Slashdot Mirror
Hilton Hacker Gets 11 Months
B747SP writes "Well, the guy who 'acquired' the contents of Paris Hilton's Sidekick telephone and published them on the Internet has had his day in court. T-Mobile USA and the State of Massachusetts are pleased to report that he has been sentenced to 11 months in a juvenile facility. He's also not allowed to own or use a computer, a cellphone, or any other device that can access the Internet for two years. It turns out that the Hilton hack was just one of many Bad Things(tm) that he had been up to: calling in bomb threats to schools, creating T-Mobile accounts for himself and his friends, breaking in to data broker LexisNexis' systems are just a few of his exploits."
See you guys in 2 years!
N/T
Writers imply. Readers infer.
Paris should get 11 years for her acting ability and general ability to annoy people.
I wonder if the job offers have already started, or if the security companies are waiting until this particular piece of human trash gets out of jail.
All that and he only got 11 months? While there's a guy in California doing life for stealing a candy bar?
Also, the blurb failed to mention that this nice young fellow wasn't acting alone (see the Register's coverage from this morning)
Can he stay at a hilton?
Almost every Harvard student was High School Valedictorian- After a year of college, half are in the bottom of the class
More to do with all those bomb-threats me thinks =)
Or did I completely miss the story about the kid getting busted for this?
Hmmm.
Maybe during his probation period he should be required to listen to Paris Hilton's commentaries on current events, nonstop.
Have you read my blog lately?
He was "Mitnicked"...
*ba bum bum bing*
...in bed
Tisk Tisk. No internet for you for two years... lol. What about library access? Do they think it is possible to monitor this person's usage of the network. Get an account under a parents name, friend, etc.. Just another attempt at our justice system trying to administer punishment that isn't at all possible to uphold.
Need cheap, customized, and quality bandwidth or hosting on any business scale? Visit www.ENetpresence.com
Maybe T-mobile will get their act together now and fix all the problems. Who knows.
Haven't been getting any? You are pathetic.
From TFA:
:)
In June, a second phone company became a victim to the juvenile's attack, according to the U.S. Attorney's statement. A phone that had been activated fraudulently was disabled, and the teen retaliated with a denial-of-service attack on the company's Web site when it refused to reactivate the phone.
Im not trying to troll, but what kind of professional website gets harmed by a DOS attack anymore. Slashdot alone should make webmasters think twice before putting up a service with a server that cant handle DOS attacks.
+1 funny, -2 overrated. Life isn't fair.
I mean, considering that today there are almost no new electronic devices that dont access the internet. If this were 5 years from now and smart toilets were the norm, he would be screwed.
The numbers included those of rapper Eminem, actor Vin Diesel, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.
I count at least 4 mistakes in this one sentence alone!
We present your leader. All bow to the alpha kiddie.
Read the only personal Runyon page out there.
I can't for the life of me figure out why stuff like this keeps getting stuck in the YRO section. As far as I can tell, the only person whose rights were in any danger was Paris Hilton - granted, her privacy is largely a theoretical concept these days, but nevertheless, what possible bearing does this kind of thing have on my rights online?
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Both Hilton and the boy got what they deserved. She's dirty and he's a delinquent. Just because he targeted someone worth targeting doesn't mean he should go free, an example must be made. Atleast he wasn't jailed for some outrageous amount of time, like some people do for small crimes compared to others who do really bad crimes.
$fortune
Tomorrow has been canceled due to lack of interest.
An explanation of how Paris Hilton's Sidekick was hacked can be found here. A pretty interesting read.
//J
its being a good con artist! So what, this guy was able to sound like paris hilton, and she picked a stupid 'password reminder' that he used to get the real info from a phone jockey at T-mobile. Calling this kid a hacker is JUST WRONG.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
I was already tired of seeing her nude before the hack. That man owes me serious headspace.
Slashdot Burying Stories About Slashdot Media Owned
Teenager who broke into Paris Hilton's cellphone, I hereby fine your family forty-five thousand dollars... ...and sentence you to probation, under which you are forbidden to own or operate a computer or touch tone telephone, until the day of your eighteenth birthday.
He hacked illegally, and now he's paying the price. I say he got what he deserved. Too bad the kid's a juvie. I'd like to have seen him go to a real prison.
As I walk through the valley of death I fear no one, for I am the meanest sonova bitch in the valley!
Congratulations! You just earned yourself a high paying security job with the United States government. We are all very impressed with your unusual interview. See you in two years.
Finance tutorials and more! Understandfinance
Some kid guessed her password reminder and we're calling him a hacker? Even "cracker" would be too good for this feat of leetness.
Not sure I'd even deign to call him a script-kiddie.
Argh.
...largely for all the other stuff he did. Getting Paris' nudie pics were just icing on the cake.
Of course, Hilton's connection is all you hear about this situation because it involves 1) a famous person and 2) titties, thanks to our starfucker-centric society and media. Just look at the title at the top of this page, for instance!
"People" using "unnecessary" quotes should be "shot".
Trolls should all be rounded up and killed like the animals they are.
You're right, but he did something good: Midnight Commander.
I'm sure the FBI, CIA, and NSA will come calling on this youngster soon. If he's that good, they will quietly snatch him up later.
Oh man. You condemn hedonism as immoral and then condone another sort of bad behavior, all in the same breath. Way to go, Socrates.
"OH SHIT, THERE'S A HORSE IN THE HOSPITAL!"
Hacking Paris Hilton's box would seem to be its own punishment. One is sure to contract a virus.
-Peter
how do I go about hiring this guy? He's good. If he can't use a pc I'll even hire someone else to to type for him.
(seriously, he pretty much will have a line of prospective employers at his door once his time is up)
I think 11 months is a reasonable sentence for the first offense of someone who committed a serious crime, but not a violent one.
Avoid Missing Ball for High Score
I read about how he broke into her account. T-Mobile didn't fix the problem for weeks after this was made public. They got off easier than Gary Condit after 911.
breaking in to data broker LexisNexis' systems
Now, I realize that no interconnected computer system can be 100% secure, but shouldn't a place like LexisNexis be able to keep kids like this out? Was he really that good, or are they just really lousy at computer security?
You don't use science to show that you're right, you use science to become right.
Anyway, just my 2 cents... I could be wrong.
Otherwise go out to buy a fresh newspaper so you can check todays date and try to figure out what got you transferred to the 21st Century.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
This: http://yro.slashdot.org/yro/05/01/12/0750227.shtml ?tid=172
IS not the same guy. This sentencing is for the guy that got the password and posted the phonebook online - it is not the same one linked in the story that monitored secret service emails! I should know, I work with the guy refrenced in the link above!
"Computer hacking is not fun and games. Hackers cause real harm to real victims," U.S Attorney Michael Sullivan said in the statement. "Would-be hackers...should be put on notice that such criminal activity will not be tolerated." ....or not. i mean i know the companies are blameless for having a really obvious security hole up, but these kids should be put to death if they are the ones to find it and just mess around, instead of someone doing it and causing REAL harm
By the time he comes out he could buy himself an Intel-based Mac and easily relearn computers all over again.
>>> "Homicide detectives don't hire murderers"
..
You mean to say all those TV shows and films have it wrong? Surely the police enlist genius murdering psychos to catch not so genius murdering psychos!!??
</sarcasm, I think>
<reality>
Lots of rehab groups use ex-addicts
Seriously 11 months? And hes not allowed to own a computer, cell phone or any internet devices for 2 years?!
:) Paris Hilton wasnt harmed at all. This is the high tech version of writing "For a good fuck and blow job, call Jen at 555-5555" on your highschool bathroom.
Thats silly.
Thats a death sentence in todays world for a kid who is obviousy quite handy with such devices.
Come on, what happened to silly pranks?
Make the kid do some community service, and move on.
Better yet, get creative with his sentence and make him carry a cellphone with a publically posted phone number on a webpage for everyone to call.
Hilton could not be reached for comment on the case because she was traveling in a country where her cell phone does not work, her publicist Robert Zimmerman said Wednesday.
I love this. Like there is no other way to contact someone anymore except by cellfone. I will have fun with my grandkids telling them stories and part of the story will be like, "..and then I called him on the telephone..." They'll be like, "The what-a-phone?"
he'll be a fine addition to the /. crowd/
"Saying that Linux is inferior to Windows because more people use Windows is like saying that all restaurants are inferi
Hacker:
" I didn't know I couldn't do that "
Sen. Dick Durbin from Illinois actually made reference to this guilty plea in Judge John Roberts' confirmation hearings in the Senate today.
What is this world coming to?
On an even lighter note, some of this kids' buddies - including AOL hacker YTcracker - have made up a pretty entertaining rap song about him.
...because you never know who you're dealing with.
Hacking is just exploiting vulnerabilities in a system. The people who operate the system are also part of the system (whether it be: customer service agents who only need to hear a trivially-easily acquired indentification number before granting wholesale access to passwords, account settings, password information, billing details, etc; Or, web programmers who don't correctly implement good security policies, and allow common exploits to be performed on an account site in an automated fashion). "Hacking" a person who is part of the system is no different than feeding non-standard or unexpected malicious data to an API and achieving a result. If anything, "human" interfaces are more documented.
Assignment: The next time you call your cellphone company, listen to the key security questions they ask you and know that every organization requires the same pool of information.
Want to own someone? Learn their SS#, father's middle name, mother's maiden-name, name of their high school, and town of birth. Is this good security?
They're all available by public record.
Hmmm...
//J
It's funny--the sites that offer this functionality force you to use a password hint, and usually force you to use a premade question that are not very difficult to guess, especially by somebody who knows you well. What's my middle name? Oh no, I hope some "1337 hax0r" doesn't crack that enigma. If you want to make sure your question doesn't get guessed by somebody other than yourself or an authorized person, you usually need to include a munge or answer a completely different question than the one listed. After going through all that, it's usually just easier to remember the password you created in the first place.
No telling what this kid accually did, or can do. Obviously he's not good enough to not get caught, but we live in a world that has not fully understood the whole "hacker" thing yet, we just know it bad and sends you to hell. So in trying to make a case against someone who has "broken the law" they ALWAYS have to make sure that certain impressions are imposed on the general public.
And as for any security company wanting to hire this guy, well, he got caught, and that means that he's not very good. Because even if you get caught, you're supposed to have a way out if you know anything about security.
How can a popup have an emotion? If you're unhappy watching them then do something else that doesn't expose you to them. Or write a strongly-worded letter to the ad agency responsible. I'm sure they'll care.
>A person who uses sex to get attention also isn't happy.
You've done an extensive study? I mean really, you're just projecting your own attitudes here. I would say someone who gets upset at a pop-up of a dumb blonde is unhappy.
We'll leave your poor spelling for another day.
The revolution will NOT be televised.
And why do you think your HD went corrupt? I think it is smarter than you are. It KNOWS what is good and what is crap.
This dude deserves some jail time for the bomb threats. But as to Paris Hilton, T-mobile, and Lexus they deserve it. Give the kid a medal for the Hilton, T-mobile, and Lexus hacks and throw him in jail for the bomb threats
Enough on this kid (who commited a crime and got what was deserved), let's talk about those annoying 'secret questions'. I've lost count of the number web sites that require you to answer one of these and don't even let you choose a decent question. Not just insignificant sites, like random forums, but important sites that pretain to things that matter in real life, like my college records or credit card information.
I'm not a celebrity like Paris Hilton, but it is not hard at all to find out what my mom's maiden name is, or the names of my pets, or where I went to high school. At least give me the option to choose my own question, or better yet, not use the question at all.
Man, this is starting to sound like a movie from 1995, but there's no Anglie Jolie in site. Crap.
I'm wanting for a "hackers of the world unite" call, but I doubt this would be it.
Watch the end of "Catch Me if You Can!" again. It's based on a true story.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Telling someone they can't get on the internet because their crime was related to the internet makes no sense.
Actually it makes a lot of sense. It's very much like felons being banned from owning guns, restraining orders preventing someone from returning to the place of the crime or a victim, drunk drivers losing their driving privelages, etc. Furthermore these orders often have exceptions for activities at school or work so the library argument may be a red herring.
Damn yo! You got hacked fo shizzle!
"It turns out that the Hilton hack was just one of many Bad Things(tm) that he had been up to..." I'm not sure if it's B747SP or /. that got it, but kudos to whoever trademarked "Bad Things," lol. I was sure Bill Gates already had that...
At this point, who hasn't "hacked" Paris Hilton? Oh, wait, I see, this is about her phone. Well at least with the phone you can put a lock in it to prevent its use; can't really say the same for her.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
"T-Mobile USA and the State of Massachusetts are pleased to report that he has been sentenced to 11 months in a juvenile facility"
Personally, I think he'd be better off in a fully mature facility.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
"It's far less common for these people to get security jobs after their jail-time."
That's because the people who end up going to jail really don't have much talent. And the people with the real talent don't usually get caught.
This kid undoubtedly didn't have much; he probably relied on social engineering more than technical skill.
There's always a job market for the people who really know their stuff. There's none for the script kiddies.
His life is so devoid of meaning that he hacked the handheld of some rich strumpet that everybody now knows isn't even a good lay. Isn't that punishment enough?
According to Essays on Crimes and Punishments (by Cesare Beccaria, the founder of deterrence theory) you need three to meet three conditions for deterrence to be achieved:
1. Swiftness of Punishment
2. Certainty of Punishment
3. Proportionality of Punishment.
Moreover there is an assumption of rationality of the offender and that he will have both full knowledge of the punishment, and will weigh out the benefits and drawbacks of committing a criminal act...
Maybe it's just me but I don't think we should assume rationality from a teenager who wanted to steal Paris Hilton's password...
Well, my impression is that the guy quoted views this "bad behavior" as justice rather than any kind of sin.
That's the lovely thing about moral issues... nobody can fully agree on what's "right" and what's "wrong", but most still hold the view that everyone is born with the innate ability (or conscience, if you will) to correctly identify what's right/wrong according to their particular belief system.
On this particular topic, I think that what the kid did was wrong, but I'm not going to deny that I'm happy to see it happen to Hilton instead of a less deserving victim. However, his deeds were so minor that a mere 11 month sentence in a juvenile facility is probably appropriate, so all in all, I'm happy with this ruling.
...to the pictures that were on her phone?
The only thing they learned is that they can ruin someones life with the wave of a lawyer, which is much cheaper than fixing their shit.
So, what I want to know is, what punitive measures were taken against T-mobile for having such poor security processes that a teenager could pull this off for so long without being stopped?
It is easy to send one kid, who probably couldn't afford more than a public defender, to jail. But what does it do to fix the problem? There are thousands more kids who could do the same thing, there are probably tens of professionals who are doing it right now and are smart enough to say under the radar.
Other than the fact that T-mobile has the big gun lawyers, big gun lobbyists and big gun 'campaign contributions' - why haven't they been prosecuted for negligence?
According to the Bonus Features in the "Catch Me If You Can" DVD, the guy featured in that movie is now a highly paid consultant to the banking industry.
However, unlike most garden variety criminals, he seems unusually gifted at social skills.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
However, if you can come up with a new type of crime that requires specialized expertise to commit, detect, prevent, and catch for which the penalty is not life in prison (in the short or long term) and can demonstrate your trustworthiness, you could still have a future in law enforcement, a high-level military position, an intelligence career, or some new field created specifically to cover the exploitation and/or interdiction of this particular expertise.
In other words, acquire an esoteric power others will want to keep for themselves.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Great. He's being sent to jail.
How is that supposed to set him straight?
Did he do it because he hadn't spent enough time incarcerated?
Really, does jailing non-violent criminals like this kid help anything?
It costs taxpayers money, and him time.
If he were fined, put under supervision, and required to do serious charity work, it'd do everybody a little better.
Seriously, let's reserve jail for those who need to separated from the rest of society for everyone's good.
I really don't see a kid who hacked a cellphone
falling into that category.
Here is the kid's personal data...
Name: Cameron Lacroix
Address: 126 Frederick St., New Bedford, MA 02744
SSN: 014-58-4672
Phone: 508-996-2936 & 508-264-4651
Father: Michael Allan Lacroix
dam, i dont know if i could live for two years without a computer
http://DiabloHeat.com | http://Kyle.TheOCSucks.com | http://TheOCSucks.com
No, it actually means the opposite... so your penis is shrinking *bursts out crying*
to watching re-runs of her show! Now that's punishment!
He got what he deserved, I'm glad this little turd is off the streets and internet. 1 down ... many more to go...
Too bad nobody makes that response to the +5 funny prison rape comments.
http://www.baremo.com/Paris-Hilton/Address-Book.ht m
ps: imascript
I can also quote a matter of scripture;
1 Thessalonians 5:21
"Prove all things; hold fast that which is good."
Hear what I'm trying to say? You can hold fast to a cord, but with information you can't be certain that you are holding the original, because it is all an ECHO CHAMBER from where the original authentication is derived; now estimating one's accord based on measurements as cyphers or code; the higher the encryption, the more accurate and approximate, but never exact.
Apply these as radio propogation, often confused with that foreign Federal Communication Commision, Inc in Washington District of Columbia. Computer software performs by authenticity; it isn't criminal for a program instrumentalised by another's administrative actions. It is a matter of piracy, duplicate title, perhaps unverified right. Therefore I transmit brevity, Copy That; not copy that, not CoPy ThAt, not COPY THAT, but Copy That. Crime is legislated, whereas the original accusation of tresspass has been ignored (ignorance caused misprison), but could also be challenged as plagiarism of a title or piracy; but instead most people prejudie the matter with setoff of a second courtship (violating constitution) by separating into a criminal jurisdiction. Thereby, it is criminal to accuse someone outside a jurisdiction from whence the offence occurred. The common law does not separate into a civil or criminal jurisdiction; the hearing always has both qualities.
Going back to my thougts on passwords; think of a key as claim to somthing, or a title such as a MCSE statement, or the USC Title IV measurements for the United States flag. If it doesn't match, then it doesn't authenticate; however if it does authenticate, then it can be looked upon as none other than authentic. It is either piracy or original. There never has been a need for the DMCA or RIAA, when existing law has allowed to try accusations of piracy. IDENTITY theft is the same way; there is no preventing intentional theft but to be steadfast and ready in prosecution.
In my day to day activities as a postmaster at the nearest general post, I use a verry reliable form of authentication that isn't a measurement of artificial computing (think silicon); derived from an agreement is an Letter of Appointment to perform a duty or action on behalf of another at a general post-office, then whomever is performing such Will physically rent (tear) two tokens from Receipt of that duty, such as the verry dimensions of the paper are complimentary down to the fiber. No things can tear the exact same way twice, but the same can't be said about a MCSE working on a firewall (burn MCSE, burn).
But we're talking authentication; so to create a heuristical code of some sort into a computer cypher, derived from the above treatise on rented paper, would meet the same fate as the original dispute; accuracy is limited by encryption strength (finite). The same fate is of long-hand-writing pads attached to computers; there is resolution as to the field dimensions from whence the pen is thrust onto the pad, but isn't accurate. I know UPS and its digital SIGNature pad are as accurate as bird-shit on pavement. When it leaves your hand, it is not in your posession, but the judgment of the servant your appointed; clerk.
without prejudice
I agree that those things you are mentioning do make sense, although I'm not sure that those privelages are taken away for the same reasons
You mention cars, guns, and scenes of a crime. Cars and guns can both be used as weapons to seriously injure people. They are taken away to keep a person from seriously injuring someone. Keeping someone from a place of a crime is once again a physical thing to keep someone from getting hurt.
These precautions are meant to keep people from getting seriously injured or killed. I think that same pattern of thought is not easily applied to this scenario.
Ask yourself if there is a possibility that this guy is going to get back on the internet and hurt someone. Sure he might be able to get into the same types of trouble, but these are not as serious a threat as say, manslaughter. Also this is what probation is for, so that someone can be monitored and action can be taken to keep these type of offences from happening again, if there are signs they will happened. With guns and cars, the risks of missing a sign can be too large. There is not that kind of risk here.
Keep in mind, this guy guessed a password. This is not someone who wrote a worm that infected hundreds of computers.
http://www.4law.co.il/jacob1.htm
This guy ACTUALLY HACKED T-Mobile. He even had access to the accounts of the Secret Service agents investigating the hack. It looks like he wants a security job too. Funny thing is his story didn't get HALF the press. Wonder why... o_O
"where words meet intent, lies rhetoric's lament"
He's also not allowed to own or use a computer, a cellphone, or any other device that can access the Internet for two years.
These days, you can do just about anything and it's very rare for an American court to stop you from driving because - at least in most of America - life without a car is nearly impossible. They can put restrictions on your driving, but they usually can't stop you from owning/using a car entirely.
At what point does computer/cellphone usage become as necessary to life as a car?
Don't get me wrong... I'm a big fan of saying "accept the consequences" and taking away cars from drunk drivers, computers from hackers, etc. But under the current system, it doesn't seem likely to happen.
I'm paying for that asshole to get free cable, free food and drink, free shelter, and for him to associate with other short-term sentenced criminals. This sounds like a damn good idea to me. Parade the fuckers around the streets. It may be creul, but not unusual. That's what the stocks did in the old days. The Constitution clearly uses the word "and" to speak of punishments, and programmers everywhere know that "and" requires both statements to be true. Obviously this guy has some "issues" and he is a black hat cracker (those damn bastards, giving hackers a bad name), but locking him up is just stupid. And no internet/cell phone or whatever? That has got to be the stupidest thing I've ever heard. It's not like 2 years would stop someone like that. In 2 years, security will be improved, but someone can still get around the weakest parts of security. Passwords and underpaid employees alike are easy to crack. The fraud is much more serious to me than the fact that he broke into the phone. I think T-Mobile should be slapped with some sort of punitive measure for using crap devices. If they didn't tie their hardware to their network, that would be one scenario. But since they did, and their employees provided the initial passwords, they need to have some sort of injunction as far as privacy security.
Nah, if this were true, when he finally was able to use a computer in 2 years, he'd adopt the identity to Crash Override and help uncover a nefarious plot thought up by a white man who was once an Indian robotics technician. And to top it off he'd do it on his brand new 486 laptop with 9600 baud modem and people would think he was black when they found out who he really is!
Keep in mind, this guy guessed a password. This is not someone who wrote a worm that infected hundreds of computers.
Apparently you did not even read the summary:
"It turns out that the Hilton hack was just one of many Bad Things(tm) that he had been up to: calling in bomb threats to schools, creating T-Mobile accounts for himself and his friends, breaking in to data broker LexisNexis' systems are just a few of his exploits."
It's not rape. It's surprise sex!
what i'm more curious is who will actually get to hire him. by now, he should be receiving tons of job offers. a list of those companies would be interesting too. ranging from security firms to it departments to software developing companies...
HD Trailers
are here.
Maybe YOU were tired, but that's just because you were banging her. I've seen the video, don't try to deny it.
Food for thought:
Footage of animals mating == 'nature programming'
Footage of people mating == pornography
Why the 'double standard'?
I'd prefer "Hilton Hacker Hits Hoosgow"
i personally hope he gets some job offers. he's not some kid who can compile a script and exploit xyz.. he knows his shit. anyone who was involved with the "aol scene", like others mentioned, would know his name. to add, he's a pretty funny guy and fun to hang out with. i suppose his sentence fits the list of crimes, he's lucky he got caught now and not when he turns 18.
:)
stay strong cam
Ewww.
.
Good place for a trojan, though.
I have first hand experience with this particular individual. I wanted to reply to every post I've read on this page and address each point individually. However, there are too many points to address and too many of my own to add.
My Experiences
My first experience with this kid was three years ago. I am a consultant for the school department in which he was attending high school.
One afternoon I got wind of a report that a couple of computers were "operating themselves." Of course, they were not, they were being controlled by VNC. We took the computers out of the library, found the backdoor, and analyzed all the files. We were also able to identify the backdoor that was installed, as well as the many utilities that were downloaded from a file-serving website he had setup.
Many of the files contained portions or the entirety of a first name. The website the files were downloaded from contained the same first name.
The backdoor was installed on the premesis. It was installed before the start of school. The utilities were downloaded during school hours.
We did a first name search in the SIS system, we found five or so individuals with the same first name. None were enrolled in a class that had a computer in the classroom. We then did an attendence search on those individuals. Only one was absent the date the utilities were downloaded. We had our guy, we were confident, but the evidence was circumstantial.
We decided to put the compromised (Windows 98) systems back on the network under surveillance, or specifically tethereal. The systems immediately connected to irc.mircx.com and joined a channel with the first name, again.
For a few days nothing happened. No activity, other than the PING/PONG of IRC. That weekend, however, he bit. He bit hard, too. He searched the names and phone numbers of guidance counsellors, secretaries, and other school personnelle. He obviously conducted some rather trivial social engineering. He was able to gain access to the SIS system, which runs on OpenVMS.
We tracked his every move, I laughed and laughed as he struggled with VMS. Time after time he would break the telnet connection because he was stuck in EDT, or because he confounded the DEC Basic application. He queried himself multiple times, tried to change information about his enemies, I assumed, and made unsuccessful attempts to change his own grades.
The administration didn't buy it. He cried foul, denied any knowledge of computers, claimed he was botted, claimed hackers were out to get him. They didn't pursue the issue, but we 'secured' the network. We dropped all IRC traffic and all VNC traffic. The next day we were subjected to a crippling DDOS, and a bomb threat was called into the school. We couldn't prove it was related and got no support from above.
A few months later, he was cought red handed trying to break into an attendance-entry web interface, by a librarian. He was suspended and removed from computer classes. Case closed, at least from our perspective. A few more days of DDOSes, but that ended quickly.
The next school year, bizarre things started happening again. The High School's network was secured, but the middle schools were not locked down as well. Again, the SIS system was being accessed after hours from backdoored systems. Again, social engineering had taken place. We locked down that building, but the accesses were still happening. It was determined that an unsecured WAP had been installed on site and he was sitting outside the building accessing the network. (Sometimes I wonder why they pay me when they do things like that despite my objections).
Of course, we had even less evidence this time to point to him but it was obviously him. The IRC backdoors were the same, the names were the same, the passwords were the same, but the administration still refused to act. We secured that network and the after hours accesses stopped, but unusual activities continued to arouse suspicions.
U
The List of Grievances with Slashdot.
Comment removed based on user account deletion
Mod this comment -1, Rape Isn't Funny
Security firms hiring hackers is common practice, how else will they learn how the enemy infultrates systems, but by having them demonstrate it for them!? Detectives don't need to hire murderers, they just hang reduced sentences over their heads to help them "think like a killer" if what they're dealing with is beyond their scope (which is rather rare). SEC hiring frauders? Watch the movie "Catch Me If You Can" it's a true story, and the main character later became a multimillionaire with his own security firm which helps come up with new ways to secure monetary currencies (like bank cheques and dollar bills). The guy who the movie is based on even helped in the production of the story.
how is babby formed?
I saw this on the Fox 11 morning news, and there were 3 things to note:
1. One woman said "He was hacking into the internet..."
2. One 50 year old anchor guy said "This is not a cool dude", even more rofles.
3. Their file footage of Paris Hilton was of her in a float of a car in a parade waving to people. Why the fuck was she in a parade and why were people happy to see her?!
I've been sentenced for a D.U.I. offense. My 3rd one. When I first came to prison, I had no idea what to expect. Certainly none of this. I'm a tall white male, who unfortunately has a small amount of feminine characteristics. And very shy. These characteristics have got me raped so many times I have no more feelings physically. I have been raped by up to 5 black men and two white men at a time. I've had knifes at my head and throat. I had fought and been beat so hard that I didn't ever think I'd see straight again. One time when I refused to enter a cell, I was brutally attacked by staff and taken to segragation though I had only wanted to prevent the same and worse by not locking up with my cell mate. There is no supervision after lockdown. I was given a conduct report. I explained to the hearing officer what the issue was. He told me that off the record, He suggests I find a man I would/could willingly have sex with to prevent these things from happening. I've requested protective custody only to be denied. It is not available here. He also said there was no where to run to, and it would be best for me to accept things . . . . I probably have AIDS now. I have great difficulty raising food to my mouth from shaking after nightmares or thinking to hard on all this . . . . I've laid down without physical fight to be sodomized. To prevent so much damage in struggles, ripping and tearing. Though in not fighting, it caused my heart and spirit to be raped as well. Something I don't know if I'll ever forgive myself for. ...and I'll keep posting this story every time slashdot advocates rape and moderators mod it up.
-A letter to Human Rights Watch
I remember using LexisNexis (legitimately) years ago.
However, it always seems to be featuring in these juvenile hacks - we've had Adrian Lamo (Lame-o more like) and now this guy (and probably many others too). It seems that LexisNexis seriously need to rethink their security from the frequency they suffer high profile hacks.
Oolite: Elite-like game. For Mac, Linux and Windows
I use a different name for the mother's maiden name question, *always*. This way it is easy to remember, but not to guess.
Sure, if someone discoevered it for one site they would have it for all, but at least they can't just look it up using a family tree.
I think an article about Paris Hilton did it to me. I read both "condemn" and "condone" as *condom* in this post!