Slashdot Mirror
Hacker Posts His Crime On YouTube, Lands In Jail
wiredmikey writes "A former contract security guard who admitted hacking into a hospital's computer systems (where he worked), was sentenced to 110 months in Federal prison. Why did he do it? He admits that he intended to use the bots and the compromised computers to launch DDoS attacks on the websites of rival hacker groups. The FBI says he posted video of himself hacking into the hospital computers on YouTube — While the theme of 'Mission Impossible' played, he described his hack, step by step, including the insertion of a CD containing the OphCrack program, which allowed him to bypass all security. The FBI found the CD containing the OphCrack program in McGraw's house and found the source code for the bot on his laptop."
"FBI agents have raided the homes of three alleged members of a hacker gang that harassed a security expert who helped put the group’s leader in jail, according to a recently unsealed search warrant affidavit.
Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital’s Windows-controlled HVAC system.
Last month’s raids were prompted by the aftermath of McGraw’s arrest. McGraw was the leader of an anarchistic hacking group called the Electronik Tribulation Army, and his bust led to a flood of harassment against the Mississippi computer-security researcher who discovered screenshots of the HVAC access online and informed the FBI."
http://www.wired.com/threatlevel/2010/07/eta/
Has "security researcher" become the code for for confidential informant? Why else would the "researcher" go out of his way to "inform" the FBI?
Why do articles even call them "security researchers"? Now if this guys job is to investigate hackers, then he should be called a "cyber crime investigator". It's disingenuous to call an a cyber crime investigator/cybercop detective a security researcher.
What is with this trend? And what is the official function of a security researcher? Are they informants? I'd think maybe not if they aren't pretending to be outlaw/blackhats, so I cannot put them in the obvious informant/snitch category that albert gonzalez is in. An informant/snitch generally is someone who is a criminal hacker or member of a crew, who betrays his or her own crew to provide information to another crew (usually the police). Albert Gonzalez fits the definition of a snitch, the worst kind.
That's not that bad. People could get much worse for having the police catch them with crack in their home!
Mein Gott! Others get hand-slapped, but 10 YEARS??????
Stupid though he was to post this publicly almost 10 years in prison for a hack like that seems very excessive.
Step 2) ????
Step 3) Jail!
excitingthingstodo.blogspot.com
This question goes out to security researchers. When is it a good idea to inform the FBI of a crime? Does it depend on whether or not you are white hat, black hat, grey hat? Does it depend on whether or not you are in the same crew as the person, or know the person? And if you do, does it remain just research or does the function of the security researcher change to investigator?
I keep seeing various different job titles, security researcher, cyber crime investigator, cyber cop, cyber warrior, and I do not understand the different inherent functions of these terms. At the same time you have obvious professional betrayers like Albert Gonzalez being called "agents" and "heroes" by the feds in one sentence and then later on the feds are locking him up and he's a dirty rotten snitch greedy scoundrel.
So which security researcher, hacker, or cyber crime investigator wants to clear up exactly the different functions and roles?
Do we have a winner for the prize of "stupidest person alive"? Who, with the slightest semblance of common sense, would think that posting a video of themselves doing this was a good idea? This ranks up there with the guy who used a camera mounted to his motorbike to record himself doing 140mph+ in the UK, then posted it on YouTube with his face and licence-plate.
This is exactly why we don't counter-attack those attempting to penetrate our network. While you *might* have some slim chance of reaching the attacker, chances are equally good you will end up attacking some systems in a hospital or something equally unacceptable.
They added the stupidity multiplier. It is there so the pollution of the gene pool by really stupid criminals is reduced.
Fight Spammers!
How do you spell elite? Is it: (0~\/1(7?
The FBI found the source code for the bot on his laptop.
Open source doesn't really work for hackers.
This nimrod's just a script-kiddie with delusions of grandeur. Lock 'im up!
FAIL
Has "security researcher" become the code for for confidential informant? Why else would the "researcher" go out of his way to "inform" the FBI?
If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
Why do articles even call them "security researchers"? Now if this guys job is to investigate hackers, then he should be called a "cyber crime investigator". It's disingenuous to call an a cyber crime investigator/cybercop detective a security researcher. What is with this trend?
Who cares if the person was a "security researcher" or "cybercop detective"? What's it matter?
And what is the official function of a security researcher? Are they informants? I'd think maybe not if they aren't pretending to be outlaw/blackhats, so I cannot put them in the obvious informant/snitch category that albert gonzalez is in. An informant/snitch generally is someone who is a criminal hacker or member of a crew, who betrays his or her own crew to provide information to another crew (usually the police). Albert Gonzalez fits the definition of a snitch, the worst kind.
You took the term "security researcher", substituted your own definition of "confidential informant", and then hinted that the person might be a snitch...
I don't think you understand how whitehats think. They think they are talented superhero vigilante crime fighters. I've known a few in my time, and they are frequently the kind of Eagle Scout archetype of a neighborhood watch captain. They have no real official power, but they get off on being "the good guys" and will turn in anybody for anything. It's a terrible combination of boredom, a modicum of skill, and an underdeveloped legalist sense of ethics.
At the same time, blackhats like GhostExodus are pathetic in the opposite dimension. They egotrip on being able to put a live CD into a Windows box to haxx0r its security like that's so hard. As far as I'm concerned the white vs. black drama can keep going as long as they want. Meanwhile the vast majority of grays will mind their own business, neither snitching nor bragging. Both are stupid unless you have a really good reason.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?
And yes, the only way to enforce laws effectively is for crimes to be reported effectively. It's unfortunate that so many people think that reporting a crime is cause for immediate public execution, but the attitude will be there so long as there is no effective punishment for violently repressing anyone willing to call 911.
If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
That depends on whose home it is. If it's a rich assholes home, probably not. If it's my friends home, most definitely. If it's a complete strangers home, probably not because the complete stranger could be an even bigger crook than the burglars in the end.
Who cares if the person was a "security researcher" or "cybercop detective"? What's it matter?
Just like it matters that police have badges, wear uniforms, have warrants, it matters to most people whether or not their friend who claims to be a security researcher is actually a cop. Does the security researcher need a search warrant? I don't have a problem with cops, I just have a problem with undercover cops who pretend to be my friend. Wouldn't you have a problem with that situation?
You took the term "security researcher", substituted your own definition of "confidential informant", and then hinted that the person might be a snitch...
No I'm asking the question of what exactly the role of a security researcher is. A cyber crime investigator we know what their role is. A cybercop we know what their role is. A security researcher is not the same thing as a security investigator. Researchers are interested in academic pursuits, not crime fighting, not law enforcement. The guys who built freenet, tor, the linux kernel, these sorts of people are security researchers. If crime fighters are supposed to be honest, and supposed to be the good guys, why do they have to pretend or dress up in plain clothes, and act like the bad guys?
This is a legitimate question to ask.
Pirates of the Caribbean "You are without a doubt the worst [hacker] I’ve ever heard of"
Anywhere but a hospital.
Delusions of grandeur is right.
"So what if I mess around with the HVAC controller in this hospital? I have SERIOUS HACKER BUSINESS to conduct!"
...this is starting to get out of hands! A Guy should be kicked very hard in his balls for hacking a hospital computer, but come on, almost 10 YEARS hard time?!?!
Stupid should hurt.
That said, I think sentencing for most of these crimes is a little over the top, but still; if you ask to get busted, you're going to get busted.
-SS "Teach the ignorant, care for the dumb, and punish the stupid."
If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
That depends on whose home it is. If it's a rich assholes home, probably not. If it's my friends home, most definitely. If it's a complete strangers home, probably not because the complete stranger could be an even bigger crook than the burglars in the end.
Ok...but in this case it's more like breaking into the hospital to steal drugs...
The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?
We're not talking about the mafia. This is a dumbass script kiddie.
The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?
And yes, the only way to enforce laws effectively is for crimes to be reported effectively. It's unfortunate that so many people think that reporting a crime is cause for immediate public execution, but the attitude will be there so long as there is no effective punishment for violently repressing anyone willing to call 911.
That is not the situation at all. Being a witness to a crime is not the same as being a snitch. A snitch knows the individuals who committed the crime, had the trust of these individuals, and betrayed them. I'm not saying the guy who found the photo and reported it to the FBI is a snitch like Albert Gonzalez and I'm not saying someone who witnesses a crime is snitching. You do risk your life and limb as a witness but it's not betraying anyone or harming your friendships to be a witness so the stigma is only bad to people who weren't your friends to begin with.
On the other hand if you pretend to be someone you aren't, pretend to be friends with a group of hackers to gather enough dirt to "inform" the FBI. Then you are a confidential informant, a snitch, a rat, etc. This carries a stigma because it involves personal betrayal of trust, destruction if personal friendships, and has a virus like effect on the hacker community.
So it's simple. If you are a cyber crime investigator, then don't pretend to just be a "researcher". But if you are just a researcher then your interest is purely academic, so what would you have to gain by reporting every crime you see? Sure if you want to report a crime you can be a witness, you wouldn't be labeled a snitch, but in this instance where the guy got 10 years in prison and fined for $30,000, while the security researcher didn't necessarily do the wrong thing, there probably should be more clarity as to the roles. Otherwise when researches claim they want to collect harmless statistics which they claim will be destroyed after it's analyzed, well perhaps people will think otherwise of them and wont be so quick to allow them to gather those statistics if you know what I mean.
That depends on whose home it is. If it's a rich assholes home, probably not. If it's my friends home, most definitely. If it's a complete strangers home, probably not because the complete stranger could be an even bigger crook than the burglars in the end.
And when at last you become the victim, I hope for your sake those around you don't think like you do.
That depends on whose home it is. If it's a rich assholes home, probably not
You do realize that this means you, too, are an asshole, and that someone even lower on the moral chain than yourself will watch someone break into your house and do nothing for the same reason?
The chain of violence only stops when people like you stop demonizing based on external factors.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?
We're not talking about the mafia. This is a dumbass script kiddie.
The problem is sometimes, we are talking about the mafia.In this case you're correct, its just a script kiddie, but not always.
If the summary is correct (and this is a big if),
what would be the sentence if he ran over a man with his car (accidentally)?
Probably less months.
You know that you are ridiculous, don't you?
Posting as AC for obvious reasons.
that they must submit it the information, in my opinion it should be submitted to the person directly above them and that person should decide whether to submit it to the government or not. I just want full disclosure. If some security researcher is collecting information about me, shouldn't I know that they might give it to the government if the government asks for it?
Anyway if it's in the contract or a part of their job title and definition then nobody can accuse them of being an informant, and at the same time nobody can mistake them for being an ordinary joe. They'd basically be like cops.
Exactly. As Cullen Hightower said: "There's always somebody who is paid too much, and taxed too little - and it's always somebody else."
I always ask people, at what magical number does 'theft' become 'economic justice'?
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
That depends on whose home it is. If it's a rich assholes home, probably not. If it's my friends home, most definitely. If it's a complete strangers home, probably not because the complete stranger could be an even bigger crook than the burglars in the end.
You sir, are an amoral person.
You should rethink your philosophy; I suggest imagining that it's your home being broken into, and ask what you would want a third-party observer to do. Calling the police to report a crime is the moral duty of said observer.
Has "security researcher" become the code for for confidential informant? Why else would the "researcher" go out of his way to "inform" the FBI?
If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
Not just breaking into a home, a fucking hospital. When shit breaks in a hospital, people can die.
If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
That depends on whose home it is. If it's a rich assholes home, probably not. If it's my friends home, most definitely. If it's a complete strangers home, probably not because the complete stranger could be an even bigger crook than the burglars in the end.
Ok...but in this case it's more like breaking into the hospital to steal drugs...
And if I were the one who cracked the case then I would not be a security researcher, I would be a cyber crime investigator. I mean what is so difficult to understand? If someone does the police work or the police then the police don't have to pay anybody. This saves the police money but it does not necessary make us any safer. Whether or not we'd be safer would have to be decided on a case by case basis.
So what I'm saying is, if there really are cyber police or if there should be cyber police, shouldn't they have that in their job title, wear a uniform, or other insignia? I'm more concerned about functions, labels, and roles, than whether or not you decide to be a witness. Somebody has to be a witness of course, but when someone is a security researcher and a witness at the same time it puts their role as an impartial or neutral security researcher in jeopardy and can get them the stigma of being a government security researcher or something along those lines. It will make it harder for other researchers to do research, kind of like how if journalists report every crime they see then it can make it much more difficult for other journalists who don't report every crime they say because they are after the big story or the interview with Bin Laden or whatever.
That depends on whose home it is. If it's a rich assholes home, probably not
You do realize that this means you, too, are an asshole, and that someone even lower on the moral chain than yourself will watch someone break into your house and do nothing for the same reason?
The chain of violence only stops when people like you stop demonizing based on external factors.
If I don't know anything at all about a person, never met the person in my life, I don't have any responsibility to care about the person.
And no I don't assume a majority of rich persons care about me. My decision of whether or not to be a witness would depend on factors such as whether or not I knew them, whether or not I want to sit in court for weeks or months, but it's still my decision to make.
Just like if someone decides to give to charity or give a donation, it's their decision to make. Nobody should call them an asshole if they don't donate to an African charity to help some starving family. And it's simple, if you know the guy then you get involved and if you don't know the guy then you don't get involved .The guy you save could be the mafia don and that guy could go on to be the biggest criminal in the city. When you deal with a complete stranger it's 50/50 like that so if it's some strangers house being robbed, and it's a mansion, I'm sorry I honestly don't give a fuck.
Am I supposed to feel bad that a rich persons mansion is being robbed when some poor person is probably living homeless that I actually might know? Yes sometimes you can be wrong and not help the rich person who might have been a great person, but so what? The rich person loses material items that they can afford to buy again, and more than likely the people stealing it are just as good or just as bad as the people it's being stole from.
You make a valid point assuming that the researcher spends most of his time looking for and reporting cyber crimes.
I would certainly consider it valid for a security researcher to look for people bragging about exploits online, even if it won't qualify him to attend defcon. Also, it's worth noting that reporting this to the FBI isn't necessarily related to his work as a security researcher. If, for instance, I were to be featured in my local newspaper for my (hypothetical) work with animal shelters, they would be correct to refer to me as a computer programming--even though it has very little to do with the item of interest.
While the theme of 'Mission Impossible' played
Just wait till the RIAA sues him for this part of it.
Exactly. As Cullen Hightower said: "There's always somebody who is paid too much, and taxed too little - and it's always somebody else."
I always ask people, at what magical number does 'theft' become 'economic justice'?
Justice is for the strong. What that means is that the rich typically get justice through the law and the poor do not.
The law does not treat rich and poor equally, you know this and I know this.
So if a rich strangers house is being broken into and burglarized I'm just not going to care about that rich persons junk. That rich person has more stuff than they need anyway, and I wouldn't want to spend my time sitting in court.
Now if the roles were completely reserved and I'm the rich person and I'm watching a ghetto dwelling persons house getting broken into, maybe I'd decide to be a witness as a way to give back for what society has given me. In fact maybe I'd just give the unfortunate person some financial assistance, pay the legal fees, or give them a job.
But I'm not the rich person. Justice is not likely to work in my favor. A rich stranger is not likely to rescue me if I'm victimized. So if the rich person wants justice, they can buy it just like the poor person is expected to buy it. Unless you believe poor individuals should be expected to protect the mansions and property of rich individuals without being paid, hired, or without their property being equally protected by rich individuals. Since the property of poor individuals is not equally protected I just don't care what happens to some rich strangers mansion.
There. I fixed it for you.
ehintz
If they knew me I would expect them to have compassion. If they don't then I wouldn't expect any compassion just as most of you don't have compassion for people dying in foreign countries.
You are right I am amoral. Just like a corporation, a government, etc.
Not all research is academic. I with a large number of research scientists, very few of them are doing anything academic. This particular security researcher is someone who makes his living by providing his skills to companies and other organizations in return for money. He researches security risks and ways to compromise computer systems and develops tools to combat them (my interpretation of the information on his business website). The overlap between what he does as a security researcher and what a cyber investigator would do is significant. Additionally, the link you posted mentions that he works at a university, suggesting that he may indeed do quite a bit of academic research. There is no evidence in any of the articles that have been brought forward so far that he is in any way employed by a law enforcement agency.
The simplest explanation of the facts as we know them is that he really is a security researcher who in the course of his research came across a video of someone hacking into a hospital computer system and reported it to the FBI. I am not sure why the idea that a private citizen might feel it is their public duty to report crimes they come across is so difficult for you to get your head around.
The truth is that all men having power ought to be mistrusted. James Madison
There's nothing cool or counter culture about screwing with hospital computers you are promising to guard. I'd inform on this sort of crap with a very clear conscience. I think the kid should be reformed not simply locked in a cell till his playstation expires but then the US penal system is another issue.
But I'm trying to figure out why they think that way.
Now if the roles were completely reserved and I'm the rich person and I'm watching a ghetto dwelling persons house getting broken into, maybe I'd decide to be a witness as a way to give back for what society has given me. In fact maybe I'd just give the unfortunate person some financial assistance, pay the legal fees, or give them a job.
No, you wouldn't.
You would likely feel you'd earned every penny you had and not owe anything back to society. You certainly wouldn't risk it for some poor person who could never pay you back and might expose you to personal risk.
A part of me feels sorry for this fool.
As in, I pity the fool...
Sometimes actually I miss the 80s.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
>If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?
It's not like calling in a break-in of someone's house. I've done that myself. Called it in while I was watching across the street, and identified the bad guys while talking on 911 and later as I sat in the police car and the cop shined a light on them (they were caught).
Cops know how to deal with that. Clear cut, simple.
But to call in a computer security problem? To people who don't know anything about computers? Nope. Not a chance. Ain't getting involved unless I can be guaranteed to talk to someone who knows what he's doing and isn't out to screw everyone in the hopes of making a name for himself. Same goes for reporting a security hole to a system administrator unless I can do it anonymously. Too much ass covering and trying to make the messenger look like the bad guy. We've seen it here more than once.
I would report anonymously to the head of IT before I ever get the FBI involved, and if i can't do either, I'm staying schtum.
There are too many problems with reporting computer crimes.
--
BMO
This is the worst kind of thinking. 'The poor don't get justice so I'll make sure the rich don't get it either! Then we'll all be equal!' Equally fucked. Such an great thing to which to aspire. Equality is not the sacred thing you seem to think it is. To paraphrase Margaret Thatcher, it is better to have a higher standard of living for the majority in a society with a high disparity than it is to have a lower standard of living for the majority in a society of greater equality.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Baed on your attitude, I'm surprised that anyone cares about you...even your mother.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
That is truly a staggering failure of logic. You are assuming that even though you are witnessing a crime you will assume the person deserves it simply if they have more or less than you? You might want to look into therapy for that level of damage, it may well push into the edge of psychotic.
You are not the moral authority of what people need or do not need. If a person earns something in life, they have earned it, regardless of whether you believe they should share it or not. Without basic morality, ethics, and property rights, civilization deteriorates. Nothing in life is ever equal, the idea that equalization can be taken into a persons hands is absurd. There have never been and will never be two identically equal people because of the choices people make in their lives.
correction: script kiddie ;) although securing against someone with physical access is impossible without full disk encryption
I'm assuming he wasn't part of 'Anonymous' then? ;-)
let's start with anyone making more than 128 times the national median income.
Snowden and Manning are heroes.
This seems to be their YT channel - http://www.youtube.com/user/XxxxETAxxxX
"The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?"
/. then assume you're simply an informant instead of being the private detective that the article correctly identified you as being?
But... he is a security researcher, here's his security websites and his LinkedIn says he has a PhD in Computer Science and works at the Mississippi State University Center for Computer Security Research (CCSR).
I'd say he's qualified. I don't understand why parent automatically assumed he was just an informant. If you're a private detective and with PhD in Criminal Forensics and you see a felony take place wouldn't you call the police? Would
my karma will be here long after I'm gone
I'm not paid too much, but I am taxed too little. I would gladly raise my own tax rates by 5% if it applied to everyone making as much as I am or more (esp. if it applied to Warren Buffet, etc. who currently have their salaries as investment income.)
That stupid rhetorical device has been done to death. At what level does a full head of hair become bald? At what level does the sand grains I collect one at a time in a location become a heap?
Obviously, if one person owned everything, it would be justified (if only so that people he did not like could eat), and if everyone was equally wealthy it would not be justified. The presence of a grey area may lend itself to long arguments about the optimum points to put tax rate changes, but it cannot be used to dismiss the concepts out of hand.
Your ad here. Ask me how!
The way for inner city youth is to follow the rules: Stop Snitching.
If they don't pay attention to the rules, they will run afoul of folks whose livelihood they are impacting. And probably end up as another statistic on how hazardous it is for minorities in the inner city.
Of course, you are correct that the only way for law enforcement is to have snitches. If they are subsequently beaten, tortured or killed it isn't the fault of law enforcement but our own sick, twisted society. It comes down to who do you want to support, the cops or the robbers? For the most part in the US we have chosen overwhelmingly for the robbers.
Found this at youtube, http://www.youtube.com/watch?v=vsHqbtmmRH8
He's giving shouts to "hacker" aliases Acid Burn and Crash Override? Really? lmfao.
And another youtube video taken down
http://www.youtube.com/watch?v=WN3xUrFUoNw&feature=related
due to a copyright claim by ETA? lmfao more.
It's an old saying, but true none the less - there is no honor among thieves.
How come Slashdot never gets Slashdotted?
An informant/snitch generally is someone who is a criminal hacker or member of a crew, who betrays his or her own crew to provide information to another crew (usually the police). Albert Gonzalez fits the definition of a snitch, the worst kind.>/quote?> There is no honor among thieves.
The hacker trades in secrets - and there is no bigger secret than the identity of other hackers.
Hey, he assembled a mighty 14-large computer cluster to DDoS rival group Anonymous. He was totally gonna kick their ass!
Your ad here. Ask me how!
But if you are just a researcher then your interest is purely academic, so what would you have to gain by reporting every crime you see?
As a scientist, you have an ethical obligation to report particularly dangerous crimes. Sounds like this guy was boasting about coopting his hospital's systems and using them to fight other bot nets. That has a potential for killing people that compromised computers normally don't have.
You could go with Rawls (paraphrased): Inequalities are acceptable if they makes the worst off in the new system better off than the worst off without those inequalities.
Your ad here. Ask me how!
The evidence was cleverly hidden on Youtube. Why are you so certain there was some sort of relationship?
Nerd rage is the funniest rage.
this.
of course, there needs to be discretion.
some crimes are so severe that if you have knowledge of them you need to report them to get the perpetrator off the street, or you'll be enabling the criminal.
a script kiddie isn't in that category for me though. more like a rapist.
possibly because cops spend all day with robbers and quite often the robbers tend to get paid better, which opens the cops up to turning a blind eye to some of the robbers in return for protection from arrest...
I always ask people, at what magical number does 'theft' become 'economic justice'?
17.
Or was that for something else...
No. The guy is literally a PhD student who studies computer security.
I don't know why "inform" was in quotes. He did it because he saw that an HVAC system at a hospital was compromised, and thought that could pose a danger to human beings. He called the police and FBI with information about who had done it. And considering that the person with remote control of the HVAC system was planning on shutting it down in a hospital, causing ? deaths on July 4th, the reporting researcher saved lives.
Again, because he was a guy who researches security. Who noticed something and reported it. It's not his primary or official job to find hackers. Or, in this case, self-aggrandizing script kiddies.
Your ad here. Ask me how!
In either event, the point is moot. There's no stigma to being a CONFIDENTIAL informant because, you know, it's confidential. Now, being an on-the-record informant... that's why they have witness protection.
Has "security researcher" become the code for for confidential informant? Why else would the "researcher" go out of his way to "inform" the FBI?
Because we follow a Code of Ethics as any professional would, unlike yourself obviously seeing as the concepts involved appear foreign to you.
Why do articles even call them "security researchers"?
Because we do research in the field of security?
And what is the official function of a security researcher?
My job description says "....you will be identifying and locating security vulnerabilities, threats and risks in many different security contexts in live and simulated environments... you will be proficient in the current trends relating to security issues such as current and emerging Advanced Persistent Threats, current and emerging technologies, methodologies and counter-measures... you will follow a code of ethics in regards to your conduct within the company and without... "
Example Code of Ethics
(ISC)2 Code of Ethics
Talk about being lazy. I use Ophcrack to recover Windows password at the office all the times.
If there's a crime then reporting on it should not be called "snitching". "Snitching" is what criminals say to discourage others from behind honest and to encourage the general public to just look the other way.
As a scientist, you have an ethical obligation to report particularly dangerous crimes. Sounds like this guy was boasting about coopting his hospital's systems and using them to fight other bot nets. That has a potential for killing people that compromised computers normally don't have.
This seems to imply that there are crimes you don't report. Is there some sort of ethical standard for what gets reported and what doesn't or is it left to the judgement of the scientist?
"My God...it's full of trolls!"
More like script kiddie.
RIght. I doubt this low level "hacker" was working alone. He most likely has a boss or at least partners that would none to happy that he is in a situation to squeal.
For every benefit you receive a tax is levied. - Ralph Waldo Emerson
This seems to imply that there are crimes you don't report.
And that can indeed be the case. For example, I read of an economics researcher who studied a US street gang who was heavily involved in cocaine and crack dealing. One of the conditions for their cooperation with him was that he wouldn't report their involvement in a variety of crimes (such as drug possession, tax evasion, and violations of US labor law). I think he would still be ethically obligated to report to the police any serious crime he witnessed like assault and battery, murder, etc.
Is there some sort of ethical standard for what gets reported and what doesn't or is it left to the judgement of the scientist?
I doubt there's a formal standard. But you aren't going to learn much about criminals by befriending them, if they don't have a reason to trust you.
Did he know nothing about being evil?
Never let them catch you monologuing!
Now if the roles were completely reserved and I'm the rich person and I'm watching a ghetto dwelling persons house getting broken into, maybe I'd decide to be a witness as a way to give back for what society has given me. In fact maybe I'd just give the unfortunate person some financial assistance, pay the legal fees, or give them a job.
No, you wouldn't.
You would likely feel you'd earned every penny you had and not owe anything back to society. You certainly wouldn't risk it for some poor person who could never pay you back and might expose you to personal risk.
Not if I were poor and became rich. If I were born rich you'd probably be right, but since I wasn't, I wont think rich.
When you are rich it's no personal risk to yourself to help a poor person but when you are poor there is great personal risk to yourself to help a rich person.
Give to us, protect our rights, die for us, give us justice.
But they can't give healthcare, a job, or an education.
Why should I give random rich people a handout?
Just because you would die for a random rich person, does not mean a random rich person would save your life.
So if you want to die for some rich asshole, go ahead and be my guest. The only people who matter are the people who you actually know. You think otherwise? Maybe you should have stopped the troops from bombing Iraq and stealing the oil and maybe you should have saved the Soviet Union from the cold war, and maybe you should have helped save the children.
But if you want to be realistic, if you are a rich person you are only rich because millions of other people are suffering. So to lecture a poor person on morality, when the world exists with this much suffering precisely because there are obscenely rich people in it is completely hypocritical.
Don't expect me to care anymore than the rich man cares about members of my family. Are they going around helping the poor and bringing equal justice? If they were I might know who they are and might give a shit if someone were robbing their house. If they never did anything for anyone I know, then they why should I do anything for them?
An informant/snitch generally is someone who is a criminal hacker or member of a crew, who betrays his or her own crew to provide information to another crew (usually the police). Albert Gonzalez fits the definition of a snitch, the worst kind.>/quote?>
There is no honor among thieves.
The hacker trades in secrets - and there is no bigger secret than the identity of other hackers.
If someone is a friend, or is family, and you know ratting them out will put them in prison where they'll be ass raped for a decade, what kind of person are you if you give their identity to the FBI?
"Why else would the "researcher" go out of his way to "inform" the FBI?
You see no moral issue in putting hospital computer systems at risk to enable a pissing contest between script kiddies? McGrew saw something dangerous happening and reported it.
Gifts to the United States Government
Not enough that people don't care about your sorry ass, now you want people to hate you?
You are a sorry little fuck.
I may have missed someone making this point but this says a lot about the gang he was with as well. For him to be in a gang must have meant they thought he was worth something. They should have known this guy was not very bright. Maybe hackers aren't as smart as they make themselves out to be.
Academic freedom requires tolerance of questionably ethical acts. The line is most blurry when it comes to participation, but generally deference is given to the judgement of academics with expertise in the field of study. There are formalized standards, but the nature of academics inherently resists these types of restrictions, they tend to be imposed standards resulting from political interference or social convention.
I remember when he originally posted that video. about all I could do was /facedesk multiple times. I couldn't believe how someone of his obvious intelligence could be so incredibly stupid (not about the video or even posting it, but the fact that he actually endangered lives by his actions). It is people like him who give governments cause to intrude into our lives as much as they do.
Understanding is much like a 3-edged-sword. in this: there are always 2 sides and the truth.
When you are rich it's no personal risk to yourself to help a poor person but when you are poor there is great personal risk to yourself to help a rich person.
Please explain the risk you take by supporting the social contract of the society you live in. That is your duty as a citizen of your society, just like jury duty or voting.
Then again, I suspect that someone as selfish as you thinks society owes you.
No, no, you're not thinking; you're just being logical. --Niels Bohr
People like you crack me up. You feel some sort of kinship for people of low economic standing. You think there's honor and glory in being poor. You agrandize your own poverty.
It's for all these reasons that you deceive yourself in to thinking that you would be different if you had an opportunity to "make a difference".
There are two types of "born in to poverty" millionaires:
1. Michael Vick Grade. These guys spent their entire childhoods playing sour grapes talking shit about people who had more opportunity than them(nevermind they were still better off than 99% of the planet). They manage to find success through some sort of skill which doesn't involvement money management skills and likely involves an agent to protect them from their own stupid. They feel their success has made them a "sell-out" or some bullshit. They then actively sabotage themselves engaging in stupid bullshit like dog fighting, gun brandishing posturing, etc.
2. Warren Buffet Grade. These guys got ahead by their own wits. They were ruthless in their pursuit of profit, and had no time for morons and losers. They don't play hero unless there's something in it for them, because every action that has no profit has potential risk. They learned at a young age that no good deed goes unpunished. In any case, every step of their way to their success they found themselves increasingly hamstringed by socialist bullshit that impededed their ability to get ahead in life. As they were dealing with this forced charity, they watched their tax dollars giving athletic scholarships to morons like Michael Vick.
They become increasingly bitter/indifferent as they find more and more of their resources are being plundered trying to take the trash out of "street trash".
I used to feel bad for poor people. Then I watched them make stupid decisions and realized to what large extent they bring it upon themselves. Fuck the poor. You give them a winning lottery ticket and they'll be back in a trailer in 5 years.
Crackers aren't hackers.
So it's simple. If you are a cyber crime investigator, then don't pretend to just be a "researcher".
Are you fucking retarded? Do you think undercover organized crime investigators should wear "Hi! I'm in the FBI!" t-shirts to avoid confusing the poor mafiosi?
To have a right to do a thing is not at all the same as to be right in doing it
a script kiddie isn't in that category for me though.
But a script kiddie fucking around with a hospital's systems is something else.
To have a right to do a thing is not at all the same as to be right in doing it
I just looked up some details of Ophcrack on Wikipedia.
I can't help but wonder if this guy or his group shelled out for the full set of rainbow tables, or wether the hospital used alphanumeric-only passwords for their sensitive accounts.
It in no way excuses this guy, but that would deserve a good slapping.
What a depressingly stupid machine.
Unfortunately I do not have a reference handy but some time ago I read about a study that found the exact opposite of what you claim. The result was that even rich people are happier in countries where the range of wealth is relatively narrow than in countries with a large inequality. They argued that your perceived risk of becoming poor contributes to your stress
Society is something I tolerate. I did not ask to be born into this society. I do not have any emotional attachment to this society. It's not all good.
There are good people who matter to me. I care about those people. The social contract isn't real and does not exist. People pretend it exists just as they pretend human rights exist and just as they adopt American exceptionalism.
You think the world owes you all it's natural resources because you are an American? You think lives in foreign countries don't matter?
Are you willing to risk your life to stop the American empire from expanding? Are you willing to get locked up in Gitmo to protect human rights? Are you willing to be tortured?
Well that rich guy across the street from you isn't, else there might be human rights already. So yes I have a right to be as selfish as necessary to survive, and why expect everyone who doesn't have to be the selfless but expect the people who actually have something to give, like bankers and CEO's, for them greed is good?
Be consistent. Greed is good for everybody, or for nobody.
Have you gotten your meals out of dumpsters and supplemented them by shoplifting?
Have you gone days and days without a shower because you had no place to take one? Slept in parks and alleyways?
I'm guessing the answer is "no."
Well, I have. And you know what? I survived by doing what I had to do and through the kindness of people who had nothing to gain by helping me. Without those people I would be dead and we wouldn't be having this pleasant conversation.
I learned that nobody owes me anything. I get what I get because I work hard for it. As it should be.
What is more, I try to help people. Why? Because it's the right and ethical thing to do. I don't judge people by what they have or how they live or paint whole societies with a broad brush. I go by what people do and what they say.
We live in an unequal world. It's not right and it breaks my heart to know that many people have short, harsh, brutal lives. But I can't make everything better.
I can't stop the oil companies from raping the Earth, or bankrupt the corrupt corporate executives who happily endorse screwing the most vulnerable among us to pad their own pockets, or jail the scumbags who commit atrocities in the name of my home. I can, however, treat my fellow humans with respect and kindness. I can lead by example.
What do you do? You hate on others. Usually, that's a sign that you hate yourself.. Do you feel inadequate in some way? Didn't your mommy love you enough? Did some sociopath scumbag abuse you as a child?
As my late sister used to say, "hurt people hurt people," and she was (and is) right.
I care a great deal about people wherever they are. Because people are (which is the whole point you're missing) on the whole, decent, and if given the chance, kind, caring, and willing to do the right thing. As such, they are worthy of the same.
You say that Americans think the world owes them something. I'm sure some (but not most) of us do. And those are the people who wouldn't call the police if they saw someone's house being broken into. Sound familiar?
The problems we have come from people like you. With your "Fuck you Jack! I'm alright." attitude. We have a word for people like you: sociopaths.
Whether you're a poor sociopath or a rich sociopath, it really doesn't matter.
The saddest part is that you don't realize that you and the people like you *are* the problem.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Have you ever lived on the street?
Have you gotten your meals out of dumpsters and supplemented them by shoplifting?
If not for family and friends I would be.
Have you gone days and days without a shower because you had no place to take one? Slept in parks and alleyways?
Once again, if not for family and friends that could happen to me.
I'm guessing the answer is "no."
The answer is no because I still have some family members and friends left. When I don't then the answer will be yes.
Well, I have. And you know what? I survived by doing what I had to do and through the kindness of people who had nothing to gain by helping me. Without those people I would be dead and we wouldn't be having this pleasant conversation.
What you experienced was caused by society, and was resolved by society. People are starving because of society. People live on the streets because of society. Yes society has some good people in it who care about people, but society itself does not care about us. It's individuals who care, not groups.
I learned that nobody owes me anything. I get what I get because I work hard for it. As it should be.
You get what you get because nobody is stopping you from working hard to get it. Don't assume that in every situation you'll be allowed to get something by hard work. Don't think just because you work hard that you are entitled to anything. Hard work can still leave you on the streets starving. Welcome to the real world where people all over the world in every country, including in this country, work hard, are willing to work hard, and still have nothing to show for it in many cases. If you have shelter, food, a bed, no matter how you manage to get it, consider yourself fortunate to have that and not be locked up in a prison.
What is more, I try to help people. Why? Because it's the right and ethical thing to do.
It would be just as right for the jews to help Hitler when he was homeless. Right? It would be just as right to help Mao when he was homeless right? It would be just as right to help Hitler when he is was dictator right? Or Stalin? Do-gooders help anybody, even their enemies. Do-gooders will even help enemies of human rights, free speech, and all the ethical positions they pretend to hold, because for them it's just about feeling good about themselves rather than actually helping themselves and others. If you want to feel good then go help random persons, if you want to accomplish something good then help one specific person at the most opportune moment.
I don't judge people by what they have or how they live or paint whole societies with a broad brush. I go by what people do and what they say.
I go by what people do. If I don't know what a person does, I don't know the person. If I don't know the person I cannot calculate the effects of helping them. A notorious rapist in the city could have their car break down, and little do I know someone is in the trunk of their car tied up, taped up, and still alive. If I help the rapist change his tire, he could go on to drive into the woods or the middle of no where, rape and murder the girl and dump the body. But I got to feel good about myself at that moment in time because I helped a complete stranger? When you don't know a person you don't know whether or not helping them will be good for you or bad for you, or good for society or bad for society, this is why it's better that we help people we know. This is why the US government does not help random people starving overseas, but it does help it's friends and the people it knows.
We live in an unequal world. It's not right and it breaks my heart to know that many people have short, harsh, brutal lives. But I can't make everything better.
Then why do you help strangers? Just to feel goo
Troll.
No, no, you're not thinking; you're just being logical. --Niels Bohr
I've wondered about that. from what I've seen of the culture I've not been impressed. largely it seems to be a lot of anti-social ppl full of themselves. Sad really.
Sucker.
"Hacker Posts His Crime On YouTube, Lands In Jail" ... Geez, seriously? Crime + Youtube = Jail? Even if your nick is H4XZ0R? Surely the feds can't find that out! ...
Who cares if the person was a "security researcher" or "cybercop detective"? What's it matter?
I would think there's a big difference between researcher and investigator. A researcher is one who is more a scientist taking careful scientific steps in order to find security vulnerabilities and to create new or improve existing security technologies. An investigator is one who uses processes already found and/or developed by researchers in order to do their job. That's my best guess in response to your question. And yes, it does matter to those who have some intelligence.
So it's simple. If you are a cyber crime investigator, then don't pretend to just be a "researcher".
Are you fucking retarded? Do you think undercover organized crime investigators should wear "Hi! I'm in the FBI!" t-shirts to avoid confusing the poor mafiosi?
That depends. If you are talking about investigating violent organized criminals then I could agree with you but these are hackers. Why would we need undercover organized crime investigators to go up against them in this specific instance?
I agree there could be some hackers out there who would require that, such as terrorist hackers or hackers who are actually in the mafia, but I don't think every hacker should have to be treated like some sort of organized criminal.
Also if there are undercover cops, from my perspective I'm not one of them so why would I think it's good if the underground hacker community, or slashdot for that matter were flooded with undercover cops? Those undercover cops being ubiqutous in the hacker community or in any community does not really necessary benefit the community. Automatically taking the side of authority, of undercover cops, does not necessary mean you are taking the good side or the civilian side in every situation.
So yes I think the FBI, at least the majority of so called cyber police or whatever they are calling themselves at this time, should have a badge, and act like cops. Just having a heavy police presence can deter a lot of crime from ever taking place. It will not deter all crime from taking place but it will make it so hackers don't feel like the internet is the wild west. I'm not implying that there is no role for undercover cops, I'm implying that if these so called "security researchers" are undercover, their covers suck and wouldn't even fool a teenager. They already wear the "I'm with the FBI" T-shirt by their behavior and passion, and if they were truly undercover cops I would have expected more varied cover.
This sort of cover is like hiding the undercover cop as a journalist. It sucks as a cover because it damages the trust in the community and makes the job much more difficult for actual researchers who aren't undercover cops.