Slashdot Mirror
Google Search Convicts Hacker
An anonymous reader writes "Google search terms have helped convict a wireless hacker. The queries the hacker performed were introduced into evidence at court, where Matthew Schuster was charged with disrupting his former employer's wireless network and imitating other users' MAC addresses to obtain access. From the article: 'Court documents are ambiguous and don't reveal how the FBI discovered his search terms. That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie. Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'
But when Google does it, it can only be for the common good, right? A malicious Hax0r gets put away??
Because Google can say ANYTHING it wants about you and people/police/FBI/government/corporations/your_emp loyer/etc will believe them without an OPEN REVIEW of how they obtain, generate, and store that information.
Is the information faulty? Did someone munge with the data? Were Google's databases corrupt? Was the data recreated or generated from other data? Has Google's spy software been through open source review? How well was Google's software tested?
It continually astounds me how intellectually lazy Americans have become! It continually astounds me how the American people are willing to look the other way when it comes to their liberty and civil rights being encroached on!
THINK FOR ONCE PEOPLE!
...is not a bloody security feature. This is why people who actually want to secure a wireless network use some combination of Radius and VPNs...
The secret to creativity is knowing how to hide your sources. - Albert Einstein
This kind of proxy is very common on businesses and among other useful stuff they log the HTTP request made by any client in the network. This is the easiest way, noone else is requiered to get the queries just check your own server logs.
Actually, the first thing he should have done was to stop using his former employer's wireless network by appropriating its other customers MAC addresses to gain illegal access. The second thing he should have done was to not launch DOS attacks against said customers' websites. That automatically raised damages to above $5000 which led to the FBI getting involved. Once that happened, he was screwed.
Yeah, it's a bit sensationalistic to claim he was "convicted" simply due to his google search terms - those were merely one part of the evidence given in court.
There are numerous ways to make yourself anonymous, however, they are for another discussion. Which is why I just suffice to say this guy is a piss-poor hacker.
He didn't even try. He was just a disgruntled IT worker. Instead of using a machine gun to mow people down he wanted to use a transmitter to mow packets down. In this day and age people take that very seriously. So he's going to jail for 15 months. End of story.
TLF
I do not respond to cowards. Especially anonymous ones.
Because now you have a lot fewer of those rights.
In what way? To claim that a "right" has been violated here seems tantamount to making an assertion such as "Of course I may leave footprints, but no one has a right to follow them."
Why should an electronic trail have legal protections that a physical trail does not?
Yeah, what with being forced to use Google and all.
I mean, seriously, which right was violated here? The right to use a search engine without records? The right to use someone's wireless network without records?
Sorry, I'm a writer. That makes you raw material.
Kudos on the post's headline being more accurate than TFA's headline.
The article's headline says: "Google searches nab wireless hacker," but the article actually says:
That may seem like simple semantics, but it's actually a pretty big difference.
Sorry, I'm a writer. That makes you raw material.
Am I alone for thinking that 15 months in prison, three years of probation, and $20k in restitution is just a LITTLE high for MAC spoofing to score some free wifi? Even if it was taken to the level of interfering with the signal, 2.4G is unlicensed. As any aspiring hacker should know, a properly configured microwave will cause wifi (and 2.4G phones and baby monitors) many problems. Unless he was pulling some seriously bad juju, this is Mitnick-esque "damages".
The truth about Scientology, Xenu, and you: Operation Clambake
I'm not worried about that, everybody is a possible terrorist theese days.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Why should an electronic trail have legal protections that a physical trail does not?
Physical trails in the public are not protected. Physical trails in private are.
Its OK for me to watch you in public talking to person X. In theory, one needs a warrant and probable cause of a specific crime to listen to person talking with person X on the telephone.
That's not comparable.
In this instance it would be like talking to person X on company Y's premises. Company Y certainly has a right to know what is going on in their building and if it's illegal have every right to call the police about it.
That's my view, anyway.
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
True, but the GP's point is still valid ... conviction based solely upon server log entries (or even the use of such logs to intimidate, such as the RIAA has been doing) should simply be unacceptable to a judge. Such information being a part of the fabric of evidence in a larger case is one thing, but it is simply not reliable enough to be depended upon in such important matters.
Courts need to become more technically competent, I think. We're too accustomed to the idea that if data comes from a computer it is implicitly trustworthy, and that's a big problem.
The higher the technology, the sharper that two-edged sword.
Court documents say that Schuster ran a Google search over CWWIS' network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." [TFA]
... A few months ago, I did a number of google searches with very similar terms. I was trying to find out how to diagnose and defend against some wireless interference. Not that I learned all that much. I suspect that you need some rather special equipment to locate the source of interference, but I don't know what that equipment might be.
Hmmm
Anyway, I wonder if I could be a suspect now because of those searches?
I have noticed in the past that if you ask questions about security, you're usually treated as if you were a potential security risk, not as someone trying to improve your own security.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.