Slashdot Mirror


EBay Hacker's Conviction Upheld

An anonymous reader writes "The 9th Circuit Court of Appeals has ruled in the case of Jerome Heckenkamp, the former University of Wisconsin student convicted of federal computer crime charges in 2004 after hacking into Qualcomm, Cygnus Solutions and other companies, and defacing eBay. Heckenkamp was caught after a system administrator at the university hacked into his Linux box to gather evidence that Heckenkamp had been attacking the college mail server. The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment, and upheld the warrantless search."

5 of 174 comments (clear)

  1. Correct decision by daveschroeder · · Score: 5, Insightful

    The University was not acting as law enforcement, as an agent of law enforcement, or at the behest of law enforcement, and thus is expressly and explicitly not covered by, or even related to, the Fourth Amendment.

    The University acted to mitigate and prevent further intrusions, the scale of which were as yet unknown, into critical University servers and infrastructure upon which tens of thousands of people and many diverse University functions depend.

    If you hack University servers from your computer (or even if the computer is being used a zombie), and then take steps to hide your identity or otherwise conceal your activities, your network access will be removed, such removal will be actively enforced and verified, and any immediate actions required to protect the security and integrity of the University network and computing resources will be taken.

    Academic, legal, and possible criminal action will then follow, as warranted. These were exigent circumstances, and not done under the guise of law enforcement, but rather the protection of critical university resources from activities clearly and explicitly disallowed by numerous University information technology, housing, academic, and general policies (not to mention various federal and state laws).

    Also, while we're on this topic, if the situation were reversed, I can imagine slashdotters would hardly call the equivalent situation a "hack" (i.e., "the university hacked into his Linux box"). Using the typical logic, he apparently didn't protect his machine well enough, so it's okay, right? Oh, but he's on the malicious side, so he's right, and the University trying to protect itself, from someone violating just about every University policy with no expectation of privacy on the network of a public research university, is wrong?

    Let me know when you people get your stories straight.

    And please, RTFA:

    Here, Savoy provided extensive testimony that he was acting to secure the Mail2 server, and that his actions were not motivated by a need to collect evidence for law enforcement purposes or at the request of law enforcement agents. ... The integrity and security of the campus e-mail system was in jeopardy. Although Savoy was aware that the FBI was also investigating the use of a computer on the university network to hack into the Qualcomm system, his actions were not taken for law enforcement purposes. Not only is there no evidence that Savoy was acting at the behest of law enforcement, but also the record indicates that Savoy was acting contrary to law enforcement requests that he delay action.

    Under these circumstances, a search warrant was not necessary because Savoy was acting purely within the scope of his role as a system administrator. Under the university's policies, to which Heckenkamp assented when he connected his computer to the university's network, Savoy was authorized to "rectif[y] emergency situations that threaten the integrity of campus computer or communication systems[,] provided that use of accessed files is limited solely to maintaining or safeguarding the system." Savoy discovered through his examination of the network logs, in which Heckenkamp had no reasonable expectation of privacy, that the computer that he had earlier blocked from the network was now operating from a different IP address, which itself was a violation of the university's network policies.

    This discovery, together with Savoy's earlier discovery that the computer had gained root access to the university's Mail2 server, created a situation in which Savoy needed to act immediately to protect the system. Although he was aware that the FBI was already seeking a warrant to search Heckenkamp's computer in order to serve the FBI's law enforcement needs, Savoy believed that the university's separate security interests required immediate action. Just as requiring a warrant to investigate potential student drug use would disrupt operation of a high school ... requiring a warran

    1. Re:Correct decision by daveschroeder · · Score: 4, Insightful

      Its track record is clear, exactly as stated, and no matter how "liberal" it is or isn't, the 9th Circuit has a consistent record of always erring on the side of individual rights, liberties, and freedoms, and against the interests of the government, sometimes to ridiculous degrees.

      And since there's an entire huge section in Wikipedia and over 1 million hits on google for "9th circuit liberal", regardless of "how much" it's true, there is no denying that, among all appeals circuits, the 9th is the "most" liberal.

      But in this case, it's so clear cut that the University acted properly, it wasn't difficult for the court to rule on the side of the University's actions.

      The point is, the court most likely to overturn the conviction didn't. And therefore, it's reasonable to believe this is how it will remain.

    2. Re:Correct decision by Waffle+Iron · · Score: 5, Insightful
      Since his computer was in a dorm room, the correct thing to do would have been to walk down to the dorm, get the local Resident Adviser or whoever is in charge to open up the room (which is undoubtedly allowed in emergency situations under the lease-like contract that students sign), unplug the network jack, and call the police. This would have had the additional benefit of clearly preserving any evidence of wrongdoing within the attacking system.

      Even if access to the room were not possible, they could have simply gone down to the router, pulled the plug on that room, and called the police.

      Illegally counter-hacking the attacking computer (which also was likely to taint any evidence in the system) was *not* necessary under the exigent circumstances.

  2. Implications for RIAA/MPAA lawsuits by Anonymous Coward · · Score: 4, Insightful

    I'm a bit scared as to what this will mean for RIAA attacks against innocent people accused of file sharing. If "self help" is available for the university when someone hacked their server, why WOULDN'T the courts allow "investigators" working for the MAFIAA to hack into computers to determine if they were "pirating" music or movies?

  3. Forensics Anyone? by madsheep · · Score: 4, Insightful

    Ok this just sounds a bit ridiculous. This is essentially vigilante cyber justice. Now it had a bit more of a law enforcement/good guy vs bad guy twist, but I just don't see how this can be allowed. Where is this special need and why was this an acceptable method to go about anything?

    Is anyone familiar with forensics? "Hacking" into another machine alters a ton of stuff..even if you're just logging in remotely with username/password you found. You've change login dates, profiles, logs, etc. How would this sysadmin have known this machine wasn't already compromised and was just being used a launching point?? If this was the case and the guy adamantly denied having been a part of it, he would have essentially *ruined* any and all evidence. This is just rediculous.