Chad Davis May Be the Next Kevin Mitnick

19-year-old Chad Davis, of Green Bay, Wisconsin, made the front page of The Washington Post today. The story that features him says, "During [a] June 2 search, Davis admitted that he belonged to a notorious hacking gang that calls itself Global Hell, and the FBI agents let him know they were cracking down on the group. On June 28, Davis allegedly struck back: He replaced the Army's Internet home page with the message: 'Global Hell is alive. Global Hell will not die.'" The article reads like a chapter from The Hacker Crackdown, and it looks like Chad Davis may be used as an example of what the feds can do to crackers who mess with government sites. Mainstream news stories about Global Hell started appearing in May. I expect to see many more in upcoming months. Mitnick redux? Could be.

Food For Thought

[castle]

Here's something that comes to mind about the nature of the government and its security policies on their taxpayer bought hardware.


Why the hell arent they tightening their security up?


It seems to me that a greater more cost effective solution to costly legal expenditures and questionable police state tactics would be a sturdy security policy.


With perhaps a horde of these new Information Warfare kids hired as security consultants all dutifully exploring and getting bonus cash for the holes found in the governments "essential information infrastructure" holes could be patched money could be saved and a whole lot of civil liberties can remain untouched by the grubby hands of the justice department.


Anyone else seem to think there is a conspiracy of lax security luring little hack weenies to attack government websites and get caught so that they can portray the nations data networks as in need of government protection?


(Free kevin!) but prosecute him for credit card fraud.

Using this as an excuse to say privacy == evil

[DunbarTheInept]

Look, we all know this kid was in the wrong, but what does worry me is that the govt is using this as an 'example' case. That is plain wrong. The punishment for ONE person committing ONE crime should match the servity of that ONE crime. It should not match the severity of all the other criminals you were unable to catch. I fear that they are going to end up taking out their frustrations at not being able to catch other crackers on this one scapegoat kid.

Also, the following quote from the article should scare anyone who gives a damn about privacy on the net:

• "It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.

What this guy is trying to imply is that privacy is a tool of crackers, and if only there weren't so much privacy they wouldn't be able to get away with their crimes. Notice how he makes it out to sound as if the technology is going out of its way to make it easy to be anonymous. What a load of crap! If the technology does nothing, then anonymity is the default. The technology has to go out of its way to track people, not the other way around. (The web server has to actively engage in logging activity. It takes *less* effort to forget the accesses than it does to create logs and keep track of them.)

Re:umm.. calm down

So you think that no-one should ever break a law, just because it's the law.

Yes, that's the point. Do you not understand the purpose of law? What about all the non-violent protests of the civil rights era? They were breaking the law to show how the law was wrong and to make a political stance.

In the vast majority of cases, Civil rights protesters were not breaking the law. Some were. Merely organizing and protesting is not breaking the law. When non-violent protesters do start to break the law, like by trespassing or blocking access to buildings, then they should be arrested.

if the law is a bad law, it is up to the people to protest it so that i will be changed

Yes, you're right. There are plenty of legal ways to get bad laws changed, not just protests, but petitions, ballot initiatives, letters to representatives, lobbying, campaigning, etc. Defacing a Chinese web site is like spray painting their embassy, both acts are juvenile and neither is effective at changing policy.

as for finding a hole, and then informing the sysadmin, what the hell is wrong with that? if the sysadmin isn't notified, then someone else could break in. if someone could break into my site, i would welcome them to inform me so that i could fix the problem.

I suppose that you don't mind if I break into your house as long as I don't steal anything and I tell you about it. How about if I smash the window or break the lock so you have to fix it after I leave? I don't see any difference between that and attacking somebody's systems just to see if you can get in. Is it OK for somebody with a "Slim Jim" to wander parking lots, breaking into the cars he can, searching through their stuff, and leaving post-it notes to let people know he was there? And if somebody broke into my site, of course I would want to know how. But I wouldn't thank them. I'd first take it down, research and fix the problem, and make sure I had every last hole plugged. Then I would bring it back up and try to get the cracker prosecuted.

Re:GO PACKERS!!!

[toolj23]

eww... packers! *gag*

Re:This is the most/only interesting part for me..

It isn't that hard to keep your system secure. I was a part time sysadmin for a handful of Sun boxes in the USAF. All sysadmins (even small ones like me) get the government security bulletins. If you just keep your system up to date with patches and updates, it will take somebody with serious skills to get in. Unfortunately, not every sysadmin in the government stays on top of things, so it's not surprising that some of the standard script kiddie tools will work at random government sites here and there.

Don't worry too much though. No machine connected to the Internet is allowed to hold classified information. Also, the government sites that do have somewhat sensitive unclassified information also tend to be run by people with a clue.

Re:I got raided because of gH

Nice to know that we have NO rights.... This is whole thing is bullshit!! The gov has no business busting into a persons house to steal ur personal possesions and treat u like a criminal because u MIGHT be a axOr. The is all about keeping face. U throw a pie at someone, they get mad. The problem here is some people want to throw pies @ powerful corps. and the gov. and they are pissed cause they look like FOOLS! So the gov (big corps) sends its henchmen out to push us around and scare us cause they can. So if I hate paying taxes can I go round up the IRS and abuse them in anyway?? No, then I go to jail. But the gov can come over anytime they feel inclined and *uck with u or me. It is as if NO one can escape the long arm of the law.....not even the innocent. +FREEDOM+

Re:Apples and Oranges

[X-Nc]

Read the article. He changed the homepage and some other stuff. In this web enabled world defacing a website is tantamount to taking a sledghammer to store front.

---
"Who pill da cubby custar?"

A bit out of a soon-to-be-hit play...

Consider the crime if it were done in a different medium. Iambe and the FBI comment on the situation:

Iambe: Oh, they caught the little lawnmower kiddie. My heart bleeds.
FBI: Yup, we got him! It took us plenty of expert analysis of the gasoline fumes left behind in the soil, and we had to examine the cut marks left by the blade and the tracks of its tires very carefully to be sure we had the right guy. But he won't be mowing "FREE THE FIFTH-PERIOD SEVEN" into the grass at the high school any more!
Iambe: I hope you're going to punish him.
FBI: We will. He'll probably hang.
Iambe: That's nice. I feel so safe now.

Re:How To Crack a Web Server

[poptix_work]

Erm, how hard is it to firewall all but port 80 (www) on these machines? that limits you to only exploits in apache, which are few and far between.


I've secured many machines for private organizations, and I admin a shell provider, it's NOT hard.

Walls? Where the hell do you ppl come from?

First, don't say that defacing a property is a minor crime. It isn't. Especially when the system and data are worth more than the hired help combined, which is usually the case. Here is a better analogy: Commiting armed robbery [cracking] at a 711 [the system], you draw your gun and the clerk [kernel] has a heart attack [fatal error], which in turn widows his children [ processes halt ], the clerk dies [[any] data or running processes are corrupted or lost]. Now, place a dollar amount on things and the damage is no longer trivial. Time is how these systems make money, you deal with a higher power when you mess with ppl's money. Besides, the law says that anything that happens in the course of an event that you caused, you are held responsible. So, would you have the intruder get a slap on the wrist for murdering the clerk? I don't think so, that contradicts way to many laws. Granted a computer is not a person, but ppl do depend upon computers heavily this generation. If a system is down or [infiltrated] it could mean LOTS of $ lost or $ to be shelled out for such incidents. Ppl get paid for security services, that doesn't mean you should break the law [litter] and then say it was nothing major. Laws are there for a reason, and believe it or not, they came the people. Besides, be happy that they are so lax, there used to be other ways of dealing with that sort of trouble. Maybe Mitnick is owned by them now? Scary, neh? Second, Mitnick wasn't a 'script kiddy'.. he actually knew what he was doing. Third, Government is not paranoid without cause; there is more than one rational explaination, but I will give one: Private sector salaries are higher than public service jobs. So how can they protect themselves when they can't afford the best? Authority. It is panic, but remember, corruption was a part of the downfall of Rome. Recap: Grow up, ppl got money on and behind those systems. Realize, you break a law, then you face the wrath of the public. Especially if its public tax $'s you will be punished to the full extent [and then some at a whim] of the law. And you have no rights when you cross that line. Expect to be caught, your arrogance will get you caught. It always does.

I couldn't agree LESS

I can respect people that hack sites to point out security problems and make a political stance

Sorry, I can't respect people who break the law. Claiming that the purpose of a crack was to point out security problems DOESN'T EXCUSE SOMEONE FOR BREAKING THE LAW. If some cracker exploits a hole in some government site, and just quietly tells the sysadmin, they should still be prosecuted. And there are plenty of legal ways to make a political stance. Just because you don't agree with some group politically doesn't mean you have the right to deface their site. I think you're an idiot. Does that give me the right to spray paint your house to make a statement?

while the hack/non-hack of hotmail the other day was a welcome and necessary hack

That's the most ridiculous thing I've ever heard. Tell that to all the poor fuckers who had their email read. What kind of skewed belief system do you have?

'Hacking' code makes a hacker not.

Why can't programmers just give up on the word "hacker"? Give it up -- it's a dead issue, and nobody else cares anymore.

By definition, a hacker is simply someone who hacks, which is broad enough to include lumberjacks, locksmiths, and anyone who's been smoking Camel straights for 30 years. These people, as well as programmers (with perhaps some overlap) all "hack", even if it isn't in Assembler.

Furthermore, the words "gay" and "queer" are completely unusable now, unless you are a homosexual. You're certainly free to say that you feel gay as in "happy", or queer as in "strange", but don't expect a lot of sympathy if someone takes it the wrong way.

if (hacker.mood() = offended) { BIG_DEAL("$0.02") }

Re:Setting an example

[Stonehand]

There's a large difference, 'tho.

There's little gain in cracking/vandalizing a web page (unless you're being hired to do so...), except for reputation, ego or pride. The negative is that conceivably one could gain a felony conviction and jail time, which would probably put a huge damper on one's future -- and that's a pretty poor tradeoff. One could get a reputation by going around and murdering random people with, say, a chainsaw, but the cost-benefit analysis is pretty poor there too (likely endings: life imprisonment, shot by cop, or a years-delayed death sentence. It's not exactly compensated for by a badass reputation.), and it doesn't happen too often.

On the other hand, it's quite possible to live by robbery, burglary or drug-dealing (at least until you get caught)... and drug abuse tends to have a self-perpetuating psychological bonus, however temporary. That's their gain, and many will take the chance of getting busted.

Re:Give the cheesehead a break...

Fools In Black........ errr...

Re:Crackers: Worse than murders/rapists/molestors

Sure. "Iron" Mike Tyson. Convicted rapist. 1 year jail time.

Kevin Mitnick. Cracker. 4 years jail time (still locked up today).

Still see no problem here?

To put it another way suppose you get to judge. You have two cases before you for sentencing today. One is a guy who hax0r3d you web site and put up a page saying fr33 k3v1n. The other case is a guy who raped your wife.

Who will you give the bigger punishment to?
Now why shouldn't we all be pissed an how Kevin Mitnick has been treated by the legal system?

Re:This is the most/only interesting part for me..

[castle]

Yeah... prison labor... that's the solution to
the country's ills.


Just wait untill more people start thinking that is the way to go and start a mandatory policy of imprisonment. Saves the rest of us money dont you think? What should the ratio be. Hmmmm...


Anyone who actually thinks that it saves money to society to have someone locked in jail doesnt stop to consider the fees we pay to the correctional institution infrastructure in this country. One of the top growing industries I hear. Someone got some hot tips on stocks?


Its far more economically sensible to not have to put someone in prison in the first place. The amount of money that person makes (which gets spent by them and gets taxed from them) is far more beneficial than having them operate a drill press in the big house.

Re:Who cares about these scum!

[Giles+Constant]

If all it takes is a "script kiddie" to break into .gov websites then perhaps the government should employ more script kiddies to sort their security out. The guy is a cracker. Also a hacker.

kiddiez defending kiddiez

[cswiii]

It's so strange, all the time I see posts on slashdot discussing the difference between hacker and cracker, yet out of the woodwork comes morons to defend this kid. If you're looking for the difference between hacker and cracker, take Davis as a prime example. Before cr/hacking even became the topic du jour, there was always the pretense that 'information should be free' (Ignore any parallels to some 2-bit movie).

Thus, early on, you had hackers who, did things because of their enthusiasm for all things electronic. Some of these had a quasi-political agenda, but they did what they did under a loose concept of 'knowledge'.

Today's crackers aren't of the same mindset, and thus can hardly be considered hackers or not, regardless of their 'computer enthusiast' aura. Any hacker ethos doesn't exist w/in the mind of a cracker.

This said, there are far more grounds, IMO, to punish Davis than Kevin Mitnick, Robert Morris, or anyone else who has/d even a glimmer of a true ethic. Script kiddiez give nothing to the hacker community, nor do they do anything to further society as a whole. They're just in it for the ego boost, and end up being parasites, dependent on their hosts (i.e., this world, the hacker community) -- and draining them.

Crackers do nothing that can be considered 'worthwhile' -- not even finding security holes (nevermind that hundreds before them have already 'found' them) -- because everything is still done under an exploitative pretense. If it's not done for the pretenses of knowledge or information, I could care less if the bloody bugger gets time.

Re:They were made fools of. Now they punish him.

Hehe..actually, one could draw a parallel to the execution of Socrates, to defacing a gov web site. Socrates harrassed the government as well. So they had no other choice but to kill him. Granted I doubt Chad can pronounce Socrates, let alone match his wits. Either way, it amounts to a govt extinguishing an irritating presensce.

Re:He gets what he deserves

[panZ]

Here here... this genius uses his own phone line and goes directly from his ISP to the target system. I know script kiddies that are smart enough to bounce around through a few low security elementary school computers first. Oh yea, prooves he has brass ones by showing how eager he is to meet his new boy friend in the state pen. They should make an example of him but I fear that may make him a marter to his script kiddie buddies.

NO one deserves jail for such a misdeminor crime!!

[Vehstijul]

someone goes into jail a small time criminal, not really that mentally fucked up, but then... post jail- he/she emerges into the bright happy world a traumatized, (you can imagine what kind of ass candy a 19 y/o kid has to offer to scary "bubbas") hardened, ("here kid, lemme teach you a little something about the tricks of the trade") betrayed, (yes, the gov't betrayed him) wasted, (spending a few years in prison, esp. during those crucial late teen/early adulthood times, can make someone jaded/tired about life) yes, he did a stupid thing, the equivilant of graffiti, but mabye he should pay a fine, obligatory counseling, public/community service, monitored access to the net, anything, but NOT something that is going to excerbate the problem. 8) i'll get off my soapbox/loudspeaker now.

Re:How To Crack a Web Server

[Fastolfe]

I don't think it's terribly hard at all, but what makes you think this machine is used only for the web site? Maybe they do e-mail on it too? All it takes is one exposed vulnerable service.

Even if they did split the tasks between servers, all it'd take is one exposed vulnerable service on one exposed system to make everything else behind that firewall exposed.

If you run some vulnerability scan against an entire subnet, find a system you can get into, it doesn't take much more work to proceed again to a system that you ordinarily wouldn't be able to reach. In many cases, those "firewalled" systems tend NOT to have the latest patches and fixes installed, simply because the admins don't feel that there's much of a risk, since the firewall will protect them.

Re:This proves that people need to tighten securit

Individuals not securing their property take their chances but in the end what they do has no bearing on other people.

Um, if individuals didn't lock their homes, more would get broken into and MY insurahce rates would go up. Your bad health habits add to everyone's healthcare costs. Your bad drives affects my auti insurance rates too.

etc.

Re:Tech. doesn't hack websites, people do!

[Fastolfe]

I don't think his point was that technology is the culprit here. I think he was trying to say that they aren't doing all of this investigating and they aren't having such a hard time tracking these guys down because they're GOOD; the suspects simply have access to programs/scripts (written by someone else) that make it difficult to track them.

He was just pointing out that they're not dealing with super-sleuths, just kids with access to "technology."

Re:why compare?

[Ronin+Developer]

He might have stolen 20 000 credit card numbers, but never used a single one of them to buy stuff!

Then, what was the point of stealing 20K of credit card numbers? Did he plan on printing them out and using them as wallpaper? Sounds like he intended to pass them to friends for fun or profit in an act called fencing of stolen goods(Another criminal act).

Broken Window or Open Door?

[iserlohn]

Security holes are more like open doors. Sooner or later, someone's going to venture in and look around (regardless if they steal or not). That's why you lock your windows and door, and it's the same reason you lock your car after you park it. If you leave them open, it's a invitation for people to come in and mess around.

It is really easy to do and people should make a habit of it. Apply the same logic with computer security, and people should make a habit of securing computers.

Would the army build a base with a section of the fence missing? Probably not. Would the army arrest a guy who happens to venture in a unfenced section? Probably yes, but at least he won't be in the slammer longer than someone such as Chad or Kelvin.

Re:Broken Window or Open Door?

It doesn't matter whether it's like an open door or a window - If it's not your property, you have no business inside.

The reason I lock my doors and windows is that some people can not grasp this simple fact.

Who cares about these scum!

[mattc]

A criminal is going to jail? Oh what a shame. I am deeply concerned about the welfare of script kiddies. Yeah, right.

Re:Who cares about these scum!

[dirty]

He's also a moron. Cracking your school's website, or some little ISPs site is one thing. Cracking the army is plain stupid. The guy was told he was under investigation, so he did something to get bragging rights. He'll get what he deserves. Even if they execute him it will be fair, we don't need morons like this polluting the gene pool.

Re:NO one deserves jail for such a misdeminor crim

hardly the equivilant of graffiti. unless you would consider sneaking into a military base then breaking into one of the buildings and going up to the roof and hanging a big huge banner off the side just a simple harmless act of graffiti? i really dont think most people would and i think it's safe to asume that the military would deffinitly take it very seriously.

Re:why compare?

[Ronin+Developer]

Okay..so according to your beliefs, stealing as a is okay as long as it's just a hobby and the individual has a legitimate job. Yeah...that sounds right to me. Idiot. Where do you people come from?

Re:This proves that people need to tighten securit

[castle]

You should rephrase *steal* with *make exact copies of* just a little FYI on your logical analysis organic|quantum submechanics.

You get what you deserve

[Masem]

IMO, if you are a *cracker*, and go around and maliciously change sites, especially those with the means and ways to prosecute you, you get exactly what you deserve.

On the other hand, if you are a hacker and find a security loophole on the same sort of sites and quietly let the owners of the site know about that, you should be able to report that without fear of being prosecuted.

Unfortunately there's a fine line here and it's rather hard to define. Maybe we need to have people join a Hackers Union to allow them ethical hacking privaledges.

Re:You get what you deserve

It's no more illegal for me to look in your windows than it is to portscan. not sure where you live but in some parts of the US there are laws called "Peeping Tom" laws that do make it illegal if it is persistant premeditated and lets face it partscan isnt even close to just walking down the street and turning your head and noticing that someone has their tv on. portscanning is premeditated and is often persistant. It is no more illegal for me to walk into your home than it is for me to log in to a system. again, in all parts of the US that i know of this would be considered trespassing at a minimum and in some parts it can be much worse especially if they can in anyway construe some form of intent. usually people dont accidentally log into an account that they dont officially have access to so intent (even if minimal) is not that hard to prove. It *is* illegal for me to take things from your premesis, damage your property or abuse your dog, however. and rightly so! How many times have you tried to open the wrong apartment door? never and i would honestly believe few people ever have. it's kind or hard to forget where you live. Or car door? i never have and again i would say it's rather rare for anyone to try to enter the wrong car. i will admit that on many occasions i have walked twords a car that i though was mine but when you get close few cars actually look the same since it becomes fairly obvious that the liscence plate is different, the ding in your side panel is nolonger there, you dont have a stuffed garfield stuck to your window, and the seat is in a very different position, etc.... If you called a wrong number, can the person on the other end of the line have you arrested for harassment? no more so than if you made a typo and sent someone you didnt know and email. i'm not sure how this relates to accessing a system though. The 'net is a lot different from real life. actually it isnt very different at all and if you really believe it is then please explain. The same body of laws cannot reliably govern both bodies and serve (ha!) justice. again, i dont know where you are from but here in the US justice rarely has anything to do with the law :)

Re:You get what you deserve

[dirty]

I tried the white hat dealie once when a sysadmin offered me $100 if I could break into his ISP. 30 seconds later when I /msg'd him the contents of a file which only root could read he backed down on his offer because "we never made it official." I should have rm -rf'd the system, but I was a good little boy and for some ungodly reason patched the whole myself.

Re:You get what you deserve

[Caball]

You know your in for a self promoting reply when they start off with "Whatever", and half the message is filled with their own achievements (LOL). Seems to be a need to pat yourself on the back around here and tell the world how good you are, while at the same time, not really adding any substance to the thread.

**Whatever. If you don't want someone in, make it so they can't get in.** Excuse my ignorance (seriously), but isn't that impossible?

Anyway, your wrong, and obviously mentally challenged to make this argument. Whether you were commended or arrested, it is irrelevant. You are not supposed to be there, and it is illegal for you to do so (why were you not arrested... were they were embarrassed and wanted to avoid the publicity?). I don't believe for a minute that they were happy you broke in, just because you helped them.

Also, I am not quite sure what your point is in your "real world" example. What does "noticing" have to do with anything? If you can break into a home undetected or by yourself, it's ok? Help me here :)

That's it, nothing else to say. If it's illegal, it's illegal no matter your intentions or whether or not you were noticed.

Peace!
Caball

Re:You get what you deserve

Well, I cruised through Citibanks credit card database today, but I didn't have any malicious intentions, so everything is A Okay. NOT!

But what happens if you go to some web site and come across a link to the credit card database, where no password is required? It would be illegal for you to use the credit card numbers, but it is not illegal for you to browse a public web site. Things like this have happened in the past. If somebody did find a hole like this, I would want them to tell Citibank before someone malicious finds out and steals my credit card number.

Re:You get what you deserve

damn this site sucks! trying to fix this damn post and slashdot keeps disapearing :(


It's no more illegal for me to look in your windows than it is to portscan.

not sure where you live but in some parts of the US there are laws called "Peeping Tom" laws that do make it illegal if it is persistant premeditated and lets face it partscan isnt even close to just walking down the street and turning your head and noticing that someone has their
tv on. portscanning is premeditated and is often persistant.

It is no more illegal for me to walk into your home than it is for me to log in to a system.

again, in all parts of the US that i know of this would be considered trespassing at a minimum and in some parts it can be much worse especially
if they can in anyway construe some form of intent. usually people dont accidentally log into an account that they dont officially have access
to so intent (even if minimal) is not that hard to prove.

It *is* illegal for me to take things from your premesis, damage your property or abuse your dog, however.

and rightly so!

How many times have you tried to open the wrong apartment door?

never and i would honestly believe few people ever have. it's kind or hard to forget where you live.

Or car door?

i never have and again i would say it's rather rare for anyone to try to enter the wrong car. i will admit that on many occasions i have walked
twords a car that i though was mine but when you get close few cars actually look the same since it becomes fairly obvious that the license plate is different, the ding in your side panel is nolonger there, you dont have a stuffed garfield stuck to your window, and the seat is in a very different position, etc....

If you called a wrong number, can the person on the other end of the line have you arrested for harassment?

no more so than if you made a typo and sent someone you didnt know and email. i'm not sure how this relates to accessing a system though.

The 'net is a lot different from real life.

actually it isnt very different at all and if you really believe it is then please explain.

The same body of laws cannot reliably govern both bodies and serve (ha!) justice.

again, i dont know where you are from but here in the US justice rarely has anything to do with the law :)

Re:You get what you deserve

[kraut]

As long as the punishment is in proportion to the crime....defacing a website like this is more akin to spraying grafitti than to robbing a bank. So the guy should be getting a fine or a similar slap on the wrist.
What he will get is the same as Kevin Mitnick - several years locked up waiting for a trial.

Re:You get what you deserve

[QBal]

Cracker = A person who breaks into computer systems, using them without authorization, either maliciously or to just to show off.

Hacker = 1. One who is knowledgeable about computers and creative in computer programming, usually implying the ability to program in assembly language or low-level languages.A hacker can mean an expert programmer who finds special tricks for getting around obstacles and stretching the limits of a system.
2. To some people it means an unconventional programmer or one who is not formally trained, or one who jerry-rigs programs (making temporary fixes that are not well-done).
3. At MIT, a "hack" means a practical joke, especially one that requires intelligence and technological skill to carry out.

Whacker = An incompetent hacker.

Re:You get what you deserve

cracker==hacker hacker!=cracker learn it moron

Re:You get what you deserve

Cracker=Hacker. Get used to it punk.

Re:You get what you deserve

[Caball]

Uh, no. This has nothing to do with what you do with your findings, it has to do with ILLEGALLY entering someone else's server. It should make no difference if you change the web site, or report your findings to the owners. Your not supposed to be there, regardless of your final intentions.


Well, I cruised through Citibanks credit card database today, but I didn't have any malicious intentions, so everything is A Okay. NOT!

Re:You get what you deserve

[Stonehand]

From an ethical POV, you're perfectly right. If a sysadmin has reason to believe (perhaps because the intruder left a note) that security has been compromised, it's his duty not to trust the intruder -- since if the intruder were really a "white hat", he'd instead be auditing source code and sending in patches, and a root compromise is a root compromise that basically demands a reinstall.

In some countries, however, it's perfectly legal to crack a system you don't own, without their cooperation, without telling them, and even stealing (non-classified) information in the process, IIRC. The US happens not to be one of them, and with darn good reason.

Re:You get what you deserve

[tzanger]

Uh, no. This has nothing to do with what you do with your findings, it has to do with ILLEGALLY entering someone else's server. It should make no difference if you change the web site, or report your findings to the owners. Your not supposed to be there, regardless of your final intentions.

Whatever. If you don't want someone in, make it so they can't get in.

This is quite different than your home or a "real world" scenario. A thousand people can't try to crawl into your house at once without someone noticing, but ten thousand can try that on the 'net.

I've put on a white hat several times and pointed out security issues without people's permission. In all cases (7) I've been commended, asked for recommendations and retested. Yes, I've got sysadmins fired. But only the bad ones.

Your point? Would you say the emperror (sp) has no clothes?

Andrew

Re:You get what you deserve

[tzanger]

Ok. Let's take your arguement down one step at a time, shall we?

You know your in for a self promoting reply when they start off with "Whatever", and half the message is filled with their own achievements (LOL).

I don't consider white-hatting an achievement. It's an application of knowledge if anything. I didn't reply to brag, but you seem to think so. I replied with firsthand experience of my actions being taken for a good cause. Perhaps I hit the IP by accident the first time, but got curious. Hardly illegal.

**Whatever. If you don't want someone in, make it so they can't get in.** Excuse my ignorance (seriously), but isn't that impossible?

How is it impossible? You're just throwing forward words in an attempt to make yourself look intelligent. If you don't want people accessing your SMB shares from halfway 'round the world, you put in a firewall and passwords. Three of the systems I secured had this wide open. Either the admin was either negligent or had no clue what they were doing. Packet filtering is very easy to set up stops people in their tracks, *especially* when used from a system with BIND locked down and reverse checks to keep the spoofers away.

When people compromise systems which are trusted to other systems to get what they want, that is a little more than stumbling upon something and investigating it. That's a full-out attack and I do consider that above and beyond the norm.

In short, no it's not impossible. It takes time and you'll never be 100% done, but you can sure fill the glaring holes and with sufficient logging (remote logging) make damn sure you can see if anyone's sneaking past the cracks.

I must stress, however, that logging is the key. It gives you a basis for what "normal" is, and from there it is far easier to get that "hunch" that something's wrong. This is very important if you want to detect attacks that aren't caused by skript-kiddie-du-jour methods.

Anyway, your wrong, and obviously mentally challenged to make this argument.

Ahhh. Here we go. Straight to the heart of your reply. No proof, just accusations. And not just accusations, but personal attacks too. I bet you're a champ on the debating team, aren't you?

You are not supposed to be there, and it is illegal for you to do so

It's no more illegal for me to look in your windows than it is to portscan. It is no more illegal for me to walk into your home than it is for me to log in to a system. It *is* illegal for me to take things from your premesis, damage your property or abuse your dog, however.

If you don't want people coming in to your house, you lock the door. That way when they break in you've got them for break and enter. If you leave your door open and I walk in, no matter how rude, it is not illegal. Doubly so if it is my first time walking in and you have no postings stating that you do not wish me on your property.

I don't believe for a minute that they were happy you broke in,

I highly doubt they were happy, either. They were actually rather pissed that it could be done, in fact. Especially since the admin said it was secure and I walked in on an unpassworded account.

If you can break into a home undetected or by yourself, it's ok?

No. You said break in. If I left my door open and you walked in, it's not break and enter and therefore not illegal. I may be very suprised and I can ask you to leave, but until you refuse to leave, you did nothing wrong, save for perhaps behaving rudely. You could have honestly walked into the wrong house, or at least have claimed so in any case.

How many times have you tried to open the wrong apartment door? Or car door? Is that illegal? If you called a wrong number, can the person on the other end of the line have you arrested for harassment?

Granted, trying to bruteforce a password is a lot closer to trying every key on your Infinito-Kombo-Key set than it is to using the wrong key once or twice, but that's where the differences between the 'net and the real world come in.

It's getting late in the day and the edge on my arguement isn't coming through very strongly. The thought however is that network security is a LOT different than home and property security and should be treated entirely differently by law enforcement.

The 'net is a lot different from real life. Get used to that. The same body of laws cannot reliably govern both bodies and serve (ha!) justice.

Re:You get what you deserve

[Caball]

I stand down... well thought out and communicated.

Re:This proves that people need to tighten securit

[castle]

What a freak.

Don't Diss Mitnick

[infojack]

Don't be comparing this kid to Mitnick, Mitnick had skill, this kid had a bag full of tricks.

Re:Don't Diss Mitnick

[dirty]

Why has mitnick become a god in the (h,cr)acking community? He had no skill. He could social engineer, but IMHO social engineering isn't that great of a skill.

Re:Right on! Cracking == 20 years min!

[dirty]

Mitnick screwed himself over. He waived his right to a speedy trial. I get so sick of seeing people talk about how Mitnick didn't get a speedy trial. He waived his right, it took a while, it's his problem.

Re:Crackers: Worse than murders/rapists/molestors

I find your worries about declining property values unrelated to defacing web pages. The tenuous, 6 steps of seperation-laden drift from the already dubious graffiti analogy is beneath you. Or should be.

This kid did not use permanent spray paint to desecrate a person's private dwelling. He used the electronic equivalent of a dry erase marker on a glorified electronic roadside billboard. If any analogy applies, it's that one.

This is not to say analogies or hyperbole are needed. If I were to follow your argument to it's conclusion I could rant about "black people being 'proven to lower housing values' in racist white neighborhoods. Tough luck." This of course would be an absurd strawman attack on my part, but it's the sort of thing that happens when you start down the path of specious arguments.

Why not simply describe what actually happened? He temporarily defaced a web site belonging to a military organization. An organization, however legal, of hired killers by the way. (This is not hyperbole, just a lack of affording excuses to an organization that trains death squad governments throughout the Third World.)

So... Big deal. Cut his allowance and make him donate time doing web pages for non-profit orgs or something.

Support for putting a child in prison for a prank is an indication of the increasingly violent and primitive culture taking over the US. Nothing against Third World countries, but I'd rather not live in one.

super

[rizzo]

Good to see a local boy in the news. I agree, however, that if you can't do the time, don't do the crime. It IS a premeditated crime, and he deserves to be punished.

HOWEVER: The fact that he will probably get a stiffer sentece than most violent criminals is at the heart of the issue for most in the tech community, and deeply worries me.

Re:super

precisely so what the hell are we gonna do about it?

Re:super

[Exanter]

Yeah, it's real cool to see a local boy in the news...
"Look Everyone!!! We's got IDIOTS here in Green Bay!!!" (technically, it was Ashwaubenon, but they're just a suburb)
Idiots abound everywhere, but usually you try to not broadcast the fact.
It almost seems as Davis has reached McCarthy status, as where he lives is always mentioned in the same breath as who he is...

Re:super

I hope that the sentence is befitting the crime. In particular, since he did not "reveal" any deep government secrets, (for example our closest-held nuclear warhead secrets) to any foreign power (for example, China), fair treatment would dictate that he receive a lighter sentence than those who have revealed nuclear secrets to foreign powers... and those in a supervisory capacity (read: responsible) who allowed it to go on for years.

SCRIPT KIDDIEZ

[bgheen]

It's all about the Pentiums, baby
Uhh, uh-huh, yeah Uhh, uh-huh, yeah
It's all about the Pentiums, baby
It's all about the Pentiums, baby
It's all about the Pentiums!
It's all about the Pentiums!
(Yeah!!)

What y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
9 to 5, chillin' at Hewlett Packard?
Workin' at a desk with a dumb little placard?
Yeah, payin' the bills with my mad programming skills
Defraggin' my hard drive for thrills
I got me a hundred gigabytes of RAM
I never feed trolls and I don't read spam
Installed a T1 line in my house
Always at my PC, double-clickin' on my mizouse
Upgrade my system at least twice a day
I'm strictly plug-and-play, I ain't afraid of Y2K
I'm down with Bill Gates, I call him Money for short
I phone him up at home and I make him do my tech support
It's all about the Pentiums, what?
You gotta be the dumbest newbie I've ever seen
You've got white-out all over your screen
You think your Commodore 64 is really neato
What kinda chip you got in there, a Dorito?
You're using a 286? Don't make me laugh
Your Windows boots up in what, a day and a half?
You could back up your whole hard drive on a floppy diskette
You're the biggest joke on the internet
Your database is a disaster
You're waxin' your modem tryin' to make it go faster
Hey fella, I bet you're still livin' in your parents' cellar
Downloadin' pictures of Sarah Michelle Gellar
And postin "Me too!" like some brain-dead AOL-er
I should do the world a favor and cap you like Old Yeller
You're just about as useless as jpegs to Helen Keller

It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!

Now, what y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
9 to 5, chillin at Hewlett Packard?

Uh, uh, loggin' in now
Wanna run wit my crew, hah?
Rule cyberspace and crunch numbers like I do?
They call me the king of the spreadsheets
Got em all printed out on my bedsheets
My new computer's got the clocks, it rocks
But it was obsolete before I opened the box
You say you've had your desktop for over a week?
Throw that junk away, man, it's an antique!
Your laptop is a month old? Well, that's great
If you could use a nice, heavy paperweight
My digital media is write-protected
Every file inspected, no viruses detected
I beta tested every operating system
Gave props to some, and others? I dissed 'em
While your computer's crashin', mine's multitaskin'
It does all my work without me even askin'
Got a flat-screen monitor, 40" wide
I believe that yours says "Etch-A-Sketch" on the side
In a 32-bit world, you're a 2-bit user
You've got your own newsgroup, alt.total-loser
Your mother board melts when you try to send a fax
Where'd you get your CPU, in a box of Cracker Jacks?
Play me online? Well, you know that I'll beat you
If I ever meet you I'll control-alt-delete you
What?

It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!
What y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
9 to 5, chillin' at Hewlett Packard?
What??

Re:SCRIPT KIDDIEZ

[Peter_Thompson]

Uh, that's Weird Al, right? Some attribution would be a nice thing....

Re:This is the most/only interesting part for me..

[Fastolfe]

If you just keep your system up to date with patches and updates, it will take somebody with serious skills to get in.

Serious skills or an early release of whatever exploit-of-the-week that ends up getting developed. Quite a few of these advisories come out after an exploit has been written and demonstrated, or at the same time. There's always a window of vulnerability in these cases.

As far as firewalls go, all it takes is one exposed vulnerable service to allow a script kiddie to get behind it. At that point, machines ordinarily shielded by the firewall (thus more likely to have complacent admins) become easier targets.

But yah, I do agree that if you keep up with the latest patches and fixes it makes things significantly harder for script kiddies. That still doesn't mean the script kiddies should get off the hook, though.

free Chad Davis!

pls support free chad davis campaign.. got www.freechaddavis.com and click on my banner ads thx.

Wow... In Wisconsin?

[CaptSwifty]

This guy is from Green Bay? I thought that the only thing we had in this state was beer and football... Makes me wonder if people from out of state will soon start pronouncing Wisconsin right.

No, not really..

[Swano]

You really think that a little script kiddie can be compare to Kevin.... what a shame for you!

Now get a clue!

Re:No, not really..

[vyesue]

why do so many people worship mitnick? because he got caught? because he spent a lot of time in jail? because he's a chronic repeat offender and parole violator?

I don't understand why noone gets behind murderers or burglars like they're getting behind mitnick.

Re:No, not really..

No kidding. Chad Davis is not a hacker in ANY sense of the word. Kevin Mitnick was an accomplished hacker, Chad Davis is just a clueless script kid with nothing better to do than change lame webpages. To compare the two is offensive.

Re:No, not really..

[toolie]

I agree. Script kiddies should not be compared with anything except pond scum. What Kevin did was not right, but at least it took some intelligence to do it. Now a 9 year old who found out about the 'net a week ago can download the crap to become a script kiddie. Would they be compared to Kevin too?

Re:No, not really..

Personally, I don't worship Mitnick, nor do I perceive him as brilliant - but he was skilled and accomplished a lot as a hacker/phreaker. Murdering and burglary can't be compared to hacking in any sense... And yes, it is a travesty to compare that idiot kid to Kevin Mitnick.

Re:Crackers: Worse than murders/rapists/molestors

[rcade]

On the other hand, crackers inhibit the government's ability to propogate its world view when they deface a web page, with the (unspoken?) threat of possibly doing much more (such as compromizing their databases and whatnot).

A cracker who breaks into a government Web server and changes content is a threat worthy of federal investigation and prosecution.

Allegedly, this guy just did some obvious defacement of the site. He could have made more subtle changes and removed restrictions on confidential data that's available on the server.

For instance, what if a cracker breaks into CPSC.GOV and removes links to a product recall he doesn't agree with? Thousands of consumers might not find out about an unsafe product and the means to get it fixed.

As another example, what if a cracker jacked with the IRS site so that taxpayers thought they owed lower taxes than they really do? The immediate gratification would be replaced with audits, late fees, and other tax boom-lowering.

The offense allegedly committed by Chad Davis is trivial, and that should be considered in his sentencing if he is found guilty. Breaking into a government Web site and changing information is a crime the feds should be taking seriously, though. (They also should be creating content-verification systems that prevent subtle changes from escaping notice.)

Re:Used as an example? Oh, the poor martyr.

[Ronin+Developer]

How 'bout we add him to the "Free Mumia...the cop killer" bumper sticker?

Green Bay Hackers

[Ripp]

Sorry just had to say that out loud.
(for those scratching their head, think football....)


Ohhh...yeah!

Re:Green Bay Hackers

ch33z h34dz?

Re:Green Bay Hackers

[toolj23]

packers... blah!

umm.. calm down

[nfgaida]

So you think that no-one should ever break a law, just because it's the law. What about all the non-violent protests of the civil rights era? They were breaking the law to show how the law was wrong and to make a political stance.

is this wrong? no. if the law is a bad law, it is up to the people to protest it so that i will be changed.

as for finding a hole, and then informing the sysadmin, what the hell is wrong with that? if the sysadmin isn't notified, then someone else could break in. if someone could break into my site, i would welcome them to inform me so that i could fix the problem.

Re:umm.. calm down

[nfgaida]

i for one don't think that just because something is a law means that it is the LAW. especially when _almost_ all laws were created with almost no input from the people they effect. oh sure, we elect the people who make the laws, but those people seem to prefer green over what the people who elected them want.

as for demonstrators, you don't think anyone should be allowed to demonstrate? hmm.

there is a difference to finding a hole in a server and breaking into a house by breaking a window. in the server no hardware is damaged, and assuming the person who found the hole is moral, they would not do any damage to files as such.

using a forceful means of entry in the physical world is completely different from the ether-world.

This proves that people need to tighten security!

If banks stored all of their cash in large cloth sacks piled up on the lawn out front and they get stolen, you can bet I'm going to be bitching at the bank MORE than I will at the crooks because the bank is more at fault for being stupid.

Similarly, people who put up out-of-the-box websites that are insecure by default, and never even asked nor checked if their site was secure have little right to bitch and demand vengeance when their sites get h4x0r3d.

The internet isn't safe. Set up defenses and prepare for the attacks or go back to sticking flyers under windshield wipers and get off the 'net.

Re:FREE * !

[Ronin+Developer]

Now THAT's funny (in a sick sort of way). You just made my day.

imagine that

[vyesue]

the big news today is that someone got caught accessing a computer which he was not authorized to access, and now the federal government is going to aggressively prosecute him both as a penalty and as a high-profile deterrent to other hackers.

is this surprising? no. is this a problem? no. as we move into the future, the feds are goign to get better and better at catching and prosecuting those who chose to trespass in computers that they are not supposed to access. good for them.

Re:Gov't forces you to waive rights.

[rookkey]

Nevertheless, when you signed the "thing" (ticket) you were agreeing to waive your rights. If you look carefully at the ticket, it says something along the lines of "By signing this form, I hereby waive my rights..."

In many states, you sign the ticket and if you pay the summons you are considered guilty. If you sign the ticket, but you believe you are not guilty- then you go to court on the date that the friendly police officer gave you. Signing the ticket does not say that you are guilty, but simply allows you to waive your rights. As the previous poster said, don't sign the ticket next time and be arrested, have your car impounded, etc...

As for our script kiddie Chad here, if he does not waive his rights, he and his attornies have a month or so to prepare their case. If he wishes to have more time to prepare, then he will have to waive his right to a speedy trial and perhaps stay in jail for years waiting for a trial.

the real problem

[logycke]

Who cares about these scum? You should, whether your own system is secure or not. The fact that cracking systems requires such low technical competence indicates that we need to do something.

The problem is analogous to the in-band signalling that telephone switches formerly used. An outside agent should not be able to hijack a cpu's execution flow any more than an outside agent should be able to hijack the routing of a phone call. Until we universally implement mechanisms, preferably in hardware, to protect this data, for example by separating an execution stack from the general data stack and placing them in memory correctly, ridiculous problems such as this will persist. Patching holes like we currently do is not enough.

Re:Your're right!!!

[Danse]

I think the old precedents apply just fine in this case. Kids are stupid sometimes and do stupid things. It's a combination of lack of good parenting, natural curiosity, lack of real-world experience and rebelliousness. They don't need to spend 4-10 years of their lives in prison for it. I did stupid things as a kid. I got punished for it and after a couple times I learned my lesson. I don't see why they should be punished so severely for such a minor thing just because the government is afraid because its systems aren't secure. Maybe if the government would actually do something useful for once instead of just declaring a "war" on any activities they don't like, we might have a better society.

Re:I love it!

[Michel]

The kids deserve what they get,

Absolutely.

and their parents deserve to be held accountable for the monetary damages.

Um, not quite.

Well, they will be held accountable, because it's their kid(s). But you say the kids aren't supervised enough by their parents. I don't know this particular kid's parents, but I think I can make a pretty safe assumption that they are not computer experts. So they can supervise all they like, and the kids will do what they want anyway. And if the parent asks what the kid is doing...

"I'm playing a game."

And whether it's true or not, the parent probably won't ever know the difference. That is, until the police starts showing up. It's still their responsibility, but not really their fault.

two reasons why they are still unskilled

If they are so unskilled how did they crack so many, high profile sights? Is the security that bad, or do they expect us to believe that these crackers have in their possession "SuperDooper" powerful software that cracks the excellent security in place on these servers.

For one, if you are the armed forces, or a federal agency under dod or doj, you might have classified information. Several levels of it. And then unclassified but decidedly unpublic information.

Web servers are probably dead last when it comes to infosec priorities.

To us it's big news if the army web server gets hacked. But the army has much bigger fish to fry. Like not getting its people killed. Nobody gets killed when somebody vandalizes its website.

Despite the small inconvenience to the army, prosecute him for breaking and entering, vandalism, and whatever else you can. I think an example (unfortunately) has to be made of him, because people might not realize what I mentioned above. If people believe the army website getting cracked is a national security concern, and the cracker gets two years probation, that's bad.

Point two -- they got caught. This is for those who say the federales are stupid. As a former crackee (some czech punk deleted my senior project off a school system), I would be more than willing to get my website defaced to put some people in jail. Maybe the gov just won't admit it was a sting. ;)

Re:Skill is not an excuse to break the law!

[Danse]

I'd answer this, but it was already answered here.

Where There's Lawyers, There's Harm

[rcade]

However, I as an individual am hardly harmed. If the IRS gets their facts wrong and I underpay, the IRS is at fault, not me. I may have to hire a good lawyer and go to court, but no lasting harm is done.

I think most people who have hired a lawyer to defend themselves and go to court would define that as "lasting harm." Lawyers and trials are expensive, both in money and time. The IRS Web site is just one of many that publishes information that could be harmful to people if altered or removed.

If my only source of information for a recall is a government web page I have to take the trouble to find and dig through, then there are more serious problems with the recall notification procedure than a petty vandal's mucking with the web page.

Access to accurate information from the government is essential to the democratic process. I think it's a serious problem when crackers alter this information, despite the fact that most of these break-ins have been trivial to date.

If you don't hear about a product recall from the media, the only place that information is made available is the CPSC Web site. It serves a vital need, and it's important for that information to be reliable.

As more people rely on the Web for information, the necessity of accuracy on government Web sites becomes more important to this country. That's why I think it is important to investigate and prosecute people who break into government Web sites and alter them.

I am at most inconvenienced by such things. The government, on the other hand, has its power to govern more seriously hampered.

I think the feds prosecute crackers for the same reasons many local prosecuters do. It's a sexy crime with non-violent perpetrators that gets media attention and can help justify bigger budgets. No conspiracy there, aside from the most popular conspiracy on Earth -- making easy money.

Re:Where There's Lawyers, There's Harm

[Ronin+Developer]

Well said.

Re:Apples and Oranges

[stanlee]

You moron.

In what way is copying files back to a directory tantamount to having to buy a new store window and installing it after you sweep up lots of dangerous glass ?

Re:Stay! Your wish is granted.

If I spray paint your garage door, is that the real world equivalent? Not quite. However, if I break into your house by smashing a window and then start defacing things, then it becomes the equivalent.

Cracking somebody's system is breaking and entering, not vandalism.

Anyway, I don't think this kid deserves jail time, but I do think he deserves a 3 year probation and a nice fine that takes a couple years to pay off.

Re:As usual /.ers just don't get it

[dataslug]

I agree

This guy deserves community service. They should force these kids to make the webservers they hack secure if they get caught. :)

Re:Skill is not an excuse to break the law!

[dirty]

Mitnick waived his right to a speedy trial. It's his own damned fault he was in jail for so long.

Re:he's not even accused of the same thing as mitn

[stanlee]

The point is why are people already comparing him to Mitnick? I fail to see any similarities in the two cases.

what is a script kiddie?

see subject

Re:what is a script kiddie?

A script kiddies is someone who uses programs and scripts that they have not written to exploit security and privacy holes in commonly used systems, such as Unix, windows, IIS, Apache, AIM, Hotmail, etc. the list is long and includes anything you've ever heard of, more then likely. script kiddies are generally disliked because they:

• a) lack the proper skills to program / learn to program

• b) have made it hard for the rest of us in regards to the media and to the uninitiated and...

• c) the are young punks and old people don't like young punks. just like high school, script kiddes aren't jocks and the jocks pick on them.

script kiddies are really just the natural extension and inevitable outcome to an information based society that depends on exploitable electronic systems and I feel are equivalent to rampant disease in that the help to keep the immune system (system security) on it's toes, although most people seem to think they're just pieces of shit.

Re:what is a script kiddie?

[Psymonger]

Hi there,

>A script kiddies is someone who uses programs and >scripts that they have not written to exploit >security and privacy holes in commonly used >systems, such as Unix, windows, IIS, Apache, AIM, >Hotmail, etc. the list is long and includes >anything you've ever heard of, more then likely. >script kiddies are generally disliked because >they:

Oh, and how does everyone automatically know that this guy used a script off r00tshell instead of coding it himself?

>script kiddies are really just the natural >extension and inevitable outcome to an >information based society that depends on >exploitable electronic systems and I feel are >equivalent to rampant disease in that the help to >keep the immune system (system security) on it's >toes, although most people seem to think they're >just pieces of shit.

Well, i'm a sysadmin and I don't know how to code anything that can crack a system. I sure have the knowledge to download a C/Perl script, edit a few variables and make it workable. Does that mean i'm a script kiddie?

Re:what is a script kiddie?

---- you wrote ----
Well, i'm a sysadmin and I don't know how to code anything that can crack a system. I sure have the knowledge to download a C/Perl script, edit a few variables and make it workable. Does that mean i'm a script kiddie?
-------------------

Yes, based on my definition. Although script kiddie is a derogative term you should not take this as an insult, one could say that using an OS is running a prewritten program to hack (or make work better/differently) your system. The point I was trying to make was the term "script kiddie" is stupid and meaningless.

-- again you wrote --
Oh, and how does everyone automatically know that this guy used a script off r00tshell instead of coding it himself?
---------------------

I don't know, perhaps you should ask someone who actually thinks this and not me, who thinks the whole idea is ridiculous to begin with. I see no really meaningful difference between kicking in a door with your foot and using a battering ram, nor do I see a difference between using a script to by-pass security that someone else wrote or one that you wrote.

Re:yawn.

[stanlee]

Two million dead Africans seems infintely more important to me than Global Hell.

Re:Crackers: Worse than murders/rapists/molestors

[msanto]

Aren't there sentencing standards?

Wasn't Mitnick a "repeat" offender? Wasn't he a fugitive? Shouldn't these factor into the sentence? Tyson did neither and his case bordered on date rape. -bad example-

In the case of physical crime, the gov't does have a somewhat effective response, put more police on the streets. It usually has a very clear impact on crime. They don't have an effective response to increased hacking. Perhaps *you* have an answer?

mindphasr had 0 skill

ok look at gH look at their name.. how lame
"GlObaL HeLl!!! KaUzINg HeLL oN UrTH!!!!!"
mindphasr was a skript kid who had no skill
i have logs of gh members rming utmp and wtmp because they lack the skill to run zap2.
HAHAHAHAHAHAHAHAHAHA
i hope he gets ass raped
a real group is PHC
greetz 2 m1str. realhacker
YO

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

Let me understand -- you are saying that causing 20K of credit card damage, plus the inconvenience of correcting credit histories, is a worse crime than a child or person being physically and mentally assulted? Because more people are affected? I doubt many would agree with you.

No. That is not what I am saying. What I said is that crimes against the population on the whole are dealt with more stearnly because they affect the general masses and, as such, errode the fabric of society.

I did not and will not downplay the viciousness of murder or rape, they are horrible crimes. But, these crimes are against individuals and not the community at large. Why do you think that an embezzler gets 20 years while your typical rapist seems to get 7? Why do you think counterfeiters get 20 to life? These are crimes committed against the "state".

$20K worth of damage? I think not. He stole 20,000+ credit card numbers. Let's see...most credit cards carry, say a $5K limit. That means, potentially, he could have done over $100M worth of immediate damage PLUS the effects of ruining a credit rating and the ability to steal an identity. Most people don't know their credit rating or have not requested a copy to even know if they have been compromised.

I have friends who have had their identity "stolen" by credit card theives. Every couple of months, they have to PROVE they didn't by $5K worth of goods. And, while they are waiting for their credit history to clear, they can't do much of anything. They have three kids. Yeah..victimless crime.

Perhaps, (and I'm not wishing it) if such a crime is committed against you, you would realize the significance of it. Imagine not being able to pay your bills because your accounts are frozen. You are late for work and can't pay for gas. You're hungry and can't buy any food because your accounts are frozen (hence no ATM). All this because some little punk thinks its okay to hack into somebody elses computer system for fun or profit. Get the picture?

This does not mean that murder or rape are any less significant or horrendous. I firmly believe such perpetrators should suffer a fate as worse (if not more) than what they caused their victims. It's just these crimes are perceived differently by the lawmakers in this country.

These are the types of crimes that Mitnick was accused of having committed. This little punk, Davis, while only defacing the Army's website committed a similar crime in that he is erroding the foundations of privacy and security people are starting to formulate regarding the internet.

Billions (if not trillions) of dollars (or equivalent) flow through the internet everyday. How can people trust their finances or privacy on the internet if we have to worry about some little script kiddie?

What could potentially happen is that all those companies that fund the internet backbone say enough is enough. What then? Or, they start charging such horrendous fees for access and monitor every packet that is sent? In this litegous society, that is what could eventually happen (severe..but a possibility).

Someone mentioned about my comment or grafitti and how I said it errodes peoples perceptions of a community. Sadly, it does. It was not meant to be a racist statement but some have taken it that way. Think about it. If you knew your site was probably going to be targetted and you're not a security expert with the skills to stop it, would YOU put up a site and have to deal it and the potential PR issues that stem from it (Especially a business).

Cracking is fundamentally wrong and is a criminal act simply because of its impact on so many people. Please recognize it as such.

it's time to bitch out a GH script kiddie - fbi

I know this prick in real life, and he's hacked into my server before (I work for an ISP). Now is my time for revenge. He WAS a member of global hell until recently. He was let off the hook by the FBI, because he turned in fellow G.H. members, and now, some poor kid in Wisconsin is going to jail. His name is Michael Torras. He goes by the nickname of sistom. His phone number is 6388799. Need I remind you the FBI took away his computer equipment? If you would like to contact the FBI guys that have his computer, his ICQ UIN is 12006311. ICQ says the last known IP was 216.192.176.1. We all know script kiddies suck.

oops

his phone number is 9126388799

Re:Mindphasr/gH

[stanlee]

So now all bets are off if you happen to 'provoke' the FBI? She must have been asking for it, eh?

Like it or not even three-letter agencies are still supposed to uphold the law.

That means they have to follow it- even if criminals (by definition) do not.

Re:Give the cheesehead a break...

Wisconsin Dells isn't half of the reason WI sux -- in fact, I think it does have something to do with the FIB attitude I got all along the Illinois corner of Wisconsin...

I live in MN now, and 'round here we know that Wisconsin is much more fun to pick on than Iowa because Iowegians either don't care, or generally know when they're outwitted and keep their mouths shut, unlike Wisconsin. I'll be more than happy to take it on the chin for have Jesse Ventura as a governor -- I don't like him, but he ain't Tommy Thompson, either.

I'll be damned if I walk down a hall for a drink of water at a "bubbler", consider Huber Bock to be "fancy" beer, be turned on by the smell of Limburger cheese, or wear Packers colors to think that I'm tough and macho -- the term "gay" happens to be a TLA for Green And Yellow!

- Native Evanstonian (IL), never a Badger.

Re:Why I Gave Up on Representative Democracy

[cowboy+junkie]

The problem with represenative democracy in our country is that it is lacking one essential element - informed voters. Intelligent votes are literally washed away by a tidal wave of ignorance.

Government's troubles != People's troubles

[FreeUser]

All of the points you mention undoubtable put the fear of into the hearts of government beaurocrats everywhere. However, I as an individual am hardly harmed. If the IRS gets their facts wrong and I underpay, the IRS is at fault, not me. I may have to hire a good lawyer and go to court, but no lasting harm is done. If my only source of information for a recall is a government web page I have to take the trouble to find and dig through, then there are more serious problems with the recall notification procedure than a petty vandal's mucking with the web page.

I am at most inconvenienced by such things. The government, on the other hand, has its power to govern more seriously hampered. Which is why the FBI et. al. are so enthusiastic when the vilify and imprison crackers. It isn't to protect you or I, it is to protect their own base of power. What matter that some clever, foolish children get destroyed by their actions? Intelligent people don't make good (read: docile) citizens anyway.

Re:Who cares about these scum! (I do)

gH is a protest group. Hacking has become a tool used by more then just "hackers". It's no longer an MIT world. They are being attacked by the Feds because they are protesting the "man" (both the Feds and corporate america), and they are being attacked by the "geek community" because they are using a simple subset of attacks that originate within said "geek community". why does everyone have to be a hacker to hack? Look at culture jamming, who complains that these "culture jammers" aren't advertising execs?

Re:Crackers: Worse than murders/rapists/molestors

Larry Mahoney is getting out of jail after 9 1/2 years. He drove with a BAC three times the legal limit and killed 27 people. Granted, the hacking was premeditated, but on the other hand I don't think 27 people died as a result of the web page being down.

Gov't forces you to waive rights.

I get so sick of seeing people talk about how Mitnick didn't get a speedy trial. He waived his right, it took a while, it's his problem.

The system is set up to fuck you over if you assert your rights. Waive them and gov't will try to make your life easier. That's the way it works. Want a speedy trial on that next traffic violation? REFUSE to sign the ticket. Signing waives your right to a speedy trial. They will handcuff you, arrest you, tow impound your car (which may get vandalized waiting for the tow truck), and toss you in JAIL while you WAIT for a trial. And all of this will be at YOUR expense, even if you are found not guilty. On the other hand, you sign the ticket, waive your rights, go to traffic school (payola for the gov't), pay a fine (more payola) and the gov't will let you go merrily about your way.

Just admit it. Gov't works hard to make sure that its citizens do not want exercise their rights.

Re:Gov't forces you to waive rights.

[dirty]

Hrm...last time I got a ticket, I signed the thing, plead not guilty, went to court, was found not guilty in under 30 seconds (a minute if you count the lecture from the judge about being careful), and went home. All before about 10am. Sure I had to wait about 2 months before the trial happened, but during that two months I was not inconvienced in the slightest bit.

Re:Stay! Your wish is granted.

I'd have to disagree with it should just be a misdemeanor. Let me give you an example (bit extreme but hey)

Let's say a man trades online, is shorting stock on a tip.. finds out tip is bad and looses everything he's worked for 40 years because he can't get online, and kills himself...

Company pays for Superbowl advertising (however many 100k per sec) and right after airing, a kiddie changes website and company files for bankruptcy...

Hmm.. I guess you should only get community service, you only got 90 people laid off when their company folded, and got somebody to kill themself



Back to reality.. There are very real costs for a website defacement. Have you ever thought the cost of having to take a down a box doing a million dollars worth of e-commerce down; because you have to rebuild the entire box from scratch (I wouldn't trust anybody to not leave a back door). Spend hours/days trying to find where you got in, what other boxes may be compromised.

But hey, all you did was some defacement, my time doesn't cost anything after 2am , my downtime doesn't cost you anything, my company lawyer does this for free, it's free publicity (think off all the free publicity that hotmail got, I'm sure they loved it), customers love to see that we are human too when we take credit card information. Yup you're right it doesn't cost anymore than tagging a street sign.

I'm not for dragging these kiddies out into the street and flogging them (of course it'd be fun to see), but the actual costs of a crack is a whole lot,, when compared to say if my car was stolen and think what kind of punishment grand theft auto gets you.

I see your message and raise you :)

tsuiter@midusa.net

Football?

[dirty]

I do not know of this football of which you speak.

How To Crack a Web Server

[Fastolfe]

hello i am a script kiddie (i even got in my jr high school newspaper!!!) and i would like to tell you how to crack into a system in these 8 simple steps

1. spend lots of time on IRC! cuz its fun and l33t! i talk to all of my k00L hacker friends all the time in our password-protected IRC channel. sure i get bad grades in school but thats ok cuz i will just find a job doing tech support where i can IRC from work too!
2. download all of the exploits people mention on IRC
3. download all of the volnurability scannerZ people mention on IRC
5. pick a bunch of systems (or just pick IP's randomly!) and run all of your scanner softwares on it. if everything just times out then their probably behind a firewall cuz they are LAME#!! just move on and use another IP.. or if you want to hit a government sites just download this file GOVT.TXT that lists a tonZ of hi profile government web server IP's and plug it into your scanners
6. when u find a system that has a hole, run the exploits on them! they will give u a root shell!!!!! then u can uze your other l33t scripts to set up trojins and back doors but if u dont know how to do that then just find the web space and mess up they're web page!!!
7. dont worry about getting caught or anything cause everyone running systems is just DUM like they dont know how to fix there security holes so they surly wont be able to track you!!!

----

And you honestly think it takes skill to do this sort of thing? It's nearly impossible for any system administrator to be 100% up to date on all vulnerabilities and patches. Frequently exploits are discovered and released a little while before it's been made aware to the security community. There ARE windows of opportunity there, and they don't necessarily arise out of negligence on the part of the administrator.

Value systems and the law

[Jeld]

I think that crackers ( whether talented or stupid ) should be punished, but I do not think it is right to place them in the same row with vandals or terorists or any other type of real world criminals because the value systems of net and real world are very different. A terorist blowing up a building or a vandal spray painting some kind of national treasure do actual ( often irrepairable or just plain very costly ) damage to real items. A cracker defacing a web site does not do any REAL damage ( unless the sysadmins were so stupid that they do not have backups, in which case they deserve it ). All it takes to put the site back is a restore, and unless the cracker was very persistent it is only a few relatively small files so it doesn't take too much time. The crime in this case would be the disruption of service that he caused. This is another major difference between RW and the Net. The time on the Net is MUCH faster and more valuable then time of RW. A store closed for a day is nothing or not much. A popular web site down for a day is a lot of nuisance/trouble and maybe real damage to people. This guy is not supposed to be tried as a plain criminal. There should be a separate set of laws concerning cyber-crime. Maybe even a separate organization should be handling this instead of standard govermental mechanisms, much like IRS handles tax related issues and INS handles immigration related stuff.

Just my .02$

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

No. Cracking is considered a serious crime because of the nature of the crime. It has more ability to affect the general population (i.e let's steal 20K worth of credit card numbers and ruin those peoples credit histories).

Cracking exposes vulnerabilies in systems that people trust implicitly. These systems are often the basis for our way of life. This creates chaos. Murder, rape and other violent crimes affect relatively few (but those it does imparts immeasurable impact). Thus, while they are terrible (I say burn the buggers), most of us still feel safe.

Can't say that's the case when I have to wonder who might be stealing my credit card and making my life a living hell as I try to resolve it.

People liken the crime of cracking to grafitti. Grafitti has been shown to degrade property values in an area. This makes it difficult for people to leave the area without taking a significant hit in the pocketbook. It leaves people with an impression that the area isn't safe or becoming. Only when the communities come together and clean up their neighboorhoods (not always possible), do they regain their sense of pride and safety. So, in my mind, grafitists should be severely punished as well.

I agree, website vandalism is a felony.

Vandalism becomes a felony when the damage done totals beyond a specific amount (usually set by the locale of the act). In Dallas, Tx. vandalism becomes a felony charge when the damage is in excess of $750. I can hardly imagine that ANY defaced webserver would cost LESS than $750 in manhours to repair. seth@sansa.net

Re:Crackers: Worse than murders/rapists/molestors

There is no "fabric of society". America has become a land of sociopaths who only care when it inconveniences them.

Having no money is societies own excommunication. It is wrong, but I would rather have my family alive and well rather then being a sacrifice to make some jackass feel is money is safe.

privacy and security? My ass. If they do not realize that the internet is neither it is not my problem. They assume it is safe "to assume makes an ASS out of U and ME". To perpetuate a lie simply to make people feel better is sick.

Cracking is wrong, fine. But killing and stealing are quite different. Protecting the Status-quo is the problem. Money protects its own interests (docile, subservient, workers). Anyone who is not their lapdog is a meat by-product.

Re:I always wondered what FIB meant.?

FIB = F?cking In-Breeders

Leave them kids alone

[QuantumG]

One would expect the local sheriff to go after vandals.. but no, we have the FBI. There are real crackers out there who have no morals and lots of skillz. They invade privacy and threaten liberty. These are the guys who rm -rf your root directory because they were bored sniffing your box. If the FBI believes that crackers are a threat to national security then they should go after them, not a bunch of punk kids who hack web pages.

get a life

he was a socially-inept nerd with no life. learn to get your kicks from something other than "hacking". let this stupid yank rot, see if I care.

Tech. doesn't hack websites, people do!

[wakebrdr]

'...it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.'

Here we go--blame the technology. There is no personal responsibility anymore, is there? Pretty soon we'll have another 20,000 laws limiting access to technology. Start sending in your donations to the NTA.

I can hear the soccermoms of the world now:

"It's this, easy access to technology, that causes this kind of tragedy..."

"We must put a stop to those evil computer shows!"

"You don't need a computer with 700 mhz!"

"Our children are raised in a culture of technology."

Of course you could replace "technology" with whatever software this punk was using and these quotes might be more plausible. Replace "technology" with "guns" and you see how stupid our government and Sarah Brady really are.

Bring on the bans!

Re:Tech. doesn't hack websites, people do!

Yes, you're correct. Sometimes my libertarian streak gets the best of me. But it's also not hard to see that he *was* expressing some frustration towards the *technology* itself. Sooner or later someone will want to regulate it....

Jail time is the only "fair" punishment

Prison time is the only "fair" punishment for felony crimes. Fines only affect the poorer citizens. Rich criminals love getting the punishment of just having to pay some money.

Free Chad!!!

[jslag]

Well, did you vomit?

(I realize a subject line isn't a web banner or tag, but it is disturbingly close to your post)

Re:As usual /.ers just don't get it

[Ronin+Developer]

How about four years in the Army for this one?

Whats wrong with this picture (WAS Let's see here)

[ardy]

"Yea, screwing with a web site should be punished, at about the same level as littering. NOT to the same level as murder."

Out of the mouths of babes.....

So basically you're saying I can walk into your house uninvited, deface something in your house, like say, the report you've been working on for the boss for the last six weeks, or that homework paper thats due midterm, and then expect a slap on the wrist for such actions?
Have you no respect for the personal property of
others?

I'm not suggesting "murder" level prosecution, but most CERTAINLY not the slap on the wrist a littering charge would engender.

Re:Right on! Cracking == 20 years min!

[Doctor+Memory]

Defacing a web site, like grafitti on a wall is hardly a major offence.

But it isn't "like grafitti [sic] on a wall". It's more akin to screwing up traffic lights. You remove links from a web page, you're denying access to resources. Carving your initials in a tree is one thing, dropping that tree across a major highway is another.

Re:Crackers: Worse than murders/rapists/molestors

[hawkeye684]

now im not entirely sure about this but wouldnt an effective response to increased hacking be maybe *gasp* better security

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

There is no "fabric of society". America has become a land of sociopaths who only care when it inconveniences them.

Cracking is wrong, fine. But killing and stealing are quite different. Protecting the Status-quo is the problem. Money protects its own interests (docile, subservient, workers). Anyone who is not their lapdog is a meat by-product.

Uh huh. Read your own words again. It appears that you may be part of the problem. You are right, the problem is that we are all to self absorbed to worry about each other. Why is that?

To many people are taking the phrase "life, liberty and the pursuit of happiness" just a bit too far. If I remember correctly, this is from our Declaration of Independence and not the Constitution of the United States.. I also believe there is a phrase in there "to form a more perfect union"...is there not?

You say that cracking is wrong. But killing and stealing are different? How? Are they not all crimes in our society? By saying cracking is just wrong and not criminal, you are setting precedent.

Next, we'll say burglary isn't a crime, they were just passing through your house to get to the other back yard and picked up a few trinkets on the way.

When I was a kid, burglary was a felony that would get you twenty years. Now, that same crime will net you six months to two years in most cases. So, we've gone from a twenty years to less two for the same crime in less than a generation. What's next? Six months for murder? A slap on the wrist for rape? Hmmmm.

By not giving a damn about the society you are contributing to its futher degradation nevertheless and regardless of whether that society is built upon bedrock of common beliefs or a foundation of lies. Like it or not, you are a member of that society. It is what you are.

Congratulations! You have become a contributing member of the status quo.

There are still those in this country that believe in the so called "American Dream". At some point you have to trust in those around you to do the right thing. That's why we have government and laws (no matter how innane some of them might be). They are (in principle anyway), designed to protect the society as a whole and dictate acceptable behavior for all members of that society. For those who deviate outside the acceptable behavior, there are "corrective" actions that can be applied.

If you don't like the way things are working, then take the time out and do something constructive about it rather than whining about how it's not fair or how messed up it is. If you don't like the laws, then lobby to get them changed. Aspire to political office and show the world you really do give a damn and change the law (unlike the majority of the politicians in office). Fight for what you believe in by working to change the system rather than going outside and destroying it. (I am not an advocate for revolution but rather evolution).

Sit on your ass and you're no better than the "meat by-product" that you call everyone else.

I think we have a new eponym.

[logycke]

One of the first of these stories to gain national attention way back when, including a cover of Newsweek, was that of the 414's, a group from Milwaukee, Wisconsin. Now there's this guy up in Green Bay, Wisconsin, and he couldn't look any dumber if he had one of those big foam hunks of cheese on his head with a picket sign sticking out saying, "BUST ME: I'M AN IDIOT!!"

So there I think you have it: In honor of these Northern intellectual behemoths, I hereby dub a new eponym upon all who aspire to emulate them - not script kiddies, for scripts say very little about these people and demean an otherwise useful thing; not crackers, which is actually a derogotory name for white folks; no, I think these Wisconsin boys stand for them all: cheese heads. That is what I shall call them henceforth, and I would love to see them immortalized as such in the jargon file someday.

You know what we need..

[Fastolfe]

There needs to be a web site / message forum like Slashdot but dealing entirely with local/regional political matters. Something your state and federal representatives wouldn't be afraid to visit and contribute to. Organize the board by geographical area (or whatever political boundaries) and organize threads by issues, complete with informal polls.

Even without a congressperson's presence, it could be a great place to learn about your congressmen, about potential candidates in your area (all we ever hear about is what's on TV -- and that's usually at a national level). WITH a congressperson's presence, it could be an invaluable tool for communication/virtual *conversation* between your representatives and constituents.

Does anything like this exist?

Re:Crackers: Worse than murders/rapists/molestors

[apathetic]

c'mon you know we can't sentince our celebrities to the same extent as regulat people, they are better than us

Re:Your're right!!!

[ranton]

The difference between this kind of crime and graffiti is that it is a new kind of crime. That means that we can set a new precedence. I think they would try the same thing against people doing graffiti if they could. It is the same reason why beer and cigarretes are legal and marrijuana (sp?) is not.

Re:boo hoo

[dirty]

I think sublime put it best, "Even though he now takes it in the behind, I have no sympathy for men of his kind."

boo hoo

I would think that if the FBI came to visit me, I would probably take it a bit seriously. Apparently, Mr. Davis didn't and now he's going to spend some time in jail. What's the big deal, some guy who's proven himself to be an idiot is going to the slammer? Don't drop the soap, dude.

zyklon wasnt a script kiddie

You would all be ashamed of you self if you knew zyklon.

why compare?

kevin is real criminal.. he *crack* for a living.. this one just want to enflate his ego.. (think so)

Re:why compare?

[KrAphtd1nN3r]

Sorry to say that, but Kevin Mitnick never took profit from the hacks (or cracks, whatever!) he pulled. He might have stolen 20 000 credit card numbers, but never used a single one of them to buy stuff!



It might not have been real intelligent, but please get the right facts! Kevin never stole from anyone!

Re:why compare?

Kevin Mitnick committed criminal trespass on numerous occasions. He accumulated thousands of credit card numbers.

Then he hired a smarmy lawyer when he got caught.

There is no reason to have sympathy for the little creep. It's a shame we've had to spend so much money nailing him down.

Re:why compare?

Kevin did not *crack* for a living. Mitnick hacked in *spite* of his living. He kept a legitimate job the entire time he was on the run - say what you will about Mitnick, but he was no thief.

Clue?

[babyroo]

I'm sorry, but that is just sad. You don't attack the government after they explicitly tell you they are watching. Come to think of it, you don't attack the government at all, unless you happen to be a founding father revolutionary... Rebel without a cause? nah, Rebel without a clue...

"What is now proved was once only imagin'd"

Re:Crackers: Worse than murders/rapists/molestors

I may be wrong here, but I believe the thread is about cracking being perceived as worse than murder/rape/molestation in the eyes of the law these days, at least as evidenced by sentencing.

While I agree completely that it is a crime with the potential to cause a lot of damage and should be punished as such, it can't be compared with these other crimes. I would rather be afraid of a cracker getting a light sentence and going out and causing monetary loss to occur than a murderer to be freed back into society.

Personally, I'd even deal with someone destroying my credit record and causing me to lose large amounts of money if it means that a dangerous sociopath is kept imprisoned, even if said sociopath is nowhere near me. Even if only one person is killed in cold blood because of him, or one woman or child is psychologically scarred for life, it is totally unacceptable.

Money can be recovered, lawsuits can be dealt with in an arguably fair manner. The person who causes such damage to society should be dealt with harshly, but if they are considered more dangerous in the eyes of the law than a person that causes actual, physical, face-to-face harm to other human beings, there is a deep problem in the justice system in this country.

Just my opinion.

Duh...

[KnightStalker]

Okay... kid is careless, arrogant and stupid, gets his hands on some scripts, finds some security holes, and intentionally pisses off the FBI.

And this is news that he's going to be prosecuted? He might as well have walked into their DC headquarters waving a shotgun around. It'll be news when he *is* the next Mitnick.

Destruction of Society

[Mazurbul]

Why are so many posters defending the government?

Our government is evil and needs replacing.

Whatever we can do to place more strain on it we should until it collapses. I support rioters in LA and David Karesh's. Just keep on task, dont' destroy your fellow citizens and stick it to the man :-)

This argument is entirely in keeping with FC's manifesto, also known as the Unabomber, read it sometime, its very interesting.

Your're right!!!

The kids a punk, and deserves what he gets. All t his cracking is really not much different than graffiti you see on buildings. I'm always happy when those guys get caught, and the same with the crackers and wannabe crackers!!!!!!!!!!!!!!!

Re:Your're right!!!

Since he likes the Army so much, how about two years of peeling potatoes! :-) Scrubbing the lavatory floors in the barracks is lots of fun, too. :-)

Re:Your're right!!!

[Danse]

All t his cracking is really not much different than graffiti you see on buildings.

Yep. It's roughly the electronic equivalent of graffiti. The difference is that with all the paranoia in the government, they like to take the offender, lock them up for a year or 2 without a trial, blow the case all out of proportion so that the media can demonize the kid (maybe they can compare him to the Littleton killers or tell us all how this script kiddy is a serious threat to national security), confiscate anything remotely related to a computer and ban them from using computers for several years upon their release.

When was the last time anything remotely similar happened to somebody who tagged the side of a building or highway overpass?

Re:Crackers: Worse than murders/rapists/molestors

[HiThere]

"Most of us still feel safe"?
???
You're kidding, right?

Re:Why I Gave Up on Representative Democracy

[Zach+Frey]

The problem with represenative democracy in our country is that it is lacking one essential element - informed voters. Intelligent votes are literally washed away by a tidal wave of ignorance.

While the USA has certainly had its share of dumbing down, have you even entertained the thought that withdrawal from the system might be rational behavior?

It is very, very difficult to effect change without

• large gobs of $$$$$
• massive investments of time

It can be done. But it is painstakingly difficult. And the results can be wiped out with the next election, or by simply turning your back on the rat-fink who is supposed to be "representing" you for too long.

Both the characteristic modern parties believed in a government by the few; the only difference is whether it is the Conservative few or Progressive few. It might be put, somewhat coarsely perhaps, by saying that one believes in any minority that is rich and the other in any minority that is mad.
-- G. K. Chesterton, What's Wrong With The World Today

Re:Crackers: Worse than murders/rapists/molestors

[blkwolf]

"In the case of physical crime, the gov't does have a somewhat effective response, put more police on the streets. It usually has a very clear impact on crime. They don't have an effective response to increased hacking. Perhaps *you* have an answer?"

How about better security? Even just for my little home network here I use a firewall/gateway system with packet filtering and network rules setup, just so that I can dial into the internet (and share the dial up with a few other computers).

All internal ip addresses are on a private ip range, I use a 5port switch instead of a hub, all incoming ports are blocked etc etc.

It may not be impossible for someone to break into my network or one of my workstations, but it'd be a hell of alot harder than the public sites that are getting cracked all the time.

Simple things like using switches on your network, portforwarding access to public services instead of just sticking a box right on the unsecured connection to the internet, using secure operating systems and services (i.e. not using IIS with frontpage extensions), monitoring sites like Security Focus to keep up on the latest exploits and patches etc.

If I can invest a little time and energy into securing my home dialup connection, there's no excuse for public businesses, and govt. agencys with public servers on the internet to not do the same.

what a novel idea

[RoLlEr_CoAsTeR]

You're right. The feds will, theoretically, get better at catching these sort of "criminals." Of course, we might also assume that these same sort of "criminals" will get better at the criminal activities that they are participating in. Therefore, the feds will not only have to "catch-up" (i.e., improve their crime-fighting skills enough to catch criminals of the "caliber" that is present now), they'll also have to push themselves far enough so that they are capable and ready for future, more advanced, and "harder" attacks.

I'd say the feds have got a bunch of work to do. "Go get 'em, boys"
(cliche, I realize, but I felt the __urge__... oooo... be frightened)

Crackers: Worse than murders/rapists/molestors

Why are crackers spending more time incarcerated than many murderers, rapists, and child molestors? I'm not saying crackers should not be prosecuted, but something is bass ackwards in the justice system.

Murder, rape, and child molestation are far more serious crimes, and deserving of far more punishment than fscking up someone's web page.

Crackers should be treated more like kids who spraypaint their crap on walls. For messing things up, their punishment is to clean things up. Give crackers shovels and put 'em out to clean up the subway walls, or interstate embankments.

Re:Crackers: Worse than murders/rapists/molestors

[jflynn]

Let me understand -- you are saying that causing 20K of credit card damage, plus the inconvenience of correcting credit histories, is a worse crime than a child or person being physically and mentally assulted? Because more people are affected? I doubt many would agree with you.

Even if that rather dubious judgement is accepted, lets punish according to the damage done, rather than the worst case damage possible. If someone falls asleep at the wheel and safely drifts to rest at the side of the road do we threaten them with manslaughter penalties because they *could* have killed someone?

If someone were to crack and break critical life support software and people died, I'd be all for the maximum penalty. But to say that someone who caused a government web site to cease functioning for a few hours is worse than a molester or rapist is ridiculous, until you specifically list the severe damage they *actually* caused.

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

I'll by that. Perhaps the subject header was misleading. As I tried to point out, cracking is a crime. However, it's a crime against the state.

Murder and rape are horrible crimes as well. The damage they do in irrepairable. But, by and large, they affect a smaller segment of the population that those against the state. This, doesn't mean that they should be trivialized.

All crime, whether it be murder, rape or cracking errode the common beliefs that people have established to form a working society. All crimes should be punished. Period.

I was trying to get across the message thatwas cracking is criminal because of the effects on large numbers of people. The same rule can be applied to any case where the public impact is great (or potentially so). They need to be dealt with in a swift and concise manner so as not to establish a precedence of nonchalence.

Thoughts?

Re:Crackers: Worse than murders/rapists/molestors

[msanto]

And women shouldn't go into Tyson's hotel room alone, don't go down dark alleys, etc, etc.

There are "common sense" measures a person (or web site) can take to prevent a physical crime (or hacking), yet there is no way to guarentee security. When a population is threatened with physical crime the gov't response is More Police which is a physical presence and acts as a deterent. There is no comparable response to internet hacking, thus the attempt at deterence is based on escallating sentences.

Besides, the gov't isn't responsible for commercial computer security. Comparably, should a rapist be given a lighter sentence because the victim didn't have "common sense" (or good computer security)?

Not that I'm saying that raping and hacking are comparable or should get similiar sentences. Personally, I'd like to bring back public flogging & execution for violent offenders. Now that's deterence!

Re:Crackers: Worse than murders/rapists/molestors

[Chuut-Riit]

You've left out an important "feature" of the government view of the "paradigm." Information is only sacrosanct if it's the government's information. If the information belongs to a mere citizen, then it is imperative that that government be able to access and decrypt it because, you never know, that citizen might be up to no good. Welcome to fascism. Don't worry, it will get worse.

Re:Crackers: Worse than murders/rapists/molestors

[Stonehand]

Well, you've been bringing up the m/r/m people repeatedly. Got some names and cases for us?

Re:Crackers: Worse than murders/rapists/molestors

[mochaone]

Sorry. I disagree. I have no sympathy because this guy is a teenager. Our society has suffered quite a bit by coddling teenagers who break the law.

The simple fact is if we are to further this information/technology paradigm, integrity of data and systems is sacrosanct. You achieve this by prosecuting all who impede this goal. This wild west mentality where you just do as you please in the face of established law has to stop.

If you are looking for equity in law, please exhume my corpse in a 1000 years when you find it.

Re:Crackers: Worse than murders/rapists/molestors

[FreeUser]

Crackers are spending more time in prison than muderers, rapists, and child molesters because the government, particulary those portions of the executive branch concerned with the control and (mis)use of information (the FBI, CIA, NSA, SS, etc.), feel much more threatened by a cracker (whether a knowledgable one such as Mitnick, or Script Kiddie such as Davis appears to be) than they do by most violent criminals.

Let's face it, if someone spray paints obscenities on your house, rapes your child or kills your mother the government is not the least bit threatened, no matter the degree of personal trajedy in your life. On the other hand, crackers inhibit the government's ability to propogate its world view when they deface a web page, with the (unspoken?) threat of possibly doing much more (such as compromizing their databases and whatnot). Add to that the perceived threat to large business interests and you have an explosive combination of political will to CRUSH the perceived threat. Details like fairness, civil rights, or even constitutionality have a long and dark history of being swept under the rug under these kinds of circumstances. The law is being used to protect the existing base of power more than it is to protect individuals. It should be no surprise that the government will spare no expense going after those people it finds threatening, nor will it feel any compunction whatsoever in treating those individuals with as little fairness as it can get away with.

If we do not speak up and put an end to this dispraportunate treatment of crackers it will not change, as it does serve the interests of those who persue and prosecute the cases.

Re:Crackers: Worse than murders/rapists/molestors

[Danse]

Sorry. I disagree. I have no sympathy because this guy is a teenager.

Nobody was asking for sympathy. Just for fair treatment. Screwing up someone's webpage is far less damaging than raping, murdering, molesting, etc. Yet, for some reason, crackers get harsher treatment. It has nothing to do with age. It has everything to do with having the punishment fit the crime. As someone else pointed out, he didn't do anything to harm national security, but he'll probably receive a lot more punishment than those who allowed nuclear secrets to be released to China. It's a sick society we live in.

JAIL????

You've got to be kidding.

If (you break the law) then
Go to jail

I want to see YOU behind bars the next time you drive a mile above the speed limit, liter or whatever.

These are minor crimes, akin to grafiti with washoff paint. Get a clue (or a life)

Ha ha ha

Sure, he's a cracker. He's probably a script kiddie, too.

But I personally think all these cracked sites can be very funny. The army one is kinda lame, but when varsityblues.com was cracked, I was laughing my ass off. I guess I didn't see the point in making a movie based on the hardships of being popular in high school.

-Some Anonymous Coward
"I'm not an actor, but I play one on TV."

Was the bold type really necessary?

So if you don't walk around in a suit of armour it's your fualt that when I hit you with a lump hammer you get hurt. That makes sense. Wait a minute......? Can anyone spot the flaw in this entire thread. Think of it the humanist way...do unto others as you would have them do unto you. You leave my website alone and I'll not touch yours....break my site, I break your face. Fairs fair.

Re:Let's see here...

I'll bet you'd 'voluntarily' wave your rights to anything, Mr. SmartAss, after spending the same amount of time in solitary confinement. The treatment of Kevin Mitnick has gotten the attention of human rights organizations, and no, it isn't because they support cracking, it's because the US government violated basic, inalienable rights in their treatment of Kevin Mitnick. Oh, and what "gang" did the Feds have to keep away from Kevin when they shipped him away? More rationalizing bullshit from another clueless "law-n-order" freak.

?

[supz]

just reading the comments on this article is like really [mind expanding?]. there are mainly two totally different perspectives on this subject, that are both totally legit, but go contradict each other so much.

#1 being that you believe that the kids should get what they deserve for being stupid
#2 being that the server's are stupid for not checking

alot of educated-looking people have posted stuff supporting both of these view points.

just felt like sharing that

Re:?

being that you believe that the kids should get what they deserve for being stupid

Except that the FBI told this kid to knock it off and that they were watching him. I think even stupid people would get a clue after that. I think he was more arrogant than anything, and yes, arrogant people deserve to go to jail too.

being that the server's are stupid for not checking

There will always be security holes, so yes, even though they should make every attempt to block every known hole, this argument fails when it is a newly discovered exploit.

Computer's don't actively seek out crackers to crack them, it is the cracker that seeks out computers to crack. Let's don't blame the computer for this problem.

19 isn't a kid

[QBal]

I thought the guy was 19, around my age.

The guy was warned by the FBI that they where cracking down on their group.
But what does he do, he lash's out and hacks a web site.

I agree with your last point, but isn't that just what Chad did. He declared war on a group he didn't like.

I don't dig crackers who try and boost their own ego by defacing other peoples property.

Re:19 isn't a kid

[Danse]

As far as I'm concerned, you're a kid 'til you hit 21. At least that's the way the government looks at you, when it suits them anyway. If they limit your rights based on age, then they are treating you like a child. When you have the same rights as everyone else and are allowed to make your own decisions about what you should or should not do, then you're an adult and should be made responsible for all of your actions as well. It's no big wonder that so many of these teenagers act so immature. The government is trying to play parent to them and make decisions that should be left up to their real parents. It's not designed to do that and it fails miserably.

I agree with your last point, but isn't that just what Chad did. He declared war on a group he didn't like.

I believe the FBI caused much of the problem here in the first place. They call anyone who can run a script a hacker. They violate the rights of the people they charge with hacking. They demonize every stupid stunt some kid pulls as if it was a major threat to national security. It's no wonder they've pissed off a lot of people. The fact remains that what he did was only minor electronic vandalism.

I don't dig crackers who try and boost their own ego by defacing other peoples property.

I don't agree with what he did any more than you do. I'm just saying that there needs to be some perspective here. Throwing some kid in jail for a relatively long time for a relatively harmless, albeit stupid, stunt is not the answer. He did something that is done every day by thousands of kids across the country. He vandalised something that didn't belong to him. Unfortunately, since he fits the FBI's description of a "hacker", and since the "war on computer crime" is the FBI's latest crusade, he's going to be treated MUCH more harshly than any other vandal in the country. Where's the justice in that? Equal crime should get equal time. That's not going to happen in this case though. They're going to blow it way out of proportion and get the media in on the act. Make the kid out to be some kind of anti-American troublemaker who was out to screw up the governments computers and cause general chaos. He'll be tried and convicted in the media before he ever sees a judge.

Let's see here...

[GMontag]

Is Chad going to be placed in solitary confinement until he "voluntarily waives" his rights to preliminary hearings, like Kevin?

Is Chad going to be charged in the farthest point away from WI, in the continental US, like Bill Cheek?

Is Chad going to have to rot in a "pre-trial" facility for 4.25 years until he "voluntairly pleads" to some of the charges?

Have the Feds created $multimillion in damages yet?

Yea, screwing with a web site should be punished, at about the same level as littering. NOT to the same level as murder.

Re:Let's see here...

[GC]

Littering?

Surely if someone removes your files from a web site and puts their files in their place then we are talking theft. They have taken YOUR pages.

I personally believe that you shouldn't be able to be charged with computer crime unless the authorities can prove that you used a known exploit such as brute-force password cracking or exploiting a trust relationship. If the only evidence is that the files were changed then the fault should lie with the poor security at the site concerned and not with the person who changed the files. I understand that this can be complicated to enforce, but if people are going to leave their sites wide-open to attack they can expect them to be attacked.

After all, you wouldn't leave your wallet on the pavement and expect it not to be stolen, and I doubt the authorities are going to waste their time trying to find it if you tell them where you left it.

Re:Let's see here...

Yep, it's a conspiracy.

And we need smarmy little magazines like 2600 to inform us of that fact.

Like, get real.

Re:Let's see here...

[stanlee]

I'm reporting your OBSCENE posting to my local literary warden. The use of the word 'smarmy' on an electronic storage and retrieval system is prohibited by USC3098.9 (classified).

You can expect your literary license to be revoked shortly. Honest, hardworking readers of Slashdot will not tolerate your public posting of trash.

Re:Let's see here...

[GMontag]

If use of that language is illegal, should not the coward be hanged? LOL

Re:Let's see here...

[Stonehand]

If you waive your right to a speedy trial, you deserve what you get.

It's standard practice to move inmates far from their homes. It's SOP because you want to keep them away from their contacts and their previous environment as much as possible, because otherwise you get cases like the leader of the OGs quite probably running his narcotics business from jail.

If you damage a web site, any admin worth his salt knows that he quite possibly has to reinstall the whole damn thing, *AND* warn all his users who may now disappear due to a lack of trust. That's damage. It's more destructive than littering, unless the latter includes, say, littering with attache cases lined with RDX and timed fuses.

I got raided because of gH

[poptix_work]

The morons at the FBI actually thought I was one
of the leaders in this group, that I hadn't ever
heard of before, because some complete MORON at
Internet America (www.iadfw.net) in the abuse
dept. has a personal grudge against me, they took
my computers and said they needed them for
evidence, now, 6 months later, I haven't heard
anything from the FBI or anyone else about my
computers. This goes back to the story the other
day about the FBI keeping peoples computers...

I just wish the FBI had more of a clue, or would
understand that they're taking on way more than
they can handle, it's like someone said the other
day, the 'war on hax0rs' is like the 'war on drugs'
they can't win simply because of the number of people
hacking/cracking/being script kiddies, and they spend
so much time harassing the people who didn't do
anything that they don't even notice the people who
are.

Re:This proves that people need to tighten securit

I think an important distinction needs to be made here. Individuals not securing their property take their chances but in the end what they do has no bearing on other people. Government and banking institutions have a responsibility that comes with the position to secure their data. I have no sympathy for script kiddies as well, but I do find the lack of attention to security rather disturbing.

Re:This proves that people need to tighten securit

[HiThere]

Let's not confuse things.

1) The bank and it's employees should be liable because they did not fulfill their responsibilities properly.

2) The bank robbers should also be liable, because they took the money.

The problem is when you try to weigh the relative responsibility. If it was easily predictable that the money would be taken, then the bank and its responsible people, if any, should be totally 100% liable.

If it is on a busy street next to an elementary school, the students there have been tempted unfairly.

Adults are expected to act in an adult manner, even in the face of temptation. This may not be realistic, but it is what is expected.

Persons intermediate in age between elementary school children and adults should be treated in an intermediate manner.

Problems:
1) How can you hold an abstract entity, like a company, responsible? (Possible solution, band together in groups to hire lawyers, etc.)

2) So the kids were unfairly tempted? So what! If you don't teach them about consequences, they'll never learn. (Counter argument: children need to be protected from the serious results of bad decisisons. They need appropriately graded challenges and rewards/punishments.)

3) ...

There doesn't seem to be a clear-cut point here, except:
a) The officials should be held responsible (i.e., face the consequences of having created and maintained an attractive nuisance, at minimum. If they are more culpable, then they should be punished equally with the other criminals.)
b) SOME punishment should be inflicted on the infringers (tresspassers, graffitti "artists", whatever happened)

BUT
most of the "officials" are probably incompetent, and those who are not were likely not to be in positions where they were allowed to make and implement decisions...

Global Hell?

[logycke]

Global Hell - ah, so that's what it stands for. Of course. I always wondered what that symbol for David Geffen was all about.

Re:This proves that people need to tighten securit

[substrate]

So in other words if you happen to forget to lock the door to your abode I can feel free to walk out with your computer, tv set or anything else that catches my eye? What was your address?

Speedy Trial

Yes, this script kiddie deserves to be prosecuted, but he also deserves a speedy trial, not to be left rotting away for several years in prison.

People need to learn that computers are personal property and you are tresspassing if you do not have authorization to enter. Finding a security hole in a computer is like finding a broken window in a house. Sure, you are able to gain access to the house, but you are tresspassing if you do so. Yes, the owner should make every attempt to fix the broken window once it is discovered, but that still doesn't give you the right to enter.

Re:Speedy Trial

[magnetx]

Damn, I wish I could fix the broken window on my system that is letting SPAM in.

Your're wrong!!! (?)

[seizer]

Actually, you are half right. I think the issue here is whether the authorities will sentance fairly (all assuming the guy's guilty *cough*) or whether they'll try to make another punitive example of somebody who may still have some redeemning qualities.

--Remove SPAM from my address to mail me

The key issue of the article, that I see is:

[fastang]

Take into account the following 2 quotes:

""It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator."

"like Davis, who are relatively brazen and unskilled, according to federal law enforcement officials and computer security experts."

If they are so unskilled how did they crack so many, high profile sights? Is the security that bad, or do they expect us to believe that these crackers have in their possession "SuperDooper" powerful software that cracks the excellent security in place on these servers.

Re:The key issue of the article, that I see is:

[fastang]

Oops, sites that is.

Re:The key issue of the article, that I see is:

Usually, the security is that bad.

With new exploits being found routinely, an administrator needs to stay on top of patches & updates. If they don't, they're usually an easy target even for a script kiddie.

There's a common thread

[KnightStalker]

I think everybody agrees, this schmuck is not going to get a whole hell of a lot of sympathy :-)

Um....

[PollyJean]

Nice to compare a script kiddie to three mass murderers & a mail bomber. Let's see...

Folks listed above...approximately 11,900,167 deaths / script kiddie 0 deaths

Not exactly the same league.

If he cracked the site, he should be punished, but let the punishment fit the crime.

Pol Pot died under house arrest for his mass murders. A web site cracker should get, what, a fine, maybe some community service & probation. Let's keep this in perspective, here.

As usual /.ers just don't get it

It is no doubt that what these kids are doing is wrong.

However they are being penalized for breaking and entering/destruction of gov property

when the crime is more akin to

Grafiti

With easy to wash off/non destructive paint

It's not crime/nocrime but the fact that the USGOV, in lieue of installing proper security (no firewalls at my gov site!) is putting it's efforts into something it understands: Harrasing civilians.

(I would PAY for a /. spell checker!)

Enough already

[asad]

Am I the only one to be tired of hearing about script kiddies in the news ? I mean there are so many more interesting people doing constructive things with their time that I am amazed with the media's fascination with "crackers". I could understand if the person had found some new and obscure bug that no one else had noticed, ok that would be minor news but the fact that some script kiddie broke into a military site *again* is hardly new worthy. And the worst part of this whole thing is the image the computer industry gets from this, I don't know how many times I had friends who don't know anything about computers ask me if I can break into some computer site for them. Is anyone else tired of all these "cracker" stories ?

Re:Enough already

I could understand if the person had found some new and obscure bug that no one else had noticed, ok that would be minor news...

These script exploits have been around for how long, and the system administrators have not run them against their own systems to look for (and close) vulnerabilities?

I think the news here is that the Federal government is maintaining an attractive nuisance (many, actually), and is refusing to accept responsibility for mitigating its own damages. Siezing thousands of dollars of equipment (which may not even belong to the alleged criminal) and charging the perp with a felony is obscenely out of proportion to the severity of the offense, and it lets the government off the hook for maintaining the security of public computer systems. And that, my friends, stinks.

Re:Enough already

[Iambe]

Why it sounds like actually cracking into government sites is a bad thing....


Quite frankly, I do not give a shit. A script kiddie caught. BFD

Re: This is a bunch of

[friskyotter]

Crap. Don't try to dignify anti-social behavior as "protest". The whole point of culture jamming is to gain a voice in media that ordinary people (read: not rich) are shut out of. Most folks can't afford a billboard, a 30 second TV commercial or even a half page ad in the local newspaper. Virtually anyone can get their content onto the web however, and could probably even do it for FREE if they talked to enough people. And if no one wants to hit gHell's web site to drink of their wit and wisdom, well cry me a river... Everyone should be guaranteed the right to speak their mind, but NOBODY has the right to be guaranteed an audience! Let's face it, by hijacking a web site these dolts are forcing people (however briefly) to view something that they had no intention of viewing, as well as denying those people whose sites are hacked the right to express their own views. And don't even start with that "The MAN has no rights because he's so bad" crap: Free speech means free to everyone, else it ain't free now, is it?

Re:Why I Gave Up on Representative Democracy

[dpdx]

I sincerely hope you read this, despite it having been posted a day late.

You left out one serious change effector:

• Large gobs of people, especially when they make large gobs of noise and cast large gobs of votes.

See, the "large gobs of $$$" thing is one of the things we're supposed to get mad about, and throw the bastards out for. But it doesn't work when so many people (especially 18-35) give up on the process.

The other forms of protest are wonderful, but they can be repelled by force of law, unless more people like you continue to assert their right to vote, and continue to work for change within the process.

That's how Burma keeps its citizens down, BTW; by doing a buttload of horrible acts to ensure that they feel just like you do -- powerless. By comparison, it's a cakewalk for you to change your government; just continue to be as smart as you are, but be noisier.

I am glad to see...

[KrAphtd1nN3r]

that most people don't automatically get a "throw the guy in jail, or just kill him for that matter" approach to the subject. It seems that past polls on such controversial subjects have produced comments I could not believe!



He might have done something stupid, but he still has rights! Still, what he did was kinda lame, and he deserves a punishment, just not a big one!

Actually it was tourism.

[DunbarTheInept]

There are a lot of people in Chicago who drive north into Wisconsin for quick little weekend trips or cheap summer vacation camping. Most of Illinois' forests, what little there once were, have been cleared off for flat farmland. Wisconsin has more woods, although it has some cleared out areas too. So there are a lot of places to go canoeing, hiking, camping, skiing, snowmobiling and whatnot. The problem is that all it takes are a few bastards to make the whole group look bad, and for a while there was a feeling that when you saw an Illinois license plate, you cringed. It was unfair and irrational, but that's what the common feeling was. There was also often a sense that a lot of Chigacoans saw Wisconsin as being their backyard playground, and this caused some resentment.

I don't know how much of this sentiment is still around. It's kinda dumb when you think about it - these people are bringing in lots of money, so be nice.

Re:This proves that people need to tighten securit

So in other words if you happen to forget to lock the door to your abode I can feel free to walk out with your computer, tv set or anything else that catches my eye? What was your address?

Cann your home insurance and file a theft claim. And tell them you left the front door unlocked. See what they say. Sane with auto insurance companies. If you're ripped off for being stupid, they'll compensate you less, if at all. Blame is not something that rests all on you or all on the thief, but a question of who bears what percentage of the blame.

What would you expect to happen if your wife parked your new convertible Ferrari on the street in the middle of Watts and left it there over the weekend. Would you feel 100% relaxed and not worry because 'the law' says the theifs bear all of the guilt? Would you place zero blame on your wife? I wonder.

Skill is not an excuse to break the law!

Yeah, right. Charle Manson had skill, and Al Capone had skill too.
Doesn't matter if you are dumb or smart, just don't break the law!

Re:Skill is not an excuse to break the law!

[Danse]

Doesn't matter if you are dumb or smart, just don't break the law!

Tell that to the people who kept Mitnick in jail for so damn long without even a trial. In that case, both sides were acting criminally. I would consider Mitnick's offense to be the lesser one though.

Re:This proves that people need to tighten securit

More like, you should check to see if your door has a lock in the first place. And if you don't bother to look to see if the windows have latches, the negligence is entirely yours.

This is the most/only interesting part for me...

[E-Rock]

Quoted from the article:
"...like Davis, who are relatively brazen and unskilled, according to federal law enforcement officials and computer security experts.

"It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator. "

So he didn't have any mad skills, but he walked all over government servers?! Is this an advertisment that govermnet servers have poor admins and no security?

Fix the servers!! Stop wasting my money chasing script kiddies around the internet and make the server safe from all but the truely skilled hackers.

Used as an example? Oh, the poor martyr.

[Wakko+Warner]

Look, if you do something illegal, you should expect to go to jail. The first "Free Chad!!!" web banner or tag I see, I'm going to vomit.

- A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Re:Used as an example? Oh, the poor martyr.

[G_Love]

Get a bag, then, cause some A.C. posted that already...www.freechaddavis.com. Yeah great. This kid is stupid. "hmmm, let's see, the FBI knows I'm into cracking, they've confiscated my computer once...maybe they stopped watching me!!! Yeah, that's it!". Seriously, this kid deserves a nice speedy trial by jury to get his dumb-a$$ in jail. To attack a gov't. site is inviting the FBI to come after you. Now, the gov't. shouldn't get away scott-free either. If he was truly "unskilled", it must have been the 31337 scripts that he downloaded that allowed him to crack a gov't. server, right? Try improving the security before wasting more of my tax money on prosecuting some kid who's just trying to prove he's cool too. Bah! The whole thing is stupid. And only barely comparable to the Mitnick case.

FREE * !

[babyroo]

Come to my website, and click on the ads to support the Free Chad cause! Also, visit my other sites:
"People for Pol Pot"
"Save the Unibomber"
"Free McVeigh"
"Heritics for Hitler"
All the money I make will go to these worthy cause, I promise!

"What is now proved was once only imagin'd"

Hear hear!!!!

Well said, mattc.

So another script-kiddie acts like he is god and gets caught.

Big smegging deal!

Throw him in jail with all the other criminals, and let's move on to more important / worthwhile topics.

Re:This proves that people need to tighten securit

[Androgynous+Coward]

What if I just walk through your neighborhood checking each door and window to see if there's a forgotten lock or latch? Or maybe you didn't roll the window on your car all the way up and with a piece of wire I can easily get the lock open?

But I'm not evil. I wouldn't steal your car; just take it for a ride and piss in the interior before I leave.

But maybe you're careful but your family isn't. Perhaps the gas cap on your mother's car doesn't have a lock and I can pour sugar into the tank.

Think carefully about what you're saying. It's corny but in essence time is money and having to rebuild a server after compromise is expensive.

AC

Punishment should fit the crime

[Sun+Tzu]

Agreed. Violent criminals should rank higher on the FBI's lists than mere vandals, even computerized ones.

And, your suggestion for punishment is a good one, IMO. The ego-driven cracker/vandal would be appropriately punished in a way that diminishes their prestige and matches the crime.

Meanwhile, there would be room in the prisons for longer sentences for murderers and rapists... Unfortunately, those evil pot-smokers are sucking up so many cells as to make this cracker problem vanishingly small.

Re:Give the cheesehead a break...

FIB!!!

just what we all need

[kootch]

another case to make hackers look like the bad guys. I can respect people that hack sites to point out security problems and make a political stance, but hacking a site just to poster inappropriate messages on the splash page and so you can brag to your little prepubescent friends is just enough.

while the hack/non-hack of hotmail the other day was a welcome and necessary hack (I only use hotmail with PGP), this little turd who just wants the attention his parents didn't give him isn't worth the electrons that are flying at my eyes as I read what I'm posting.

Re:just what we all need

I can respect people that hack sites to point out security problems and make a political stance

Can you respect people who streak feces on your windshield to point out that it's possible to streak feces on your windshield? Are you gonna then spend money to build a garage or an electric fence and gate to protect your car from them? Are you going to thank them for making it necessary for you to do that?

The fact that it's possible to break the law doesn't excuse people who break the law to demonstrate that it's possible.

Re:just what we all need

[kootch]

Oh, I respect them, but they should also be punished. sorry I didn't make that clear. but then again, I'd rather be warned about a security flaw by something harmless than have it bite me in the ass on something important.

He gets what he deserves

[Billkr]

This kid is class A1 STUPID! When you are under investigation from the FBI you should not be hacking into government computers to get back at them DOH! Oh well, I guess this is an example of Darwinism. Put another criminal behind bars.

Re:He gets what he deserves

[Kilzall]

and certainly not from his own phone. Natural selection among crackers at it's finest.

The feds just need another Rusty Scabre to rattle.

[mattz]

...at all the script kiddies since mitnick is basically a done deal......

Too funny

[Billkr]

I laughed hard and then started to worry that you might be serious. Whew... no such page

Re:Give the cheesehead a break...

I agree. There are very few rude, fat, smelly, ugly, obsessive people that are computer literate in WI. I'm happy to be one of them.

Re:This proves that people need to tighten securit

Don't you mean BUILD the server after comprimise?

The real cost to most of these break-ins, BECAUSE they are performed by script-kiddies, is not
the cost to REBUILD anything but the cost to
BUILD the server as it should have been build in
the first place, SECURELY.

Stay! Your wish is granted.

[Signal+11]

Before everybody goes off with the "you get what you deserve" rant.. I would like to make a few points, and why if the government does what I think it's going to do .. it wouldn't be good for anybody.

First, defacing websites is a crime - duh. But it shouldn't be a felony to do so - it should be a misdemeanor just like the realworld equivalents of "damage to property" and "vandalism". The government is deathly afraid of a medium that it can't control - which neatly explains the outrageous legislation being passed right now.

Second, this story will get sensationalized. Again, another obvious "duh!". The media loves scaring people - and the idea of some guy involved in a hacker crime ring hell bent on overthrowing the evil capitalistic system will be raised no less than 2^32 times. Jesse Burst may even comment on it.

Third, the you're-guilty-otherwise-they-wouldn't-have-arreste d-you dogma will also come to bear in the next few hours on slashdot. May I remind you that unless you disagree with the constitution - it's guilty until proven innocent.

I would also like to point out that the "setting an example" method of enforcing laws has been proven to be ineffective. We legislated the death penalty.. and the murder rate didn't change. We took it away.. the murder rate didn't change. That is one example, but their are case studies replete with more.

So what does this accomplish? It gives law enforcement good publicity (makes them look like they're doing their job instead of snacking down donuts and violating people's civil liberties), and it gives everybody the shaft because it's one less right that you have in our legal system.

constructive criticism appreciated - flames to /dev/null.

--

Re:Stay! Your wish is granted.

[Signal+11]

Sorry, I meant to say "innocent until proven guilty". A freudian slip, perhaps?

--

Re:Stay! Your wish is granted.

[Overt+Coward]

I would also like to point out that the "setting an example" method of enforcing laws has been proven to be ineffective. We legislated the death penalty.. and the murder rate didn't change. We took it away.. the murder rate didn't change.

Actually, that's not true. States that have the death penalty and that actually use it on a consistent basis have seen a shift away from violent crime. Oddly, the crime rate overall remains roughly the same, but property crimes increase while violent crimes decease...

Re:Stay! Your wish is granted.

[Signal+11]

That's really odd, because we discussed this in our state & local politics class - and it was that exact example used to prove that "setting examples" didn't work for law enforcement - ie: had a negligible effect.

Maybe the study you read made the mistake of going by total murders rather than per capita? I don't know.. but I'd love to see anything you can dig up on the topic.

--

Yeah right.

Oh great, now we can have MORE web pages peppered with stupid "Free Kevin!" and now "Free Chad!" .gif files.

Get a life. This kid is a dork script kiddee, and Mitnick wasn't much above that. They both get what they deserve, and I"ve got no sympathy for them.

Before anyone else jumps on the 'Free whoever' bandwagon, I URGE you to read Erik Bloodaxe's final editorial in Phrack magazine. It speaks volumes about idiots like Mitnik and Chad Whazizface.

Re:Yeah right.

Mitnick was persecuted, not an idiot. Chad Davis is an idiot. So is Erik Bloodaxe.

Re:This proves that people need to tighten securit

Bank Robbery Script for kiddies:

1. Check that it is a time when banks are open.
2. Find bank with glass front or doors. Many do, as you have noticed.
3. Hit glass with sledgehammer.
4. Climb in.
5. Get into teller area, either by climbing over counter or breaking door to their area.
6. Open cash drawer.
7. Take cash.
8. Leave.

If any of the steps fail, try some place else.
Obviously, this breaks several laws and someone has to clean up the resulting mess. In real life you also have several more risks which are not present in a script, but then cracker scripts also do not include the risks of getting caught nor do they tell you the penalties of attacking computers. Most crackers also have no idea of how much paid time the sysadmins will have to waste to clean up a mess, nor the bandwidth expense of their scanning.

Basically, just because you can do something does not mean that you should do it. So a vandal got caught. Good, make him pay restitution and add enough additional penalties to teach him to not do it again (merely requiring restitution just means "only break something if you can afford to pay for it if you get caught", which does not help with restitution for the things which are not proven to be due to him.

Mindphasr/gH

[prodeje]

Heh. You get what you diserve. If you think this kid did nothing to provoke the FBI, check out some of the hacks by Global Hell (the hacking group Chad Davis was affiliated with).

http://www.attrition.org/mirror/a ttrition/gh.html

...

Re:Mindphasr/gH

[prodeje]

Chad Davis is a he.

And he still broke the law by breaking into their systems and defacing their web page. They're also charging him with trying to cover up his tracks, altho I don't understand that charge.
...

mitnick

Mitnick had good social skills, but he was a freak show at the same time. I think the punishment he has received is harsh, but he knew what he was doing. I really have not seen anything that has impressed me from him though.

Right on! Cracking == 20 years min!

Get a FUCKING clue! Defacing a web site, like grafitti on a wall is hardly a major offence. A misdemeaner tops. But Like Mitnick, gov't will want to "make an example" of this guy he will be charged in such a way that he'll face a maximum of decades in prison, while KILLERS, RAPISTS, CHILD PORNOGRAPHERS, etc. are tried, sentenced, jailed, and back out on the street before this guy even sees a judge. But then, I guess this is all right you?

Let the punishment fit the crime. How would you punish a grafitti vandal?

Re:Right on! Cracking == 20 years min!

Coat him in his own paint is how I would punish him. Comparing this kid to Mitnick is like comparing apples to oranges. The idiot decided to show he had brass ones and wow his friends by smacking around the army website. As someone said before Big smeggin deal

Re:Right on! Cracking == 20 years min!

[Fastolfe]

I didn't realized he'd already been found guilty and sentenced yet.

In the future, wait until the guy's actually been SENTENCED before you go comparing his sentence to that of other types of criminals, and remember: Just because the law provides a MAXIMUM penalty of "..." rarely means the offender will actually get that sentence.

Re:Right on! Cracking == 20 years min!

[Danse]

In the future, wait until the guy's actually been SENTENCED before you go comparing his sentence to that of other types of criminals

Jeez... how long did it take them to sentence Mitnick? How long did he sit in jail before he even got to see a judge? The problem here is that they assume guilt and you can sit in jail for a long damn time before you even find out what evidence they have!

Re:Right on! Cracking == 20 years min!

[cswiii]

:Get a FUCKING clue! Defacing a web site, like grafitti on a wall is hardly a major offence.

As far as I'm concerned, taggers can be thrown in with bubba, too. It's not a major offense until it's your house or car. Better yet, defend them all you want, after you spend a day scrubbing down, acid blasting their 'art'.

I revert the question back to you; how would you punish a grafitti vandal? You can't tell me that a kid is intimidated anymore, after one or two stern warnings from a judge.

Re:Right on! Cracking == 20 years min!

[noom]

In general, defacing a web site should be considered MUCH worse than mearly spray-painting a wall. Consider for a minute how much money a popular site like CNN.com could lose if their Ad banners weren't displayed... Cracking a website is more akin to editing an episode of "Friends" before it airs on television so that Chandler appears to say "Suck my #$^@ FBI!" instead of his normal one liners.

I say give him a $1000 fine and a crapload of community service. If he's as stupid as Mitnick and keeps doing this shit, give him a year in prison (along with fining him for any damages). And beat his ass with a cane on national television while you're at it.

-NooM

Some People have to Ruin it for others

[JediLuke]

You know how the media loves fodder to blow everything out of proportion, so the mindless masses can say "oh computers are evil"? Its people like these that help the media procreate this steriotype that the internet is a hole of fraud, trechery, and deception. But the don't see it for what it can be, the greatest information resource on the planet.
JediLuke

We were DoS'd yesterday

[macdaddy]

Our University mail server was DoS'd yesterday. Thanks to our NFS mounting scheme, it eventually stalled our central unix system (all new connections at least--if you were already on you were ok for the most part). From what I understand, the FBI has been notified. What does this mean to hackers? Don't fsck with someone that's bigger and badder than yourself unless you want one hell of a headache! Hackers be warned!!!

Re:This proves that people need to tighten securit

Nope.

Private property is private property.

Stealing is theft.

Trespassing is trespassing.

There shouldn't be a need for draconian security measures, any more than people should be blamed if some drunk comes by and shouts into their bedroom window at night.

There are clear thresholds laid out. It could be as simple as a logon prompt that states you're entering a private area and do not have permission. There doesn't need to evev be a password prompt beyond that for you to be breaking the law if you proceed.

Why does this not seem obvious to all? Could it be because there are a lot of moral cripples out there on the net?

GO PACKERS!!!

GO PACK! SUPERBOWL !! WOOT!! FARVE KICKS ALL YO HAX0R BUTTS ps. HACK THE PLANET!

Re:This proves that people need to tighten securit

So I can throw a grenade at your house since you are the one to blame for not living in a bunker.

Think about it, we have the right to shoot people
if they are not wearing a bullet proof jacket.

Free Pol Pot ! Free the mass killers !

yawn.

The only thing lamer than all the cracking that's been going on is the over-coverage of it by our hysterical news media. I think this is a response to an utter lack of anything interesting or useful to say about the future or computer technology.

Re:yawn.

[stanlee]

Well they have to divert attention away from East Timor and Somalia *somehow* don't they?

Re:yawn.

[Stonehand]

... or other fun stuff like former paramours of first people alleging cocaine abuse by a certain highly-placed ex-Governor while in office, or whether Congressional minority party "investigators" coached witnesses on how and when to take the 5th, or so forth.

Or, the fact that the UN is still trying to force ethnicities that bitterly hate each other to remain in the same nation...

Or, that the fact that most watchers of the national news here have absolutely no clue where East Timor and Somalia are, or remember our most recent excursion to the latter.

Sure, might as well distract 'em. Toss 'em a story that people think they understand.

The only reason one should care about Chad Davis..

[ScrappyTheObscure]

Ok, so Chad Davis is no Kevin Mitnick, but by shrugging off what happens to him -- stupid insignificant grafiti-loving brat that he is, we're saying that the government should incarcerate for electronic breaking and entering as though it were the same crime as 1st degree murder.

Is electronic breaking and entering without actual destruction of data really a high crime? Chad Davis didn't cost the govt anything but its pride. He destroyed nothing, and took nothing with him when he left, just left his tag behind. He cost them system down time probably, but what else?(Correct me if I'm wrong about this one.)

Don't get me wrong, the kid IS a criminal--but I wouldn't send him to the pokie to be raped daily by violent offenders for the next 20 years of his life in the hopes that someone else will remember it and think better of cracking. People who crack IMHO will NOT care -- and the really young kids who do it will simply idealize the incident.

So get rid of all the locks on your home...

Of course you won't. You know that there are Bad People out there. Regardless of who is as fault when a breakin occurs, you want to prevent the breaking from happening. It's why you don't flash lots of cash in bad neighborhoods. It's why you lock your car when you park it. You know that if you act st00pid and fail to modestly protect yourself that you will be victimized. Web sites are no different.

You were stupid yesterday

Thanks to our NFS mounting scheme, it eventually stalled our central unix system

You called the FBI because you don't know how to set up NFS properly? Gimme a break.

Don't get me wrong, the person who cracked your mail server should be caught and punished, but what they did is not made any worse by your poor NFS choices.

Hackers be warned, indeed. Probably the reason they could fsck with Mr. Bigger and Badder here in the first place is that his mail server was as half-assed configured as his NFS cluster.

I love it!

[Fastolfe]

"It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.

It's about time the media started relaying this crucial bit of information. These gimps are nothing more than IRC script/packet kiddies that were shown how to use a few of those l33t exploits that appear every week or two.

They're not smart (obviously in this case); they aren't "skilled members of the hacker community." They're CHILDREN that aren't supervised enough by their parents.

The kids deserve what they get, and their parents deserve to be held accountable for the monetary damages.

I mean how stupid can you be? If you're going to break into a government system, don't do it straight from your dialup account! Again, he deserved it. I have no sympathy. In fact, I just wish the number of arrests for this type of thing (including more of the DoS-type of attacks) increased by an order of magnitude.

Re:This proves that people need to tighten securit

Do we even know the nature of the exploit yet? Yes, it could be as simple as a door left unlocked, or it could be a little more sophisticated. Granted, if you don't take a least miniumum security precautions, you have no right administering a server, but let's don't jump to conclusions yet.

Everyone knows that the only secure computer is one that is not connected to the Internet, and everyone knows that any house can be broken into, or car can be stolen, if the thief is really determined. Bottom line, this kid (although he is 19 years old, so he should know better) commited a crime and should be punished appropriately. This is definately not on the same level as murder, rape, etc... and I don't want to see prison space filled up by script kiddies while we have to release dangerous criminals. So maybe they can give him community service or something. Just get it over with quick so we don't waste too much time or money.

He asked for it

[um...+Lucas]

Based on what I know, briefly... The FBI told him they were on to him & his group. He went out of his way to taunt them by defacing a military site. For that, HE'S NOT GONNA GET JUST A SLAP ON THE WRIST.

Simply defacing a site, who cares? I mean, anyone in the world should have a tape backup somewhere that they can grab and restore. When you start talking gov't & military sites, though, the action is taken much more seriously. Just like if you spray paint something on a building, that's vandalism, but if someone spraypainted something on the Vietnam Memorial, they'ed be lynched either in or out of jail...

Re:He asked for it

[Danse]

Just like if you spray paint something on a building, that's vandalism, but if someone spraypainted something on the Vietnam Memorial, they'ed be lynched either in or out of jail...

I wouldn't compare spraypainting the Vietnam Memorial to defacing some Army webpage. More like tagging the side of the post office or army recruiting station or something.

Re:He asked for it

He deserves what he gets! aI hope he gets locked up and becomes somebodies girlfriend in jail.

Re:This is the most/only interesting part for me..

ix the servers!! Stop wasting my money chasing script kiddies around the internet and make the server safe from all but the truely skilled hackers.

Why should all our tax dollars go to build a bigger cage to keep overgrown children from wandering in and breaking things?

If anything, the dollar a day labor these creeps make in prison pressing out license plates should be contributed toward "fixing the server" as you put it.

Punishment not fitting the crime?

[Fastolfe]

For those that invariably keep repeating that punishments for computer crimes seem excessive compared to other violent crimes, WRITE YOUR CONGRESSMEN.

If you folks would spend HALF the time actually writing letters as you do whining on Slashdot, I'm tempted to say we'd see a difference in the behaviors of some of our congressmen and thus, our nation.

I bring this up every once in a great while, and every time I get somebody responding that says I'm naive, that our government isn't OUR government at all, but acts in its own best interests (which, "obviously," aren't our own). Do you have any idea how many letters your congressmen get? I know my state representatives somehow find time to individually read and respond to my letters in just a few days. My national representatives usually have somebody else going through the mail first, but each of my letters have been hand-signed and written *by* the person I wrote (and yes, I can tell the difference between an aide-written letter and one written by The Man himself). If these guys can find the time to do this sort of thing in addition to their duties as our state and nation's lawmakers, perhaps they aren't hearing enough from their constituents? Hell, most (all?) of them now have e-mail addresses that are given just as much priority as postal messages.

I wish you doomsayers would stop sulking under this dark cloud of opression and figure out that this is YOUR government. These are YOUR elected leaders. Do you guys honestly believe that each of your elected leaders just somehow automatically get inducted into some secret club hell-bent on destroying the lives of the citizens that elected them in the first place?

he's not even accused of the same thing as mitnick

[stanlee]

This kid is *NOT* 'the next kevin'.

He has about as much in common with Kevin Mitnick as Steve Jobs (they were both 'hackers', get it?).

So now Kevin Mitnick is accused of web hacks?

[stanlee]

Since when did Kevin Mitnick deface .gov web sites?

I fail to see any similarities.

Re:Feds==One way street.

Hacking/Cracking just happens to be a hot button issue now.Mitnick was stupid so's this latest one but the feds seem to go way overboard with this stuff. They seem *awfully* sensitive when it comes to *their* stuff but they have no problem at all with making the internet a place devoid of privacy. Didn't the FBI block access to an entire satellite because they were unable to tap it? This stuff is waaay ridiculous. They should provide the respect that they expect given to them. We've got some nasty laws on the books and the FEDS keep getting worse. When's it gonna stop?

4.5 more years without trial?

[stanlee]

Oh I see, the similarity is going to be when this kid gets put in the hole for almost 4 years too.

Re:Setting an example

[MoodyLoner]

No, but the words "due process" do.

6th amendment, perhaps?

I believe that is where the "presumption of innocence" falls, but I am not certain as I am no Constitutional lawyer. Once I'm off work, I'll be sure to ask my friend who is :)

Like pissing on a police car...

...that's idling in front of a donut shop.

Stupid

script kiddie

I find it amusing and revealing how everyone feels the need to call him a script kiddie. Why do you call him a script kiddie, do you know anything about this person? Of course you don't. Is a 19 year old a kiddie? You see someone do something which you are unable to do, so you feel the need to rationalize your lack of knowledge as "oh it was just a script kiddie, he was just using scripts and knows nothing. Of course I could do that if I wanted to".

I always wondered what FIB meant.?

I always wondered what FIB meant.?

Re:I always wondered what FIB meant.?

[BugMaster+ChuckyD]

FIB = F?cking Illinois Bastard

I beleive it originated from when the drinking age was21 in IL & 18 in WI so teenagers would drive up to WI to get drunk and act like bastards up there and kill people on the drive home.

Before anyone even says the word 'hacker'...

This is a response to the dork somewhere in the earlier posts that said "Cracker == Hacker...get over it." Before you open your big yap again, read the link below. Before you put up more stupid "Free Kevin" and "Free Chad" banners, follow this link. Scroll to the bottom. READ Erik Bloodaxe's final farewell to the -real- hacking scene. See, people like Mitnik or this Chad dork deserve what they get. They aren't hackers of ANY calibre, and they have nothing but arrogance on their side. The term "hacker" actually had some real meaning once. It didn't refer to mindless vandalism, nor did it refer to leaving racial epithets on someone's voicemail box. Here's a clue: you aren't a hacker. No one is anymore. The genre is dead for all purposes. All we have now are 'l33t h@x0r wannabes armed with scripts, stupid mottos and hugely inflated egos. Read this. Catch a glimpse of what was ONCE the hacking scene. Notice how it doesn't involved idiots like Kevin Mitnik. http://www.phrack.com/search.phtml?view&article=p4 8-2

Re:Before anyone even says the word 'hacker'...

[stanlee]

Praise the lard.

Re:The feds just need another Rusty Scabre to ratt

Actually, since there seems to be a severe deterioration of our sense of ethics as a society, it seems it's become necessary to make an example of a few of the morally crippled people who can't tell right from wrong.

Most of us can tell the difference between right and wrong. Those who can't must either be taught, or if that proves impossible, be coralled in somewhere so they can't continue to do damage to others.

Apples and Oranges

[X-Nc]

This kid is nothing like Mitnick. He malichously broke into a system to intentionaly cause damage. I happen to personally know the guys who run www.army.mil and the kind of crap this script kiddie pulled isn't really worth space on /. but that's not my call.

The one part that I am behind is the punishment for this crime. It should not be anything near what a "real" crimminal desirves. He should get a big-ass fine and maybe some minimal time in a minimum security place.

That's my opinion.

---
"Who pill da cubby custar?"

Re:Apples and Oranges

[stanlee]

What was the damage he 'intentionally caused' again? He must be a *really* inexperienced cracker, because I don't remember reading about any damage being done.

Re:This proves that people need to tighten securit

[Ronin+Developer]

What gives anyone the right to gain unauthorized access to someone elses home or computer? This isn't just about some script kiddie. It's about lawlessness and anarchy. How many of you actually think it's okay to run a stop sign because "nobody's coming" (oops..didn't see that jogger) or drive through a residential neighboorhood at 11 PM with your windows open blasting 1000 watts of pure bass for all to hear? Same thing. Lawlessness.

Is it okay for someone to check to see if your front door is unlocked and just walk in, look around, and do whatever they want?

People scream about privacy and how the gov't is allowed to invade ours. How is what this punk did any different? Don't people have a resonable right to privacy and intrusion? At least the gov't has the law on their side and have to account for their actions.


Burn the little punk. Let him become the girlfriend of a 300lb cellmate named Bubba.

go go gadget phf!#$

[joq]

I personally think that anyone toying with anyone elses server should know it's illegal in any shape form or fashion, therefore it's time to pay the piper. Its cool to code/hack/etc, but when you take it to a criminal level on a constant basis or any basis for that matter, anyone in their right mind should not look at mindphsr as a martyr.

I've been on the scene for a few years and have seen people come and go and to compare criminals is petty. Has anyone forgotten that Kevin too is a criminal? He was no great hacker... Just someone who engineered info from other hackers, got caught, and every single damn hacker cried foul. All respect due to some members of global Hell which are actually cool, but mindphsr isn't someone script-kiddies worldwide should worship.

elite script kiddie sploit

They were made fools of. Now they punish him.

This government does not want people. They want good little citizens out spending their money.
The reason they take this badly is because it makes them look like asses. Which regardless, they are.
They are in a position to do whatever they want. It is like a legal lynch mob.
"It is dangerous to be right when the government is wrong." - Voltaire

Re:This proves that people need to tighten securit

[substrate]

Whether or not a person takes adequate measures to secure their belongings, whether physical goods like my tidy pile of gold coins or the company network, has no bearing on the legality of the intrusion. If you abscond or destroy my personal belongings I expect you to be prosecuted to the fullest extend of the law. Whether or not the security measures (Did I lock the doors? Are the security patches up to date on the external computers on my network?) satisfy my insurance company is another matter. I'm not arguing that at all.

If the legal system takes the stance that unless you take adequate precautions any theft or damage done to your property is not a crime chaos will ensue. Any legal prohibitions against theft or intrusion will be moot since by definition if you've been intruded on you didn't take adequate precautions against that particular intruder.

You put a dead bolt on your door and religiously lock it, you make sure all your windows are closed and locked. I throw a brick through your window and steal your prized lint collection. Since you had the audacity to have windows on your dwelling you are therefore not worthy of being protected by the law. I walk away without a blemish on my record.

The truth is just about all computers exposed to the internet at large take adequate precautions to justify protection. Unless they leave the site up without password protection and post notices that intrusion is explicitly allowed they're afforded protection by the law.

Insurance companies and the stock holders are of course entitled to more stringent measures. If a lack of these more stringent measures results in theft of services and intellectual property or a loss of service then they are entitled to make the company pay. They do this by either not honouring their insurance policy or dumping their stock and deflating the value of the company. The company is still entitled to seeing any criminals rot in jail.

To borrow and extend a rather colourful phrase from Neal Stephenson's Cryptonomicon: If you don't want to be the wife of the convict with the most cigarettes, don't do the crime.

Cann your home insurance and file a theft claim. And tell them you left the front door unlocked. See what they say. Sane with auto insurance companies. If you're ripped off for being stupid, they'll compensate you less, if at all. Blame is not something that rests all on you or all on the thief, but a question of who bears what percentage of the blame. What would you expect to happen if your wife parked your new convertible Ferrari on the street in the middle of Watts and left it there over the weekend. Would you feel 100% relaxed and not worry because 'the law' says the theifs bear all of the guilt? Would you place zero blame on your wife? I wonder.

Mitnick who?

[joq]

First off you know jack from adam about Kevin...

Kevin was a very good social engineer who had 0-day skills... Now DarkDante is a different story altogether... Mitnick sucked so get over it.

Setting an example

[opus]

I agree that the "setting an example" method of enforcing laws has generally failed for violent crime/ordinary property crime, but in that case the criminals on average (a) are not particularly intelligent, and (b) don't have a potentially bright future to contrast with a life of prison and probation.

Script kiddies, on the other hand, are generally pretty intelligent kids with potentially bright futures. "Setting an example" may well work with them.

Oh, and the words "innocent" and "guilty" appear nowhere in the U.S. Constitution. :)
--

Re:Setting an example

'Setting an example' works for nobody at all...

...Unless you are a person the intended target of the 'lesson' respects. Otherwise, it's a joke. It just engenders more plots from the creative mind of the rebel. Yeah, threats of 20 to life for vandalism make you respectable, right. Not to the intelligent kid who sees that the harm to society of defacing the FBI page was rather small.

(The fact that the kid could get into the FBI web server speaks VOLUMES about the abilities of our government. Their power stems not from intelligence, obviously.)

When you were 19, did you have respect for the FBI? Do you today? You may have respect for their authoritai, for the power they could hold over your life, but that's different.

"Drugs are bad" "Just say NO" How well did that crap go over?

-anonymously posting from work.

HTTP: Hello, anybody home?

So, has The Washington Post been slashdotted or h4x0red?

Re:This proves that people need to tighten securit

Sites on the internet are not secure. Servers connected to the internet are not secure. If the government was reading their own damn C2 security specifications they would know that any computer with a network connection is in violation of those standards. Hacking a web site is more like defacing a newspaper headline in a public box, than it is like breaking into a bank or even shooting someone. The box _can_ be opened through legal means accessible to anyone who knows that a quarter makes the lever work. What I see happening here is that people who are smart enough to figure these things out will now be targeted, and watched, and harassed, _just_for_that_reason_ and not because they present an actual threat to anyone. National security my ass! If the pentagon's missile launch control computers were accessible through the internet and some terrorist set them off, do you think they would spend a lot of time (with whatever was left of civilization) tracking down the terrorist and punishing them? Or would they blame the Pentagon for being a bunch of idiots? Take a guess . . .

Re:This proves that people need to tighten securit

[Androgynous+Coward]

I monitor several servers and I spend too much time firing off emails to sysadmins about scanning scripts running agaminst various subnets. They don't have to crack machines for it to be a pain in the ass. If a machine is running wide open and gets cracked it's a lesson learned but one that isn't necessarily deserved.

AC

Re:This is the most/only interesting part for me..

[jflynn]

s/wandering in/breaking out/

"Why should all our tax dollars go to build a bigger cage to keep overgrown children from breaking out and breaking things?"

Build cages around your computers or your children -- it's your choice. You can use judgement in individual cases -- it's allowed.

Jim

Servers left open on purpose?

There is something suspicious about this. I have a feeling that the government sites are left unprotected on purpose (well, except for some excellent backup logging software). I think they actually want people to break in. They let script kiddies break in and then bust them. Then in the mean time the Department of Justice is saying that they need to strengthen internet surveillance to stop the new breed of criminals that are breaking into computers ... and now they have the proof that the threat exists!

Davis == Mitnick??? How?

When you show me some evidence that the government is blatantly violating his constitutional rights, I'll be happy to join the "Free Chad" movement.

But everything I've heard so far indicates that he's just some arrogant script kiddie who couldn't take a hint that when the FBI comes to your house with a warrant, it's time to stop doing whatever you were doing that made them come in the first place. Not only did he break the law, but he was also a complete moron in his manner of doing it.

He deserves whatever he gets.

Hackers in Green Bay?

[vitaflo]

Having spent the last 22 years in Green Bay I must say that this kid should be put away. He's ruining our city's reputation as technically illiterate folk who only drink beer, eat brats, and watch anything and everything Packer related.

Seriously though, this surprised me when I heard this on the news. We're not a very technical town at all, and I'm sure now half the population of Green Bay (both of them) will be all worried that this kid (or someone else) is gonna hack into their computer while they're tying in Word. The ISP's in Green Bay don't help the cause any either. But hey, at least we have our Packers!

You're right, there IS a fine line...

... and this rocket scientist stepped over it by at least a mile. Lock him up as an example to the Kansas school board: natural selection WORKS.

Re:Give the cheesehead a break...

[toolj23]

...and I'm sure you too came to Wisconsin Dells every summer for vacation to waste your money on the huge ass tourist trap that is the dells, just like every other person from IL!

btw, im from IL and now live in WI, and still love IL more than WI... just that working in the dells for a summer changes your views.

No Sympathy Here....

[Chokai]

I don't have any sumpathy for this guy. The defense department as much as we may dislike it does many things of great importance to us. I hope he gets a harsher sentence than most others would. Interfering with national defense is not a laughing matter.

I'm surprised

[cthonious]

.. at the number of goodie-woodies in here.

The kid's skills are not the issue. How he cracks is irrelevant.

When dissent is outlawed, only outlaws will dissent. What happens when dissent is irrelevant? When dissent is a product, bought and sold, remanufactured semi-annually, churned, massaged and resonated in the public's memory, what does dissent mean then? When our government is a fabulous and absurd spectacle, where dishonesty is the norm and no one ever even questions it?

What does free speech mean in such an environment?

And you wonder why young people are so restless?

We are persecuting this kid for the equivalent of graffiti (actually it's less harmful than that).

This is a misdemeanor at best, not some sort of horrible crime. Go ahead and believe the corporate propaganda. They want you to.

Why I Gave Up on Representative Democracy

[MoodyLoner]

Look, I vote.

I write my congress-ppl whenever portions of my government do something that alarms me.

When I get no reply or a form letter, I go on to vote against that person in the next election.

That's what I'm supposed to do, right?

So why doesn't it work? When I wrote my congress-ppl to tell them to lay off Steve Jackson Games, I don't remember the Secret Service saying, "Well, we thought you were aiding and abetting computer crime, but that letter from that Mundstock fellow straightened us out in a hurry. Why, if more citizens performed their civic responsibilities with his diligence..."

I do everything htat they tell us to do in high-school civics, and I see no effect at best.

No, I don't honestly believe that all of our elected leaders get secretly inducted into the "Let's Destroy the Lives of Our Citizens" club, but I'm beginning to wonder...

I have yet to see people in my government, even people in my government that I am ostensibly a constituent of, act in my interests over the interests of the people that donate scads of $$$ to their elections. If that's how democracy is supposed to work, I can't afford it.

As far as ol' what's-his-name goes, IF he is proven guilty, it would be of poor taste and stupidity. God knows I had poor taste and I was stupid when I was 19. The last thing he and script kiddies like him need is the Fedz coming down on him like they did Kevin Mitnick. After all, one of those script kiddies might grow up to become the next (insert name of 'leet hacker/coder/open source operating system guru here)

Okay, rant off. You ppl in the NSA reading this, go ahead and take me away, I really don't care anymore.

Re:he's not even accused of the same thing as mitn

He has about as much in common with Kevin Mitnick as Steve Jobs (they were both 'hackers', get it?).

No I don't get it, what's the point?