Slashdot Mirror
Feds Admit Error In McDanel Security Case
prostoalex writes "US federal prosecutors have admitted that an error was made in prosecuting Bret McDanel under the Computer Fraud and Abuse Act. McDanel discovered a security vulnerability on his former employer's server, and seeing that little efforts were put into repairing it, sent out e-mails to the customers of Tornado Development Inc. After the prosecution revised the court materials, they admitted there was no proof that McDanel intended to impair the system's integrity."
According to the article it was only he served 16 months, in fedral prison, that the government decided it was in error. I hope the guy gets some sort of compensation. 16 months for someone who was not guilty of a crime is too long.
Jumpstart the tartan drive.
I'm sure most of us have heard of this story by now. It was also covered on The Register the other day. If I were a customer, I'd certainly want to know about this kind of hole. Does anyone think he caused any grief? He gave notice to the right people, and they still didn't listen. This is like Microsoft ignoring security holes - and we've all heard those stories.
I think he did the right thing. The only people to lose out appear to be the incompetents who are now forced to fix their mistake.
Refuse to make a statement in your sig!
The problem with prosecutors is, they're quick to jump on a case and will do all sorts of stuff to get a conviction. I know because I've dealt with them and have been incarcerated for computer intrusion and electronics eavesdropping. While at trial, federal agents purjured themselves on the stand and got warnings. A federal agent stated "Mr. XXX is wanted for breaking into NSA, FBI, CAI, and Military machines... But he is not being charged with that right now" ... Another so called FBI computer expert stated he didn't understand what an IP address was (no bullshitting as my case and the transcripts are
public record). My ISP, my phone company testified I hadn't used the phone, nor was I online at the time it happened. Now if that is not cause for
reasonable doubt I'll go on...
Upon my arrest the agents stated they had been to my previous address of which I hadn't lived at for YEARS. So you mean to tell me, that if you think I attacked some machine, where did you get my information from. If it were via IP they would have come straight to my address via my ISP's logs. Now they had firewall logs with none of my information whatsoever, and they had a sniffer log which recorded the entire breakin. On the sniffer log, nothing shows up remotely all you see are mail connections, then an attack coming from the same host the sniffer log was on.
Local attack then right? Try explaining that to a jury of 40-50 year old comp-phobic people who's favorite tv show is Judge Judy.
I was the first case in the Southern District to go to trial, and was told if I take it to trial I would face 10 years. I was offered 1year, then 6 months, then a 6 month split 3 in jail 3 under house arrest. I still fought it. Feds took this as something arrogant, I fought for my rights. Now given I was no angel growing up (sold drugs, stole cars you name early 90'ish) I swallowed it as karma. Appeal? Sure to go through the same thing? Wasn't worth it for me, the impact of the trial is enough to drain you, financial, mentally (if your weak).
First thing the feds thing coming into my house... High five each other... "Yes we got sil from AntiOffline..." what a scam.
Its nice to know however the DA was quickly promoted and a whole new cybersecurity *cough political bullshit* department was thrown up in NYC
So after this post... Let's see how long it will be before my PO calls up and automagically violates me for some bullshit. Meaning I spoke in a manner the feds didn't like. Fuck a fed
MoFscker