Slashdot Mirror
2600 publishes FBI's inflated Mitnick money figures
Mike Schiraldi writes "2600 published some letters they have acquired which were originally sent to the FBI by companies whose systems Kevin Mitnick had compromised. In a nutshell, the FBI asks, "How much damage did he do?" and they say, "Well, it cost us $10,000,000 to develop this application, and he got a copy of the source code, so he did $10,000,000 worth of damage." Now the government is furious, and is trying to hold Mitnick's lawyer in contempt of court! But the information that was leaked is supposedly public information. " Yeah-compare contrast the two letters. OK-maybe government intelligence is a misnomer.
For a community (the "open source" community) that always guards vigorously against misuse of the word 'hacker' to pay so much attention to the plight of a 'cracker' like Kevin Mitnick is startling.
The man is a cracker. If you look at 2600 magazine sometime, you will find that it's simply a stew of scripts and sub-literate schematic diagrams. Mitnick isn't a technical wizard by any stretch of the imagination. People like him have this technique called "human engineering" that they use- it's also known as "lie to people in any way necessary to get them to tell you their password." Think about what people like him represent next time you're nervous about paying for an online transaction with your credit card.
The whole romantic notion of the 'electronic bandit' is badly in need of updating. I've looked at some of the virus newsletters and the supposed 'virus source code' they contain. Mostly I have found debug scripts (basically similar to UUencoding- hex dumps of the object code for virii). It's very unimpressive and makes it apparent that most virus distributors are simply the electronic equivalent of a snotty nosed 5 year old kid spreading a cold virus at kindergarten.
The "true believers" in Mitnick will read this and just fume, or ignore it. The rest of you, think about it a bit and reflect on wether you want anything to do with the likes of Mitnick.
[devil's advocate mode: on]
Both of the examples you gave were for physical things that were stolen. Money and a MP3 player. While the felony robbery for $20 would carry a high sentence (primarily for the "assualt with a deadly weapon" aspect) not much in material damages was done. Emotional distress may apply here, having a gun in your face would not be fun. The MP3 player you were going to market is a bit closer to what is claimed. However, to be really accurate make it the MP3 player DESIGN. The schematics and source code. And let's say they broke into your computer and downloaded your CAD and C files.
Now we're close.
OK. He had stolen property. That I will agree with. However, as you sated, the penality for that should relate to the damage caused by stealing that property. This really isn't "stealing" in the traditional sense. It is copying. The rightfull owner still has full use of the property in question (unless he deleted the files after downloading). So, the only damage caused is that there is now a copy of your source/designs/etc. out there running arround. Oh, and maybe the fact that a password has been comprimised. Change the passwords and add 5 minutes worth of time for each employee at thier respective hourly rate to the damages bill.
Now. How is one person having a copy of your code damaging you? Can you prove monetary damage from that copy EXISTING? Remember, as the prosecution you must prove "beyond a reasonable doubt" that there was damage, and how much damage. Of course, given some of the stuff I've heard about how this guy has been treated by the government I wouldn't be surprised to see them ignore the law. There have been murders treated better in our criminal justice system.
Now we must consider the distribution of the code in question. Was it distributed? To whom? Were they just friends of the accused? Competitors of the victim? Posted on the internet? Let's assume that the value of the code is basicly what it would go for in the stores as a binary. It's worth is the price of the compiled product on the store shelf. A bit simplistic, but for the sake of discussion... So anyone he gave a copy to has priated the program and as the distributor he is responsible. I doubt that figure is in the hundreds of millions. If it was a competitor, then there may be more to consider.
[devil's advocate mode: off]
I don't agree with what he did, but the figures quoted are rediculous if all he did was make a copy, which is what I've heard. I'm not following the case, so I may well be wrong. If all he did was copy some data, breaking and entering would be a better charge. And the bail should have been reasonable and available to him. I've heard he keeps firing lawyers and simply couldn't make bail, but that it was very high. If he's still in prison because he didn't/couldn't make a reasonable bail, he has no right to complain. If he keeps firing lawyers so the court has to keep moving his trial date back, he has no right to complain that he didn't get a speedy trial. As long as the court had set a reasonable date for the trial before the firing of the lawyer.
This is all based on my basic understanding of the case and I've tried to present differing viewpoints for the reader to consider. As usuall, check the facts, I might be very wrong.
Kevin Mitnick made personal copies of a whole lot of closed source code without permission.
Was this right, legal or ethical? of course not, but this does not mean that the damages are equal to the cost of the development, unless of course he had destroyed all the working copies of the source code or had sold it to an unscrupulous competitor who somehow managed to clone the software and release it without anybody realizing that it's identical.
Personally I think the companies should have to pick one side or another. Either they took a major loss, which should be accountable to the SEC and be able to be listed in their financials, or they didn't.
You can't be half pregnant.
The slashdot description wasn't written by anyone at slashdot. Notice the quotes; they are just repeating the story that someone has sent in. Don't blame slashdot for spin they haven't even created.
But here I think you may have missed a valuable point: we must defend to the death the rights of our citizens. Period. We have to stand up for every dirtbag, every sKript kiddie, and every wannabe who thinks he can 'hack the planet'. We cannot allow unpopular people to be persecuted or have their rights taken away, no matter what we feel about being associated with them. We will lose our freedoms bit by bit and piece by piece to a large faceless all-powerful government if we dare not.
When all computer experts are viewed with suspicion, when false evidence is arrayed against us, and ludicrous false trials are held to condemn us, who will stand up for our rights? I'm not saying that these things are necessarily happening to Kevin Mitnick, or that they aren't, but as Americans, we must, absolutely must defend his rights as vigorously as we would defend, o say, Linus Torvalds.
You cannot arbitrarily decide who deserves justice and who does not. We all have a right to fair judgement under the law, and must all be judged equally.
Check my Go-related blog for beginners: DGD
From the Nokia Letter:
A rough estimate of the development costs of stolen software and tools, including testing is US$ 7.5 Million.
....[and] a further US $120 Million in lost revenue due to new developments being delayed in reaching the market.
From the Novell Letter:
the cost associated with the development of the source code is well in excess of $75,000,000.
From the Fujitsu Letter:
Software development expenses... $1,100,000.00
Research & development expenses.. 1,000,000.00
Total... $2,100,000.00
You are not going to convince me that because some software tools and development models were copied, that it is going to cost Nokia 7.5 Million dollars. And you are DEFINITELY not going to make me believe that Nokia lost $120 Million in lost revenue because of "new developments being delayed." PISH. Nokia makes a ton of cash, as does Novell and Fujitsu.
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
In the slashdot description for this story, it stated the "damage" estimates were in the millions. It is setting up a straw man argument here.
If you actually go read the response letters, it seems pretty clear that government requested figures for the "value" of the stolen material, as well as the damages done. The large dollar values were for the "value" of the source code stolen, not the "damages" as indicated by the slashdot blurb. Is slashdot trying to arbitrarily stir people up, or to report the news?
Mitnick was in possesion of stolen property. Period. The normal metric fo determining value is what price the product would get on the free market. If the product is not available on the free market (proprietary code), then the costs for development is as good a metric as any to try to determine value.
If we don't think access to source code is important and valuable, then why do we get so rightously indignant about proprietary software under Linux? If having the source code means little or nothing, then why is OpenSource software so important?
Kevin Mitnick was in possession of stolen property, and I believe he had no illusions about the legality of his actions.
The court has asked the owners of the stolen property for their best guess at it's value. They have provided it. This is why we have jury trials folks, it will be the jury's job to decide to sentence relative to actual damages, or relative to the value of the stolen property. Whats wrong with that?
If somebody holds up a liquor store at gunpoint and gets $20 bucks, then later gets caught, the individual is properly charged with a felony, not a $20 misdemeanor.
If somebody breaks into your car and steals a linux MP3 player that you spent a year developing and plan to market, then sells it to his buddy for $15, do you want them charged with a $15 crime? Do you want them only charged with a $200 crime because that's all the hardware parts were worth?
These companies just answered a question that was asked them, and the question was a reasonable one to be asked for an upcoming criminal trial.
Mathematically impossible requirements are technically not against policy.
He never released it, but other people did. Tar'd and gzip'd, the Solaris 2.5 source code takes up ninety-odd megabytes - perfect size for a Zip disk. If each copy of the source code represents millions of lost revenue for Sun, then Sun should have gone under years ago.
The funny thing is that, eventually, Sun themselves released the source code to educational institutions for free.
Dodger
Where someone can be imprisoned, without bail or trial for over four years, and without being allowed access to the evidence against him.
I'd always know that the American legal system was a little strange, but at the same time, I'd always kind of admired the US Constitution, with it's 1st and 5th Amendments, and it's insistence upon a speedy trial and freedom of information, et cetera.
Now I realise that it's all just a sham - the Government can do what they like. They can trample all over a man's rights, treat a man who's crime was nothing more than hacking into computers and stealing source code (he didn't even try to sell it!) worse than they treat rapists, drug dealers and the rest of the scum they release on bail and give suspecnded sentences to.
And what do you all do? You say "So what! He's a criminal. He can hang for all we care." Wonder how long it'll be before someone who loses control of their car whilst speeding and crashes into something, causing more than $5k of damage is imprisoned without trial for over four years, under charges of speeding.
Sooner or later, you guys are going to wake up and discover that you Constitution is no more than a piece of paper. They'll keep taking more and more of your rights until you have to get a licence to fart.
Dodger
Remember that to a company developing software, the most costly expense is usually time, for the simple reason that greedy computer geeks like us occasionally expect paychecks. The thing that makes most of these figures ridiculous is that in most cases, the time wasn't wasted: the source code wasn't gone, just copied, and there's little to suggest that any of these "victims" lost a sale because someone else snagged it using the stolen code. But to have your network shut down for a week... I don't know the details of Nokia's claim here, but that's bad juju.
Throwing into public domain? Er, there's no chance of that. The asshole may have stolen the code, but he never stole the copyright. Anyone who tried to sell products derived from the stolen source, would have received the same legal treatment as someone who tried to sell copied binaries.
Remember when the Quake source leaked? Binaries compiled from it were very popular on the platforms that Id didn't support -- but it was still considered piracy. Id didn't suddenly lose their rights just because pirates were spreading pirate-compiled binaries instead of pirate-copied binaries. Id still retained full ownership.
Therefore, the damages from source theft are less than the development cost.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If the companies claim their source as part of their intrinsic value(book value) then the losses they are saying happened need to be reported to share holders. Since nothing has been reported to share holders then either they don't consider their software a "valuable" part of their company or the SEC hasn't seen the letter yet.
"Imagination is more important than knowledge" -- Albert Einstein
Uhm, I think the previous poster was refering to some frustration a lot of us out here are feeling. People keep saying that Kevin M. is some kind of totally inoccent guy who was doing no harm and now has the full brunt of the US government procecuting him. But He's not. He broke into the systems illegally. No question. And he got caught. Spending time imprisoned without due process is a bit disturbing, but that doesn't mean he doesn't deserve to be in jail...
Look at what he did. You can't say he didn't know breaking in to the Sun computers and copying the source to Solaris was illegal (not that ignorance is an excuse anyway), because he did. He made a consious effort to break the law, he got caught and now he is paying for it. Complain to high heaven that detention without trial is wrong, but "Free Kevin"?!? I don't think so.
He broke the law, he got caught and he even admits it. The government's method of procecution may be wrong but who they are going after isn't. A lot of the people at 2600 and other places conveniently over look that. Thats what makes us up set. I'd love to see some coverage of this story thats not completely biases one way or the other...
Never by hatred has hatred been appeased, only by kindness - the Buddha
At one end of the spectrum, you have people like the 2600.com guys who probably gloss over some things that Mitnick may have done and probably also paint the US Gov in a worse light than perhaps is fair.
On the other hand you have US Gov lawyers and their ilk painting Mitnick out to be the digital Anti-Christ.
It's probably pretty safe to say that the truth lies somewhere in the grey area in between, but due to both biases and ignorant reporting in journalism, most people don't really know what's going on.
Are there any unbiased people who know much of anything about this?
You're a suburbanite.
I believe that everyone has forgotten one of the big reasons 2600 has taken up the banner for Mitnick. Yes, he stole source code and credit card numbers; that's illegal, and there are punishments under law for that. The companies involved seem to be inflating numbers to make the case look "good". No one disputes that Mitnick has stolen anything or is guilty of something.
The issue that troubles 2600 and Mitnick supporters is the fact that he's been held in prison for over four years without a trial. Habeas corpus, a legal right, has been tossed out the window. Yes, there were periods where Mitnick's lawyers requested a delay in the trial date so they could gather evidence. It certainly doesn't help the defendant when they're prevented from viewing the gigabytes upon gigabytes evidence against them until two weeks before the supposed trial date. And it's even worse when the judge tells the defense team bail will not be granted before the bail hearing even begins. A man's constitutional rights have been trampled on; even rapists and murderers get fair trials before this. Mitnick could likely get time served by now, yet he'll get the book thrown at him.
His guilt on some charges isn't in question; he plead guilty to a few a long time ago. That the gov't held off for a couple more YEARS until he plead guilty to the rest is suspicious; that he never received a fair trial in a reasonable period of time is an infringement of his rights. I guess "innocent until proven guilty" means nothing when large companies are involved; Mitnick never even had a chance to prove his side in a court of law. What a joke.
I can't wait for the SEC, or even the IRS to get involved; I'd love to see what they say about these supposed "losses".
Someday, you're going to die. Get over it.
Next you'll be claiming that the FBI deliberately sat on the NTSB's early conclusions that the TWA 800 flight was destroyed by mechanical problems, not terrorists. Besides, we needed to tighten security at airports anyway and my presentation of my passport (and references to the internal passports required for travel within the old Soviet Union) instead of my driver's license is sheer hyperbole.
Or that the FBI turned Waco from a major ATF screwup into a national disgrace.
Or that J Edgar Hoover abused his position to collect blackmail material for political purposes while ignoring organized crime.
I'm sure most of the field agents are dedicated, hard working individuals. But I'm getting damn tired of the way that the senior levels of the FBI seem to think that the ends justify the means.
Hopefully the judge will hear the arguments and toss the lawyers into jail for a week for contempt and refer the matter to the federal bar for disbarment hearings. The government lawyers, since it's precisely this type of abuse of power that the First Amendment (press and speech) was intended to prevent.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken