Slashdot Mirror
Feds Admit Error In McDanel Security Case
prostoalex writes "US federal prosecutors have admitted that an error was made in prosecuting Bret McDanel under the Computer Fraud and Abuse Act. McDanel discovered a security vulnerability on his former employer's server, and seeing that little efforts were put into repairing it, sent out e-mails to the customers of Tornado Development Inc. After the prosecution revised the court materials, they admitted there was no proof that McDanel intended to impair the system's integrity."
Are we going to be grown-ups about this, or are there going to be a million immature posts about how every hacker that has broken the law should be freed?
evil adrian
Every hacker that has broken the law should be freed!
Esoteric reference.
Little consolation, after serving 16 months in prison, to be told that the prosecution was a mistake.
But this is a country which has hundreds of people locked up, with currently no prospect of seeing their day in court, or even a lawyer.
and get thrown in jail? At least they admitted their error on this one. If someone pointed a flaw out in a system I was ultimately responsible for, I'd have him fix it and give him a bonus or something.
Sorry, my karma just ran over your dogma.
According to the article it was only he served 16 months, in fedral prison, that the government decided it was in error. I hope the guy gets some sort of compensation. 16 months for someone who was not guilty of a crime is too long.
Jumpstart the tartan drive.
I'm sure most of us have heard of this story by now. It was also covered on The Register the other day. If I were a customer, I'd certainly want to know about this kind of hole. Does anyone think he caused any grief? He gave notice to the right people, and they still didn't listen. This is like Microsoft ignoring security holes - and we've all heard those stories.
I think he did the right thing. The only people to lose out appear to be the incompetents who are now forced to fix their mistake.
Refuse to make a statement in your sig!
Jonah Hex
Horror & SciFi Erotic Nudes
The problem with prosecutors is, they're quick to jump on a case and will do all sorts of stuff to get a conviction. I know because I've dealt with them and have been incarcerated for computer intrusion and electronics eavesdropping. While at trial, federal agents purjured themselves on the stand and got warnings. A federal agent stated "Mr. XXX is wanted for breaking into NSA, FBI, CAI, and Military machines... But he is not being charged with that right now" ... Another so called FBI computer expert stated he didn't understand what an IP address was (no bullshitting as my case and the transcripts are
public record). My ISP, my phone company testified I hadn't used the phone, nor was I online at the time it happened. Now if that is not cause for
reasonable doubt I'll go on...
Upon my arrest the agents stated they had been to my previous address of which I hadn't lived at for YEARS. So you mean to tell me, that if you think I attacked some machine, where did you get my information from. If it were via IP they would have come straight to my address via my ISP's logs. Now they had firewall logs with none of my information whatsoever, and they had a sniffer log which recorded the entire breakin. On the sniffer log, nothing shows up remotely all you see are mail connections, then an attack coming from the same host the sniffer log was on.
Local attack then right? Try explaining that to a jury of 40-50 year old comp-phobic people who's favorite tv show is Judge Judy.
I was the first case in the Southern District to go to trial, and was told if I take it to trial I would face 10 years. I was offered 1year, then 6 months, then a 6 month split 3 in jail 3 under house arrest. I still fought it. Feds took this as something arrogant, I fought for my rights. Now given I was no angel growing up (sold drugs, stole cars you name early 90'ish) I swallowed it as karma. Appeal? Sure to go through the same thing? Wasn't worth it for me, the impact of the trial is enough to drain you, financial, mentally (if your weak).
First thing the feds thing coming into my house... High five each other... "Yes we got sil from AntiOffline..." what a scam.
Its nice to know however the DA was quickly promoted and a whole new cybersecurity *cough political bullshit* department was thrown up in NYC
So after this post... Let's see how long it will be before my PO calls up and automagically violates me for some bullshit. Meaning I spoke in a manner the feds didn't like. Fuck a fed
MoFscker
If I'm not mistaken, the intention of these laws was to lock up the so-called "script kiddies" and such who maliciously broke into and destroyed/exploited computer systems. This guy just published a vulnerability to the company's users, and while it may have damaged their reputation, they certainly didn't have much to begin with after not fixing that flaw.
Boy this sure is a scary precedent. The obvious effect regardless of the end result is that lawyers will tell their clients not to expose security holes. Good for the government for admitting the mistake, but I do believe the damage is done.
What I want to know is if I expose a weakness in someone else's code, how is it that I'm the one 'impairing the functioning' of the code? I didn't put the security flaw in there. However, I can see a bit of an argument that you are communicating trade secrets, why is that not the case the government took.
I guess well be seeing fewer fixes to insecure applications from now on.
fire
Well, for one thing, they should eliminate his balance owed for staying in prison. They don't just hold you there, they charge you rent and for supplies.
Next, they should pay him a lump sum for all of the money he would probably have earned if he hadn't been prosecuted and imprisoned.
Next, they should refund him lawyer fees.
Unfortunately, I've never heard of the federal government having to pay punitive damages. I'm not even sure they've ever had to compensate the wrongly imprisoned.
tasks(723) drafts(105) languages(484) examples(29106)
This seems like another example of what I would call a Pyrrhic victory. As long as the system can throw someone in jail for 16 months for doing something both legal and defensible then I see little reason to celebrate our freedoms.
You can lead a horse to water, but you can't make it dissolve.
For the prosecutors that willfully witheld evidence or exaggerate seriousness of the crimes to get convictions, lets jail them for the same length of time and to the same facilities as their victims. Should their victims not survive the incarceration, neither should the prosecutors.
ELOI, ELOI, LAMA SABACHTHANI!?
before the damn trial even begins.
When talking about a computer is punishable by more years in prison than manslaughter, the system is wrong by any damn standards.
Can he sue for wrongful prosecution?
You can't judge a book by the way it wears its hair.
Where I come from that's called "tampering with evidence"...
db
Cig:
ôô
The 16 months that he served constitutes the entire term of his sentence.
"During his trial, prosecutors argued McDanel intentionally caused damage to Tornado's computer server by overloading it with too many messages and impaired the system's security by exposing its vulnerability to the public. A judge found him guilty of unauthorized access and sentenced him to 16 months in federal prison."
It's sad that there is not better review of cases in this country. Federal prosecuters should be held to the highest standards. (cough, ashcroft) This is why my friends that many (myself included) do not agree with the current implementation of the death penalty.
sig
My response to an article about the case. Again, I've spent so many sleepless days and nights over it, I don't even bother answering anyone's questions, being that the bottom line is I was convicted.
MoFscker
for damages and wrongful prosecution for millions and millions. Maybe then the government will learn from their mistakes in future.
The amount of money he could get for psychological damages from stress, physical damages (arising from stint in prison), ruining his career, etc. etc. could be very substantial. If he was raped in prison, god forbid, and can prove it, then the government could be in for a very big shafting (no pun intended).
Put yourself in this guys place. He did everything he could legally in this situation. Then he got sent to jail for it. Only to be told that he was sent to jail by ACCIDENT. What would you do?
give up their immortal soul.....
oh wait...
nevermind.
"Hi there, this is John Smith, prisoner 24601. Everything is fine I'm fine. I hope you are fine..."
(Oddly enough the letters from the next 340 prisoners are exactly the same except for the name and number. What are the odds!)
One line blog. I hear that they're called Twitters now.
Lawrence Lessig posted some interesting comments about this case in his blog.
DZM
This just goes to further prove the pattern:
When it comes to computers, the people making laws and doling out punishment haven't the slightest clue what they're doing.
This is seen over and over, such as DMCA, proabbly parts of the Patriot act, this case, SCO, and I'm sure that there's thousands others.
Politicals (and lawyers) tend to be PHBs when it comes to computers. They know the buzzwords, as well as "Computer == Windows == Microsoft".
Actually, it could be tremendous opportunity... ...he now has amunition for lawsuits against both his former employer and the federal government... having said all of that, I believe the feds should hang their heads in shame for being overzealous and making the mistake in the first place
What about the opportunity for payback for overzealous prosecutors?
Sometimes after reading about cases like this, I wonder if there shouldn't be a law which says that if prosecutors over reach -- and especially if there's any evidence that they knowingly overstated their case, or presented any evidence or supporting testimony that wasn't factual -- they can be sent to prison.
Actually, it seems like there should be laws about this already, but IANAL. Anyone know if wrongfully convicted citizens can file criminal suit against prosecutors?
Tweet, tweet.
Wrongfully convicted or even sued - eat it. The law is clear, if it is govenment or state you can't sue, you may get some compensation ( not required but.. ) like in Illinois - years in death row, yeah, here is $100K for that and have a nice day. Of course nobody will hire you, you can't get a business license, check you credit records ( covicts don't have credit records ), etc. because there is the truth that you were once convicted even innocent ( and no way to take back the records / published articles, all the flags in all the databases, etc ) - weird. But that's life and laws - people have voted so live with that. Or change it - vote for something else / some other politicans ( maybe you are now allowed - you just lost a couple of years voting ). And good luck.
I actually submitted this when I first saw it (no I'm not bitter... yes i am..) but in my version I bring up two points.
1) Should/Will this man be compensated for his time in the pokey. How do you repay a man 16 months in prison? Granted I would have loved to have seen something on the books (e.g. precedent) to stick some real spammers in jail. Good thing this guy had a great attorney.
2) He had an excellent attorney. For those of you who don't know Jennifer Grannick she is one of the most knowledgable legal eagles out there. I see her every year at Blackhat and she's also known to have helped out on many of the most important pieces of Internet case law to date.
Non-American citizens have no inherant rights to a speedy (or any) trial in America.
I would just like to call your attention to the fact that nowhere in the Constitution does it say that the rights afforded by it only extend to citizens. Freedom from unreasonable search and seizure and the right to due process are granted to every person, not citizen. I don't know why people think otherwise, but it simply isn't true.
"Amendment V: [emphasis mine, as if you couldn't guess]
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or publ ic danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
"No person". Not "no citizen". This is not accidental wording, either. The Constitution does refer to citizens in several places. Specifically in regards to those eligible to run for Congress or President, and in the various ammendments regarding the right to vote which is only guaranteed for citizens by the Constitution.
Here is a snippet from the 14th Ammendment that further illustrates the deliberate distinction between citizen and person:
"Amendment XIV
Section 1. All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the state wherein they reside. No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws. "
The difference is made very clear here. A "citizen" is any "person" born or naturalized in the United States, "Citizens" thus clearly being a subset of "Persons". But the next sentence says that is in fact the superset, Persons, which cannot be denied due process or equal protection.
In other words, it doesn't make a lick of difference if those held in Guantanamo are citizens or not. Until election day, anyway, and then the citizens being held illegally can bitch to the non-citizens being held illegally that they're really being abused because they are being denied their right to vote as well.
By the way, I would think it would seem only natural that non-citizens still get the right to free speech, due process, etc. What kind of "freedom" do we Americans believe in that you have to be a naturalized citizen to get? Are these not "inalienable human rights"? Or is it "freedom for us and others only if we feel like it"? Actually, the more I think about it, the more it disturbs me that some would believe that a non-citizen could simply be locked up, his posessions taken, and his life ended all without a trial, and this would be okay.
The enemies of Democracy are
But then he'd be convicted of supporting terrorism! After all, suing the government is obviously an Evil Terrorist Act!!!!
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
The feds are supposed to be a bit aggressive on the side of prosecuting, just like defenders are supposed to be aggressive in their defence.
The real problem is with the judge.
An entire document has been written and distributed abour my case throughout federal offices with my name changed, and I laughed when my friend (who happens to be let's say be in the know) showed it to me. Purpose of my case from my perspective? Politics. It's all about money nothing more and when federal agencies need more funding come crunch time what do they do?
Uh I did time with Soricelli who happens to be a moronic packetkiddiot from IRC knows nothing about comps. I asked him little things about networking (BGP, RIP, packet sequencing, tunneling) and he knew nothing. He pleaded guilty because he supposedly broke into a CIA honeypot and his uncle was the investigated New Jersey Senator. The other guy is obvious. So out of those mentioned as the case for building this CHIPS unit, how many case were prosecuted really. One. Mine's was the first to go to trial in my disctrict, yet the gov hypes things up as if they're facing an epidemic in my district. Shady business.Now to tell you some more little nitpicky things, that weren't allowed to come out in trial because the prosecutor objected and got his wish.. A plane ticket showing I was en route to San Jose from New York at the time on of the attacks occurred. Pretty difficult for me to hack while in the friendly skies. Secondly, I had a mail.com account for mailing list stuff (SecurityFocus, NANOG, etc) that was accessed from Indiana, England, and a slew of other places I had never been. Being its was a mail.com account I never bothered strong passwords. Thirdly, the company owners testified they left their username/password combos on PostIt notes attached to their machines.
I could go on for days with shit, but it's useless, as stated most people have that "Well he's guily because the feds say so.", or "he must be guilty because he's on the 'hacker scene': attitude. To be honest I'm not mad, saddned by the entire thing, but I've managed to learn 4 new languages, a shit load of stuff about the financial markets from White Collar trixters who defrauded companies for millions. And I managed to take some time and focus on myself, study spirituality lightly etal. So I'm not mad, just saddened
MoFscker
I think hell just froze over. Or at least got a good frost.
Linux: The world's best text-adventure game.
I'd say that, if anything, this case should now have a weight of precedence in the opposite direction...
"It is on this principle that the government confesses error in this case," Cheng [the prosecutor] said.
That's all well and good, but how is this going to help this guy get his life back?
Are they going to renumerate his legal fees?
His lost wages?
His lost reputation?
Undoubtedly no.
The guy is ruined from a financial standpoint, unless of course he was a rich man to begin with. He enters an incredibly tight job market in the IT industry with a raltively ruined resume thanks to overzealous prosecution, and a record as a felon. Good luck finding a job -- given the way HR departments work, he wouldn't get past their "due diligence" background check.
All for a "mistake."
It seems odd--the securityfocus article about the original prosecution suggests he was convicted of revealing a hole in the security system, while the MSNBC article says he was convicted for what appears to be a denial of service (causing a crash). It appears as thought the technical and speech issues are not really being discussed in the press
>> If he was raped in prison, god forbid, and can prove it, then the government could be in for a very big shafting (no pun intended).
With all due respect, just what the fuck does that have to do with his innocence or guilt? I'd seriously hope he has legal comeback should he get sexually assaulted in jail whether he's Snow White or Jack the Ripper.
Did you really mean to imply that raping people in prison is perfectly acceptable if they were actually guilty?
~Cederic
We have come such a long way. This country got its founding to a great extent (not entirely) from the civilian illegal combatants that harrassed the resident British forces. It seems ingenuous to glorify them then turn around and condem others for the same tactic. But maybe your people were around here when mine were fighting the British.
I think what the Government is doing on so many fronts is playing loose and free with the law for their own ends. This is very dangerous, very dangerous to us and our freedoms and what our people fought for so long ago.
I am reminded of that quote from movie "Beckett" where an advisor told the King's friend, Beckett, something like "always tell the King what he Should do but never what he Can do". It seems we have that problem now.
I think you completely misunderstood the point of my post and are just trying to be inflammatory but I'll reply under the assumption that you were not.
No, my point was that in a CIVIL court (as in, not CRIMINAL) if it was found that he was wrongfully imprisoned that he can sue the Government for damages. Damages meaning compensation for suffering he may have incurred arising from wrongful imprisonment.
Trolls gotcha. "Seth FinkLEstein" is a troll, faking "Seth FinkELstein".
The real Seth never pretends to be a lawyer.
Thanks. I did miss that.
Still, I think we can assume the original poster isn't a lawyer either.
Opinions on the Twiddler2 hand-held keyboard?
Looks like the United States of America has lost its shine.
Anyone in the US of A can be officially harrassed by the government (prosecutors are from the gummint, right?) and then after so much harrassment, the harrassers said that they had no case.
So what about the victim ?
What about the ordeal the victim (or victims) had to go through ?
All the time lost, all the sufferings, all the agonies, and the ruined reputation, what about all these ??
In the USA, many people think that money can buy everything. But no matter how much money that poor guy can claim from the gummint, nothing can replace the agonies and time lost and sufferings, and the really painful lesson of being a good guy.
In other words, in USA, there's no such thing as LIBERTY anymore !
Muchas Gracias, Señor Edward Snowden !
I read what you have written, and I understand them all, because I had a similar experience.
I was lucky, that the public prosecutor was a dork, and because I know people in really high places.
All I did was nothing - in a discussion, I laid out a _hypothetical-case-of-a-possibility-electronic-br
All hell broke loose, and I had to face what you had gone thru, - sans the sentencing thingy, - but all in all, looking back, I spent more than 500K in attorney's fee alone.
That doesn't count the time lost in the entire meaningless hoopla, plus the agonies, anguish, comfusion, and ultimately, frustrations that have caused me and many of my friends/co-workers etc.
Now I don't live in USA anymore. Why should I continue to pay tax in a country which prosecuted its own citizen for NOTHING ?
My advise to all those who have been wrongly prosecuted - get out, and get out now !
If you stay, you will be paying tax to the same government which employs those damn bastards who do nothing but trampling on other people's rights and liberty.
Contrary to popular believe, USA is no longer a place which believes in LIBERTY.
There's no liberty in USA anymore, and that's the sad, cold truth.
Muchas Gracias, Señor Edward Snowden !
What you are trying to do is to make TWO WRONGS A RIGHT.
Two Wrongs Can Never Become One Right.
Even if the guy is the world's foremost Asshole Cum Laude, he shouldn't be put through this type of shits.
What the gummint had done was wrong, and those public prosecutors (persecutors !!) should have their nuts cut out and fried for what they have done.
We don't, and SHOULD NEVER condone any abuse of the law, and what the gummint has done in this case, and in many other cases in the USA, are outright wholesale abuse of the laws.
In case you forgot, the BILL OF RIGHTS protects ALL, even the ASSHOLES are being protected.
If the Americans don't protect themselves, they deserve to be abused by the very government they have elected.
Muchas Gracias, Señor Edward Snowden !
>> suffering he may have incurred arising from wrongful imprisonment
I'll say again: If he's been raped in prison, I hope he gets redress whether he's been wrongfully imprisoned or not. The correctness of his presence in prison is completely tangential to the wrongness of being raped.
~Cederic