Fermi Lab Compromised by Pirate
tttonyyy writes "The US Department of Energy sounded a full scale alert after machines were compromised at the Fermi National Accelerator Laboratory, according to this BBC article. It turns out that the hacker was a student using the machines to download and store music and movies."
Um. This happened in 2002 according to the article. I think we've missed the boat on this one... the actual new information is the sentence handed down to the culprit.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
The national labs have done a good job at firewalling off the non-professionaly administered machines where feasible, but the academics really don't like anything that slows down collaboration. Thus there are lots of open machines, ftp and telnet still abound and give lots of opportunities to swipe usernames/passwords in the clear even though ssh and scp are available, etc.
Most (but not all) machines running the accelerator and the detectors are on their own mostly-private subnets.
well I wouldn't be surprised if he didn't even know it was the fermi labs.
these type of guys scan just vast numbers of servers for flaws(open your apache log and you'll see a few) then open up some space on ftp and fxp some stuff to it from another(sometimes) similar ftp and then go post the thing on some list for fame(or tell it to some group of theirs). most companies never bother to raise hell over this, and most of the time it would be very difficult too as the ftp might have been used by hundreds of people all over from the globe.
world was created 5 seconds before this post as it is.
It sounds like he was just a student who had access to those machines. Does knowing the root password make you a hacker?
How about a new headline: Student abuses Lab's computers.
I completely disagree. Furthermore, I think that yours may be the same kind of thinking that US legislators have when creating laws to cover new technology. Such black-and-white thinking seems pretty irresponsible to me. It does not allow for judges to use discretion, as this one has.
Let's take a look at it from a harm perspective. How much trouble did this really cause? Some kid cracking files to steal someone else's bandwidth -- this is akin to petty larceny -- maybe breaking and entry at worst. I can understand a judge opting for leniency in this case, the same way they may be inclined to opt for leniency for a breaking and entry case. Just because very few people understand the crime, doesn't necessarily mean that it should carry a requisite absolute punishment. That's just an overreaction -- no different from mandatory minimum sentencing for drug offenders. All that will do is overcrowd prisons and turn part-time petty criminals into full-time criminals. I don't know about English prisons, but I've seen US prisons -- from what I read in the article, this kid doesn't belong there.
Now, if McElroy had caused any real damage (like viewing classified material, etc) -- then an appropriate penalty shuold have been levied. However, unless our DoE computer centers are run by complete morons, there's probably a really good chance that classified materials were not available to McElroy. If this was apparent, it adds far more credibility to the argument that a 17-year-old kid (this was 2 years ago) was just screwing around.
On another note:
If there actually was classified material at stake, it begs the question: What asshole puts a network like this on the public Internet? Isn't that asking for a terrorist attack? It brings to mind another law: In some US states, it's illegal to leave your car idling with the key in it. It's ticketable and adds points to your license. Sure, if some asshole steals the car, it's far more illegal -- but it shares some of the responsibility wity the operator. Shouldn't someone at Fermi lab be held responsible for this as well? This is a DoE computer that my tax dollars paid for. I say that we should forget about creating more anti-terrorism laws. If someone makes the collosal fuck-up of making a classified system accessible on the public Internet, in any way, they should be penalized for negligently putting millions of lives at risk (allowing for flexible sentencing as the judge sees fit, of course).-Turkey