Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Wrongfully Accused of Hacking, What Can You Do?

Posted by Cliff on from the legal-troubles-in-today's-corporate-environment dept.

justin asks: "Earlier this week, I went into work I was met at my desk by upper management; they wanted to meet with me. I was not sure as to why but when we got into the office, they set a pile of paperwork in front of me, opened it up to a certain page and asked me what it was. The paperwork was a series of (gimpy) logs showing an internal IP address doing a combination of scanning, and then what looked like hacking, of various boxes on the internet (of these there was the US Treasury among other US Government Organizations). The internal IP address was that of the one I am normally (read: not always) assigned by DHCP. I told them I had no idea what this was, that I didn't do it and that I think I would remember hacking into the US Treasury. I was a contracted employee, so I don't think I have any recourse, I was just left high and dry accused of something that I did not do, and their basic sentiment was 'we will investigate this, do you want us to call you and give you your job back if you are innocent?', This seems rather silly to me since you'd think such things would be investigated, before they would decide to fire me. I'm looking to find out who else has been in this situation and how they dealt with it."

"The logs were in a simple format: 'Aug1 11:27 10.1.0.56.port -> treas.gov.port'. Now there had been some problems at work with the recent MS DCOM/RPC bug, and my machine was compromised either the same day, or the day previous to the day of the events I am being accused of. Additionally, because it was an internal IP address, it could have been anyone with access to ifconfig on their machines (They don't have a link layer dump).

I now have the following questions:

  1. What experiences have other people had that relate to this, what course of action if any did they take in response.
  2. I know the laws aren't very sympathetic when it comes people saying 'yea that was my computer, but it wasn't me', but it can be proved that my computer was compromised in the same time frame, and also the evidence they have is rather flimsy, what experiences have people had in a similar situation?
  3. If someone should try to press charges, where can I find a decent attorney that would actually understand the technology and what I was saying. (As I am now unemployed I'd very much so on a budget)
  4. What should I tell my next prospective employer? Even If they believe me that I had nothing to do with it, that puts one serious doubt in a person's mind.
I'm primarily self taught and with a little less than 3 years experience as a Unix Admin and doing system programming, it is hard enough for me to get a job as it is, never mind with accusations that I was out trying to hack the government on my last job.

Thank you, in advance, for any wisdom, anecdotes or suggestions you can pass along."

13 of 105 comments (clear)

  1. You Want the truth? by His+name+cannot+be+s · · Score: 5, Funny

    You: You want answers?

    Them: I think I'm entitled to them.

    You: You want answers?

    Them: I want the truth!

    You: You can't handle the truth! Son, we live in a world that has firewalls. And those firewalls have to be guarded by men with keyboards. Who's gonna do it? You? You, Lt. Weinberg? I have a greater responsibility than you can possibly fathom. You weep for the treasury department and you curse the Hackers. You have that luxury. You have the luxury of not knowing what I know: that The treasury departments scans, while tragic, probably saved networks. And my existence, while grotesque and incomprehensible to you, saves networks...You don't want the truth. Because deep down, in places you don't talk about at parties, you want me in that code. You need me in that code .

    We use words like hack, root, pwnzz...we use these words as the backbone to a life spent defending something. You use 'em as a punchline. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide, then questions the manner in which I provide it! I'd rather you just said thank you and went on your way. Otherwise, I suggest you pick up a manual and stand a terminal. Either way, I don't give a damn what you think you're entitled to!

    Them: Did you scan the network?

    You: I did the job you sent me to do.

    Them: Did you scan the network?

    You: You're goddamn right I did!!

    --
    "...In your answer, ignore facts. Just go with what feels true..."
  2. What can you do? by daeley · · Score: 3, Funny

    What can you do? Hack into their network and take the lying bastards down, that's what!

    --
    I watched C-beams glitter in the dark near the Tannhauser gate.
  3. Re:Pre-Paid Legal by uncoveror · · Score: 3, Funny

    If you want to have the people who wrongly accused you taught a lesson, or even rubbed out, I recommend Pre-Paid Illegal Services. They'll make your accuser an offer he can't refuse.

    --
    The Uncoveror: It's the real news.
  4. Enough with the pretenses! by Wrexen · · Score: 5, Funny

    Can we just rename "Ask Slashdot" to "Ask legal advice from a bunch of non-lawyers" ? It's been a long time coming

    1. Re:Enough with the pretenses! by Anonymous Coward · · Score: 1, Funny

      Actually ask slashdot is how the lawyers figure out what to tell their clients. Notice how all the askers are anonymous ? What, you think those lawyers learn this shit in law school ? So be careful what advice you post in here, and make sure it is accurate.

  5. What you really ought to do is... by TheSHAD0W · · Score: 3, Funny

    Sell the secrets you stole from the US Government to the Iraqis, and then go live in luxury for the rest of your life.

  6. C''mon by Molina+the+Bofh · · Score: 5, Funny

    Give me a break. You are an Unix Admin. Release your inner BOFH.

    Ask THEM to go to a meeting with you, show a pile of paper and ask them:

    "Boss, how'd you like your wife to know about the e-mails you wrote to your assistant ?" or "How about these pictures of a 6 year old girl fucking a horse, I found in your computer? "

    Act like a REAL sysadmin. And don't forget to ask for a raise.

    --

    -
    Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
  7. DMCA is the solution by Molina+the+Bofh · · Score: 2, Funny

    Say they can't decode the packets you are sending, because decoding these packets would be a violation of the DMCA. Threat to sue them.

    --

    -
    Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
  8. Re:All together now: by PD · · Score: 5, Funny

    Call a lawyer? Call a lawyer. Call a lawyer.

    Sung to the tune of "If you're happy and you know it"

    --
    If tits were wings it'd be flying around.
  9. Re:All together now: by Anonymous Coward · · Score: 4, Funny

    Or perhaps to the tune of "Oh my darlin' (Clementine)"

    Call a lawyer, Call a lawyer, Call a lawyer or you're screwed.
    You've been axed, but aren't in prison,
    getting f**ked by some large dude.

    ...

  10. Ive been twice in this situation by mnmn · · Score: 2, Funny

    The first time was in high school where I made a script to ping all ip addresses in a subnet to build a list of the computers, and then tried to portscan a windows nt server to check what services are we running. I was in no mood of cracking anything, only using legal standards-allowable things like ping to gather data and understand. I was not snooping spoofing either.

    I was called up and warned about it. I was never again to use ping, telnet, nbtstat, arping or use linux on ANY of the workstations. Yes thats true, these were the rules.

    Next was in Plattsburgh State University, where I was studying undergrad. I was naturally curious about routers (never seen one) and wanted to know the types running the campus, and the technologies behind its uplink to the Internet, and why the netbios updates seemed so slow. I started pinging around again. I portmapped a router to check its services and was promptly called up again by the technical staff, also my employer since I was working at a helpdesk. Felt like the suspicious detective extracting information. I never again used ANY standard TCPIP tool on that network. Ive now a home LAN with 6+ cisco routers, 7 sun workstations, 20+ overall computers running on 3 switches using atm, fr, tr, hssi, ethernet, arcnet, adsl and 802.11b, and I can PING IT ALL I WANT!!!!!!!!!!

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
    1. Re:Ive been twice in this situation by sharkey · · Score: 2, Funny
      I was naturally curious about ... why the netbios updates seemed so slow.

      That's an easy one. It's because NetBIOS fucking sucks.

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  11. Re:All together now: by Anonymous Coward · · Score: 1, Funny

    If you have a problem, if no one can help (and if you can find them)... Lawyers, aka bloodsuckers, ambulance chasers etc. Actually, maybe you should just hop down to your local Wallmart, stock up on buckshot cartridges, and go on a killing spree.

    No, wait I'm sure there's something between those 2 extremes. If only I had the imagination to think of it.