Slashdot Mirror
6-Month Sentence for NASA Cracker
lunartik noted an AP story running on a 6-month sentence given to
Gregory Aaron Herns for cracking into the computer system at NASA's Goddard Space Flight Center. 'Herns told federal agents he was looking for computer space to store movies he'd downloaded. It took hours for technicians to find the problem, fix it and patch the system's security holes.'"
I'm surprised this wasn't posted under YRO.
Support the First Amendment. Read at -1
NASA are claiming it was $200k. It'd be nice to see how much of that was spent on fixing the security holes he uncovered.
Slashdot: News for Nerds, Stuff that matters only to them
6 months in prison because he was too cheap to buy a hard drive...
Now if he'd just uploaded LOTR:ROTK instead of Legally Blonde....
"If, therefore, any be unhappy, let him remember that he is unhappy by reason of himself alone."
~Epictetus
Let's just download some movies. Oh wait, I've run out of space.
LETS HACK NASA!
Step 1: Download movies.
Step 2: ???
Step 3: HACK NASA!
"It would be like clearing a sidewalk full of spectators with a fire hose so you can walk through it," said Assistant U.S. Attorney Greg Nyhus.
More like breaking into a bank vault to store the bicycle you just stole.
Smoke me a kipper, I'll be back for breakfast.
"It took hours for technicians to find the problem, fix it and patch the system's security holes'"
That's so obviously the cracker's fault...
This is how the system is supposed to work.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The age old terminology debate.
Cracking == bypassing software protection
Hacking == Bypassing server protection
NASA should be allowed use these idiots in their experiments. I'm thinking 'Effects on subject A when parachutes fail to deploy on capsule dropped from 50,000 feet' or 'Impact determination of Subject A foolishly slashing open his space suit in LEO" sort of stuff.
NASA could get valuable data, some small furry woonland creatures would be saved this fate and the world would have a few idiots less. Win all round scenario.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Could you please post your address, I'd like to show you how clever I could be at breaking into your house.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Tacit approval of this sort of thing (cracking) paints us all with the same unsavory brush. If we do not start policing our own, the "geek/nerd" stigma will deepen. We are professionals, let's act like it.
Ignorance is curable, stupid is forever.
With hard disk space nearing $0.50 / gigabyte why on earth would you crack into NASA computers to store you movies?
Im dreaming ofa big bndwdth, That can resist the
At the risk of stating the obvious; hacking into NASA is not technological advancement. Furthermore, it's 6 months in prison, and some computer restrictions, they're not exactly branding him with a giant forehead stamp that says "DANGEROUS HACKER - DO NOT ASSOCIATE WITH OR HIRE, OSTRACIZE WHEN POSSIBLE".
That's not offtopic, that's just funny...
...who need hard drive space. Hard drives are VERY cheap nowadays! My god. How many movies did this guy have?!
If someone says he and his monkey have nothing to hide, they almost certainly do.
"It's not like firing up your Macintosh or your Apple where you push a button and wait six minutes for the thing to boot."
;)
He must be talking about Windows
I do. With real world breaking and entering, you don't need to bring down a mission-critical server to reimage the driver for to ensure security. You just change the locks.
The Yasashii Syndicate ||
A prison sentence seems a bit excessive for what he did.
Lets switch the word "computer" to "lockpicking".
Lets see...
"Here we have a person that is very much talented towards lockpicking..."
Does a lockpicker know much how to build efficient locks actualy?
Does a computer security breaker know much how to actualy build secured systems?
Is that much different?
Léa Gris
I well remember the days of downloading pr0n off of illegitimate ftp servers setup, on you guessed it, NASA computers. This was back in the day when 3 GB was a fantastic amount of data. And why yes it was busty asian pr0n.
Yah, that's probbably pretty accurate. His sentence seems to be within the federal sentencing guidelines for criminal trespass. Check it out here
The sentence seems a bit much considering the intent of the crime (stupid attempt at finding DL/UL site), but not really unduly harsh.
AccountKiller
... after the accused stole my $3.59 flowerpot, I had to spend hundreds of dollars putting locks on all of my doors.
Break into one government computer, go to jail. Break into tens of thousands of personal computers, ....
.
:| )
Herns was ordered to pay restitution for the damage he caused and will have limited access to computers for the next three years. After the judge outlined the terms of Herns' restricted computer use, Levine pointed out how hard those conditions will be for a man who does everything online, including paying his bills.
"He's going to get to learn," Brown said. "There are other ways to live."
The Canadian government has declared internet connectivity to be (I forget the exact term) a "necessity" or something.
If you rob a bank, do they forbid you from walking into any type of business establishment for the entire duration of your parole? No! It would be idiotic - everyone needs a bank account or groceries in today's society, and there are already tons of other perfectly good laws to deal with the individual should they commit a crime in a bank or other "place of business" again.
If you commit a traffic violation, do they forbid you from getting into any vehicle on any road? No! They might prevent you from driving, but they still let you get in as a passenger in other people's vehicles or take the bus.
Judges are going to eventually have to stop throwing out blanket "computer bans" as minor parole conditions - and realize that they have to handle it differently. PCs may/can be the basis of entire home entertainment centers, your library, your photo album, your telephone, etc etc.
What they should do (and what would be more effective) is to ban the user from say spending more than 30 minutes at a time on a PC, or making an IP connection to a class of third parties, or posessing any tools or software that could be used for illicit purposes - and then have the parole officers make unannounced audits and/or taps.
This goes along the lines of what kind of an effect would it have on you and your life if the police seized your computer in the midst of an investigation (not even an investigation into you, say your webcam caught some images of a crime). My PC is all of the things I listed above and more. And remember, saying "make backups" doesn't cut it, they always take your backups too and withholding those could get you in even worse trouble.
To put it another way - the police need to develop methods that don't "deny you use of your entire house just to check the window for fingerprints".
If they want to ghost the drive and look at the inside of the system before they leave, that's fine. But taking the entire thing for an indefinite period - unacceptable. (I'm talking about when I'm not the suspected murder or something
"There are other ways to live", indeed. He's already had three or four years for the enormity of his crime to sink in, and now a few more of his career-making years will be pissed away flipping burgers for a lesson he probably already learned at 17. This is not to the greater good, in my opinion.
I don't buy for a second that he was doing it to find space for movies. It just makes no sense at all.
Let's assume for a moment that all of his movies were DivX-encoded at 650 MB each, just for the sake of argument.
* Hard drives four years ago were still relatively inexpensive. By working at McDonald's part-time for three weeks or so he could have had a new hard drive.
* Even if he had so many movies that he required an additional hard drive, why could these movies not have been burned to CD-R instead? CD writers were available for less than $100 and CD-Rs could have been found for less than 50 cents a piece. He could have had virtually unlimited space as long as he purchased a new spindle now and then. (See afformentioned McDonald's reference.)
* Most importantly, what did he expect to do with those movies? Unless he had a T3 or something equivalent to his house, he would have had to wait hours to both upload for storage and download to view. I've had 1.5 Mb/sec DSL for four years, so I know that it would have been feasible back then, but it still would have been far less effort to burn them to CD-R. And at least then they would have been portable, far more so than a hard drive.
* Assuming 1.5 Mb/sec broadband, it would have taken almost an hour just to download one movie. So, he would have taken an hour to download, an hour to upload (at the VERY least since most broadband companies don't use the same upload/download speed), and another hour to download when he wants to watch it? Was he planning on installing a streaming media server as well?
* Why NASA? Why not find some schlep on his ISP who wasn't running a firewall, had lots of space, and store the data there? A Joe-Clueless-User would have been far less able to determine who was storing data on his system than NASA.
I'm sorry, but I just dont buy the "he was looking for computer space to store movies he'd downloaded" line. It makes absolutely no sense whatsoever. Sounds more to me like he was doing something nefarious and was hiding it or he was just looking for ego points and got nabbed in the process.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
The article mentioned that NASA technicians had to spend several restoring the system from backup. What did this kid do? He's either lying about his intentions -- he really wanted to cause damage -- or was just incompetent. Secretly keeping a few gigabytes on a big machine really isn't so hard. poopdeville
After all, I am strangely colored.
It's not like it was 6 years or something.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Insightful ? Wow, do you guys know anything about security? How about him leaving behind several trojan horses for his buddies? Yes you take the drive, especially if it has sensitive information, and incinerate it. Dumbass, this is national security we're discussing, not your quicken data.
"I believe today that my conduct is in accordance with the will of the Almighty Creator"-Adolf Hitler or George W Bush?
What is cruel and unusual may vary depending on who you ask. For one, I would probably use monitoring to keep him off computers for several years. Some people would think that disappearing him is not cruel and unusual.
Moll.
What you hear in the ear, preach from the rooftop Matthew 10.27b
I applaud the judge for his great insight - giving a Computer Science student a computer ban.
And 200k of damages? Er, did he delete research papers or something? (If he did, to make room for his movies, he does deserve it, though).
Sounds more like 200k to finally get their asses moving to fix some security holes, which were there in the first place.
He went into my house, through the big holes in my fence, climed through my dried-up moat, opened the door with the broken lock, and then stole my potted plant. It cost me a fortune to replace the lock, refill the moat and fix the fence.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
I guess he should have thought about that before HACKING A BOX AT *NASA* for pete's sake - and to do what, use it for Divx movies?
This guy was an idiot and got what he deserved. Sorry. Perhaps he should have though first before compromising a piece of United States Government property.
This seems a little harsh to me, this computer science student not only has to spend 6 months in prison, but has limited use of computers for the next three years. This really stunts his growth professionally, but also puts a very black mark on his record when being considered by future employers. NASA should be ashamed of themselves for not discovering these holes themselves, as it is a strong likelihood that this 17 year old high school student didn't -really- know what he was doing (storing movies on NASA's servers? what?). And if he really did know what he was doing, it seems to me NASA probably should have hired the boy to hack them constantly and reveal more security holes that should be mended. Instead of ruining the kid's future. Just my two cents.
Clearly he's responsible for any damage he did. But why is he responsible for fixing the security holes. He didn't cause them, but rather revealed them. Looks more like NASA owes him a consulting fee...
Nice to see term not used improperly for a change.
Sure its just a pet peeve of mine, the mis-use of the term 'hacker', but it doesn't lessen the annoyance factor for me.
---- Booth was a patriot ----
Seems to me like he was a smart guy who just had to come up with an excuse to justify what he was doing. I doubt he was really looking to upload movies to a NASA computer, it doesn't make any sense. If your internet connection is fast enough to get a movie from NASA in a few seconds, then chances are you have enough money to buy a few large harddrives. That kind of bandwidth isn't cheap!
umm, why not? the kid fucked up and broke the law using a computer.
it is the kid's fault that he thought NASA was a good place to store his movies.
I am the Alpha and the Omega-3
Generally speaking, yes and yes. You can't pick locks without knowing how they work (it's not a matter of sticking a bent paperclip in and wiggling it around - trust me).
Likewise, you can't hack a computer as easily as you can in films. "login root" doesn't work in real life, but if you know how the security works then you can find a way around it, or patch the holes.
How many people can read hex if only you and dead people can read hex?
I don't demand that spammers are jailed, even though they do a lot more damage than this guy.
a 6 month sentence will likely be done in a minimum security prison since it is less than 3 years.
I am the Alpha and the Omega-3
They didn't have any chairs to sit on in the server room while they fixed security holes, so they made a big pile of money and sat on that, and it worked almost as well. After the whole fiasco NASA is now researching a new more expensive type of money that is more easily convertable to a sitting appliance.
If the admin has any idea what he's doing he'll be running tripwire anyway.
Well, what do you feel would have been the appropriate punishment for breaking into a US Government computer system and using it to store illegally-downloaded movies?
A fine. After all he only caused economic damage, and not a lot, either. The criminals in Enron caused incomparably more damage and I don't think many (or any?) of them will be put behind bars anyway.
Cracking into NASA is one thing. You're up against propellor-heads and zoomies, nice people who think space is neat. Cracking into the NSA is a whole 'nother ballgame. Those folks are professional paranoids, and while they don't kill people, they certainly know people who do.
This next song is very sad. Please clap along. -- Robin Zander
What kind of moron are you? He committed a crime! He broke the law! You just want to let him off the hook? Great idea, then I'll hack NASA just for the hell of it and get off to! Great idea, dumbass.
THIS bullshit is insightful???
Perhaps thinking before committing one of those felonies would have done him some good.
Seventeen is plenty old enough to know good and goddamn well that what he thought of, planned, and executed was fucking illegal. If he didn't, then I sure's hell don't want him further educated in his abilities.
He and only he pissed away his career-making years. Tuff shit.
"yes and yes"
Bzzzt! Wrongo. What he said was...
"Does a lockpicker know much how to build efficient locks actualy?
Does a computer security breaker know much how to actualy build secured systems?
Building that effecient lock and secured system is about designing same, not about assembling components, ala Tinker Toy.
Also, you can buy books on how to pick locks and find bookoo info on exploiting security holes. Your straw just burnt up.
"It would be like clearing a sidewalk full of spectators with a fire hose so you can walk through it," said Assistant U.S. Attorney Greg Nyhus.
Which is fine, as long as Uncle Sam is holding the fire hose, and rioting citizens are taking the splash -- and not the other way around.
-kgj
-kgj
"Day after day, year after year, the elite in the government or media get away with crimes known to be crimes, and these same posters never say a word. "
/.
Must be your first time on
Here we have a person that is very much talented towards computers, a person who knows a lot and a person who could potentially bring big innovations and discoveries to mankind.
No, here we have a first-class idiot that felt breaking into a NASA system to illegally use their storage space (likely to set up a public FTP full of pirated movies) was preferable to something semi-sane like buying another hard drive or server.
I guarantee you there's plenty of law-abiding people out there that vastly outclass this kid in terms of bringing "big innovations and discoveries to mankind."
Lets all beat the hell out of him before he unfolds something that should be kept hidden... Or better yet, so he never gets to be anything the 'general' public is...
What does breaking into a government system to store pirated movies have to do with what you're insinuating?
Is the 'law' still protecting the public or beginning to get in the way of technological advancement?
People manage to find, report, and fix security holes without unlawfully breaking into government computer systems. Imagine that, eh?
Not to mention the fact that, yet again, he wasn't trying to expose security holes, he was trying to save money by storing pirated movies on someone else's space.
Yes - I see a lot wrong with this picture.
Kevin Mitnic hacked into Sun's systems and read some of the OS code. Before his sentance was up SUN OPEN SOURCED at least SOME of this code. Furthermore, Sun claimed millions in loses for this intrusion. Yet we can all see the sun is setting on SUN. The value is in millions of people having access to the source code so like a languge (english for instance) it can be used and improved apon and adapted to meet a wider range of needs. English for instance would have no value if it were locked up and used by a small group of preists... and this is what closed source is.
So the whole premise of Sun's claims against Mitnic are flawed right from the get go!
So yes, Kevin Mitnic is even a better example of punishing the messanger.
The judges in these cases should be embarrased with their ignorance. At least in the case of the Salem witch trials there is good evidence that their food was laced with Ergot, which is hallucenogenic... so they have an excuse. I cannot see much in the way of an excuse here.
If the judge ruled that NASA should simply fix its servers then perhaps people would wake up to the fact that when you connect a computer to the net, you need to accept responsibility to secure it. It is a fact that there are evil people in the world who will attack them and get in and perhaps create harm. Even if this kid or Mitnic was malicious, and there is ZERO evidence to support this, they should not face anything more than a small fine. They really did nothing more than what most teenage boys and some teenage girls dream of doing.
In the case of a bank, throwing the thief in jail is a deterant because the thief needs physical access. In the case of cracking a computer the physical access is to all people in the world and it occurs the instant it is connected to the net. There is no deterant in punishing one person because all the would be crackers are mostly invisible and often live in other countries... some of which are our enemies.
Any bank would consider it rather unacceptable to leave the door off the vault and place it in the parking lot with no supervision. As a customer I would not deal with a bank that does this. Yet on a daily basis many of the professionals I use regularly expose confidential data through their incompatence and unwillingness to hire competant IT professionals.
I stand by my original opinion. If NASA got cracked it was their own fault. They should punish themselves for their incompetance. They should not be punishing the messenger.
Furthermore the Judge in the case should recognise this and send the correct message.
'Herns told federal agents he was looking for computer space to store movies he'd downloaded. It took hours for technicians to find the problem, fix it and patch the system's security holes, officials said.'
What 'problem' is being referred to in this sentence? Does the reporter not have the backbone to take the most tentative steps toward investigating why unauthorized access had been allowed?
If a physical media copyright infringer had been habitually storing his wares in restricted areas of the Library of Congress, would the AP reporter have written, "It took LoC staff hours to find the problem, fix it and patch the library's security holes"?
not to mention that it'll be a federal prison, which is a walk in the park.
Hey, if this kid got pr0n into these servers then foreign spies must have been using them for ages right under NASA's nose. Right now the KGB's of the world are insanely mad at this kid for showing NASA why they should patch a gaping security canyon.
6 months in jail and you make this kid an ex-con. He won't get a job anywhere decent, no credit, his chances in life even with a CS degree are 50%. The US has created another socially excluded propellerhead.
That's how inverted things are nowadays, and some here say this was fair punishment....NASA should be red-ashamed of allowing this kind of security hole open.
Makes you wonder if all the explanations we got for Challenger and Columbia aren't a pile of PR bullshit in the first place.
North Korea, Iran, anyone could have sabotaged these servers and all we get is the White House CNN pile of crap.
Gimme a break, free this kid, give him community service cleaning up spyware from gov computers and pay him the 200k for protecting americans against Al Qaida.
This judge obviously misunderstands the challenges of the 21st century. Ah, but so does the highest office of the US...
Broken Hearts are for Assholes. - Frank Zappa
say a vulnerability is posted on the web and it happens to affect your systems. how much does it cost you to get your IT department to locate, fix, and patch the problem?
let's further assume that the party that posted the vulnerability is being purposefully uncooperative. but they agreed to get the vulnerability tested independently by a third party who also happens to be uncooperative. how much does it cost your IT department?
i havent got a clue. but 200k seems like a lot. it would seem that keeping a network secure is very expensive business. and i agree that this is true for physical installations, but digital? i mean seriously. unless of course you are over working your staff who also answer all the phones for tech support in-house making it impossible to manage their time or actually do the work they were hired for in the first place. but 200k for a bug? jesus.
i feel really bad for nasa. no matter what system you use there will be bugs and even when that is not the case a system can be badly configured. if each of these issues costs on average 100k (just a guess) to "locate, fix, and patch" can you imagine how much money is going into IT departments right now? or how much money is going into the IT industry? its like paying the plumber 4 times (just a guess) more than his already expensive rates (apparently there is a shortage of plumbers) and honestly believing that this is the way the world should work.
for crying out loud people. what exactly did this kid do? "shutdown -h now"? and it takes 15minutes to boot up? i mean sorry guys, but maybe you should be protecting your system a little better. i always tell myself. if a teenager can pull a prank like this one there are two things you should do. punish the teenager the way we punish any teenager for a prank like this (which they have sort of done). secondly, get some help securing your systems because a foreign nation will not be looking for space to store movies. they will be out there looking to cripple your systems and not necessarily permanently, 30mins could be critical for a crack squad tectical unit and if it is as easy as just shutting down a server......
ps. to be fair, it could be that restarting the system as part of their "locate, fix, and patch" program takes a lot of time (more than 10 minutes?). there again my friends i would suggest a better system to reduce your costs. this has nothing to do with me believing you shouldnt punish this guy. but quit posting damages that could have been avoided if you spent a little more time designing a better system that met your needs. if google can do it i am sure you can too.
if it takes so long to restart your system even during normal maintenance then build redudancy for your production environment. if this is really just about your personal inconvience then remember you are a plumber and that crap cloggin the pipe is your job.
Bits and bites are replaceable. Your front door isn't. In this type of situation it is NASA that should be punished, and this kid given community service for showing NASA that Al Qaida could have been using this for who knows how long unnoticed. You can't use real-world reasoning for digital crimes. Digitally robbing something does not take it away from the owner, it is a copyright and intellectual property issue, not a regular crime. I posted below : if this kid got porno into these NASA servers just imagine what Al Qaida could have been doing....
Broken Hearts are for Assholes. - Frank Zappa
I'm impressed that some rising-star prosecutor didn't get him sentenced to eight years of hard time. Maybe the system still works here and there.
Hail Eris, full of mischief...
E pluribus sanguinem
You expect a teenage male in high school to use such a rational thought process?
Are you from a different planet?
ShoutingMan.com
"Here we have a person that is very much talented towards computers, a person who knows a lot and a person who could potentially bring big innovations and discoveries to mankind."
Yeah. And someone who wasted that talent on downloading movies and breaking into NASA computer systems.
Do you have any sense of proportion, at all?
What's the difference if you destroy my property by coming into my house and wrecking something versus doing so electronically? You argument seems to be that it's nasa's fault for not having perfect security. A lock or a firewall is only as good as the guy who's trying to defeat it. Is it my fault if someone robs my house because I "only" use a deadbolt and not a jimmy proof steel door? If the INTENT is to illegally enter someplace they don't belong, then it's no different from someone using your garage to sell pirated DVD's. Server space and bandwidth isn't free.
I'm a bit surprised my original post got rated flamebait but then again I'm not really in favor of flogging. It's not severe enough of a punishment.
I have mod points. The reign of terror begins now.
So by your reasoning, if someone can get into your house and clean it out, then it's your fault.
What's your address?
...I only broke into this back yard to bury these dead bodies.
Some of the comments here refer to why he would hack into a system to store his movies when disk space is so cheap. The answer is speed. NASA most likely has a fast connection to the internet. This guy was part of a FXP group, so what happened was that when a new movie was released, he would FXP the movie from a distro server to this NASA ftp, and then give other people in his group the login to the NASA ftp. Other s would do the same for him, so they all got new movies without all of them leeching off the original distro servers.
If the government is serious about fixing problems in supposedly secure and sensitive systems, then they should reward not punish people who find holes.
Instead of going to the courts with a trumped up case about supposed damages in hundreds of thousands of dollars, they should give hundreds of thousands of dollars to the people who document holes in the security of sensitive systems.
And tax-free, too, if you please.
And give this kid the job of special intern for security at a decent salary. Loyal Americans and allies of the American corporate empire should be rewarded for tracking down, finding, and documenting security problems.
Suppose YOU found a hole in some NASA computer that allowed you to endanger a shuttle launch or mission. Suppose that if you took it to NASA there was a good chance that you would get thrown into some secret third-world hellhole prison like Guantanamo with no release or no record of your imprisonment. This might happen if you're Muslim instead of being some 18-year-old, rich, white, suburban, Computer Science community college student harmless geek.
Suppose that you mentioned your discovery to someone at the mosque and they came back a month later with an offer of several hundred thousand dollars for all the details on how to blow up a NASA mission along with a new identity and citizenship to some quiet Muslim community in a country not monitored by the FBI.
What would you do?
There are holes in every major on-line computer system. It is better that we have our geeks get rewarded for finding and reporting them, rather than have our enemies find them and use them to kill our people.
In other words, Homeland 'Security' agents, stop putting harmless hackers in jail for finding weaknesses in your chickenshit computer security systems.
There's a good chance that they didn't tell you everything that they found out about your pathetic security systems, and they won't be 'harmless hackers' when they get out of an American prison.
Dumb schmucks!
A 6 month timeout to think about what he did is very appropriate. The Circuit City credit card crackers got like 10 years! That is way out of whack. But 6 months seems fair to me.
As far as the worst thing I ever did? I stole a bunch of shit from a house that was under construction. It was insecure, as you say (no doors or windows yet). I felt bad about it and give the shit back a week or so later. Kids do dumb things. That's the worst thing I can think of at the moment.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The IT staff will probably be enjoying Mr. Herns, "Donations", for quite some time.
"Beer is proof that God loves us and wants us to be happy - Benjamin Franklin"
umm... federal prisons are better maintained, but they are hardly walks in the park. go visit one and tell me that you would love to be locked up in one of those places.
I am the Alpha and the Omega-3
But it IS posted under YRO. Well, it shows up there at least. That's where I came from.
If the laws defines you actions as a felony or misdemeanor, you do the time, just as you would for any other crime.
...you never know - these idiots might follow the Dilbert theory, and get promoted up to the top of the NASA chain of command...they might move on to government next, and who knows what might happen.
Oh, wait.
That's retarded. Does it look bad for NASA? Definitely. But does that absolve the kid of what he did? Absolutely not. You can't even make the case that he was just trying to expose a vulnerability, because he didn't try to contact them about it. It was for personal gain, plain and simple.
I consider myself to be pretty skilled with computers, and I don't doubt that I could probably break into systems like this if I tried. Of course, I could also probably successfully conduct a bank robbery if I tried. The point is that I don't do either, because it's illegal and I'm aware that there are serious consequences.
Also, the line that some people tend to draw between the real world and the digital world is not as thick or as clear-cut as you seem to think. The technician that had to clean up the mess was being paid with--guess--that's right, real tax money. My money, and probably yours, too. Not to mention the fact that every time NASA launches a shuttle, peoples' lives are at stake. And if you think that innocuous, seemingly unrelated incidents can't cause serious system-wide problems, then you obviously haven't done much debugging.
What the kid did was wrong. You know it. I know it. And in this case, I think that the punishment is quite adequate. In six months, he can get out and get on with his life. In the meantime, perhaps it will deter someone equally foolish from making the same mistake.
Or perhaps we could send a message to other bright, talented individuals that the rest of the world's computers are not their own personal scratch disks.
Besides, just because the guy can exploit a few security holes doesn't make him Albert Fucking Einstein. He's not a genius or a hero; he's just a guy who doesn't understand the idea that you don't just help yourself to others' property because you don't want to pay for it yourself. I mean, he stole storage, for God's sake - yeah, not like you can't get that off the shelf at any fucking CompUSA in the country.
Forgive my crack-induced haze, but what about the scores of groups of crackers, who call themselves crackers, and who crack software protection.
/. troll
Oh, and the websites distributing these cracks.
And the fact that it's commonly accepted, by anyone who isn't
a) a pedantic
b) anyone who knows a grain about cracking
Delude yourself, fine, but accept that some of us work in the real world.
If I really wanted to make the shuttle go boom, why would I honestly tell you that and get myself into more trouble?
How the hell is he going to blow up the Shuttle by hacking one of their systems? Statements like the one you just made are absolutely ridiculous. If NASA somehow set up their launch system so that you could blow up their rockets from the Internet, that would be ultra stupid and border on criminal negligence.
It seems that everyone wants to be the first to make doom and gloom "the sky is falling" type statements.
Also, if you've ever followed lawsuits, and I'm sure you have, you'd know that over-inflating damage estimates is the norm.
Did anyone RTFA and realize this guy was 17 at the time? Yes he committed a crime and a crime is a crime but this isn't murder we're talking about people. This is a 17 year old nerd who did something stupid and is going to end up in jail for it 4 years later..
Yes at 21 he'll be going to be going to a federal prison where he can learn to be a real criminal. He's also being restricted in his use of computers for 3 years so he'll have to find employment in something else and cope with his computer addiction no doubt. He's bound to become bitter about it after 6 months of prison life and is going to be very likely to break the terms of his 3 year ban.
This is shear madness IMHO.
These posts express my own personal views, not those of my employer
Perhaps. Frankly, I don't see why NASA would make such a big deal out of a minor intrusion like this unless it was obviously malicious. NASA rarely handles classified aerospace projects anymore (and wouldn't be networking a machine with access to classified information) and in fact rents out time on their supercomputers. Considering the cost of storage -- even then -- stealing a few gigabytes amounts to petty shoplifting.
After all, I am strangely colored.
I think they should peel his flesh, baste it in a nice barbeque sauce, and make him eat it.
Btw, I love your sig
Life is hard, and the world is cruel
The kids hacked into a federal agency. That alone needs to have a significant bitch-slap associated, it doesn't matter to what end he took it, there needs to be a minimum ass kicking when you hack into the federal government.
If the kid was smart enough to hack into a server(s?), he is smart enough not to do it with federal equipment, as their are thousands of just as vulnerable and lower-profile systems out there.
The kid is an idiot for doing this, he deserves a good punishment. He brought it on himself.
If he broke into my computer, or some little workstation somewhere, he wouldn't be getting a punishment this stiff.
How can you even make this comparision? This guy broke his way into a government production system. I don't think your workstation or mine has millions of dollars worth of data that took years to obtain. Since this was a government system we all pay for his dumbass actions. He should go to prison for 6 months and pay $200,000 in damages.
(In prison he should be cell mates with Bubba.)
IANALP (*cough*) , but I guess a lock pick expert would know what other lock pickers can easily pick ?.
..
I am a part-time sysadmin at office and I'm pretty much the best cracker around as well. I therfore know how another cracker would go about breaking in and can take pre-emptive measures. I also know how vulnerable/unsafe these things are , so I take special steps for physical security and access to the box.
It takes a computer security breaker to "ensure" that the system is unbreakable to his talents. He's a unit test case
Quidquid latine dictum sit, altum videtur
This is not to the greater good, in my opinion.
Contrary to what people might think, lawyers have long ago decided that the purpose of law is not for the greater good. That is properly the realm of politics. The head counters in office create the laws, and lawyers interpret and apply them.
It falls to the legal community to maintain the rights of all and determine when conduct falls outside the sphere of protected liberty and causes harm to someone else. The boy committed an offense, and to give him any less of a punishment than any other person in a similar case recieved would not only be an offence to all those people, but would fly in the face of the fundemental principles of liberal democracy, namely EQUALITY BEFORE THE LAW.
-- "Man is born free, and everywhere he is in chains." Jean Jacques Rousseau
It took hours for technicians to find the problem, fix it and patch the system's security holes. - now what does that mean? Did it take them 2 hours? 180 man-hours? 0.05 hours?
I'm still trying to figure out what people mean by 'social skills' here.
Thanks for putting it so well.
Ha, ha! Nobody ever says Italy.
But the article said the crimes happened in 2001. It's now 2004. Why did it take this long to either A) find out who did it? or B) prosecute him? Also at the time he was 17 which means he was a minor and subject to punishment as a minor. Seems a slap on the wrist 6 months and resitution, compared to Mitnik.
I am Bennett Haselton! I am Bennett Haselton!
The reason he was in the alternative school was the the first time the same federal agents arrested him. He was using stolen credit cards to get stuff delivered to vacant houses.
Since the feds do not prosecute minors normally, he was handled by the state/local system.
The second time around they are not so nice (actually I thought he was over 18 at the time of the second arrest).
Getting caught does not make you super-bright! He might or might not have had any real talent for cracking, but he sure has the mindset for committing crimes.
His prior(s) are not reported in the AP article, and the judge might not have been allowed to consider them, but the investigators knew him personally, so the prosecutor would have been more motivated.