Feds Admit Error In McDanel Security Case

prostoalex writes "US federal prosecutors have admitted that an error was made in prosecuting Bret McDanel under the Computer Fraud and Abuse Act. McDanel discovered a security vulnerability on his former employer's server, and seeing that little efforts were put into repairing it, sent out e-mails to the customers of Tornado Development Inc. After the prosecution revised the court materials, they admitted there was no proof that McDanel intended to impair the system's integrity."

Cold comfort

[Jonathunder]

Little consolation, after serving 16 months in prison, to be told that the prosecution was a mistake.

But this is a country which has hundreds of people locked up, with currently no prospect of seeing their day in court, or even a lawyer.

Re:Cold comfort

[GreyPoopon]

Little consolation, after serving 16 months in prison, to be told that the prosecution was a mistake.

Actually, it could be tremendous opportunity. Let's examine the possible outcomes. Disclaimer: IANAL.

1. If the conviction is successfully appealed, he can then have his record expunged, so he no longer has to answer "yes" to the job application question "Have you ever been convicted of a felony?" That's a real multipler for success when seeking jobs in the future.
2. Now that the federal government is "backing" his story of not intending to cause problems with the servers, he may be seen in a more amicable light by potential employers.
3. I believe he now has amunition for lawsuits against both his former employer and the federal government.

Having said all of that, I believe the feds should hang their heads in shame for being overzealous and making the mistake in the first place, but should be commended for admitting the mistake. That's a step up for our government.

Re:Cold comfort

[insertionPoint]

But this is a country which has hundreds of people locked up, with currently no prospect of seeing their day in court, or even a lawyer.

I can tell your' glass is always half empty. Locked up, no day in court, no charges, no rights or even fair representation. But do you mention, no bill for staying on a luxurious tropical island paradise?

Re:Cold comfort

[rifter]

The only thing about all of those linked stories is... they aren't American citizens being held in Guantanamo. However you feel about their detention in Cuba (of all places!), it really has no relevance to the post about due process. Non-American citizens have no inherant rights to a speedy (or any) trial in America.

Actually they do, but currently the government is bending the law. Firstly, this country was founded on the principle that all men are equal and endowed by their creator with certain inalienable rights. People in other countries do not have a different creator.

Historically, non-citizens in this country have enjoyed, in addition to rights granted by international law, many of the rights granted to US citizens. There have been cases where international law has been bent before, such as the refusal of states to notify the consulate of the country of origin of aliens sentenced to die as required by international law and as requested by the federal government, but there have never been abuses on the current scale.

In addition, the "combatants" at guantanimo bay have not been clasified under any legal term because no matter how they were classified their current treatment violates their rights under US and international laws. If they are criminals they get a trial; if they are prisoners of war they get freed at the end of the war, etc.

Also, there are people at Guantanimo bay who are technically citizens of the United States or a western democracy such as the UK or Australia. They are not getting the treatment usually afforded such citizens.

On top of all of this, when our citizens get into trouble abroad there are often treaties in place which guarantee their rights, and outcry when those rights ae violated. Likewise when people from other countries get into trouble here. Such outcry often ends in some kind of compromise and these treaties are supposed to be enforced. They are not being enforced here and neither is there any compromise.

Then there are the people who were rounded up and detained within the US. Most were non-citizens, but some were citizens. In these cases none of the normal due-process was followed (access to a lawyer, specific charges, etc etc) and neither have many of these people been released. As far as anyone can tell, there have been people imprisoned with no access to lawyers, no charges, no evidence, and no trial for over 2 years now. Numbers have ranged from hundreds to thousands because the administration is not admitting a lot and hoping people will just forget about the whole thing.

The whole process is unamerican, antidemocratic, and is the doctrine of our very enemies; it needs to be stopped.

Re:Cold comfort

[Best+ID+Ever!]

Non-American citizens have no inherant rights to a speedy (or any) trial in America.

They should if we're the ones detaining them, and we truly believe our laws are just. Deport them or charge them, but holding them indefinitely is wrong.

"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. "

do something that makes the suits look bad...

[spitefulcrow]

and get thrown in jail? At least they admitted their error on this one. If someone pointed a flaw out in a system I was ultimately responsible for, I'd have him fix it and give him a bonus or something.

After sixteen months!?

[Midnight+Thunder]

According to the article it was only he served 16 months, in fedral prison, that the government decided it was in error. I hope the guy gets some sort of compensation. 16 months for someone who was not guilty of a crime is too long.

Well I'm glad

[The+Munger]

I'm sure most of us have heard of this story by now. It was also covered on The Register the other day. If I were a customer, I'd certainly want to know about this kind of hole. Does anyone think he caused any grief? He gave notice to the right people, and they still didn't listen. This is like Microsoft ignoring security holes - and we've all heard those stories.

I think he did the right thing. The only people to lose out appear to be the incompetents who are now forced to fix their mistake.

Been there done that

[segment]

During his trial, prosecutors argued McDanel intentionally caused damage to Tornado's computer server by overloading it with too many messages and impaired the system's security by exposing its vulnerability to the public. A judge found him guilty of unauthorized access and sentenced him to 16 months in federal prison.

The problem with prosecutors is, they're quick to jump on a case and will do all sorts of stuff to get a conviction. I know because I've dealt with them and have been incarcerated for computer intrusion and electronics eavesdropping. While at trial, federal agents purjured themselves on the stand and got warnings. A federal agent stated "Mr. XXX is wanted for breaking into NSA, FBI, CAI, and Military machines... But he is not being charged with that right now" ... Another so called FBI computer expert stated he didn't understand what an IP address was (no bullshitting as my case and the transcripts are public record). My ISP, my phone company testified I hadn't used the phone, nor was I online at the time it happened. Now if that is not cause for reasonable doubt I'll go on...

Upon my arrest the agents stated they had been to my previous address of which I hadn't lived at for YEARS. So you mean to tell me, that if you think I attacked some machine, where did you get my information from. If it were via IP they would have come straight to my address via my ISP's logs. Now they had firewall logs with none of my information whatsoever, and they had a sniffer log which recorded the entire breakin. On the sniffer log, nothing shows up remotely all you see are mail connections, then an attack coming from the same host the sniffer log was on.

Local attack then right? Try explaining that to a jury of 40-50 year old comp-phobic people who's favorite tv show is Judge Judy.

I was the first case in the Southern District to go to trial, and was told if I take it to trial I would face 10 years. I was offered 1year, then 6 months, then a 6 month split 3 in jail 3 under house arrest. I still fought it. Feds took this as something arrogant, I fought for my rights. Now given I was no angel growing up (sold drugs, stole cars you name early 90'ish) I swallowed it as karma. Appeal? Sure to go through the same thing? Wasn't worth it for me, the impact of the trial is enough to drain you, financial, mentally (if your weak).

First thing the feds thing coming into my house... High five each other... "Yes we got sil from AntiOffline..." what a scam.

Its nice to know however the DA was quickly promoted and a whole new cybersecurity *cough political bullshit* department was thrown up in NYC

So after this post... Let's see how long it will be before my PO calls up and automagically violates me for some bullshit. Meaning I spoke in a manner the feds didn't like. Fuck a fed

Re:Been there done that

[segment]

Sure you have a couple million to spare? The feds have deep pockets, and you really don't want them on your ass. Nor will your friends like you much when the feds go to there house and so on and so forth. I lost the case s'all the matters for public record, me on the other hand I don't harbor bad feelings I look at is as politically motivated nothing more. As for fighting, its a losing battle. I had contacted staff at the ACLU, and they wanted to make a public thing about it, I on the other hand didn't want some free sil bullshit so I declined. EPIC? Never returned a call. It's history to all but me.

Re:Been there done that

[chgros]

Um, just because it's public record doesn't mean it's online.
You have heard of paper, haven't you?

A link doesn't have to be online. It could be a reference number, a place/date/whatever, or something of this kind.

Wrong use of the laws

[chrispyman]

If I'm not mistaken, the intention of these laws was to lock up the so-called "script kiddies" and such who maliciously broke into and destroyed/exploited computer systems. This guy just published a vulnerability to the company's users, and while it may have damaged their reputation, they certainly didn't have much to begin with after not fixing that flaw.

Win the battle, lose the war

[divide+overflow]

This seems like another example of what I would call a Pyrrhic victory. As long as the system can throw someone in jail for 16 months for doing something both legal and defensible then I see little reason to celebrate our freedoms.

For those that didn't RTFA

[ekephart]

The 16 months that he served constitutes the entire term of his sentence.

"During his trial, prosecutors argued McDanel intentionally caused damage to Tornado's computer server by overloading it with too many messages and impaired the system's security by exposing its vulnerability to the public. A judge found him guilty of unauthorized access and sentenced him to 16 months in federal prison."

It's sad that there is not better review of cases in this country. Federal prosecuters should be held to the highest standards. (cough, ashcroft) This is why my friends that many (myself included) do not agree with the current implementation of the death penalty.