EBay Hacker's Conviction Upheld

An anonymous reader writes "The 9th Circuit Court of Appeals has ruled in the case of Jerome Heckenkamp, the former University of Wisconsin student convicted of federal computer crime charges in 2004 after hacking into Qualcomm, Cygnus Solutions and other companies, and defacing eBay. Heckenkamp was caught after a system administrator at the university hacked into his Linux box to gather evidence that Heckenkamp had been attacking the college mail server. The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment, and upheld the warrantless search."

Correct decision

[daveschroeder]

The University was not acting as law enforcement, as an agent of law enforcement, or at the behest of law enforcement, and thus is expressly and explicitly not covered by, or even related to, the Fourth Amendment.

The University acted to mitigate and prevent further intrusions, the scale of which were as yet unknown, into critical University servers and infrastructure upon which tens of thousands of people and many diverse University functions depend.

If you hack University servers from your computer (or even if the computer is being used a zombie), and then take steps to hide your identity or otherwise conceal your activities, your network access will be removed, such removal will be actively enforced and verified, and any immediate actions required to protect the security and integrity of the University network and computing resources will be taken.

Academic, legal, and possible criminal action will then follow, as warranted. These were exigent circumstances, and not done under the guise of law enforcement, but rather the protection of critical university resources from activities clearly and explicitly disallowed by numerous University information technology, housing, academic, and general policies (not to mention various federal and state laws).

Also, while we're on this topic, if the situation were reversed, I can imagine slashdotters would hardly call the equivalent situation a "hack" (i.e., "the university hacked into his Linux box"). Using the typical logic, he apparently didn't protect his machine well enough, so it's okay, right? Oh, but he's on the malicious side, so he's right, and the University trying to protect itself, from someone violating just about every University policy with no expectation of privacy on the network of a public research university, is wrong?

Let me know when you people get your stories straight.

And please, RTFA:

Here, Savoy provided extensive testimony that he was acting to secure the Mail2 server, and that his actions were not motivated by a need to collect evidence for law enforcement purposes or at the request of law enforcement agents. ... The integrity and security of the campus e-mail system was in jeopardy. Although Savoy was aware that the FBI was also investigating the use of a computer on the university network to hack into the Qualcomm system, his actions were not taken for law enforcement purposes. Not only is there no evidence that Savoy was acting at the behest of law enforcement, but also the record indicates that Savoy was acting contrary to law enforcement requests that he delay action.

Under these circumstances, a search warrant was not necessary because Savoy was acting purely within the scope of his role as a system administrator. Under the university's policies, to which Heckenkamp assented when he connected his computer to the university's network, Savoy was authorized to "rectif[y] emergency situations that threaten the integrity of campus computer or communication systems[,] provided that use of accessed files is limited solely to maintaining or safeguarding the system." Savoy discovered through his examination of the network logs, in which Heckenkamp had no reasonable expectation of privacy, that the computer that he had earlier blocked from the network was now operating from a different IP address, which itself was a violation of the university's network policies.

This discovery, together with Savoy's earlier discovery that the computer had gained root access to the university's Mail2 server, created a situation in which Savoy needed to act immediately to protect the system. Although he was aware that the FBI was already seeking a warrant to search Heckenkamp's computer in order to serve the FBI's law enforcement needs, Savoy believed that the university's separate security interests required immediate action. Just as requiring a warrant to investigate potential student drug use would disrupt operation of a high school ... requiring a warran

Re:Correct decision

[Score+Whore]

Last Post!

Re:Correct decision

[stecoop]

You forgot to add that Odds are that the 9th Circuit will get overturned...AGAIN!

Can you guarantee that the System Admin didn't plant the evidence or the evidence was otherwise compromised? Well, now here is the problem, since you said you can guarantee it, that anyone that is called a System Admin is now allowed to plant evidence and vigilantism rules the internet.

Re:Correct decision

[daveschroeder]

Well, the 9th Circuit (which issued this ruling) is a very liberal court, which routinely sides with privacy, individual rights, and personal liberties, and does not err on the side of the state. So you can rest assured that any appropriate protections afforded Heckencamp were more than duly considered.

You may be interested in reading the entire ruling.

The applicable bit:

Once a court determines that the special needs doctrine
applies to a search, it must "assess the constitutionality of the
search by balancing the need to search against the intrusiveness
of the search." Henderson, 305 F.3d at 1059 (citing Ferguson,
532 U.S. at 78). The factors considered are the subject
of the search's privacy interest, the government's interests in
performing the search, and the scope of the intrusion. See id.
at 1059-60.

[...]

The district court did not err in denying the motion to
suppress the evidence obtained through the remote search of
the computer.

[...]

Here, even without the evidence gathered through the
allegedly improper search, there is sufficient information in
the affidavit to establish probable cause. The affidavit recited
evidence that the server intrusion had been tracked "to a campus
dormitory room computer belonging to Jerome T. Heckenkamp";
that "[t]he computer is in Room 107, Noyes House,
Adams Hall on the University of Wisconsin-Madison"; and
that "Heckenkamp previously had a disciplinary action in the
past for unauthorized computer access to a University of Wisconsin
system." This was sufficient evidence to obtain the
warrant to search "Room 107, Noyes House, Adams Hall."

So, the search warrant exemption applied, and even without the information in question, there was, regardless, already sufficient information for a search warrant.

Re:Correct decision

[jrockway]

> Using the typical logic, he apparently didn't protect his machine well enough, so it's okay, right? Oh, but he's on the malicious side, so he's right, and the University trying to protect itself, from someone violating just about every University policy with no expectation of privacy on the network of a public research university, is wrong?

Problem with your logic there. If the University thinks being hacked is wrong, then why do they think hacking someone else is right? Two wrongs don't make a right. The hacker is a criminal, and the University (employee that did the hacking) is a criminal. It's that simple.

Re:Correct decision

[daveschroeder]

Its track record is clear, exactly as stated, and no matter how "liberal" it is or isn't, the 9th Circuit has a consistent record of always erring on the side of individual rights, liberties, and freedoms, and against the interests of the government, sometimes to ridiculous degrees.

And since there's an entire huge section in Wikipedia and over 1 million hits on google for "9th circuit liberal", regardless of "how much" it's true, there is no denying that, among all appeals circuits, the 9th is the "most" liberal.

But in this case, it's so clear cut that the University acted properly, it wasn't difficult for the court to rule on the side of the University's actions.

The point is, the court most likely to overturn the conviction didn't. And therefore, it's reasonable to believe this is how it will remain.

Re:Correct decision

[Kythe]

Whether there was sufficient evidence for a warrant is irrelevant -- as you yourself noted, the University is not a law enforcement entity, nor were they working in that capacity.

Additionally, whether the University had the means to sufficiently control its network is also not relevant to whether they had the right to break the law -- unless the man in question specifically allowed hacking into his computer by agreement. Did he do so?

IANAL, but I wouldn't be terribly surprised to see a lawsuit against the university over their actions. Frankly, I'm rather surprised no one has been charged with hacking the man's computer. Perhaps it's being "overlooked" due to the obviously bad actor involved -- but IMHO it shouldn't be. OKing this sort of vigilantism is a pretty dangerous thing to do, on many levels.

Re:Correct decision

[Waffle+Iron]

Since his computer was in a dorm room, the correct thing to do would have been to walk down to the dorm, get the local Resident Adviser or whoever is in charge to open up the room (which is undoubtedly allowed in emergency situations under the lease-like contract that students sign), unplug the network jack, and call the police. This would have had the additional benefit of clearly preserving any evidence of wrongdoing within the attacking system.

Even if access to the room were not possible, they could have simply gone down to the router, pulled the plug on that room, and called the police.

Illegally counter-hacking the attacking computer (which also was likely to taint any evidence in the system) was *not* necessary under the exigent circumstances.

Re:Correct decision

[Ardeaem]

AFAIK, you are wrong, and that is simply spin. A quick google search yielded this: http://mediamatters.org/items/200511090012

During its 2004-05 term, the Supreme Court reversed 84 percent of the cases it chose to hear from appeals of 9th Circuit decisions, compared to a 73 percent average reversal rate for all circuit courts of appeals.* But the high court reversed 100 percent of the decisions it heard from the 1st, 2nd, and 10th Circuit Courts of Appeals.* Moreover, as Media Matters for America has documented, the 9th Circuit's reversal rate was slightly lower than the national average for all circuit courts during the 2003-04 Supreme Court term (76 percent for 9th Circuit vs. 77 percent nationally), and only slightly higher than the national average during the 2002-03 term (75 percent for 9th Circuit vs. 73 percent nationally) and the 2001-02 term (76 percent for 9th Circuit vs. 75 percent nationally). and

While it is true that the Supreme Court has reversed more decisions by the 9th Circuit than by any other circuit court in terms of numbers alone, the 9th Circuit has a far bigger caseload than any other circuit (including the U.S. Court of Appeals for the Federal Circuit). People have tried to label them as some kind of crazy pinko judges, always on the wrong side of the Supreme Court, but it isn't true. And even if it WERE, with some of the decisions we've gotten lately you could do much better than always siding with the Supreme Court.

Thank God

[normuser]

The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment

Now I don't feel so bad about killing those zombies that keep trying to ssh into my box.

What?

[Spazntwich]

The court ruled today that such counter-hacks are allowable under the 'special needs' exception to the Fourth Amendment

So suddenly the retarded aren't protected by the bill of rights?

This is preposterous!

Implications for RIAA/MPAA lawsuits

I'm a bit scared as to what this will mean for RIAA attacks against innocent people accused of file sharing. If "self help" is available for the university when someone hacked their server, why WOULDN'T the courts allow "investigators" working for the MAFIAA to hack into computers to determine if they were "pirating" music or movies?

Forensics Anyone?

[madsheep]

Ok this just sounds a bit ridiculous. This is essentially vigilante cyber justice. Now it had a bit more of a law enforcement/good guy vs bad guy twist, but I just don't see how this can be allowed. Where is this special need and why was this an acceptable method to go about anything?

Is anyone familiar with forensics? "Hacking" into another machine alters a ton of stuff..even if you're just logging in remotely with username/password you found. You've change login dates, profiles, logs, etc. How would this sysadmin have known this machine wasn't already compromised and was just being used a launching point?? If this was the case and the guy adamantly denied having been a part of it, he would have essentially *ruined* any and all evidence. This is just rediculous.

Re:Question

[Mister+Whirly]

Chuck Norris