Slashdot Mirror

← Back to Stories (view on slashdot.org)

EBay Hacker's Conviction Upheld

Posted by Zonk on from the watch-your-back-out-there dept.

An anonymous reader writes "The 9th Circuit Court of Appeals has ruled in the case of Jerome Heckenkamp, the former University of Wisconsin student convicted of federal computer crime charges in 2004 after hacking into Qualcomm, Cygnus Solutions and other companies, and defacing eBay. Heckenkamp was caught after a system administrator at the university hacked into his Linux box to gather evidence that Heckenkamp had been attacking the college mail server. The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment, and upheld the warrantless search."

12 of 174 comments (clear)

  1. Thank God by normuser · · Score: 4, Interesting

    The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment


    Now I don't feel so bad about killing those zombies that keep trying to ssh into my box.
    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    XXX#######
  2. Re:Correct decision by stecoop · · Score: 5, Interesting

    You forgot to add that Odds are that the 9th Circuit will get overturned...AGAIN!

    Can you guarantee that the System Admin didn't plant the evidence or the evidence was otherwise compromised? Well, now here is the problem, since you said you can guarantee it, that anyone that is called a System Admin is now allowed to plant evidence and vigilantism rules the internet.

  3. Re:Correct decision by jrockway · · Score: 4, Interesting

    > Using the typical logic, he apparently didn't protect his machine well enough, so it's okay, right? Oh, but he's on the malicious side, so he's right, and the University trying to protect itself, from someone violating just about every University policy with no expectation of privacy on the network of a public research university, is wrong?

    Problem with your logic there. If the University thinks being hacked is wrong, then why do they think hacking someone else is right? Two wrongs don't make a right. The hacker is a criminal, and the University (employee that did the hacking) is a criminal. It's that simple.

    --
    My other car is first.
  4. Re:Correct decision by daveschroeder · · Score: 2, Interesting

    Yes.

    Cutting off his network access wouldn't have been able to happen immediately. The central IT organization does not operate or have physical access to the Housing network. The only option, at the time this occurred, was blackholing the IP and ensuring insofar as was possible that the same computer not reappear on the network and continue malicious activities.

    Today, after a 5-year, $50 million network upgrade, there are numerous options for blocking MACs, remotely disabling network ports, and so on. None of these options were available at that time. So in an emergency situation, everything was done to ensure that intrusions into critical systems and infrastructure, possibly broader than were even known at that time, would be stopped as soon as possible, which included actively ensuring that the same computer not reappear on the network. At that time, there wouldn't have even been an easy way to see the MAC on the Housing network, so verifying that it was indeed the same computer and then taking mitigating steps was the best immediate emergency option.

  5. Re:Correct decision by Kythe · · Score: 5, Interesting

    Whether there was sufficient evidence for a warrant is irrelevant -- as you yourself noted, the University is not a law enforcement entity, nor were they working in that capacity.

    Additionally, whether the University had the means to sufficiently control its network is also not relevant to whether they had the right to break the law -- unless the man in question specifically allowed hacking into his computer by agreement. Did he do so?

    IANAL, but I wouldn't be terribly surprised to see a lawsuit against the university over their actions. Frankly, I'm rather surprised no one has been charged with hacking the man's computer. Perhaps it's being "overlooked" due to the obviously bad actor involved -- but IMHO it shouldn't be. OKing this sort of vigilantism is a pretty dangerous thing to do, on many levels.

    --

    Kythe
  6. Neo-con lies by WrongMonkey · · Score: 1, Interesting
    Only if you're definition of "by far" is "barely or sometimes not at all" http://mediamatters.org/items/200511090012

    During its 2004-05 term, the Supreme Court reversed 84 percent of the cases it chose to hear from appeals of 9th Circuit decisions, compared to a 73 percent average reversal rate for all circuit courts of appeals.* But the high court reversed 100 percent of the decisions it heard from the 1st, 2nd, and 10th Circuit Courts of Appeals.* Moreover, as Media Matters for America has documented, the 9th Circuit's reversal rate was slightly lower than the national average for all circuit courts during the 2003-04 Supreme Court term (76 percent for 9th Circuit vs. 77 percent nationally), and only slightly higher than the national average during the 2002-03 term (75 percent for 9th Circuit vs. 73 percent nationally) and the 2001-02 term (76 percent for 9th Circuit vs. 75 percent nationally). In previous years, the 9th Circuit's reversal rate has exceeded the national average, most notably during the 1996-97 term, when the court's 95 percent reversal rate had exceeded the national average of 71 percent and "earned the Western circuit [the 9th Circuit] its reputation as the nation's 'most reversed,
    In the interest of balance, I did try to find a more "right-wing" source, but interestingly they don't seem to cite any verifiable numbers.
  7. Re:Correct decision by Kythe · · Score: 2, Interesting

    the underlying act itself was specifically exempted under special needs.

    Again, this was specifically for the purpose of determining the admissibility of the evidence. The 9th Circuit was addressing an appeal, so could only rule on matters of law pertaining to that appeal.

    Whether or not the university sysadmin would be convicted under the circumstances is a fairly open question, if he were charged with unauthorized access of a computer system. Now that I've read the ruling and the facts considered, it certainly doesn't look like this was "cyber vigilantism" under the normal definition of the term, nor was it for any of the normal purposes one might think of that make such unauthorized access illegal in the first place. It was directly intended to stop impending harm to the network, once the sysadmin had a reasonable suspicion he had the right guy. So I rather suspect that in this circumstance the sysadmin wouldn't be convicted even if charges were brought against him.

    But again, I'm not a lawyer.

    Darned good thing he didn't go further, though.

    --

    Kythe
  8. Re:Correct decision by daveschroeder · · Score: 2, Interesting

    I think we essentially agree on the basic points here.

    I understand that this ruling is only speaking to the conviction that is unrelated to the University efforts with regard to ensuring this computer remained off the network.

    However, since special needs only applies to the explicit and direct action the University took, while this ruling is speaking specifically to the appeal of the conviction, it is still reasonable to believe that the action itself would be viewed legal upon consideration of that action alone. In other words, if that action is legal and allowable under special needs in this context, it's intrinsically legal and allowable on its own for the purpose it was intended to serve, namely, the protection of the University network and computing resources. At least, that is, in the view of the 9th Circuit - and I understand the 9th Circuit has no standing to comment on that issue alone, but I trust you see that this as a reasonable conclusion.

    I do agree with your other observations, but I'm not even sure that any prosecutorial entity could be persuaded to bring changes, especially in the light of the 9th Circuit ruling, even if it is tangential.

  9. Re:Correct decision by geekoid · · Score: 2, Interesting

    This is the Problem:
    What recourse does the person have if the Admin planted evidence?

    This may or may not be the case here(probably not) but we know how petty people who illusions of power can behave, espcially in college.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  10. Re:Correct decision by daveschroeder · · Score: 2, Interesting

    This was 7 years ago, and all network resources (access, authentication, topology), among many other things, were not centrally managed.

    There were a limited amount of things that could be done centrally. One of them was blackholing IPs. Physically disabling the port was also not possible in a timely manner.

    After a 5-year, $50 million network upgrade, a lot of these things people are suggesting from their armchairs are now possible. But they weren't then. This was an IMMEDIATE situation that required emergency action.

    This isn't as easy as it seems on a decentralized campus with 18000 staff, 45000 students, and 850 buildings, with the dorms run by a complete distinct university department (including, at the time and still today to an extent, the network), and so on.

  11. Re:Correct decision by keraneuology · · Score: 3, Interesting

    How does browsing through tmp block an account? He had verified that the computer was the same one that had been previously blocked but decided to give the hacker an additional 15 minutes of time which could have been used to cause additional damage on the university's network. Since the sysadmin was taking the time to snoop it should be clear that he was going beyond what was necessary in the emergency situation. A cop kicks in a door because he hears a scream and finds a woman bleeding to death on the floor. Instead of calling an ambulance or otherwise rendering aid he takes 15 minutes to wander through the house to search for drugs. Proper action?

    --
    If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
  12. Can't have it both ways by imunfair · · Score: 2, Interesting

    You either leave the net as the wild west, and let every man fend for himself, or you set up concrete rules about hacking, etc and enforce them fairly.

    I'm not defending the 'ebay hacker', but I think if he's in trouble then the sysadmin should be as well. There are a lot of physical solutions to cut off someone's net access if you have control of their building, in the event that you can't handle it on the technological side. The responsible thing to do if neither of those options were available would be to remove your server from the net, or actually make your system secure, and report the attacker through the proper channels.

    And to all the people defending the sysadmin as justified, I would like to know why - if he thought blackholing the first ip was enough at the time - did he bother to find a working password on the system in question, and what methodology did he use to do that? Seems like he's just using the second attack as a CYA to hide his proclivity to hacking students machines when he wants to. (If you RTFA it says that he used a password from the first time to log in the second time and snoop around to verify it was the same computer)