police should call the Musketeers squad and subdue him in a fair sword fight -- as if Musketeers didn't use firearms nor get hurt.)

Can we meet at high noon on Main Street to discuss this?

Re:Is it just me...

[Ozymandias_KoK]

No, but the "criminal genius" does know that publicity is detrimental to continued freedom. Small time crooks have a tendency to be stupid, which is why they don't hit the big time.

Re:Is it just me...

[Master+of+Transhuman]

>Police are paid to lie, it's part of the job. They just aren't allowed to lie in court.

BWAHAHAHAHAHAHAH!

Oh, wait, you meant they "aren't allowed", as in "you shouldn't do that"...

Re:Is it just me...

[sinserve]

Fuck man, can you hire me?

--
Will slashdot for weed and whiskey.

Punish those responsible...

[Minna+Kirai]

Throw some military sysadmins to a court-martial for dereliction of duty!

Ok, don't be that harsh on them. Scare em a little, then let the go with a warning. But national western militaries cannot continue to run their networks like this. It's dangerously irresponsible.

For a national military to assume they can use police arrests (force of arms) to secure their networks is folly. Armed force only works against attacks that are perpetrated from inside your range of military dominance. For the US that's a big area, but there's still many places where they can neither call in a SWAT team, nor direct an unmanned plane to assasinate the target.

If this fellow had been a professional (earning money from these hacks), then he'd be living in a secret compound provided by his employers in Iraq/Korea/China. True, the internet bandwidth isn't that great there, but a good hacker doesn't need it. He can just compromise some broadband PCs in the US or UK (possibly with the help of an agent on scene- a retailer who sells trojaned machines for instance) and use that to leapfrog to the real targets.

(If this guy was any good, we'll find out that this British suspect was just a patsy)

One big argument against more stringent computer-crime laws in the US is that they permit businesses and the military to postpone installing real network security. Why bother defending yourself, if the FBI just busts the punks for you?

This sets us up for disaster in 20 years, when the economy really needs the internet to survive day-to-day, and China has caught up to our 2005-era connectivity levels. If President Bush the 3rd angers China and they set 200 top computer professionals at making mischief, the damage could be real.

("Vaccinate now! Free Heckenkamp")

Re:Punish those responsible...

[Klaruz]

Court martial military sysadmins? No way. It's not their fault.

Hear me out here. The people running these systems (from my ex-air force perspective) are between kids out of high school (Airmen) and 20-sometings that have been doing military computer stuff since high school (NCOs). All they know is what the military trained them to do. Guess who decides what to train them in? NCOs and Officers. That's for the military people. There are civilians too, usually retired military. They all have to abide by policies set out by the DOD which are something short sited and not very well thought out. They also leave very little room to impliment no ideas and take care of important problems right away.

The best and the brightest who can actually secure a system don't go into the military. When they do, they're ignored because they're 'young' and have no 'experience'. I fell in the later catagory. There's nothing like the feeling of fixing somebody else's screw up (usually a contractor) and 30 minutes later be taking out the trash or doing some other degrading duty. Needless to say I got out and now make alot more money with alot less hassle, have a boss who listens to me (mostly), and can actually advance in the company and my career without having to wait X number of years and take a test on things that have nothing to do with my job.

Anyway, without going off topic. You can't blame these guys, most of them don't have a clue, those with a clue have their hands tied by stupid policies.

If you want to blame somebody, blame the high ranking Officers, they make the policies and the training programs that made this happen. Of course, that would never happen, some poor Airmen or overworked NCO will get railroaded.

Oh well, I'm free and clear now. At least I got a jump start on life and some free college out of the deal.

Re:Punish those responsible...

[E-Rock]

Maybe you're misunderstanding what he had access to and what professional means? Supposedly anything really juicy isn't connected to the internet anywhere and professional means he's getting paid, that's it.

That doesn't mean that there isn't a lot of profitable data on the connected network. My pops works for a company that does about 80% of its business with the military. I'm sure that if the Brit got one of their proposals off a network share, there's a rival firm with a slimy exec out there who'll buy it to undercut the contract.

That seems a lot more likely than him selling troop movements and materials checklists to the Iraqis. Also seems that they'd be willing to track this activity long enough to make a strong criminal case rather than simply disappear you.

Re:Punish those responsible...

[T-Ranger]

"I followed the spec/docture/manual" would be a valid defence if admins were proscuited after these types of indicents. So then the spec/docture/manual would be at fault, and the person who wrote them (or diddnt as there all painfully out of date).

But there is an entire US government agency, 50% of there mandate is to secure signals.

Re:Punish those responsible...

[Minna+Kirai]

I'm being intentionally alarmist here, and assuming the worst. Military planners should do the same, and prepare for the baddest scenario they can imagine. (And of course I don't mean that the zero-tier console-jockeys should be responsible for this. They should kick it up the chain until we finger the general who placed profits & patronage over security)

If he's looking for competitive info, then Raytheon and Lockheed Martin's corp networks are much softer and juicier. (Of course, for all we know, he's been in them too)

If he's an enemy, then there's non-classified data that can still be damaging. Especially military personnel records (which are often in the lesser category "sensitive"). Asymmetrical warfare procedure: Check out the make of aircraft bombing you, look up where the pilots get trained, see who's rotated through there, cross reference against health-care records for neo-natal care, and dispatch someone to visit the pilot's wife/kids.

(There are other ways to get the data, but lets not make it easier than necessary)

Re:Punish those responsible...

If this fellow had been a professional (earning money from these hacks), then he'd be living in a secret compound provided by his employers in Iraq/Korea/China. True, the internet bandwidth isn't that great there, but a good hacker doesn't need it. He can just compromise some broadband PCs in the US or UK (possibly with the help of an agent on scene- a retailer who sells trojaned machines for instance) and use that to leapfrog to the real targets

You have an amazing imagination. I bet you're still in high school

Re:Punish those responsible...

[lommer]

"(If this guy was any good, we'll find out that this British suspect was just a patsy)"

No actually, if this guy is any good we won't find out that this Brit is just a facade...

Re:Punish those responsible...

You are absolutely correct. The AF has always treated unclassified systems as an afterthought and things like merging the Admin (uneducated secretaries) with IM career fields thus dumping a horde of lusers (the words specific meaning fits here) into system administration were a huge fuckup. I hope someone in the AF with horsepower to fix this takes action soon.

Re:Punish those responsible...

[WaKall]

>>(If this guy was any good, we'll find out that this British suspect was just a patsy)

Actually, if he was VERY good, that would be true but you wouldn't find it out.

Re:Punish those responsible...

I suppose we should think ourselves lucky that the CIA didn't simply blow him up, then claim that everyone in the same house was also a terrorist suspect.

Re:Punish those responsible...

[mr_z_beeblebrox]

Throw some military sysadmins to a court-martial for dereliction of duty!
Great precedent to set, I bet you are not a sys-admin at a site worthy of 'hacker' note.
If this fellow had been a professional (earning money from these hacks), then he'd be living in a secret compound provided by his employers in Iraq/Korea/China.
That is true the third world would definitely want to utilize its' native talent, local technology and definitely local bandwidth. There could be no reason for them to recruit an American/European CS student at a 21st century University. Likewise they would be hard pressed to find such a student who needed money. Oops, I forgot to say ... NOT!

Re:Punish those responsible...

[nolife]

There's nothing like the feeling of fixing somebody else's screw up (usually a contractor) and 30 minutes later be taking out the trash or doing some other degrading duty.

That is the way the military works. One minute you are troubleshooting a nuclear reactor protection system, after that you work for 8 hours doing pre-critical checkoffs and tests, then you are starting up the reactor and bringing temp and pressure up to the normal operating range (one of the most detail oriented things I have ever done in my life). One hour later you are in the machinery spaces with a broom and dustpan cleaning up. There are only so many people that can fit in a submarine, ship or airplane. You can not hire a cleaning crew to support that.

Re:Punish those responsible...

[PhxBlue]

Well-said!

I'll add--the reason this guy didn't get into any classified information is because the military doesn't store classified information on the NIPRNet, that is, Unclassified but sensitive Internet Protocol Router Network. This NIPRNet is the Internet that DARPA originally developed and that everyone here uses today. Classified information is transmitted only along a SIPRNet, or Secret Internet Protocol Router Network, which is not actually connected to the public Internet.

Releasing or altering classified information would almost certainly require physical access to one of the computers that's already linked to the military SIPRNet. If the rest of the computers across the military are protected in similar fashion to the ones where I work--behind a foot-thick wall of steel with armed guards stationed at the entrances--I feel pretty good about the security of our classified information networks.

Re:Punish those responsible...

[tantalus]

"he'd be living in a secret compound provided by his employers in Iraq/Korea/China. True, the internet bandwidth isn't that great there "

Actually, Koreas is the #1 country in the world when it comes to broadband internet usage

Re:Punish those responsible...

[tantalus]

This sets us up for disaster in 20 years...If President Bush the 3rd angers China and they set 200 top computer professionals at making mischief, the damage could be real.

Au contraire, the danger is here! Did you know that hackers can now blow up your computer from afar

Re:Punish those responsible...

[TarPitt]

I'm afraid blaming the lowest ranking person for the policy failures of those at the top is not confined to the military. I worked for a "Big 5" (now "Final 4") CPA/Consulting firm, and would regularly see low paid new hires "counseled out" as a consequence of poorly sold, poorly managed projects performed for seriously disfunctional clients.

Best example is Being me the Head of WIllie the Mail Boy .

Re:Punish those responsible...

[SEWilco]

Maybe nobody in the military is guilty.
If this guy broke in to 100 honeypot systems, with no data and running only an unpatched retail NT system, the attacker did the crimes but nobody in the military did anything wrong.

("Free Heckenkamp" -- can I get one free even though I didn't buy anything?)

Re:Punish those responsible...

[Minna+Kirai]

I was abbreviating North Korea, which is a stereotypical "US enemy". And of course the difference in bandwidth across the DMZ is night and day. (The difference in electricification is too)

Re:Punish those responsible...

[sdreher]

Face it. The US gov't has set itself up for this... Using Microsoft products extensively for example. Hell if I was someone who hated america why not use one of america's biggest corporate machines against us... see if "lil billy" cares enough to make reliable software instead of a buck even in the face of patriotism. Also, what makes any of us think that government can "churn out" good sysadmins? All the good ones are protecting corp. america because the pay is better and they were smarter not to enlist. I live next to a couple Air Force admins who make me laugh at what they don't know... makes me wonder how much is really at stake from a digital security perspective. Hell, send the politicians to jail for persuing corporate mandates against P2P sharing and whatnot instead of protecting everyone's interests of national security. Hell, we're doing EXACTLY what every terrorist wants us to do - go after our own to make a buck instead of going after them who are the real threat. *clap* *clap* to congress (dripping with sarcasm). We all need to elect leadership that knows how to turn on a computer rather than those who only know how to turn out oil. *sigh*

Re:Punish those responsible...

If this fellow had been a professional (earning money from these hacks), then he'd be living in a secret compound provided by his employers in Iraq/Korea/China. True, the internet bandwidth isn't that great there, but a good hacker doesn't need it.

Dsl reports has a nice article on how "South Korea has been officially crowned broadband champions of the world."
http://www.dslreports.com/shownews/18147

This site also has another one...
http://www.nua.ie/surveys/?f=VS&art_id=905358189&r el=true

i also read somewhere that 2/3's of korea has at _least_ a 6mbps line into their homes.

Im just assuming whoever was paying him forgot to buy him his secret compound

What happens when they get hungry inside that compound?

License to kill -9 5393

[Zildy]

He was just looking for Halle Berry pr0n. :(

Re:License to kill -9 5393

For some decent Hally Berry pr0n, search for monster's ball halle berry on kazaa(lite :) or some other p2p program.

Kinda OT

[teamhasnoi]

When someone can bust into ONE HUNDRED MILITARY SITES and only get caught on the 101st, it makes me really doubt the 'security' of our electronic voting systems which are:

Closed Source
Admin'd by a Private Buisiness
Secured by Microsoft
Run by volunteers at each polling place.

Kinda makes you wonder if you really did/will vote, eh?

If this guy does get extradited to the US, I bet he'll be working for someone in a five-sided building real soon.

Re:Kinda OT

[wadetemp]

Damn. You're right. I knew I shouldn't have given my ballot to that bearded guy carrying the 80s-era Soviet anti-tank missle launcher.

Re:Kinda OT

[jsse]

Really, smart crackers(not hackers, give those journalists cluebatting) would spend time and effort on business and military intelligence than that of political. You might think some politicans might pay them to do so, how much would they pay compare to former two? :)

Re:Kinda OT

[ceejayoz]

You can hardly compare the electronic voting systems to military servers. The military servers are connected to the public internet - the best way of securing a computer is to smash its network card into itty bitty pieces.

The voting machines, on the other hand, aren't connected to the internet - they save the votes onto removable cards (compactflash cards, IIRC) that get taken (under guard) to a location where they're all downloaded and the results determined.

They're two completely different problems.

Re:Kinda OT

[i_am_nitrogen]

the best way of securing a computer is to smash its network card into itty bitty pieces.

Alternatively you could just take it out of the computer.

Re:Kinda OT

[Jah-Wren+Ryel]

You don't know the half of it. Peruse this article in a recent Risks Digest.

For those who are unaware of the Risks Digest it is not your typical consipiracy theory discussion list - excerpts are regularly published by the ACM. They've had regular coverage of problems with electronic voting systems since before the Gush & Bore debacle, but each new item on the topic seems to be scarier than the last. We potentially have HUGE problems with our electronic voting systems -- if policies are not changed soon we will (if we haven't already) end up with a situation far more serious than watergate ever was.

Re:Kinda OT

[silvaran]

Nonetheless, I can't wait to see a bug that causes the voting system to count down and give 4294967295 votes to a single candidate.

Re:Kinda OT

[Art+Tatum]

it makes me really doubt the 'security' of our electronic voting systems

Don't worry about it. The only people who use them are the idiots in Florida too stupid to punch a hole in a card. And do you really want the votes of people like that to count anyway? :-)

Re:Kinda OT

[Art+Tatum]

Well, you have to take it out before you smash it, obviously.

Re:Kinda OT

[Chriscypher]

Actually, during the last election on 11/5, I recall a news blurb extolling the virtues of electronic voting in Florida. The poll worker brought a touchscreen tablet *out to a car in the parking lot* so that an elderly voter could place her vote. I noticed a floppy wire that looked eerily like an antenna hanging off the side of the box, which immeditatelt said to me "wireless network". So, if wireless networking is in fact being used, I'd say their "secure" voting LANs will get cracked by the next general election, if they haven't been already.

To be above suspicion, elections require voting metohds are difficult to forge and have ballots can be confirmed after the fact (re-count). Electronic voting places all points of failure in an unexaminable variable in the system software. If done well, compromise of this system would be difficult if not impossible to detect, and there will be nothing to manually re-count: game over.

How do you *prove* the election was not rigged? Elections must have the appearance of impossibility of being rigged. It is very hard to forge 400,000 ballots with filled in dots (a la standardized tests; they can be both electonically and manually tallied).

The new voting machines in Florida are a exellent example of technology being more unrilable than simpler/cheaper/proven methods.

Re:Kinda OT

[koadic]

Sometimes not very good guards or very secure locations. Fulton County, Atlanta lost 67 memory cards last week. (http://www.accessatlanta.com/ajc/metro/election02 /09fultonvotes.html)

Re:Kinda OT

[ceejayoz]

Hmm, interesting. Looks like the voting booth makers planned for that and had it save a copy of the results on the booth, too.

Wonder how widespread that kind of thing was, though :-/

Re:Kinda OT

[ceejayoz]

The new voting machines in Florida are a exellent example of technology being more unrilable than simpler/cheaper/proven methods.

No, the Florida debacle was an excellent example of how the weak point is more often than not the humans.

Most of the problems with the new touch screens in Florida were due to the polling place workers either not showing up (!) or not knowing how to work the machines (never trained).

Actually, during the last election on 11/5, I recall a news blurb extolling the virtues of electronic voting in Florida. The poll worker brought a touchscreen tablet *out to a car in the parking lot* so that an elderly voter could place her vote. I noticed a floppy wire that looked eerily like an antenna hanging off the side of the box, which immeditatelt said to me "wireless network".

Wait... you heard about it on a news blurb, yet you "noticed a floppy wire"? How'd you manage that?

I smell a rat.

Re:Kinda OT

[Ozymandias_KoK]

Not if you're careful about it.

Re:Kinda OT

I smell a rat.

I'm tasting rat. Yumm... Tasty rat on sticks with peanut sauce for dipping. Please, more rat!

Re:Hacker

[GimmeFuel]

Way too broad. This criteria fits most of the members on /., myself included.

Re:This is not 'hacking'

[wadetemp]

Um, dude, all terrorists carry "AKs." Was this guy carrying an "AK"? No. Give him a break, he was just a British dude who probably had code red or something.

Re:FRIST POST

All y'all is fuckin' wrong! 915 in da hizouse!

Watch to see their target...

[Goonie]

The article was vague. Maybe he made a mistake and gave the investigators something that identified him. Equally likely, maybe the infosec guys decided the payoff for letting him continue hacking for a while (firm up the evidence for a conviction, be able to convict him for more serious offences, and most importantly figure out what his motives and techniques were) was more important than having him arrested immediately.

Re:Watch to see their target...

[oliverthered]

Isn't that aiding and abetting? How can it be a 'crime' if your deliberatly letting someone do it? It's like leaving a pile of gold on your front door step and then screeming blue murder when someone takes it.

Re:Watch to see their target...

[mr_z_beeblebrox]

The article was vague. Maybe he made a mistake and gave the investigators something that identified him.

Probably used the oldest trick in the book on him. They added an address field to /etc/passwd so when he added his back door account he put his name and address down. I don't know about you, but that gets me every time.

Re:Watch to see their target...

[YrWrstNtmr]

No, it isn't aiding and abetting. Waiting until you have incrontrovertible proof of who it is, where they are, and what they've been doing is merely prudent investigation.

Re:Watch to see their target...

[RadioTV]

If it's my gold and my doorstep - I can do anything I want with them. Just because I did something stupid with something I own doesn't make it your right to take it away from me.

Re:Watch to see their target...

[inKubus]

The article was vague. Maybe he made a mistake and gave the investigators something that identified him. Equally likely, maybe the infosec guys decided the payoff for letting him continue hacking for a while (firm up the evidence for a conviction, be able to convict him for more serious offences, and most importantly figure out what his motives and techniques were) was more important than having him arrested immediately.


Maybe, just maybe, he doesn't exist at all.....

Dental plan = null&void

[Chris_Stankowitz]

Remeber hackers have an ethics clause built into their "contracts" . Once broken you trade it health plans for orange jumpers and the chance of having your manhood "rooted". I hope he gets a cell big enough to count the days in binary on his wall.

Re:This is not 'hacking'

[T-Ranger]

Did he strike terror into your heart? No. Then hes not a terrorist. Had you not been on /. tonight you would never even have know about him. Not very scarry. Definitly not terrifing.

Re:Hacker

[Max+the+Merciless]

"He is probably a dirty, greasy, long haired linux hippie freak, who smells REALLY bad and hasn't taken a shower or left his parents basement in 5 years"

Don't you mean "GNU/Linux hippie freak"

Re:This is not 'hacking'

[njchick]

Maybe he was armed by an AK77?

Re:This is not 'hacking'

[lpontiac]

thats what breaking into the US millitary is, terrorism

No, it isn't. Terrorism is the use of violence and/or threats to frighten a civilian population, to coerce or punish them.

Re:This is not 'hacking'

[teamhasnoi]

If the guy is from Britain, he is considered a hacker. If he were from Iran, he would be considered a terrorist.

They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.

Would breaking into British Military also be terrorism? How about Iraq?

There is a difference between breaking into a companies network out of curiosity and breaking into a millitary network. At worst, it could be considered an act of war from the country where the hacker originated against the country that was hacked. This would be bad for britain as they are totally dependant on America for support and are controlled by America's millitary policy.

Britian is dependent on the US? Tony Blair certainly is Bush's Yes Man, but I wouldn't go so far as to say that they are dependent on us, or controlled by our policy.

100 successful hacks is quite impressive, and it's good to see that America's war on terrorism is paying off and this man was caught before he could have caused serious damage to the western world.

Yes. The war on terrorism is paying off, just like the war on drugs. We prevented this guy from breaking into *every* military network, just like we've taught kids to 'Just Say No' and quelled the importation of millions of dollars of coke and dope.

Thank you Geoilrge Bush, and God Bless Amerika!

Yes, I know, IHBT,IHL,HAND - I just wanted to practice my italics and paragraph tags.

Extradition treaty, nyet

[MacAndrew]

I'd be awfully surprised if there were such a treaty -- here's a reference that there's not There's still a pretty big difference in each's concept of justice, and they were bitter enemies until a few minutes ago.

There's no problem with deceptive law enforcement so long as it is not entrapment or go so far as to violate the constitution. For many types of crime it is the only practical way to get a collar. It depend son the circumstances. One of my favorites were a bunch of guys who owed child support; the cops had arrest warrants and called them all to tell them they'd won the lottery and all they had to do was claim the prize. It was a slaughter....

Interestingly, some countries are unwilling to extradite to the U.S., Russia, or other countries that practice capital punishment. This is a background issue re 9/11 prosecutions.

Re:Extradition treaty, nyet

[FeloniousPunk]

Interestingly, some countries are unwilling to extradite to the U.S., Russia, or other countries that practice capital punishment. This is a background issue re 9/11 prosecutions.
No, this only happens in cases where the person being extradited would actually face the death penalty.

Re:Extradition treaty, nyet

[MacAndrew]

Er, yeah, I think that's implied. And it's not "would actually" but "could possibly."

Re:This is not 'hacking'

Wow, you're an angry dick.

Re:This is not 'hacking'

if you knew it was a troll

why did you repond

are you a fucking idiot???

Re:This is not 'hacking'

[shtarker]

this man was caught before he could have caused serious damage to the western world Firstly he wasn't hacking into anywhere where he could cause any damage and secondly after 100 hacks I think its safe to say he wasn't really out to do anything that damaging. And anyway I would like to know how you manage to justify calling him a terrorist, he didn't gain access to any classified networks, he didn't destroy any of the networks he broke into and most importantly I fail to see how any of his actions could possibly result in terror of any kind.

Re:British hate us

[shtarker]

Bah you wouldn't have stood a snowflakes chance in hell with out the Russians and you know it.

Re:This is not 'hacking'

They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.

I see american propaganda has had a wounderfully successful effect on you

It's true that....

[MacAndrew]

...the British have TWICE attacked the United States for no good reason and lost. OK, it's been a few years, but do we KNOW this guy wasn't OSS? The British have been known to carry grudges.

Seriously, I would not argue that Britain is totally dependent on the U.S., and certainly not control by our military policy (they can defend themselves against, um, the French?). It just looks that way because they're the only ones (the gov't anyway) who agree with the U.S. half the time on international issues.

Re:It's true that....

read up you yr history.

No I dont mean type
history at the cmd prompt

spying countries

If this fellow had been a professional (earning money from these hacks), then he'd be living in a secret compound provided by his employers in Iraq/Korea/China.

Of course, this falls into that Bondian good vs evil bullshit.

You have to worry about your allies like Israel which has been conducting missions in the States as if it was Egypt as much as your enemies.

Re:This is not 'hacking'

Merriam-Webster says "the systematic use of terror especially as a means of coercion". I'm surprised the US gov't hasn't forced all dictionaries to broaden the definition.

Re:This is not 'hacking'

Actually having a box cutter and a knowlage of how to navigate an airplane is all that was needed to cause the biggest terrorist act in history

Why must we persist in...

calling hackers crackers?

Re:This is not 'hacking'

[njchick]

So, a guy from Iran who breaks into just one military computer is a recreational terrorist, right?

Re:This is not 'hacking' Haiku for ACs

[teamhasnoi]

Did you read the whole comment?

It said, "this is just practice"

are you a moron?

Re:FRIST POST

[DrMetallica]

respect

At least quote it right!

[Scaebor]

"All your base are belong to us". Please, when posting shitty jokes, at least post them correctly.

Re:At least quote it right!

[jigma]

Informative...what???

The plural "bases" was used because the military has more than one base.

Re:At least quote it right!

[Scaebor]

you know, i made the post and i agree with you wholeheartedly. mods on crack i guess...

Re:At least quote it right!

In that case it should read:

"All your bases is belong to us"

Re:At least quote it right!

It's still wrong.

"All your base are belong to us" refers to bases plural. Yes it is bad english but that was the entire point of the original joke.

Re:This is not 'hacking'

[porn*!]

They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.

Wow, that's a pretty extreme definition of terrorism.

There is a difference between breaking into a companies network out of curiosity and breaking into a millitary network.

hmmm... Are you saying that morality can be judged as a function of whether or not a particular act is committed against the state or a private company? I agree that if info. had been stolen that it would be a very bad thing, but since nothing broken into was classified ??? I'm not sure we know that he did anything other than make some web/sys admins look bad.

I can tell you right now I would not be amused if someone hacked into my systems because they were curious. I wouldn't take any legal action unless someone actually took intellectual property, but I'd probably 'hack' my sysadmin a new one!

All of that being said, I say hang him upside-down for 20 years and then turn him rightside-up for another 20.

porn*! - hanging upside-down for almost 20 minutes now!

yes

[FunkyELF]

thes man uses lunix! Note he si fat as a slummy slug and he smells liek a trash bin

Re:This is not 'hacking'

No, he is a criminal, not a terrorist. The men who piloted aircraft into the towers were terrorists; the men who shot people at random in the D.C. area were terrorists.

Terrorism is the practice of terrorizing a populace to get a desired result. By using the label wrong, as many people are tempted to do nowadays, you rob the word the emphasis it deserves when it's used correctly.

As far as I know (which is only what I read in the posted article), he didn't terrorize anyone.

Re:This is not 'hacking'

So if I scaled a fence and went for a walk on a military base just out of curiosity, that would constitute terrorism? Man, I'm glad I'm not from your country as you are certainly ruled by extremists!

Just a matter of time before

[Cheese+Cracker]

Tsutomu Shimomura takes the credit and turns it into a book and a movie... just to make some extra cash.

Re:This is not 'hacking'

The war on terrorism has not / is not paying off. To an even greater extent the war on drugs is not paying off. clearly you eat shit all day.

Re:This is not 'hacking'

[bigberk]

Yes. The war on terrorism is paying off, just like the war on drugs.

Well said.

Re:This is not 'hacking'

it's good to see that America's war on terrorism is paying off

I'm still waiting for the US to really start fighting a war on terror. How are those Irish-Americans (voters) going to react when the US starts launching unmanned drones and killing members of the IRA with Hellfire missiles?

Re:This is not 'hacking'

fuck you, gringo dog!

Re:FRIST POST

[you+are+teh+sux]

714, digga dog dang diddly-o

word to your mother

and her little dog, too

hmmm.

[_ph1ux_]

military cyber-guards.

I was watching this discovery channel documentary and there was this military type, jar-head cyber guard guy. He was standing there talking about how they monitor all the traffic on their networks, and keep a close eye out for any signatures of attack.

He was stressing how secret they keep all their information about their networks - that they dont let anyone know even their IP sets assigned to different networks, and that this information could help an attacker find out the machines they would need to attack.

The whole time he was talking about this - he was standing in front of a bunch of monitors, and the ones to the left of him was scrolling some sort of log and it was showing IPs to hostname mappings and some traceroutes as well. They were all in the really low IPs - and their hostnames were all .mil and *all* of it was easily readable by the viewer....

and i do not think it was something that was done on purpose and made to look like an accident. Not by the way these people were acting.

especially since they avoided filming any of the screens that people were working on.

So I am not too surprised.

Re:hmmm.

[Ektanoor]

"military cyber-guards"

Brrr. Hope the US Congress will be a bit cold-head before giving military the power to roam the net. Military are usually too crazy and too paranoid. Besides they are not usually bound to rules and laws the same way enforcement and intelligence agencies are. They are warmakers, and in war, most rules and laws are usually pieces of paper and voices in the wind. They are the dreamers of the maxima that "the only rule in war is that there are no rules". Right, there is the Geneva Convention, all those doctrines and instructions, there is still the fact that they have to bound to the civil state. However, in real wars, and I have seen a very real one, all that gets quite foggy.

Btw, yesterday a program in Russian TV was criticizing Pentagon for its stance on Iraq. One of the criticisms was well remarked there:

"While CIA still has its header in its shoulders and tries to see the real situation, Pentagon military try to take for granted what they wish to see and how they wish too see. Worse, they try that the Congress and general public only see what they wish.

Frankly, in this statement there is something that applies to many military in the world. In most cases they see things as they wish to see. If someone walks near the border, he's probably a spy. If someone makes too harsh statements, he's an enemy to be crushed down without pitty. If someone shoots into your territory, then there's a whole division behind and it's time to move our forces into enemy territory before they do it on us. And all this should be accepted by everyone. Or else you're a traitor, a summy commy, a terrorist and you should also be crushed.

Leave security to FBI, CIA and NSA. While they are not saints, they still are the professionals who know the field and the limits. Military have no breaks in their heads and may fire a war much faster than anyone else, as that's their main profession...

Re:hmmm.

[jhunsake]

I can tell you don't know many people that are in the military... they are usually very opposed to war, as they know what it's like.

Re:hmmm.

Military are usually too crazy and too paranoid.

Oddly enough you just described the perfect IP person.

"professional"

[g4dget]

they do consider the hacker to be a professional rather than recreational due to the large number of networks he hacked.

Sleeping with a lot of men/women makes someone a slut; it requires getting paid for it to be considered a professional.

Re:"professional"

[infiniti99]

Not necessarily. I visited Merriam-Webster to check on this, and "receiving financial return" is just one of the many definitions of a professional.

I believe there was a related debate on a recent Slashdot poll involving programming, where two of the options were "Professional" and "Open Source". This was a poor choice of words, since the two are not mutually exclusive.

Re:"professional"

[tireg]

Sleeping with a lot of men/women makes someone a slut; it requires getting paid for it to be considered a professional.

No, if you get paid for it you're a hooker :P

Re:This is not 'hacking'

[Twirlip+of+the+Mists]

They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.

The term "terrorist" has certainly been overused in the past year or so, but what many people don't realize is that it actually has a strict legal definition. (Well, actually several strict legal definitions, depending on the jurisdiction you're paying attention to at the time.)

Way back in 1937, the League of Nations defined terrorism as, "All criminal acts directed against a State and intended or calculated to create a state of terror in the minds of particular persons or a group of persons or the general public." So under that definition, an act is terrorism only if it's specifically intended to create a state of terror. September 11, yes. This guy, no.

In 1999, the UN defined terrorism this way: "Reiterates that criminal acts intended or calculated to provoke a state of terror in the general public, a group of persons or particular persons for political purposes are in any circumstance unjustifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic, religious or other nature that may be invoked to justify them." So here to we have the idea that the act must be specifically intended to invoke a feeling of terror. So by that definition, too, this incident is not terrorism.

The USDOD defines terrorism to be, "The calculated use of violence or the threat of violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological." Once again we have the idea that the act must be calculated to cause fear. If an act merely incidentally causes fear or terror, it's not strictly terrorism.

Since 9/11, laws have sprung up in several US jurisdictions making it a crime to plan, enact, or carry out any act designed to produce a fear response in the population. In fact, the DC sniper suspects are being indicted in Maryland under just such a law. But all of these also have the same basic thread: that the act must have been done with the specific and deliberate intent of causing fear.

So no, what this loser did isn't technically terrorism.

At worst, it could be considered an act of war from the country where the hacker originated against the country that was hacked.

Not really. In order to make the leap from crime to act of war, there has to be an element of direct or indirect state sponsorship. An individual acting on his own to carry out a criminal act-- even a horrible or devastating one-- in another country does not automatically constitute an act of war. But if another government sponsors the act, that's a different story. The basic idea here is that war is a state of armed conflict between nations, not between groups or individuals. Rhetorical shorthand aside, the United States could never be in a state of war against al Qaeda, or against Osama bin Laden personally. The concept of war can't be applied to those sorts of conflicts in any meaningful way.

Re:This is not 'hacking'

Actually its called weekend warrior,

If you do it a lot, you're a "professional"

[Jeremiah+Blatz]

Hrm, "they do consider the hacker to be a professional rather than recreational due to the large number of networks he hacked."

Wow, I guess I'm a professional /. reader? This is so cool! I thought I was unemployed, but no, here I am, practicing my profession *right now!* Rawk!

Re:If you do it a lot, you're a "professional"

Wow, I guess I'm a professional /. reader? This is so cool! I thought I was unemployed, but no, here I am, practicing my profession *right now!* Rawk!

The bad news is that you only get paid with Karma.

The good news is that is may be more valueable than VA's stock.

Re:This is not 'hacking'

What do they teach you Americans in highschool?

Disgraceful.

Re:This is not 'hacking' Haiku for ACs

That's the stupidest excuse I've ever heard, you retard. Just admit you're a reactionary little child who can't control his temper even when he knows he's being manipulated.

Share the data!

Why don't these people just share the data they find, I mean leech everything and put it up to a porper distribution place (the same place you download movies and music from).

This all goes to show...

[SlimFastForYou]

where millions upon millions of US Taxpayer dollars go: To keep military networks secure!

Seriously, I don't think that the guy was trying to completely keep his identity a secret. If something is easy enough to hack, there is no fun. I used to play around with my school's network (causing no damage). But since the network security was so easy to break, I leave their network alone and only use their computers when I have to (they are slow Win98 machines anyway).

Flamebait?!?

[MacAndrew]

Gee, I guess deadpan slips by some people a little too easily? I thought I put in enough hints. Read it again, slower....

Re:Flamebait?!?

You'd have been fine if you left it at the first paragraph. The second exhibited an underlying bigotry. If you'd been writing about an African American or a Jew, you would have been accused of racism.

BTW, you could claim that the British did successful invade the US. Although Canada wasn't very Canadian then. They burnt down D.C., leaving the Whitehouse.

Finally, I think you'll find that the US also has some dependency on the UK. Politically as they give them international legitimacy, a bridge between them and the less gung-ho Europeans, and they still have a lot of ties, influence and experience around the world, although that diminishes with each passing year. Also, strategically: they have bases in Cyprus (not many minutes flying time from Israel), which are good listening and staging points for the Gulf, as well as Diego Garcia, which I believe the US leases. And of course, they're also closer by several hours, which is why the US asked to have their B2's relocated to a base in the UK.

Re:Flamebait?!?

[rampant+poodle]

"They burnt down D.C., leaving the Whitehouse."

Actually it was the U.S. Patent Office that was left unburned by the Brits. This likely has resulted in more long term damage than torching the rest of DC!

Re:Flamebait?!?

Oh, I see. I had to do some research before I discovered where my misinformation came from. Although the east wing of the Presidents house was gutted, it looks like part of it survived. This being repaired and whitewashed over, to give us the modern name. Of course they burnt the Whitehouse down: part of the mission was to raze all the government buildings as revenge for the destruction of the parliament buildings in York. Unfortunately, there is no chance of anybody returning in the near future to complete the job and do away with the USPO.

Re:Flamebait?!?

There's no underlying bigotry to exhibit; I knew what I saying. Tthe British are big enough to take sarcasm and know they're our equals, such that a British spy would be laughable. But other folks tend to be hung up, condescending and self-complimentary.

The US has kept the B2's close to its chest. It's Whiteman, period. But you already knew that.

Re:Flamebait?!?

So if I call a black man a n******r, he has no right to be upset with me because I'm myself am not racist and just used it because that's what they call themselves?

When people say something enough times it's no longer a clever joke. I think you'll find these repetitive "jokes" from Americans who think they're being original and witty are beginning to sound like BS and a very arrogant condescension.

As for the B2's just being restricted to Whiteman AFB, you couldn't be more wrong. I believe I saw it on BBC World, but a Google search of the web returns lots of results. They've been upgrading the hangars at RAF Fairford and Diego Garcia for some time.

http://news.bbc.co.uk/1/hi/uk/2265159.stm>
http://newsfeed.volaris.com/wed/bo/Qus-iraq-air.RN ht_COU.html

Re:This is not 'hacking'

[kakos]

Actually, by the Patriot Act, hacking IS an act of terrorism. I forget the exact wording of it, but any attempt to gain access to a government computer system is considered a act of terrorism.

MOD DOWN

Thank you Geoilrge Bush, and God Bless Amerika!

Look at this, it's obviously flamebait! I hope m2 bites you on the ass

Re:This is not 'hacking'

mmmm. poop. or sarcasm.

clearly.

Re:This is not 'hacking'

[ArmedGeek]

Tony Blair certainly is Bush's Yes Man

Let us not forget, Mr. Blair was also Bill Clinton's Yes-Man.

Stalin Once Remarked

"It is not in the hands of those that cast the votes, but in the ones that count them."

Re:This is not 'hacking' Haiku for ACs

[teamhasnoi]

I assure that my original post was written in the clearest of mind and calmest of spirit. You sound like you could use a drink. Good Day.

Forget about stupid moderators,

And check out the idiot posters...

Amazing what is considered "insightful" these days. This knuckle-dragger seems like he is barely able to understand how fire works, much less a keyboard.

'millitary' is correctly spelled 'military'.
'thats' should actually be written as "that's".
He also needs to learn what the [SHIFT] button is for.

Others have already reiterated the definition of terrorism. I would just like to point out that the United States Military is hardly a bastion of nobility. For such things as exposing american citizens to nuclear fallout or toxic gases, I really don't get to worked up about hacking until bullets are flying.
So go wave your stupiÈâáag. You are proof that ignorance is bliss...

Re:Forget about stupid moderators,

United States Military

Why is military capitalized? Is it a proper name? I have never heard of a group called the "United States Military" (USM???).

I suggest you retake your primary school grammar courses!

Re:This is not 'hacking'

Something like a threat to bomb Iraq? Before you go apeshit, think: the US comes in, bombs, leaves and then the civilian population has to live another 11 years in poverty before the next wave. So, civilians DO get hurt in the process, albeit not directly.

sanitized bet on it....

[codepunk]

You can bet your sweet ass that was sanitized screens you where looking at. When I worked in the navy command center we where frequently visited by the press and if they had camera's we threw bogus stuff on the screens to sanitize the area before entry. So what you see is completely bogus smoke and mirrors.

Re:This is not 'hacking'

[Dave_bsr]

The war on drugs really limited a lot of drug use. If you are of the opinion that drug use is bad, then the war on drugs did _some_ good. It's too bad that it wasn't 100% successful, kids should find some way to entertain themselves besides killing brain cells...I know kids who don't smoke or drink, but write code or actually learn stuff. Whatta concept.

Now a lot of people are saying that this Iraq stuff is all about oil. I guess you might think that - and Bush's background in oil might make it seem plausible. And yeah, if ol' Saddam does get killed in an upcoming war, and we (USA) do have to manage Iraq for a while, we probably will get better prices on oil and gas.

But it isn't just about oil. If Bush wanted to fight wars over oil, why aren't we attacking every other terrorist-supporting, oil-producing country? Bush hasn't even mentioned it. Why would we give Iraq back to its people, instead of keeping it as a territory? Now THAT would lower oil prices - steal oil from Iraq-as-a-US territory! yay!

In reality, we're just kicking Sadam out, or at least removing his teeth. He's evil, he's fascist, he kills his own people, his own countrymen... He lives in luxury, while his own public starves. He shoots those who disagree with him. You just said something that wasn't very pro-bush, are you dead? Nope. We're not that evil.

It's not about the oil. If you think it is, you are ignoring several major facts. I don't like just sitting by while women, homosexuals, and children are abused, killed, or whatever. Where people are killed for their race. Where the ruler-for-ever seems to hate most of the rest of the world, and would destroy us all if he had the power. That's not cool stuff, dude. I don't think it's just about oil.

ps - OT - breaking into computers isn't terrorism. I don't think it's too legal, but it's not terrorism. I'm not scared, are you? Nobody's dead yet. Now if it comes out that he planned to use the .mil sites' data to kill people...well that's different.

Re:This is not 'hacking'

[Malc]

It's called spheres of influence. There are still US forces in Kuwait, as well as other Gulf countries. Even if the US give Iraq back to its people, it will maintain a presence there. This will help eleviate the concerns that they might have to withdraw from Saudi Arabia. Now look at Afghanistan: it is close to many former Soviet republics that are also oil rich. Coincidence?

Re:This is not 'hacking'

They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.

No, it is not. Terrorism is the use of terror tactics against a civilian population (which presumably isn't able to defend itself). Attacking military targets is perfectly legitimate acts of guerilla warfare, and the perpertrators of such are entitled to be treated as prisoners of war, and not this "enemy combatant" category that Bush invented.

So:
* attacking that supertanker the other month - terrorism.
* ramming the Cole - legit.
* blowing up the WTC - terrorism.
* blowing up the Pentagon - legit.
* shooting off-duty US marines in Yemen - legit.
* hacking military bases - legit act of war, or civil crime. Definitely not terrorism.
* dropping a 2000 pound bomb on a wedding party - a regretable accident.

Essentially, any act against a government office or military base would be a legitimate act of war.

Another re-write of the language?

[Zemran]

Professional (adj) - practicing for a livelihood.

Either this person was making his money from this (which I doubt) or this is another case of "they don't know the what they are saying".

Just like the abuse of the words "theft" and "pirate" in relation to software when no one is permenantly deprived of anything.

These terms are being misused, not out of ignorance (although the ignorance is obvious) but out of a desire to create a false impression and make the crime seem worse than it is.

Re:This is not 'hacking'

[boots@work]

Well, I laughed. :-)

Re:This is not 'hacking'

[teamhasnoi]

Sure, nobody likes the fact that people are being killed and beaten, however those people are very far away, and the gas tank on Mrs. Johnson's SUV is very near and dear to her heart.

As far as attacking the rest of the oil producing countries go, we don't have a 'convincing/convienent' excuse. Yet.

I figure that things will happen roughly like this: War on Iraq after 'lame duck' session of Congress is over. Some homeland security stuff mixed in with some education reform (for the kids!/votes) pushed thru Congress, another smaller 'terrorist attack' somewhere visible, maybe on the other coast, war on random terrorist-producing(oil) country. More tax cuts for people who don't need them, maybe some more touchy-feely legislation, go and drill in Anwar, more homeland security powers and rights to seize and detain, and finish up with some more love-in legislation barely covering the dark amendments beneath. Just in time for 2004, and polls, and scared/delighted/one-issue voters!

Whee. I wish I didn't think these things. Cynical, paranoid, ignorant, or trolling, some AC will come along and call me all four.

I just hope I'm not right.

Re:This is not 'hacking'

Blowing up the Pentagon with a plane of civilians isn't terrorism?

Dropping a bomb on a wedding party isn't a war crime? Dropping a bomb on the Chinese embassy isn't a war crime (either that, or gross incompetence and inexcusable negligence)?

I'm sorry, but when somebody tries to appear like a civilian before launching an attack meant to intimidate the goverment (random killing of service men causes terror back home in the service families, and thus threatens the government), they are terrorists. It's just as much terrorism as when the paramilitaries attack British servicemen and the RUC in Northern Ireland. You are right though, some acts against the military are not terrorism, but most of the ones you mentioned are.

Read more closely

...who broke into roughly 100 unclassified...

Did you folk all miss this phrase? Focus on the word 'unclassified.' This retard probably hax0red a bunch .mil web sites designed to attract Army recruits or something.

Re:Read more closely

Maybe, maybe not, Information always seems to become unclassified once it gets out... :P

Re:This is not 'hacking'

But it isn't just about oil. If Bush wanted to fight wars over oil, why aren't we attacking every other terrorist-supporting, oil-producing country?

1. Iraq has a sheet-load of oil.
2. Getting all of that oil puts Saudia Arabia in a ... competitive position
3. Between Iraq and a compliant Saudia Arabia, that should just be about enough oil to last us for the next 20-30 years or so.

I'm glad at least one moderator...

...pointed out that your description is "redundant".

it was a typo

[DahGhostfacedFiddlah]

Here's an excerpt from the definition at dictionary.com.

...3: of or relating to or resembling Pyrrhus or his exploits (especially his sustaining staggering losses in order to defeat the Romans); "a Pyrrhic victory"...

Re:This is not 'hacking'

No, it is not. Terrorism is the use of terror tactics against a civilian population (which presumably isn't able to defend itself). Attacking military targets is perfectly legitimate acts of guerilla warfare, and the perpertrators of such are entitled to be treated as prisoners of war, and not this "enemy combatant" category that Bush invented.

1. Your definition of a terrorist act is wrong, neither the UN, not the USDOD mandates that a terrorist act must be perpetrated against the civilian populace to be considered a terrorist act.
2. Actually, the term is "unlawful combatant".
3. Bush did not invent the term.
4. And. no, they are entitled to be treated as unlawful combatants. There is a difference between a soldier sanctioned by a real, legitimate, enemy state, and any radical who picks up a weapon and points it your way. The former is doing his duty, the latter is exactly the kind of action that get civilians killed, and is unlawful.

So:
* attacking that supertanker the other month - terrorism.
* ramming the Cole - legit.

Actually this would be terrorist.

* blowing up the WTC - terrorism.
* blowing up the Pentagon - legit.

Terrorist. I suppose the explosion at the Alfred P. Murrah building was legit, eh?

* shooting off-duty US marines in Yemen - legit.

Terrorist.

* hacking military bases - legit act of war, or civil crime. Definitely not terrorism.

Criminal.

* dropping a 2000 pound bomb on a wedding party - a regretable accident.

Essentially, any act against a government office or military base would be a legitimate act of war.

No it wouldn't. You are exactly wrong.

Extradition?

[panurge]

We all know that the US govt. will not sign up to the International Criminal Court, yet tries to extend US jurisdiction outside its borders. But this is ridiculous. If the actions took place in the EU, on what basis could there be extradition to the US? Extradition is in respect of a crime committed in the country requesting the extradition.

Basically what he did was sit at a keyboard typing and looking at a screen in, presumably, the UK. At what point was the crime committed? When he hit the return key, or when he viewed the resulting data? I would suggest that is the case, and any prosecution should take place in the UK - there is plenty of existing legislation.
I am sure that someone will start bleating on about the theft of CPU cycles, or whatever. But this is extremely abstract. If the sites were non-secure, then presumably they had public access. If we are going to pass laws that people can only view websites as the designer intended, it may suit the kind of Government idiots that once threatened someone with prosecution for telling them they had an open SQL port with anonymous login on a military server, but is hardly going to promote good design (or be enforceable).

This is exactly the kind of case that makes the notion of a World Court reasonable. But I can just imagine his lawyers going to the EU Courts to argue that (a) the US is refusing to allow its citizens to be subject to the ICC, thus demonstrating that US law is not even-handed, (b) in the present climate of hysteria he could in any case not get a fair trial, (c) that US law is in conflict with EU human rights legislation.

It seems to me we have more to fear from the kind of idiots that go in for the kneejerk "This guy looked at a Govt. site! He is a terrorist!" reaction. The word for them is Stalinists, and the last thing we want is for the delightful security and political policies of the former Soviet Union to gain a foothold in the Republican Party.

Re:extradition?

Not if he broke the law.

Most countries have treaties with other countries to handle cases like this.

If a person breaks the law in our country, and flees to your country (which he did, just didn't have to break a sweat fleeing, just hang up the phone), you will arrest him for us, and give him to us.

You agree to do this, so that when someone breaks the law in your country and flees to ours, we will do the same.

There are specific exceptions to all treaties between specific countries. A lot of countries will not extradite murderers to the US because we may execute them. Other treatises say that they will only extradite if the crime they commited is a crime in the country they fled to as well.

Re:Extradition?

[metachimp]

This wouldn't be tried in the ICC even if it existed as previously proposed today. The hacker would be extradited to the US, as I'm pretty sure that it's against the law in the UK to hack or attempt to hack government/military networks of any kind. Considering the relationship between the US and the UK, the ICC's prosecutors, even if they existed, would certainly not even consider prosecuting this case.

The ICC is specifically designed to address the 'justice vacuum' created by events such as Rwanda and Yugoslavia. The ICC seeks to address a *new* legal problem, not supplant or replace already existing run-of-the-mill crime that has an international dimension.

This is not to say that the ICC isn't a good idea, it is, and I think the US withdrawal from supporting it is arrogant and base on the desire to protect people like Kissinger from possible prosecution. Remember, the reason the US gives for not supporting the ICC is that they don't want any US citizens or military personnel prosecuted for war crimes or crimes against humanity. Does this mean that in fact the US is admitting that it committed atrocities? No, but clearly we know that it's possible. US actions abroad, even within the last 20 years (I'm thinking specifically about El Salvador, Nicaragua) have certainly been complicit at least, in the commission of what could certainly be viewed by an international body as crimes against humanity, which is specifically what the ICC is designed to address. Extradition between the US and UK is easy. Probably easier than extradition from Canada.
The argument that the US is trying to apply it's laws worldwide can be made, but this is not the case you want to use to prove that point.

Re:Extradition?

[flossie]

You are absolutely correct, but don't hold out for any resistance from Dubya's poodle in number 10 - there won't be any. To be honest, I think that this is probably the most confusing thing about international politics at the moment. Why on earth does the leader of the Labour party (an organisation with left-wing trade union roots) feel the need to cosy up to the leader of a party to the right of the Democrats (which are themselves considerably to the right of the Tory party). It makes no sense! Clearly the CIA have got something on Tony - the sooner it comes out, the better for all of us.

Free sk8? Why?

[Wee]

Vaccinate now! Free Heckenkamp

We should free him? Why? He doesn't need us. He's doing such a marvelous job of freeing himself that he shouldn't need our help.

Hey, if I let someone crack into my machine after I commit really incriminating and expensive online crimes, do I get a "Get Out Of Responsibility" card too?

What a load...

-B

Re:This is not 'hacking'

[theLOUDroom]

Actually, by the Patriot Act, hacking IS an act of terrorism. I forget the exact wording of it, but any attempt to gain access to a government computer system is considered a act of terrorism.
Just because it a law doesn't make it right.
Or as someone once said: Ignorance is no excuse for the law.

Re:This is not 'hacking'

[Samrobb]

Terrorism is the use of terror tactics against a civilian population ...

While I'll agree with that, I have to disagree with the idea that "blowing up the Pentagon" comes under the heading of "guerilla warfare." If you are referencing the 9/11 attacks, I'll point out that an airplane full of civilians were killed in order to make the attack possible. IMHO, that makes the attack on the Pentagon a terrorist action. Damage to the Pentagon was of secondary importance; the primary goal was to instill fear into American citizens. If the folks who comandeered the planes were kept from plowing into the Pentagon, they probably would have been just as happy to head for any available location where they would be able to kill as many people (civilian or military) as possible. If they had attached the Pentagon using some other means (a kamakazi pilot in a single passenger plane, a truck loaded with explosives, etc.) I'd be more willing to accept it as an act of warfare vs. an act of terrorism.

Second, I'll point out that while "attacking military targets is perfectly legitimate acts of guerilla warfare", this is really a moral distinction. "Shooting off-duty US marines in Yemen" might be considered a "legitimate" act of guerilla warfare, in that the guerillas doing the shooting can claim that attacking enemy soldiers is not immoral (though, IMHO, it's not very smart on the part of said guerillas, as they are implicitly depending on non-military factors they hafve no control over to stifle effective reprisals). Despite this, it's unlikely that the civil government Yemen would treat these killings as anything but murder. (Granted, I'm unfamiliar with the current situation in Yemen. Whether or not the government there would abide by their own laws and investigate such killings as any other murder is a seperate issue entirely.)

What is a Professional Hacker?

[divide+overflow]

Q: How can you tell a professional hacker has hacked into your network?

A: You can't. That's why he's a professional.

Re:What is a Professional Hacker?

[Ektanoor]

You can if you are also a professional and care for your work, the network you administer and the people who work on it. "Professional" is a term that states your experience and skills and not that you are God-All-Mighty.

*Interesting*???? Who modded this up?

100 networks

[Mika_Lindman]

100 networks before they caught him? Somebody really should email those military admins something like "man tracert > catch_hackers_really_fast.txt"

Re:Extradition? - ICC

[matthew_gream]

You don't know what you're talking about. The International Criminal Court is only concerned with "mass crimes" against humanity, especially this committed by by states.

Try reading ICC Jurisdiction:

1. The jurisdiction of the Court shall be limited to the most serious crimes of concern to the international community as a whole. The Court has jurisdiction in accordance with this Statute with respect to the following crimes: (a) The crime of genocide; (b) Crimes against humanity; (c) War crimes; (d) The crime of aggression.

What frightens me most..

[varjag]

..about this story, is that noone of slashdotters objected this time to use of word 'hacker' as a label to 'cracker'.

Oh well...

Re:What frightens me most..

A. Yes they have you blind git.

B. The term 'Hacker' was used correctly. 'Cracker' postdates 'Hacker', and is only ever used by a bunck of winey wusses who are scared of the big bad govenment, but still want to call themselves hackers (which they ain't).

Re:What frightens me most..

[varjag]

'Cracker' postdates 'Hacker'

Only because crackers postdate hackers.

Of course he didn't get to any classified info

[LazLong]

Classified networks are air-gapped from unclassified networks, which the Internet is by definition.

I love it when some U.S. gov't computer getting hacked makes headlines....The most sensitive info a hacker could ever get would be HR type info.

Re:Of course he didn't get to any classified info

You mean info such as where people live? It's not like Al Queda would want info like that or anything ...

Re:This is not 'hacking'

[Tokerat]

Yes, and according to the DMCA, copying my CDs into my computer can be considered an act of Copyright Violation...and Theft.

The Patriot Act is as full of shit as half the new laws passed in recent years. Not that we dont' need to protect against terroism, but dont' call a crime "terrorism" when it isn't. Hacking a US Millitary network is a pretty Bad Thing to be doing, but I wouldn't put it in the same catagory as strapping a bomb to your chest and diving through a resteraunt window.

The US Government is too easily excited by hype and buzzwords like that...

Ahh. I'm quite proud.

[Slackers+R+Us]

I wasn't that bothered when I saw the headline. However, once I noticed he was British... Nice to see someone's keeping oursides rep up.

Re:British hate us

Actually, top military theorists have yet to work out a way in which Germany's 'Sealion' invasion plan could work. Even if the Brits sit around for 24 hours, you just end up with German corpses lining the coasts of England.

In fact, it was the Poles that saved us (1930s Polish hackers won WWII for the allies). Once they gave us Enigma, Germany couldn't win. Once the Russians joined in, Germany couldn't even hope for a draw.

Datastream Cowboy...

[Mafuba]

Neal?

hmmm...

FreeSomeBritishGuy.com

[L0k11]

Anyone registered the site yet?

Who dibs making bumper stickers?

I bet this "hacker" is a....

[Blingin'+AMD]

PACKET KIDDIE!! Just kidding, of course, but what if he was? I mean, wouldn't that cast one hell of a doubt upon our military servers? For the #1 military in the world, we ain't secure. What if this guy actually decided to F with us. What if he decided he wanted... say... 10,000 troops sent to Luxembourg, perhaps. Seriously, this guy could have done some serious damage. I bet he will get one of those "Work for us or rot in jail" deals from the US Gov.

Re:I bet this "hacker" is a....

[Artemis]

You have no clue what you are talking about. Do you really think troop movements are done via unclassified networks? It's all done through AUTODIN via messaging, or through DMS, which requires a ISSUED Fortezza card to release the message. I don't think a hacked email/message coming from "Doe Col John A" saying to move "10,000 troops to Luxembourg" would be taken seriously. It was most likely some unpatched IIS servers that were servers as www.wherever.service.mil. Sure, those IIS servers should be patched, but the crap it takes to get it authorized is insane. We're still waiting to stand up a single Win2k Server (without AD). Of course, in the Navy/Marine Corps, everything IT is essentially "on-hold" for NMCI. You think this will be any better when EDS takes over the unclassified networks for 1/2 the military?

Book !

[dopolon]

I read that book when I was about 14 and I really liked it a lot...
it is based on a true story (I knew someone from the lab where the hacking took place), and it is well written

Re:Book !

[AndroidCat]

"Based on a true story" is when TV mangles something vaguely based on facts. Cuckoo's Egg is a true story. (For large values of true.)

He's entertaining as a speaker too. I was at his panel at a Niagara Falls science-fiction convention. Perhaps just a little hyperactive. :^)

Echelon

[Martin+S.]

So let me see if I have this right.

The US Military want to prosecute somebody for doing something they've been doing for years ?

Re:Echelon

[Distinguished+Hero]

So let me see if I have this right. The US Military want to prosecute somebody for doing something they've been doing [echelonwatch.org] for years ?

Where have you been for the last couple of millennia? A country (especially a powerful one like the US) can do a lot of things that are illegal for an individual to do i.e. a guy shooting another guy on the street is illegal, but the US can pretty much shoot/kill as many people as they damn well please.

Re:British hate us

As Bill Bryson says, we would have made great communists:

We like queuing
We not materialistic (well, we weren't - we are now)
Until about 1983 the living standard was about the same

Re:This is not 'hacking'

[jhunsake]

"Geoilrge Bush"

This is a liberal idea that has no basis in fact. In the long-term, an attack on Iraq would lower oil prices, which would hurt Bush's supposed cronies. Also, we get very little oil from there anyways. Don't forget about Venezuela, Russia, or any number of other places with large amounts of oil. Even if the middle east was nuked tomorrow, we'd only face an oil shortage from distribution problems, not from diminished oil availability. In other words, it's FUD, but you have to give the liberals credit, they are very good at scaring people.

could be a pro

I dont think its so unreasonable to think that this guy could be a pro, many people have said that just becuase he has hacked tha many networks he isnt a pro, which is true. But i think that it is not unreasonable to assume that for him to be good enough do this, he could well be a pro, even if he wasnt bing payed for these specific hacks.

wish i didnt have to post as an anon coward, but ive forgotten my nick/pass time to sign up again i guess!

but only for around 50 years

[Martin+S.]

The British have been known to carry grudges.

Yep, but only for around 50 years or so; Americans seem to carry them for 200 years.

Re:but only for around 50 years

[MacAndrew]

Hey, some places in the Balkans and elsewhere, 1000 years is a reasonable grudge. :)

The Americans have pretty much forgiven the British for whatever it is that they did but we don't know because we either didn't study it in school or forgot it.

As the Oracle Homer Simpson has said:

"If I didn't have this gun, the King of England could just walk in here anytime he wants and start shoving you around."

Oops!

Shit...

You'd thought they would have told me first before spreading it all over the net.

Still, they have to catch me yet.

See me run...

Re:Extradition? - ICC

[panurge]

I do know what I am talking about.

The present US govt. will not allow the extradition of US citizens by the ICC for the most serious crimes, war crimes, mass murder etc. So why should anyone allow extradition to the US for lesser crimes committed outside its jurisdiction? Either the Bush government recognises that all states and citizens have legitimate cross-border security interests, or it doesn't. At the moment, it recognises them in a very one-sided way (You can prosecute Milosevic, but not Kissinger.) It also has a habit of tearing up international treaties. So why should other states recognise treaties with the US? This is a no-brainer. If Bush wants to be isolationist, fine. If he wants to be internationalist, better. But saying "I can be isolationist in my interests but internationalist when I want something from you" - Tony Soprano government.

No

NSA spooks don't worry about things like "some extra cash." He was making a rather decent 6 figure income before he had even heard of Mitnick. Sorry. 15 minutes of fame, maybe. But not "some extra cash."

Re:This is not 'hacking'

[moz25]

I agree... my understanding is that attacking military is "ok" in the sense that people in the military, by definition have made a set of clear choices and are prepared to take corresponding action. Civilians on the other hand are by definition considered innocent, since they have not made such choices and may even disagree with them. I'd say that terrorism almost inherently involves a (large) number of civilian casualties, to strenghten the "it can happen to everyone" feeling.

Moz.

extradition?

i wonder how england can extradite a british citizen... doesn't he have the right to stay there because he is a citizen?

Subtle point

[gmcraff]

Government (including military) organizations can't have honeypots. It's called "entrapment", according to my friendly neighborhood Comm officer.

They will, however, quite happily use the data from a non-government honeypot. It just can't be in the .mil or .gov domain.

Re:Subtle point

[nlinecomputers]

I said it was "Sort of a Military Honey Pot" I didn't say that they set up a machine to be cracked.

I said that they watched him once he started to see how good he was or to see if he had any others working with him. One is entrapment the other is a stakeout.

Re:This is not 'hacking'

[moz25]

He's evil, he's fascist, he kills his own people, his own countrymen... He lives in luxury, while his own public starves.

You do realize that this of course also applies to the fundamentalistic theocracy of Saudi Arabia? The country where medieval style punishment is still 'ok', women are not allowed to drive, homosexuals simply do not exist, the increasingly larger poorer segment of the population barely has enough food to live of, while the filthy rich 'princes' live in luxury in their palaces

The difference between a friend (Saudi Arabia) and a foe (Iraq) doesn't appear to lie in the extent to which their leadership is despicable, it's about the extent to which they are willing to play along. Saddam wasn't any more of a 'swell guy' when his regime was considered friendly to the western countries...

And yeah, oil makes everything all the more relevant

Moz.

Just shoot him

I don't want to hear tell about a bunch of bumper stickers etc. trying to save Fredrick.

Just send over a spook and snipe his ass.

No

[Goonie]

Or at least no more than any observation operation set up by police.

The officers ball?

[dnoyeb]

wakeup and smell the bullshit folks.

"hacked" can mean he only looked at them. It does not mean he actually made it into them. Knowing the US Government as I do, he probably pinged them...

And consider, what does it mean to "break into a network?" I know how to break into a computer, but into a network? Perhaps he showed up unannounded at the officers ball...

A script kiddie

[macdaddy357]

"The officials declined Monday to say whether this person was already in custody, but one familiar with the investigation, who spoke only on condition of anonymity, said investigators consider the break-ins the work of a professional rather than a recreational hacker." Yeah right! There is no such thing as military intelligence. Any script kiddie could have done this and "to see of I could," is the only reason he or she would need. Mafiaboy was a script kiddie. The military couldn't find their ass with a map to it.

Re:This is not 'hacking'

[karlm]

As others have pointed out, the term is "unlawful combatant" (combatant not sactioned by any recognized political state), and Bush didn't make the term up. Also, non-uniformed soldiers are subject to many fewer rigts under the Genieva conventions. (Do non-uniformed soldiers have any Genieva convention rights?)

If you send paratroops in dressed as civilians and force the military to go after people that look like thier own people (and greatly increase the chances of civilian casualties), you don't deserve the same rights as common soldiers.

Operation Sealion

[Martin+S.]

Actually, top military theorists have yet to work out a way in which Germany's 'Sealion' invasion plan could work.

Indeed, Operation Sealion was doomed from the start, the British Isles where never seriously threatened with invasion. Operation Sealion required the defeat of the RAF to establish air superiority over the English Channel, then defeat of the Royal Navy, before a landing could even be considered.

The RAF-Fighter Command held their own against the Luftwaffe, RAF-Bomber Command sunk most of the Rhine Barges to be used for the landings. Costal Command kept the Channel clear of the Germany surface fleet and the Royal Navy chased the German High fleet around the global, either sinking it's ships or forcing them into home waters for the duration of the War.

The Royal Navy defeated the Italian Navy (which was superior in numbers and equivalent in technology to the Germany Fleet. The 'Desert Rat's' (British Army Regulars) defeated first the Italians then the Germans in North Africa, the Italian forces in the Middle East. (It is also perhaps worth mentioning the Italian reputation for cowardice is largely unfounded, faint, thrust, retreat, consolidate was very much the tactics of all sides in North Africa.)

Also what many seem to forget is that prior to WW2, Great Briton (& Empire) was the pre-eminent Military power in the World, in essense it was the Worlds only true super power'. In a pre-WW2 (& nuclear weapons) sense this was measured by the ability to project an effective military force around the world and provide the logistics to maintain a compaign. There was only one nation able to do this before WW2, and that was British Royal Navy. Undeniably the cost of WW2 for Briton was the loss of Empire.

In fact, it was the Poles that saved us (1930s Polish hackers won WWII for the allies).

And then we (all Western Allies) betrayed them.

Re:Operation Sealion

[Minna+Kirai]

Operation Sealion was doomed from the start, the British Isles where never seriously threatened with invasion

"And I'd have got away with it too, Churchill, if not for your pesky radar!" The German plan was a fine one, and could've worked except for technological innovations that the Nazis couldn't have known about. Even so, the RAF was seriously attrited. Maybe if the German resources weren't split on the Eastern front they could've overwhelmed the defenders. Or if they had an amazing espionage victory they could've neutralized radar.

In either of those cases (or if the invention had never been made at all), then German forces could've pushed onto the British Isles. It would've been a a bloodbath for both sides, but then the coastline of Axis Europe would be safe, with no convenient launching-point for American troops to launch an amphibious assault.

WW2 was the first war to be definitively won by scientists and inventors.

the Italian reputation for cowardice is largely unfounded, faint, thrust, retreat

Fainting still sounds cowardly. Or like they didn't maintain a proper diet. Feinting would be a superior combat tactic.

Re:This is not 'hacking'

[teamhasnoi]

Our Prez and VP both have ties to oil companies (Bush Exploration, Arbusto, Harken, Haliburton), the prez's father sold weapons and trained the very guy we are(were) looking for, the prez's grandfather had dealings with the nazis. Conflict of interest runs in the family..

Don't forget about Venezuela, Russia, or any number of other places with large amounts of oil. Even if the middle east was nuked tomorrow, we'd only face an oil shortage from distribution problems, not from diminished oil availability.

I agree. We've got two+ experts in the White House, how could we have a shortage? We aren't going to nuke anything, we are just going to go in and 'help'. With that help will come a few select buisinesses that will set themselves up well. Frankly, I don't need FUD, I need TUMS. The liberals don't have a monopoly on making fear, uncertainty and doubt.

British bought time

The British bought time,
The Americans bought material,
The Russians paid in blood.

OT [grammar lesson]

[FreeUser]

(Oh, and it's Pyrrhic, not phyrric. Even without the correct spelling, it still refers to Pyrrhus, so you should at least capitalize it as a proper noun. Classical education ain't what it were.)

I normally loathe and despise grammar nazis (of which I most emphatically do not classify your post), for a couple of reasons: I don't spel very well myself, and web fora are notoriously lacking in spelling checkers, and I find the thought being communicated more important than the fine details of writing (exception: formal works for publication), particularly in casual forums such as this.

All that having been said, yours is the first such correction I'm actually greateful for. My education was public (which is arguably the antithese of classical these days), and Pyrrhic, while I understand the phrase from having seen it in many contexts where the meaning was apparent, was something I never knew the origin of (and probably wouldn't have managed to spell anyway). So for the first time in the 15 years I've been on the 'net (and perhaps the last), I just want to say thanks for that little tidbit of information ...

As a taxpayer

I'm less concerned that they catch this guy and more concerned that they do something to seal up their networks.

Lock up those who have knowledge?

Then who will be safe?

Re:Extradition? - ICC

I don't see why the US cares so much about European nations not extraditing dangerous criminals out of anti-American or ICC sentiment or concerns about the death penalty. That goes for the 9/11 terrorists as well.

If the Europeans don't want to see criminals at the hands of the US, let them pay to keep them locked up in cells forever. What benefit does the US receive by ticking everyone off trying to get criminals extradited only to have to pay for trials and possible detention for life. Let those who seem to know better pay to keep them locked up. As long as they aren't out on the streets blowing up cars the US should be happy...

Re:This is not 'hacking'

[Dave_bsr]

I realize all that. But I don't think Saudi Arabia has plans to kill us or take over that section of the world. So the point is...they are playing along with the rest of the world, they aren't threatening everybody. If they were - and they might be going that way, given their recent show of support for Sadam - it wouldn't be unreasonable to think of action there too.

Look! Look! I got modded down because....why? "underrated". ??? Is it cuz I'm taking a disagreeing stance? Some moderators do use mod points to argue, idn'it great?

That's right...

Just because you're not paranoid doesn't mean they are not out to get you.

You are an idiot

[zensmile]

As a former Marine, I find it very interesting that your find ...

* attacking that supertanker the other month - terrorism.
* ramming the Cole - legit.
* blowing up the WTC - terrorism.
* blowing up the Pentagon - legit.
* shooting off-duty US marines in Yemen - legit

...these things "legit". I always found it very interesting that the "enemy" can use any means to kill Americans and we were always having to fight with one hand tied behind our backs by following the rules of war (no glass rounds, gases, torture, flame throwers, no killing captured/wounded/surrendered enemy COMBATANTS). I am glad I am finished serving a country full of liberal, trash talking, idealist, idiots like you.

A few of my buddies are some place in the Persian Gulf now. I sincerely hope that they come back in one piece...even though they are following rules that none of our enemies follow! Go fuck yourself.

Re:You are an idiot

[Ozymandias_KoK]

He was referring to targeting the military as opposed to innocent civilians. While I certainly understand your emotional reaction, disregard of the facts tends to make for a shitty argument.

Re:You are an idiot

[flossie]

Despite the flippant use of the word "legit", the original poster is not wrong. The attack on the USS Cole did not use glass rounds, flame throwers, blinding lasers or kill any non-combatant civilians. An attack on a military vessel is arguably more "respectable" than a helicopter attack on a car (Yemen, this week - no trial by jury). As mentioned in other posts, the use of civilian hostages to attack the Pentagon certainly removes any legitimacy that the attack might have had, but it is undoubtedly a "legitimate" military target.

Btw, the presence of brave and patriotic troops in a region does not automatically justify their being there.

Re:This is not 'hacking'

[null-sRc]

i'm disturbed of your alternating use of the word "legit" regarding war.

legitimacy implies some sort of logical justified reasoning.

war, is anything but legitimate.

as the saying goes
fighting for peace, is like screwing for virginity

Good!

[UrGeek]

Put him in a cell block with all of the lameo first posters!

But, now we have this treasonous bastard, Vice Adm. John M. Poindexter, who wants to be able to do the same to MY data without a warrant. See

http://www.nytimes.com/2002/11/09/politics/09COM P. html?ex=1037509200&en=873ff5626a3c666e&ei=5062&par tner=GOOGLE

at the damn NYCrimes (you gotta register with Big Brother to see it, sorry). No way! Bust the crackers - both the amateurs and the profressional. Preserve the Constitution. Save the Republican.

DAMN EVIL!!

KATU link gone

[LandGator]

The KATU link is gone... here are alternatives: http://cnews.canoe.ca/CNEWS/World/2002/11/12/4200- ap.html http://www.smh.com.au/articles/2002/11/12/10363086 82032.html

The Greeks won WWII

Just before Hitler was going to begin his invasion of Russia, the Greeks attacked the Italians, forcing the Germans to aid ally Italy and thereby delay Operation Barba Rossa by two weeks. This delay found Hitler's troops in the midst of a cold, brutal Russian Winter, and the Germans were not prepared for such conditions. Recall that the Russians barely won that battle. Napoleon's folly proved Hitler's downfall.

Re:Extradition? - ICC

[metachimp]

Yes, but then we can't interrogate the terrorists ourselves. We'd be relying on foreign intelligence to tell us what we want to know. This is, of course, assuming that the current administration has any desire to review intelligence that does not support their predetermined course of action.

Re:This is not 'hacking'

[Zemran]

Bush may not have coined the term "unlawful combatants" but he did misuse it. Neither the Talaliban nor the nothern alliance wore uniforms yet he decided to call the Taliban unlawful combatants. The Taliban were the "legitimate" side in that country and were not unlawful combatants by wny stretch of the term. I personally am glad to see them gone as they were cruel and barbaric. It is fine by me that the military went in and ousted them but when you make a white flag deal it is completely unforgivable to renage on it. Most of the soldiers held in Cuba were given assurances that if they surrendered they could go home. When they got to the fort in Afghanistan they were told that they could not go home until they had told the CIA all that was required. That was when they rebelled. The US changed the rules after making a deal.

My guess

[kaoshin]

They probably don't know how he did it which is why they are wanting him instead of killing him. Either that, or we are getting soft.

Stupid Military

[compubomb]

The reason the military didn't catch this dildo is because of pure ignorance. Military is trained by dildos who can't type, and the people who trained them also. All along they take their orders and training programs from upper command dildos... who haven't a clue how to administrate networks or educational programs on teaching the next IT elitists. Government could mess up a wet dream... that is why the militaries network was compromised.

Re:This is not 'hacking'

[Ozymandias_KoK]

Wow. And we've got a lot of military folks in the US, which borders a country or two that has lots of oil...you're onto something there!

No Extradition

The laws of the European Union don't allow member states to extradict to countries with a legal system not compatible with the European system.
That means e.g. to all countries with death penalty like China, the US and Saudi Arabia.
These laws overrule even bilateral treaties, making them illegal in the first place.

Or that just happens to hit a few in the process..

[Kjella]

Hiroshima?
Nagasaki?

Hadly directed attacks towards military installations. If that wasn't using terror to make Japan surrender, I don't know. Yet I haven't seen Truman (or the generals, or Congress / Senate) on trial for it. Now why doesn't that surprise me?

Kjella

Re:This is not 'hacking'

Are you being deliberately dense and obtuse, or are you that way naturally?

British 'hacker' identified as Gary McKinnon 36

[saint10]

A British computer administrator has been accused of hacking into 92 networks operated by the US military and the space agency Nasa. US investigators say one break-in shut down navy systems immediately after the September 11 terror attacks. Authorities say two of the computer systems were at the Pentagon. The intrusions also made inoperable the network that serves the military district for Washington. Authorities have disclosed indictments in northern Virginia and New Jersey against Gary McKinnon, 36, of the Hornsey, north London. He was indicted on eight counts of computer-related crimes, including break-ins at six private companies. Court records in Virginia said McKinnon caused £566,000 in damage to computers in 14 states. In New Jersey, McKinnon was accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, and stealing 950 passwords.

Because of the break-in, which occurred immediately after the terrorist attacks, the whole system was effectively shut down for one week, officials said. That station replenishes munitions and supplies for the Atlantic fleet. "This was a grave intrusion into a vital military computer system at a time when we, as a nation, had to summon all of our defences against further attack," said US Attorney Christopher Christie in Washington. McKinnon, if found guilty, faces a maximum penalty of five years in federal prison and a £157,000 fine, Christie said. Christie confirmed that officials are weighing whether to seek McKinnon's extradition from England, a move that would be exceedingly rare among international computer crime investigations.

Ugh... not dinesh jotwani!!!

Re:British 'hacker' identified as Gary McKinnon 36

[flossie]

I don't know where you got this information from, but if true, he could probably plead prevention of genocide as a defence against extradition (Genocide act 1969) considering that he incapacitated part of the military and given the US killings of innocent civilians in Afghanistan as part of the "war on terror".

cuckoo's egg

I only remember one hacker at the other end...

Big surprise...

[__0Rb__]

No one had mentioned this yet but on CNN, the US Attorney had stated that all machines that were hacked were either using NT 4 or Windows 2000 server.

big surprise.

They just released his name - Gary McKinnon

[Nintendork]

Here's the latest

Now on CNN

[h4x0r-3l337]

Since the O2 site seems to be overloaded or pulled the story, here's the CNN story

Re:Now on CNN

[h4x0r-3l337]

The above response was originally posted in response to the "newton's principia stolen" article. Several times now I've seen my own comments and those of others become magically attached to some other story. Cowboy Neal needs to fix is. Or something.

Why bother with extradition and trial?

[Thoth+Ptolemy]

Why not just send some CIA Predator drones and assassinate the guy?
We've already done it. Just proclaim the guy a "terrorist", which will make him a valid target in a "war" that has no forseeable end, no defined boundaries, and no defined enemy.

Or does the US only perform extra-judicial executions against its own citizens?

Monkey Business

[Jedi+Binglebop]

Given an infinate number of Monkeys sitting an an infinate number of Unix terminals, could they crack in to the US military network?

-JB (I had to do it)

Re:This is not 'hacking'

[flossie]

Let us not forget, Mr. Blair was also Bill Clinton's Yes-Man.

That's just further proof that CIA have got something on him.

Re:This is not 'hacking'

the primary goal was to instill fear into American citizens

At least, so the papers tell you.

I wonder whose goal this actually was? Was this their goal?

Re:This is not 'hacking'

[flossie]

If Bush wanted to fight wars over oil, why aren't we attacking every other terrorist-supporting, oil-producing country?

There is no need to. As long as you attack one, the rest won't put their prices up too high for Mrs. American Pie to fill her gas-guzzler to the brim, or cut their prices too low for Dubya Exploration to make a profit.

Re:New blurb

I think the poster meant a segment on a tv news show.

Re:This is not 'hacking'

[ArmedGeek]

That's just further proof that CIA have got something on him.

huh?

Re:FRIST POST

[Dekonstructor]

Hello!! I am very much wanting to make MMORPG gaming good too. Damaged Studios: Living the future of the future of MMORPG.

and be a slashdot editor as well.

Can you help???

Re:This is not 'hacking'

[flossie]

TB's total and unquestioning support for US presidents, in spite of the hostility that this engenders towards him by the majority of the British electorate, is such ludicrous behaviour that some really far-fetched theory is needed to explain it.

Assuming that he hasn't done a deal to become World President in the near future (a role that I am sure he would be eager to have if the UN had more power), the leading explanation for his puppet-like behaviour is quite possibly that the CIA have him under their complete contol.

If only we could find out how.

:-) Hacking something that simple :-0

[Dmodus]

Was a waste of time really, its not like it hasn't been done before, and anyways, if the yankees leave their doors wide open someones going to walk in sooner or later. Oh i expect the yankees will want to extradite the guy or whatever, and knowing how pathetic and weak the uk premier is he'll hand him over with a nice basket of goodies. Its about time the uk realised the usa is using hackers etc to peek into its security and reveal secrets the yankee scum should not know about. We know its only a matter of time before someone from the uk kills a usa citizen out of sheer frustration due to the usa's big headed attitude. Oh btw, over 80% of brits don't want a war with iraq, they see no point. And its no good the cia, fbi or whatever coming over and killing another female police oficer like they did all those years ago, outside the libyan embassy. I say hack more secure files and wipe em. :-) [The views expressed above may not be those of the original registeree]

Battle of Briton

[Martin+S.]

The German plan was a fine one, and could've worked ...

It was fine for the invasion of Norway where strategic and tactical surprise was achieved against numerically inferior military at a low state of readiness.

It was a poor plan against the British Isles. 1) No surprise, not even tactical. 2) British had a superior force on the ground. 3) No prospect of quickly seizing the seat of Government. 4) Little prospect of retaining seizing Airfields, 5) Little prospect of seizing or retaining ports.

German forces could've pushed onto the British Isles

The Germans had limited amphibious capability therefore allowed only limited provision for landing heavy equipment, tanks, artillery, trucks etc; beyond seizing a port as the primary objective. Germany Parachutists would have been extremely vulnerable to land based mechanised counter attack (something not possible in Norway due to terrain). They would have been in a worse position than the Allies at Arnhem during Market Garden, without any prospect of retreat across the channel. They would have been decimated.

In summary German amphibious & parachute forces where adequate to take Norway, they would have been completely inadequate to take the British Isles.

Sealion was never implemented or even seriously consider, it was a plan, not an operation. The German high command even the reckless Hitler realised it was complete folly.

the RAF was seriously attrited.

The RAF had three fighter groups available in the British Isles. Two front line fighter groups and one stategic reserve. It committed only one front line group to the Battle of Briton. The RAF's plan was to rotate the Southern and Northern Groups, if the Southern group broke. It never broke. The Luftwaffe may have started with a numerical advantage but in practice the RAF had many practical advantages, RADAR, it operated over friendly territory, it had lower losses, higher production of new aircraft, much higher levels pilot replacement and aircraft better suited to the task in hand.

Maybe if the German resources weren't split on the Eastern front they could've overwhelmed the defenders.

No. Barbarossa, the German offensive against the Soviet Union started in June 41 nearly a year after the Battle of Briton finished in August 40.

Re:Extradition? - ICC

[matthew_gream]

I agree with you about general US foreign policy. It is typically one-sided.

What I meant was that the ICC or a World Court is not directly relevant in this case: what is relevant are international treaties and agreements on extradiction and recognition of crimes - irrespective of anything to do with the ICC or a World Court.

You said: ''yet tries to extend US jurisdiction outside its borders. But this is ridiculous. If the actions took place in the EU, on what basis could there be extradition to the US?''

Incorrect: The actions did not take place in the EU - the act of intrusion occurred in the US, because the physical machines are located in the US. He was a legal entity ''reaching into'' the US and acting within the US.

The crime is "intrusion into computer". Where is the computer: US. He is located outside of the US, but the act occurred in the US.

Re:Extradition? - ICC

[panurge]

I'd like to make the point that I am not taking an anti-US stand on this, I am making a point about claims to extraterritorial jurisdiction. It is a dangerous argument because, for instance, it can be used to justify the assassination of nationals of a state living abroad but upsetting the government by their criticism (define it as treason and the rest follows.)

However, and I am aware I may be taking this argument beyond the scope fo the usual Slashdot discussions, it is precisely the concept of "reaching into" a foreign server that I take issue with. The actual actions of the alleged cracker took place in the UK, not the US. What actually passed to the US? Nothing physical (the electrons in the wire do not cross the Atlantic). In effect, he asked the server to do something (passed information ) and it responded by doing it.

Now consider an analogous case. Suppose I phone up someone in Chicago and tell them I am their long-lost uncle from Tampa. The person is foolish enough to believe it. I then persuade them to remit me $250 in cash so that I can make it to Chicago, with some hard-luck story. Now, what crime have I committed? Possibly fraud. Where did I commit it? I suggest that most people would say "In Tampa", because that is where I was when I told all those lies, and that is where I actually received the money. What happened in Chicago was that someone behaved in a foolish and gullible manner - which is not itself a crime, though perhaps it should be.

In the same way, although the server was physically located in the US, the action of telling lies to it took place in the UK, and the "stolen" information was received in the UK. The server answered questions and responded to requests to perform certain actions. Had the server ignored the requests, nothing would have happened. The situation is quite different from, say, a terrorist missile launched from one country into another, where a physical destructive agency is passed over which does not rely on the cooperation of an agency in the attacked country.

Of course, IANAL-just someone who has lawyers in the family.

Re:Extradition? - ICC

[matthew_gream]

You need to talk to your lawyers about legal jurisdiction. These jurisdictional arguments are well established in legal community (I am currently a law student).

The "telling lies" and "information was received" are not the issue, the issue is "theft/break into computer" which clearly happened in the US. Although the act was initiated elsewhere, it clearly happened in the US (the server is in the US - how much more clear can that be?).

Your point about treason has mixed relevance. Firstly treason only applies to citizens of a country, not to non-citizens, and it relates to state secrets and issues that affect the security/wellbeing of a country, not mere criticism (although the line can be fuzzy, most sensible people know where it is). Although in international law under the "doctrine of effects", some activity outside of a country that has impact upon the country can be taken as affecting law within that country (so, for example, an external person inciting hatred within a country causing significant legal problems could be considered to have violated said countries laws -- whether or not extradition will help, though ...).

I'd prefer not to continue this debate.

Read this: http://www.law.indiana.edu/fclj/pubs/v50/no1/wilsk e.html

What about this?

[why-is-it]

* blowing up the Pentagon - legit.
* dropping a 2000 pound bomb on a wedding party - a regretable accident.

Based on your taxonomy, how would you classify the act in which a US pilot dropped a bomb on a bunch of Canadian soldiers who were engaged in some night-time training activities?

Re:Or that just happens to hit a few in the proces

[why-is-it]

Hadly directed attacks towards military installations. If that wasn't using terror to make Japan surrender, I don't know. Yet I haven't seen Truman (or the generals, or Congress / Senate) on trial for it. Now why doesn't that surprise me?

There are a number of people who argue that "Bomber" Harris should be considered a war criminal because he ordered the fire-bombing of Dresden at a point in WWII when Germany's defeat was all but certain. That absolutely pales in comparison to the nuclear attacks against Japan of course, but some might say that Japan was all but defeated prior to the nuclear attacks as well...

Re:NAVEWEISS

[NaveWeiss]

Hehehe.. I'm not going to die in the near future. I'm afraid you'll have to get used to me! I'm so cool!!! And I love myself. yea.

Last Post!

[alpg]

One could not be a successful scientist without realizing that, in contrast
to the popular conception supported by newspapers and mothers of scientists,
a goodly number of scientists are not only narrow-minded and dull, but also
just stupid.
-- J.D. Watson, "The Double Helix"

- this post brought to you by the Automated Last Post Generator...