Chad Davis May Be the Next Kevin Mitnick

19-year-old Chad Davis, of Green Bay, Wisconsin, made the front page of The Washington Post today. The story that features him says, "During [a] June 2 search, Davis admitted that he belonged to a notorious hacking gang that calls itself Global Hell, and the FBI agents let him know they were cracking down on the group. On June 28, Davis allegedly struck back: He replaced the Army's Internet home page with the message: 'Global Hell is alive. Global Hell will not die.'" The article reads like a chapter from The Hacker Crackdown, and it looks like Chad Davis may be used as an example of what the feds can do to crackers who mess with government sites. Mainstream news stories about Global Hell started appearing in May. I expect to see many more in upcoming months. Mitnick redux? Could be.

Food For Thought

[castle]

Here's something that comes to mind about the nature of the government and its security policies on their taxpayer bought hardware.


Why the hell arent they tightening their security up?


It seems to me that a greater more cost effective solution to costly legal expenditures and questionable police state tactics would be a sturdy security policy.


With perhaps a horde of these new Information Warfare kids hired as security consultants all dutifully exploring and getting bonus cash for the holes found in the governments "essential information infrastructure" holes could be patched money could be saved and a whole lot of civil liberties can remain untouched by the grubby hands of the justice department.


Anyone else seem to think there is a conspiracy of lax security luring little hack weenies to attack government websites and get caught so that they can portray the nations data networks as in need of government protection?


(Free kevin!) but prosecute him for credit card fraud.

Using this as an excuse to say privacy == evil

[DunbarTheInept]

Look, we all know this kid was in the wrong, but what does worry me is that the govt is using this as an 'example' case. That is plain wrong. The punishment for ONE person committing ONE crime should match the servity of that ONE crime. It should not match the severity of all the other criminals you were unable to catch. I fear that they are going to end up taking out their frustrations at not being able to catch other crackers on this one scapegoat kid.

Also, the following quote from the article should scare anyone who gives a damn about privacy on the net:

• "It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.

What this guy is trying to imply is that privacy is a tool of crackers, and if only there weren't so much privacy they wouldn't be able to get away with their crimes. Notice how he makes it out to sound as if the technology is going out of its way to make it easy to be anonymous. What a load of crap! If the technology does nothing, then anonymity is the default. The technology has to go out of its way to track people, not the other way around. (The web server has to actively engage in logging activity. It takes *less* effort to forget the accesses than it does to create logs and keep track of them.)

Re:GO PACKERS!!!

[toolj23]

eww... packers! *gag*

Re:Apples and Oranges

[X-Nc]

Read the article. He changed the homepage and some other stuff. In this web enabled world defacing a website is tantamount to taking a sledghammer to store front.

---
"Who pill da cubby custar?"

Re:How To Crack a Web Server

[poptix_work]

Erm, how hard is it to firewall all but port 80 (www) on these machines? that limits you to only exploits in apache, which are few and far between.


I've secured many machines for private organizations, and I admin a shell provider, it's NOT hard.

Re:Setting an example

[Stonehand]

There's a large difference, 'tho.

There's little gain in cracking/vandalizing a web page (unless you're being hired to do so...), except for reputation, ego or pride. The negative is that conceivably one could gain a felony conviction and jail time, which would probably put a huge damper on one's future -- and that's a pretty poor tradeoff. One could get a reputation by going around and murdering random people with, say, a chainsaw, but the cost-benefit analysis is pretty poor there too (likely endings: life imprisonment, shot by cop, or a years-delayed death sentence. It's not exactly compensated for by a badass reputation.), and it doesn't happen too often.

On the other hand, it's quite possible to live by robbery, burglary or drug-dealing (at least until you get caught)... and drug abuse tends to have a self-perpetuating psychological bonus, however temporary. That's their gain, and many will take the chance of getting busted.

Re:This is the most/only interesting part for me..

[castle]

Yeah... prison labor... that's the solution to
the country's ills.


Just wait untill more people start thinking that is the way to go and start a mandatory policy of imprisonment. Saves the rest of us money dont you think? What should the ratio be. Hmmmm...


Anyone who actually thinks that it saves money to society to have someone locked in jail doesnt stop to consider the fees we pay to the correctional institution infrastructure in this country. One of the top growing industries I hear. Someone got some hot tips on stocks?


Its far more economically sensible to not have to put someone in prison in the first place. The amount of money that person makes (which gets spent by them and gets taxed from them) is far more beneficial than having them operate a drill press in the big house.

Re:Who cares about these scum!

[Giles+Constant]

If all it takes is a "script kiddie" to break into .gov websites then perhaps the government should employ more script kiddies to sort their security out. The guy is a cracker. Also a hacker.

kiddiez defending kiddiez

[cswiii]

It's so strange, all the time I see posts on slashdot discussing the difference between hacker and cracker, yet out of the woodwork comes morons to defend this kid. If you're looking for the difference between hacker and cracker, take Davis as a prime example. Before cr/hacking even became the topic du jour, there was always the pretense that 'information should be free' (Ignore any parallels to some 2-bit movie).

Thus, early on, you had hackers who, did things because of their enthusiasm for all things electronic. Some of these had a quasi-political agenda, but they did what they did under a loose concept of 'knowledge'.

Today's crackers aren't of the same mindset, and thus can hardly be considered hackers or not, regardless of their 'computer enthusiast' aura. Any hacker ethos doesn't exist w/in the mind of a cracker.

This said, there are far more grounds, IMO, to punish Davis than Kevin Mitnick, Robert Morris, or anyone else who has/d even a glimmer of a true ethic. Script kiddiez give nothing to the hacker community, nor do they do anything to further society as a whole. They're just in it for the ego boost, and end up being parasites, dependent on their hosts (i.e., this world, the hacker community) -- and draining them.

Crackers do nothing that can be considered 'worthwhile' -- not even finding security holes (nevermind that hundreds before them have already 'found' them) -- because everything is still done under an exploitative pretense. If it's not done for the pretenses of knowledge or information, I could care less if the bloody bugger gets time.

Re:He gets what he deserves

[panZ]

Here here... this genius uses his own phone line and goes directly from his ISP to the target system. I know script kiddies that are smart enough to bounce around through a few low security elementary school computers first. Oh yea, prooves he has brass ones by showing how eager he is to meet his new boy friend in the state pen. They should make an example of him but I fear that may make him a marter to his script kiddie buddies.

NO one deserves jail for such a misdeminor crime!!

[Vehstijul]

someone goes into jail a small time criminal, not really that mentally fucked up, but then... post jail- he/she emerges into the bright happy world a traumatized, (you can imagine what kind of ass candy a 19 y/o kid has to offer to scary "bubbas") hardened, ("here kid, lemme teach you a little something about the tricks of the trade") betrayed, (yes, the gov't betrayed him) wasted, (spending a few years in prison, esp. during those crucial late teen/early adulthood times, can make someone jaded/tired about life) yes, he did a stupid thing, the equivilant of graffiti, but mabye he should pay a fine, obligatory counseling, public/community service, monitored access to the net, anything, but NOT something that is going to excerbate the problem. 8) i'll get off my soapbox/loudspeaker now.

Re:How To Crack a Web Server

[Fastolfe]

I don't think it's terribly hard at all, but what makes you think this machine is used only for the web site? Maybe they do e-mail on it too? All it takes is one exposed vulnerable service.

Even if they did split the tasks between servers, all it'd take is one exposed vulnerable service on one exposed system to make everything else behind that firewall exposed.

If you run some vulnerability scan against an entire subnet, find a system you can get into, it doesn't take much more work to proceed again to a system that you ordinarily wouldn't be able to reach. In many cases, those "firewalled" systems tend NOT to have the latest patches and fixes installed, simply because the admins don't feel that there's much of a risk, since the firewall will protect them.

Re:Tech. doesn't hack websites, people do!

[Fastolfe]

I don't think his point was that technology is the culprit here. I think he was trying to say that they aren't doing all of this investigating and they aren't having such a hard time tracking these guys down because they're GOOD; the suspects simply have access to programs/scripts (written by someone else) that make it difficult to track them.

He was just pointing out that they're not dealing with super-sleuths, just kids with access to "technology."

Re:why compare?

[Ronin+Developer]

He might have stolen 20 000 credit card numbers, but never used a single one of them to buy stuff!

Then, what was the point of stealing 20K of credit card numbers? Did he plan on printing them out and using them as wallpaper? Sounds like he intended to pass them to friends for fun or profit in an act called fencing of stolen goods(Another criminal act).

Broken Window or Open Door?

[iserlohn]

Security holes are more like open doors. Sooner or later, someone's going to venture in and look around (regardless if they steal or not). That's why you lock your windows and door, and it's the same reason you lock your car after you park it. If you leave them open, it's a invitation for people to come in and mess around.

It is really easy to do and people should make a habit of it. Apply the same logic with computer security, and people should make a habit of securing computers.

Would the army build a base with a section of the fence missing? Probably not. Would the army arrest a guy who happens to venture in a unfenced section? Probably yes, but at least he won't be in the slammer longer than someone such as Chad or Kelvin.

Who cares about these scum!

[mattc]

A criminal is going to jail? Oh what a shame. I am deeply concerned about the welfare of script kiddies. Yeah, right.

Re:Who cares about these scum!

[dirty]

He's also a moron. Cracking your school's website, or some little ISPs site is one thing. Cracking the army is plain stupid. The guy was told he was under investigation, so he did something to get bragging rights. He'll get what he deserves. Even if they execute him it will be fair, we don't need morons like this polluting the gene pool.

Re:why compare?

[Ronin+Developer]

Okay..so according to your beliefs, stealing as a is okay as long as it's just a hobby and the individual has a legitimate job. Yeah...that sounds right to me. Idiot. Where do you people come from?

Re:This proves that people need to tighten securit

[castle]

You should rephrase *steal* with *make exact copies of* just a little FYI on your logical analysis organic|quantum submechanics.

You get what you deserve

[Masem]

IMO, if you are a *cracker*, and go around and maliciously change sites, especially those with the means and ways to prosecute you, you get exactly what you deserve.

On the other hand, if you are a hacker and find a security loophole on the same sort of sites and quietly let the owners of the site know about that, you should be able to report that without fear of being prosecuted.

Unfortunately there's a fine line here and it's rather hard to define. Maybe we need to have people join a Hackers Union to allow them ethical hacking privaledges.

Re:You get what you deserve

[dirty]

I tried the white hat dealie once when a sysadmin offered me $100 if I could break into his ISP. 30 seconds later when I /msg'd him the contents of a file which only root could read he backed down on his offer because "we never made it official." I should have rm -rf'd the system, but I was a good little boy and for some ungodly reason patched the whole myself.

Re:You get what you deserve

[Caball]

You know your in for a self promoting reply when they start off with "Whatever", and half the message is filled with their own achievements (LOL). Seems to be a need to pat yourself on the back around here and tell the world how good you are, while at the same time, not really adding any substance to the thread.

**Whatever. If you don't want someone in, make it so they can't get in.** Excuse my ignorance (seriously), but isn't that impossible?

Anyway, your wrong, and obviously mentally challenged to make this argument. Whether you were commended or arrested, it is irrelevant. You are not supposed to be there, and it is illegal for you to do so (why were you not arrested... were they were embarrassed and wanted to avoid the publicity?). I don't believe for a minute that they were happy you broke in, just because you helped them.

Also, I am not quite sure what your point is in your "real world" example. What does "noticing" have to do with anything? If you can break into a home undetected or by yourself, it's ok? Help me here :)

That's it, nothing else to say. If it's illegal, it's illegal no matter your intentions or whether or not you were noticed.

Peace!
Caball

Re:You get what you deserve

[kraut]

As long as the punishment is in proportion to the crime....defacing a website like this is more akin to spraying grafitti than to robbing a bank. So the guy should be getting a fine or a similar slap on the wrist.
What he will get is the same as Kevin Mitnick - several years locked up waiting for a trial.

Re:You get what you deserve

[QBal]

Cracker = A person who breaks into computer systems, using them without authorization, either maliciously or to just to show off.

Hacker = 1. One who is knowledgeable about computers and creative in computer programming, usually implying the ability to program in assembly language or low-level languages.A hacker can mean an expert programmer who finds special tricks for getting around obstacles and stretching the limits of a system.
2. To some people it means an unconventional programmer or one who is not formally trained, or one who jerry-rigs programs (making temporary fixes that are not well-done).
3. At MIT, a "hack" means a practical joke, especially one that requires intelligence and technological skill to carry out.

Whacker = An incompetent hacker.

Re:You get what you deserve

[Caball]

Uh, no. This has nothing to do with what you do with your findings, it has to do with ILLEGALLY entering someone else's server. It should make no difference if you change the web site, or report your findings to the owners. Your not supposed to be there, regardless of your final intentions.


Well, I cruised through Citibanks credit card database today, but I didn't have any malicious intentions, so everything is A Okay. NOT!

Re:You get what you deserve

[Stonehand]

From an ethical POV, you're perfectly right. If a sysadmin has reason to believe (perhaps because the intruder left a note) that security has been compromised, it's his duty not to trust the intruder -- since if the intruder were really a "white hat", he'd instead be auditing source code and sending in patches, and a root compromise is a root compromise that basically demands a reinstall.

In some countries, however, it's perfectly legal to crack a system you don't own, without their cooperation, without telling them, and even stealing (non-classified) information in the process, IIRC. The US happens not to be one of them, and with darn good reason.

Re:You get what you deserve

[tzanger]

Uh, no. This has nothing to do with what you do with your findings, it has to do with ILLEGALLY entering someone else's server. It should make no difference if you change the web site, or report your findings to the owners. Your not supposed to be there, regardless of your final intentions.

Whatever. If you don't want someone in, make it so they can't get in.

This is quite different than your home or a "real world" scenario. A thousand people can't try to crawl into your house at once without someone noticing, but ten thousand can try that on the 'net.

I've put on a white hat several times and pointed out security issues without people's permission. In all cases (7) I've been commended, asked for recommendations and retested. Yes, I've got sysadmins fired. But only the bad ones.

Your point? Would you say the emperror (sp) has no clothes?

Andrew

Re:You get what you deserve

[tzanger]

Ok. Let's take your arguement down one step at a time, shall we?

You know your in for a self promoting reply when they start off with "Whatever", and half the message is filled with their own achievements (LOL).

I don't consider white-hatting an achievement. It's an application of knowledge if anything. I didn't reply to brag, but you seem to think so. I replied with firsthand experience of my actions being taken for a good cause. Perhaps I hit the IP by accident the first time, but got curious. Hardly illegal.

**Whatever. If you don't want someone in, make it so they can't get in.** Excuse my ignorance (seriously), but isn't that impossible?

How is it impossible? You're just throwing forward words in an attempt to make yourself look intelligent. If you don't want people accessing your SMB shares from halfway 'round the world, you put in a firewall and passwords. Three of the systems I secured had this wide open. Either the admin was either negligent or had no clue what they were doing. Packet filtering is very easy to set up stops people in their tracks, *especially* when used from a system with BIND locked down and reverse checks to keep the spoofers away.

When people compromise systems which are trusted to other systems to get what they want, that is a little more than stumbling upon something and investigating it. That's a full-out attack and I do consider that above and beyond the norm.

In short, no it's not impossible. It takes time and you'll never be 100% done, but you can sure fill the glaring holes and with sufficient logging (remote logging) make damn sure you can see if anyone's sneaking past the cracks.

I must stress, however, that logging is the key. It gives you a basis for what "normal" is, and from there it is far easier to get that "hunch" that something's wrong. This is very important if you want to detect attacks that aren't caused by skript-kiddie-du-jour methods.

Anyway, your wrong, and obviously mentally challenged to make this argument.

Ahhh. Here we go. Straight to the heart of your reply. No proof, just accusations. And not just accusations, but personal attacks too. I bet you're a champ on the debating team, aren't you?

You are not supposed to be there, and it is illegal for you to do so

It's no more illegal for me to look in your windows than it is to portscan. It is no more illegal for me to walk into your home than it is for me to log in to a system. It *is* illegal for me to take things from your premesis, damage your property or abuse your dog, however.

If you don't want people coming in to your house, you lock the door. That way when they break in you've got them for break and enter. If you leave your door open and I walk in, no matter how rude, it is not illegal. Doubly so if it is my first time walking in and you have no postings stating that you do not wish me on your property.

I don't believe for a minute that they were happy you broke in,

I highly doubt they were happy, either. They were actually rather pissed that it could be done, in fact. Especially since the admin said it was secure and I walked in on an unpassworded account.

If you can break into a home undetected or by yourself, it's ok?

No. You said break in. If I left my door open and you walked in, it's not break and enter and therefore not illegal. I may be very suprised and I can ask you to leave, but until you refuse to leave, you did nothing wrong, save for perhaps behaving rudely. You could have honestly walked into the wrong house, or at least have claimed so in any case.

How many times have you tried to open the wrong apartment door? Or car door? Is that illegal? If you called a wrong number, can the person on the other end of the line have you arrested for harassment?

Granted, trying to bruteforce a password is a lot closer to trying every key on your Infinito-Kombo-Key set than it is to using the wrong key once or twice, but that's where the differences between the 'net and the real world come in.

It's getting late in the day and the edge on my arguement isn't coming through very strongly. The thought however is that network security is a LOT different than home and property security and should be treated entirely differently by law enforcement.

The 'net is a lot different from real life. Get used to that. The same body of laws cannot reliably govern both bodies and serve (ha!) justice.

Re:You get what you deserve

[Caball]

I stand down... well thought out and communicated.

Re:This proves that people need to tighten securit

[castle]

What a freak.

Don't Diss Mitnick

[infojack]

Don't be comparing this kid to Mitnick, Mitnick had skill, this kid had a bag full of tricks.

Re:Don't Diss Mitnick

[dirty]

Why has mitnick become a god in the (h,cr)acking community? He had no skill. He could social engineer, but IMHO social engineering isn't that great of a skill.

Re:Right on! Cracking == 20 years min!

[dirty]

Mitnick screwed himself over. He waived his right to a speedy trial. I get so sick of seeing people talk about how Mitnick didn't get a speedy trial. He waived his right, it took a while, it's his problem.

super

[rizzo]

Good to see a local boy in the news. I agree, however, that if you can't do the time, don't do the crime. It IS a premeditated crime, and he deserves to be punished.

HOWEVER: The fact that he will probably get a stiffer sentece than most violent criminals is at the heart of the issue for most in the tech community, and deeply worries me.

Re:super

[Exanter]

Yeah, it's real cool to see a local boy in the news...
"Look Everyone!!! We's got IDIOTS here in Green Bay!!!" (technically, it was Ashwaubenon, but they're just a suburb)
Idiots abound everywhere, but usually you try to not broadcast the fact.
It almost seems as Davis has reached McCarthy status, as where he lives is always mentioned in the same breath as who he is...

SCRIPT KIDDIEZ

[bgheen]

It's all about the Pentiums, baby
Uhh, uh-huh, yeah Uhh, uh-huh, yeah
It's all about the Pentiums, baby
It's all about the Pentiums, baby
It's all about the Pentiums!
It's all about the Pentiums!
(Yeah!!)

What y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
9 to 5, chillin' at Hewlett Packard?
Workin' at a desk with a dumb little placard?
Yeah, payin' the bills with my mad programming skills
Defraggin' my hard drive for thrills
I got me a hundred gigabytes of RAM
I never feed trolls and I don't read spam
Installed a T1 line in my house
Always at my PC, double-clickin' on my mizouse
Upgrade my system at least twice a day
I'm strictly plug-and-play, I ain't afraid of Y2K
I'm down with Bill Gates, I call him Money for short
I phone him up at home and I make him do my tech support
It's all about the Pentiums, what?
You gotta be the dumbest newbie I've ever seen
You've got white-out all over your screen
You think your Commodore 64 is really neato
What kinda chip you got in there, a Dorito?
You're using a 286? Don't make me laugh
Your Windows boots up in what, a day and a half?
You could back up your whole hard drive on a floppy diskette
You're the biggest joke on the internet
Your database is a disaster
You're waxin' your modem tryin' to make it go faster
Hey fella, I bet you're still livin' in your parents' cellar
Downloadin' pictures of Sarah Michelle Gellar
And postin "Me too!" like some brain-dead AOL-er
I should do the world a favor and cap you like Old Yeller
You're just about as useless as jpegs to Helen Keller

It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!

Now, what y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
9 to 5, chillin at Hewlett Packard?

Uh, uh, loggin' in now
Wanna run wit my crew, hah?
Rule cyberspace and crunch numbers like I do?
They call me the king of the spreadsheets
Got em all printed out on my bedsheets
My new computer's got the clocks, it rocks
But it was obsolete before I opened the box
You say you've had your desktop for over a week?
Throw that junk away, man, it's an antique!
Your laptop is a month old? Well, that's great
If you could use a nice, heavy paperweight
My digital media is write-protected
Every file inspected, no viruses detected
I beta tested every operating system
Gave props to some, and others? I dissed 'em
While your computer's crashin', mine's multitaskin'
It does all my work without me even askin'
Got a flat-screen monitor, 40" wide
I believe that yours says "Etch-A-Sketch" on the side
In a 32-bit world, you're a 2-bit user
You've got your own newsgroup, alt.total-loser
Your mother board melts when you try to send a fax
Where'd you get your CPU, in a box of Cracker Jacks?
Play me online? Well, you know that I'll beat you
If I ever meet you I'll control-alt-delete you
What?

It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!
It's all about the Pentiums!
What y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
9 to 5, chillin' at Hewlett Packard?
What??

Re:SCRIPT KIDDIEZ

[Peter_Thompson]

Uh, that's Weird Al, right? Some attribution would be a nice thing....

Re:This is the most/only interesting part for me..

[Fastolfe]

If you just keep your system up to date with patches and updates, it will take somebody with serious skills to get in.

Serious skills or an early release of whatever exploit-of-the-week that ends up getting developed. Quite a few of these advisories come out after an exploit has been written and demonstrated, or at the same time. There's always a window of vulnerability in these cases.

As far as firewalls go, all it takes is one exposed vulnerable service to allow a script kiddie to get behind it. At that point, machines ordinarily shielded by the firewall (thus more likely to have complacent admins) become easier targets.

But yah, I do agree that if you keep up with the latest patches and fixes it makes things significantly harder for script kiddies. That still doesn't mean the script kiddies should get off the hook, though.

Wow... In Wisconsin?

[CaptSwifty]

This guy is from Green Bay? I thought that the only thing we had in this state was beer and football... Makes me wonder if people from out of state will soon start pronouncing Wisconsin right.

No, not really..

[Swano]

You really think that a little script kiddie can be compare to Kevin.... what a shame for you!

Now get a clue!

Re:No, not really..

[vyesue]

why do so many people worship mitnick? because he got caught? because he spent a lot of time in jail? because he's a chronic repeat offender and parole violator?

I don't understand why noone gets behind murderers or burglars like they're getting behind mitnick.

Re:No, not really..

[toolie]

I agree. Script kiddies should not be compared with anything except pond scum. What Kevin did was not right, but at least it took some intelligence to do it. Now a 9 year old who found out about the 'net a week ago can download the crap to become a script kiddie. Would they be compared to Kevin too?

Re:Crackers: Worse than murders/rapists/molestors

[rcade]

On the other hand, crackers inhibit the government's ability to propogate its world view when they deface a web page, with the (unspoken?) threat of possibly doing much more (such as compromizing their databases and whatnot).

A cracker who breaks into a government Web server and changes content is a threat worthy of federal investigation and prosecution.

Allegedly, this guy just did some obvious defacement of the site. He could have made more subtle changes and removed restrictions on confidential data that's available on the server.

For instance, what if a cracker breaks into CPSC.GOV and removes links to a product recall he doesn't agree with? Thousands of consumers might not find out about an unsafe product and the means to get it fixed.

As another example, what if a cracker jacked with the IRS site so that taxpayers thought they owed lower taxes than they really do? The immediate gratification would be replaced with audits, late fees, and other tax boom-lowering.

The offense allegedly committed by Chad Davis is trivial, and that should be considered in his sentencing if he is found guilty. Breaking into a government Web site and changing information is a crime the feds should be taking seriously, though. (They also should be creating content-verification systems that prevent subtle changes from escaping notice.)

Re:Used as an example? Oh, the poor martyr.

[Ronin+Developer]

How 'bout we add him to the "Free Mumia...the cop killer" bumper sticker?

Green Bay Hackers

[Ripp]

Sorry just had to say that out loud.
(for those scratching their head, think football....)


Ohhh...yeah!

Re:Green Bay Hackers

[toolj23]

packers... blah!

umm.. calm down

[nfgaida]

So you think that no-one should ever break a law, just because it's the law. What about all the non-violent protests of the civil rights era? They were breaking the law to show how the law was wrong and to make a political stance.

is this wrong? no. if the law is a bad law, it is up to the people to protest it so that i will be changed.

as for finding a hole, and then informing the sysadmin, what the hell is wrong with that? if the sysadmin isn't notified, then someone else could break in. if someone could break into my site, i would welcome them to inform me so that i could fix the problem.

Re:umm.. calm down

[nfgaida]

i for one don't think that just because something is a law means that it is the LAW. especially when _almost_ all laws were created with almost no input from the people they effect. oh sure, we elect the people who make the laws, but those people seem to prefer green over what the people who elected them want.

as for demonstrators, you don't think anyone should be allowed to demonstrate? hmm.

there is a difference to finding a hole in a server and breaking into a house by breaking a window. in the server no hardware is damaged, and assuming the person who found the hole is moral, they would not do any damage to files as such.

using a forceful means of entry in the physical world is completely different from the ether-world.

Re:FREE * !

[Ronin+Developer]

Now THAT's funny (in a sick sort of way). You just made my day.

imagine that

[vyesue]

the big news today is that someone got caught accessing a computer which he was not authorized to access, and now the federal government is going to aggressively prosecute him both as a penalty and as a high-profile deterrent to other hackers.

is this surprising? no. is this a problem? no. as we move into the future, the feds are goign to get better and better at catching and prosecuting those who chose to trespass in computers that they are not supposed to access. good for them.

Re:Gov't forces you to waive rights.

[rookkey]

Nevertheless, when you signed the "thing" (ticket) you were agreeing to waive your rights. If you look carefully at the ticket, it says something along the lines of "By signing this form, I hereby waive my rights..."

In many states, you sign the ticket and if you pay the summons you are considered guilty. If you sign the ticket, but you believe you are not guilty- then you go to court on the date that the friendly police officer gave you. Signing the ticket does not say that you are guilty, but simply allows you to waive your rights. As the previous poster said, don't sign the ticket next time and be arrested, have your car impounded, etc...

As for our script kiddie Chad here, if he does not waive his rights, he and his attornies have a month or so to prepare their case. If he wishes to have more time to prepare, then he will have to waive his right to a speedy trial and perhaps stay in jail for years waiting for a trial.

the real problem

[logycke]

Who cares about these scum? You should, whether your own system is secure or not. The fact that cracking systems requires such low technical competence indicates that we need to do something.

The problem is analogous to the in-band signalling that telephone switches formerly used. An outside agent should not be able to hijack a cpu's execution flow any more than an outside agent should be able to hijack the routing of a phone call. Until we universally implement mechanisms, preferably in hardware, to protect this data, for example by separating an execution stack from the general data stack and placing them in memory correctly, ridiculous problems such as this will persist. Patching holes like we currently do is not enough.

Re:Your're right!!!

[Danse]

I think the old precedents apply just fine in this case. Kids are stupid sometimes and do stupid things. It's a combination of lack of good parenting, natural curiosity, lack of real-world experience and rebelliousness. They don't need to spend 4-10 years of their lives in prison for it. I did stupid things as a kid. I got punished for it and after a couple times I learned my lesson. I don't see why they should be punished so severely for such a minor thing just because the government is afraid because its systems aren't secure. Maybe if the government would actually do something useful for once instead of just declaring a "war" on any activities they don't like, we might have a better society.

Re:I love it!

[Michel]

The kids deserve what they get,

Absolutely.

and their parents deserve to be held accountable for the monetary damages.

Um, not quite.

Well, they will be held accountable, because it's their kid(s). But you say the kids aren't supervised enough by their parents. I don't know this particular kid's parents, but I think I can make a pretty safe assumption that they are not computer experts. So they can supervise all they like, and the kids will do what they want anyway. And if the parent asks what the kid is doing...

"I'm playing a game."

And whether it's true or not, the parent probably won't ever know the difference. That is, until the police starts showing up. It's still their responsibility, but not really their fault.

Re:Skill is not an excuse to break the law!

[Danse]

I'd answer this, but it was already answered here.

Where There's Lawyers, There's Harm

[rcade]

However, I as an individual am hardly harmed. If the IRS gets their facts wrong and I underpay, the IRS is at fault, not me. I may have to hire a good lawyer and go to court, but no lasting harm is done.

I think most people who have hired a lawyer to defend themselves and go to court would define that as "lasting harm." Lawyers and trials are expensive, both in money and time. The IRS Web site is just one of many that publishes information that could be harmful to people if altered or removed.

If my only source of information for a recall is a government web page I have to take the trouble to find and dig through, then there are more serious problems with the recall notification procedure than a petty vandal's mucking with the web page.

Access to accurate information from the government is essential to the democratic process. I think it's a serious problem when crackers alter this information, despite the fact that most of these break-ins have been trivial to date.

If you don't hear about a product recall from the media, the only place that information is made available is the CPSC Web site. It serves a vital need, and it's important for that information to be reliable.

As more people rely on the Web for information, the necessity of accuracy on government Web sites becomes more important to this country. That's why I think it is important to investigate and prosecute people who break into government Web sites and alter them.

I am at most inconvenienced by such things. The government, on the other hand, has its power to govern more seriously hampered.

I think the feds prosecute crackers for the same reasons many local prosecuters do. It's a sexy crime with non-violent perpetrators that gets media attention and can help justify bigger budgets. No conspiracy there, aside from the most popular conspiracy on Earth -- making easy money.

Re:Where There's Lawyers, There's Harm

[Ronin+Developer]

Well said.

Re:Apples and Oranges

[stanlee]

You moron.

In what way is copying files back to a directory tantamount to having to buy a new store window and installing it after you sweep up lots of dangerous glass ?

Re:Stay! Your wish is granted.

If I spray paint your garage door, is that the real world equivalent? Not quite. However, if I break into your house by smashing a window and then start defacing things, then it becomes the equivalent.

Cracking somebody's system is breaking and entering, not vandalism.

Anyway, I don't think this kid deserves jail time, but I do think he deserves a 3 year probation and a nice fine that takes a couple years to pay off.

Re:As usual /.ers just don't get it

[dataslug]

I agree

This guy deserves community service. They should force these kids to make the webservers they hack secure if they get caught. :)

Re:Skill is not an excuse to break the law!

[dirty]

Mitnick waived his right to a speedy trial. It's his own damned fault he was in jail for so long.

Re:he's not even accused of the same thing as mitn

[stanlee]

The point is why are people already comparing him to Mitnick? I fail to see any similarities in the two cases.

Re:yawn.

[stanlee]

Two million dead Africans seems infintely more important to me than Global Hell.

Re:Crackers: Worse than murders/rapists/molestors

[msanto]

Aren't there sentencing standards?

Wasn't Mitnick a "repeat" offender? Wasn't he a fugitive? Shouldn't these factor into the sentence? Tyson did neither and his case bordered on date rape. -bad example-

In the case of physical crime, the gov't does have a somewhat effective response, put more police on the streets. It usually has a very clear impact on crime. They don't have an effective response to increased hacking. Perhaps *you* have an answer?

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

Let me understand -- you are saying that causing 20K of credit card damage, plus the inconvenience of correcting credit histories, is a worse crime than a child or person being physically and mentally assulted? Because more people are affected? I doubt many would agree with you.

No. That is not what I am saying. What I said is that crimes against the population on the whole are dealt with more stearnly because they affect the general masses and, as such, errode the fabric of society.

I did not and will not downplay the viciousness of murder or rape, they are horrible crimes. But, these crimes are against individuals and not the community at large. Why do you think that an embezzler gets 20 years while your typical rapist seems to get 7? Why do you think counterfeiters get 20 to life? These are crimes committed against the "state".

$20K worth of damage? I think not. He stole 20,000+ credit card numbers. Let's see...most credit cards carry, say a $5K limit. That means, potentially, he could have done over $100M worth of immediate damage PLUS the effects of ruining a credit rating and the ability to steal an identity. Most people don't know their credit rating or have not requested a copy to even know if they have been compromised.

I have friends who have had their identity "stolen" by credit card theives. Every couple of months, they have to PROVE they didn't by $5K worth of goods. And, while they are waiting for their credit history to clear, they can't do much of anything. They have three kids. Yeah..victimless crime.

Perhaps, (and I'm not wishing it) if such a crime is committed against you, you would realize the significance of it. Imagine not being able to pay your bills because your accounts are frozen. You are late for work and can't pay for gas. You're hungry and can't buy any food because your accounts are frozen (hence no ATM). All this because some little punk thinks its okay to hack into somebody elses computer system for fun or profit. Get the picture?

This does not mean that murder or rape are any less significant or horrendous. I firmly believe such perpetrators should suffer a fate as worse (if not more) than what they caused their victims. It's just these crimes are perceived differently by the lawmakers in this country.

These are the types of crimes that Mitnick was accused of having committed. This little punk, Davis, while only defacing the Army's website committed a similar crime in that he is erroding the foundations of privacy and security people are starting to formulate regarding the internet.

Billions (if not trillions) of dollars (or equivalent) flow through the internet everyday. How can people trust their finances or privacy on the internet if we have to worry about some little script kiddie?

What could potentially happen is that all those companies that fund the internet backbone say enough is enough. What then? Or, they start charging such horrendous fees for access and monitor every packet that is sent? In this litegous society, that is what could eventually happen (severe..but a possibility).

Someone mentioned about my comment or grafitti and how I said it errodes peoples perceptions of a community. Sadly, it does. It was not meant to be a racist statement but some have taken it that way. Think about it. If you knew your site was probably going to be targetted and you're not a security expert with the skills to stop it, would YOU put up a site and have to deal it and the potential PR issues that stem from it (Especially a business).

Cracking is fundamentally wrong and is a criminal act simply because of its impact on so many people. Please recognize it as such.

Re:Mindphasr/gH

[stanlee]

So now all bets are off if you happen to 'provoke' the FBI? She must have been asking for it, eh?

Like it or not even three-letter agencies are still supposed to uphold the law.

That means they have to follow it- even if criminals (by definition) do not.

Re:Why I Gave Up on Representative Democracy

[cowboy+junkie]

The problem with represenative democracy in our country is that it is lacking one essential element - informed voters. Intelligent votes are literally washed away by a tidal wave of ignorance.

Government's troubles != People's troubles

[FreeUser]

All of the points you mention undoubtable put the fear of into the hearts of government beaurocrats everywhere. However, I as an individual am hardly harmed. If the IRS gets their facts wrong and I underpay, the IRS is at fault, not me. I may have to hire a good lawyer and go to court, but no lasting harm is done. If my only source of information for a recall is a government web page I have to take the trouble to find and dig through, then there are more serious problems with the recall notification procedure than a petty vandal's mucking with the web page.

I am at most inconvenienced by such things. The government, on the other hand, has its power to govern more seriously hampered. Which is why the FBI et. al. are so enthusiastic when the vilify and imprison crackers. It isn't to protect you or I, it is to protect their own base of power. What matter that some clever, foolish children get destroyed by their actions? Intelligent people don't make good (read: docile) citizens anyway.

Football?

[dirty]

I do not know of this football of which you speak.

How To Crack a Web Server

[Fastolfe]

hello i am a script kiddie (i even got in my jr high school newspaper!!!) and i would like to tell you how to crack into a system in these 8 simple steps

1. spend lots of time on IRC! cuz its fun and l33t! i talk to all of my k00L hacker friends all the time in our password-protected IRC channel. sure i get bad grades in school but thats ok cuz i will just find a job doing tech support where i can IRC from work too!
2. download all of the exploits people mention on IRC
3. download all of the volnurability scannerZ people mention on IRC
5. pick a bunch of systems (or just pick IP's randomly!) and run all of your scanner softwares on it. if everything just times out then their probably behind a firewall cuz they are LAME#!! just move on and use another IP.. or if you want to hit a government sites just download this file GOVT.TXT that lists a tonZ of hi profile government web server IP's and plug it into your scanners
6. when u find a system that has a hole, run the exploits on them! they will give u a root shell!!!!! then u can uze your other l33t scripts to set up trojins and back doors but if u dont know how to do that then just find the web space and mess up they're web page!!!
7. dont worry about getting caught or anything cause everyone running systems is just DUM like they dont know how to fix there security holes so they surly wont be able to track you!!!

----

And you honestly think it takes skill to do this sort of thing? It's nearly impossible for any system administrator to be 100% up to date on all vulnerabilities and patches. Frequently exploits are discovered and released a little while before it's been made aware to the security community. There ARE windows of opportunity there, and they don't necessarily arise out of negligence on the part of the administrator.

Value systems and the law

[Jeld]

I think that crackers ( whether talented or stupid ) should be punished, but I do not think it is right to place them in the same row with vandals or terorists or any other type of real world criminals because the value systems of net and real world are very different. A terorist blowing up a building or a vandal spray painting some kind of national treasure do actual ( often irrepairable or just plain very costly ) damage to real items. A cracker defacing a web site does not do any REAL damage ( unless the sysadmins were so stupid that they do not have backups, in which case they deserve it ). All it takes to put the site back is a restore, and unless the cracker was very persistent it is only a few relatively small files so it doesn't take too much time. The crime in this case would be the disruption of service that he caused. This is another major difference between RW and the Net. The time on the Net is MUCH faster and more valuable then time of RW. A store closed for a day is nothing or not much. A popular web site down for a day is a lot of nuisance/trouble and maybe real damage to people. This guy is not supposed to be tried as a plain criminal. There should be a separate set of laws concerning cyber-crime. Maybe even a separate organization should be handling this instead of standard govermental mechanisms, much like IRS handles tax related issues and INS handles immigration related stuff.

Just my .02$

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

No. Cracking is considered a serious crime because of the nature of the crime. It has more ability to affect the general population (i.e let's steal 20K worth of credit card numbers and ruin those peoples credit histories).

Cracking exposes vulnerabilies in systems that people trust implicitly. These systems are often the basis for our way of life. This creates chaos. Murder, rape and other violent crimes affect relatively few (but those it does imparts immeasurable impact). Thus, while they are terrible (I say burn the buggers), most of us still feel safe.

Can't say that's the case when I have to wonder who might be stealing my credit card and making my life a living hell as I try to resolve it.

People liken the crime of cracking to grafitti. Grafitti has been shown to degrade property values in an area. This makes it difficult for people to leave the area without taking a significant hit in the pocketbook. It leaves people with an impression that the area isn't safe or becoming. Only when the communities come together and clean up their neighboorhoods (not always possible), do they regain their sense of pride and safety. So, in my mind, grafitists should be severely punished as well.

Leave them kids alone

[QuantumG]

One would expect the local sheriff to go after vandals.. but no, we have the FBI. There are real crackers out there who have no morals and lots of skillz. They invade privacy and threaten liberty. These are the guys who rm -rf your root directory because they were bored sniffing your box. If the FBI believes that crackers are a threat to national security then they should go after them, not a bunch of punk kids who hack web pages.

Tech. doesn't hack websites, people do!

[wakebrdr]

'...it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.'

Here we go--blame the technology. There is no personal responsibility anymore, is there? Pretty soon we'll have another 20,000 laws limiting access to technology. Start sending in your donations to the NTA.

I can hear the soccermoms of the world now:

"It's this, easy access to technology, that causes this kind of tragedy..."

"We must put a stop to those evil computer shows!"

"You don't need a computer with 700 mhz!"

"Our children are raised in a culture of technology."

Of course you could replace "technology" with whatever software this punk was using and these quotes might be more plausible. Replace "technology" with "guns" and you see how stupid our government and Sarah Brady really are.

Bring on the bans!

Free Chad!!!

[jslag]

Well, did you vomit?

(I realize a subject line isn't a web banner or tag, but it is disturbingly close to your post)

Re:As usual /.ers just don't get it

[Ronin+Developer]

How about four years in the Army for this one?

Whats wrong with this picture (WAS Let's see here)

[ardy]

"Yea, screwing with a web site should be punished, at about the same level as littering. NOT to the same level as murder."

Out of the mouths of babes.....

So basically you're saying I can walk into your house uninvited, deface something in your house, like say, the report you've been working on for the boss for the last six weeks, or that homework paper thats due midterm, and then expect a slap on the wrist for such actions?
Have you no respect for the personal property of
others?

I'm not suggesting "murder" level prosecution, but most CERTAINLY not the slap on the wrist a littering charge would engender.

Re:Right on! Cracking == 20 years min!

[Doctor+Memory]

Defacing a web site, like grafitti on a wall is hardly a major offence.

But it isn't "like grafitti [sic] on a wall". It's more akin to screwing up traffic lights. You remove links from a web page, you're denying access to resources. Carving your initials in a tree is one thing, dropping that tree across a major highway is another.

Re:Crackers: Worse than murders/rapists/molestors

[hawkeye684]

now im not entirely sure about this but wouldnt an effective response to increased hacking be maybe *gasp* better security

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

There is no "fabric of society". America has become a land of sociopaths who only care when it inconveniences them.

Cracking is wrong, fine. But killing and stealing are quite different. Protecting the Status-quo is the problem. Money protects its own interests (docile, subservient, workers). Anyone who is not their lapdog is a meat by-product.

Uh huh. Read your own words again. It appears that you may be part of the problem. You are right, the problem is that we are all to self absorbed to worry about each other. Why is that?

To many people are taking the phrase "life, liberty and the pursuit of happiness" just a bit too far. If I remember correctly, this is from our Declaration of Independence and not the Constitution of the United States.. I also believe there is a phrase in there "to form a more perfect union"...is there not?

You say that cracking is wrong. But killing and stealing are different? How? Are they not all crimes in our society? By saying cracking is just wrong and not criminal, you are setting precedent.

Next, we'll say burglary isn't a crime, they were just passing through your house to get to the other back yard and picked up a few trinkets on the way.

When I was a kid, burglary was a felony that would get you twenty years. Now, that same crime will net you six months to two years in most cases. So, we've gone from a twenty years to less two for the same crime in less than a generation. What's next? Six months for murder? A slap on the wrist for rape? Hmmmm.

By not giving a damn about the society you are contributing to its futher degradation nevertheless and regardless of whether that society is built upon bedrock of common beliefs or a foundation of lies. Like it or not, you are a member of that society. It is what you are.

Congratulations! You have become a contributing member of the status quo.

There are still those in this country that believe in the so called "American Dream". At some point you have to trust in those around you to do the right thing. That's why we have government and laws (no matter how innane some of them might be). They are (in principle anyway), designed to protect the society as a whole and dictate acceptable behavior for all members of that society. For those who deviate outside the acceptable behavior, there are "corrective" actions that can be applied.

If you don't like the way things are working, then take the time out and do something constructive about it rather than whining about how it's not fair or how messed up it is. If you don't like the laws, then lobby to get them changed. Aspire to political office and show the world you really do give a damn and change the law (unlike the majority of the politicians in office). Fight for what you believe in by working to change the system rather than going outside and destroying it. (I am not an advocate for revolution but rather evolution).

Sit on your ass and you're no better than the "meat by-product" that you call everyone else.

I think we have a new eponym.

[logycke]

One of the first of these stories to gain national attention way back when, including a cover of Newsweek, was that of the 414's, a group from Milwaukee, Wisconsin. Now there's this guy up in Green Bay, Wisconsin, and he couldn't look any dumber if he had one of those big foam hunks of cheese on his head with a picket sign sticking out saying, "BUST ME: I'M AN IDIOT!!"

So there I think you have it: In honor of these Northern intellectual behemoths, I hereby dub a new eponym upon all who aspire to emulate them - not script kiddies, for scripts say very little about these people and demean an otherwise useful thing; not crackers, which is actually a derogotory name for white folks; no, I think these Wisconsin boys stand for them all: cheese heads. That is what I shall call them henceforth, and I would love to see them immortalized as such in the jargon file someday.

You know what we need..

[Fastolfe]

There needs to be a web site / message forum like Slashdot but dealing entirely with local/regional political matters. Something your state and federal representatives wouldn't be afraid to visit and contribute to. Organize the board by geographical area (or whatever political boundaries) and organize threads by issues, complete with informal polls.

Even without a congressperson's presence, it could be a great place to learn about your congressmen, about potential candidates in your area (all we ever hear about is what's on TV -- and that's usually at a national level). WITH a congressperson's presence, it could be an invaluable tool for communication/virtual *conversation* between your representatives and constituents.

Does anything like this exist?

Re:Crackers: Worse than murders/rapists/molestors

[apathetic]

c'mon you know we can't sentince our celebrities to the same extent as regulat people, they are better than us

Re:Your're right!!!

[ranton]

The difference between this kind of crime and graffiti is that it is a new kind of crime. That means that we can set a new precedence. I think they would try the same thing against people doing graffiti if they could. It is the same reason why beer and cigarretes are legal and marrijuana (sp?) is not.

Re:boo hoo

[dirty]

I think sublime put it best, "Even though he now takes it in the behind, I have no sympathy for men of his kind."

Re:Gov't forces you to waive rights.

[dirty]

Hrm...last time I got a ticket, I signed the thing, plead not guilty, went to court, was found not guilty in under 30 seconds (a minute if you count the lecture from the judge about being careful), and went home. All before about 10am. Sure I had to wait about 2 months before the trial happened, but during that two months I was not inconvienced in the slightest bit.

Clue?

[babyroo]

I'm sorry, but that is just sad. You don't attack the government after they explicitly tell you they are watching. Come to think of it, you don't attack the government at all, unless you happen to be a founding father revolutionary... Rebel without a cause? nah, Rebel without a clue...

"What is now proved was once only imagin'd"

Duh...

[KnightStalker]

Okay... kid is careless, arrogant and stupid, gets his hands on some scripts, finds some security holes, and intentionally pisses off the FBI.

And this is news that he's going to be prosecuted? He might as well have walked into their DC headquarters waving a shotgun around. It'll be news when he *is* the next Mitnick.

Re:what is a script kiddie?

[Psymonger]

Hi there,

>A script kiddies is someone who uses programs and >scripts that they have not written to exploit >security and privacy holes in commonly used >systems, such as Unix, windows, IIS, Apache, AIM, >Hotmail, etc. the list is long and includes >anything you've ever heard of, more then likely. >script kiddies are generally disliked because >they:

Oh, and how does everyone automatically know that this guy used a script off r00tshell instead of coding it himself?

>script kiddies are really just the natural >extension and inevitable outcome to an >information based society that depends on >exploitable electronic systems and I feel are >equivalent to rampant disease in that the help to >keep the immune system (system security) on it's >toes, although most people seem to think they're >just pieces of shit.

Well, i'm a sysadmin and I don't know how to code anything that can crack a system. I sure have the knowledge to download a C/Perl script, edit a few variables and make it workable. Does that mean i'm a script kiddie?

Destruction of Society

[Mazurbul]

Why are so many posters defending the government?

Our government is evil and needs replacing.

Whatever we can do to place more strain on it we should until it collapses. I support rioters in LA and David Karesh's. Just keep on task, dont' destroy your fellow citizens and stick it to the man :-)

This argument is entirely in keeping with FC's manifesto, also known as the Unabomber, read it sometime, its very interesting.

Re:Crackers: Worse than murders/rapists/molestors

[HiThere]

"Most of us still feel safe"?
???
You're kidding, right?

Re:Why I Gave Up on Representative Democracy

[Zach+Frey]

The problem with represenative democracy in our country is that it is lacking one essential element - informed voters. Intelligent votes are literally washed away by a tidal wave of ignorance.

While the USA has certainly had its share of dumbing down, have you even entertained the thought that withdrawal from the system might be rational behavior?

It is very, very difficult to effect change without

• large gobs of $$$$$
• massive investments of time

It can be done. But it is painstakingly difficult. And the results can be wiped out with the next election, or by simply turning your back on the rat-fink who is supposed to be "representing" you for too long.

Both the characteristic modern parties believed in a government by the few; the only difference is whether it is the Conservative few or Progressive few. It might be put, somewhat coarsely perhaps, by saying that one believes in any minority that is rich and the other in any minority that is mad.
-- G. K. Chesterton, What's Wrong With The World Today

Re:Crackers: Worse than murders/rapists/molestors

[blkwolf]

"In the case of physical crime, the gov't does have a somewhat effective response, put more police on the streets. It usually has a very clear impact on crime. They don't have an effective response to increased hacking. Perhaps *you* have an answer?"

How about better security? Even just for my little home network here I use a firewall/gateway system with packet filtering and network rules setup, just so that I can dial into the internet (and share the dial up with a few other computers).

All internal ip addresses are on a private ip range, I use a 5port switch instead of a hub, all incoming ports are blocked etc etc.

It may not be impossible for someone to break into my network or one of my workstations, but it'd be a hell of alot harder than the public sites that are getting cracked all the time.

Simple things like using switches on your network, portforwarding access to public services instead of just sticking a box right on the unsecured connection to the internet, using secure operating systems and services (i.e. not using IIS with frontpage extensions), monitoring sites like Security Focus to keep up on the latest exploits and patches etc.

If I can invest a little time and energy into securing my home dialup connection, there's no excuse for public businesses, and govt. agencys with public servers on the internet to not do the same.

what a novel idea

[RoLlEr_CoAsTeR]

You're right. The feds will, theoretically, get better at catching these sort of "criminals." Of course, we might also assume that these same sort of "criminals" will get better at the criminal activities that they are participating in. Therefore, the feds will not only have to "catch-up" (i.e., improve their crime-fighting skills enough to catch criminals of the "caliber" that is present now), they'll also have to push themselves far enough so that they are capable and ready for future, more advanced, and "harder" attacks.

I'd say the feds have got a bunch of work to do. "Go get 'em, boys"
(cliche, I realize, but I felt the __urge__... oooo... be frightened)

Crackers: Worse than murders/rapists/molestors

Why are crackers spending more time incarcerated than many murderers, rapists, and child molestors? I'm not saying crackers should not be prosecuted, but something is bass ackwards in the justice system.

Murder, rape, and child molestation are far more serious crimes, and deserving of far more punishment than fscking up someone's web page.

Crackers should be treated more like kids who spraypaint their crap on walls. For messing things up, their punishment is to clean things up. Give crackers shovels and put 'em out to clean up the subway walls, or interstate embankments.

Re:Crackers: Worse than murders/rapists/molestors

[jflynn]

Let me understand -- you are saying that causing 20K of credit card damage, plus the inconvenience of correcting credit histories, is a worse crime than a child or person being physically and mentally assulted? Because more people are affected? I doubt many would agree with you.

Even if that rather dubious judgement is accepted, lets punish according to the damage done, rather than the worst case damage possible. If someone falls asleep at the wheel and safely drifts to rest at the side of the road do we threaten them with manslaughter penalties because they *could* have killed someone?

If someone were to crack and break critical life support software and people died, I'd be all for the maximum penalty. But to say that someone who caused a government web site to cease functioning for a few hours is worse than a molester or rapist is ridiculous, until you specifically list the severe damage they *actually* caused.

Re:Crackers: Worse than murders/rapists/molestors

[Ronin+Developer]

I'll by that. Perhaps the subject header was misleading. As I tried to point out, cracking is a crime. However, it's a crime against the state.

Murder and rape are horrible crimes as well. The damage they do in irrepairable. But, by and large, they affect a smaller segment of the population that those against the state. This, doesn't mean that they should be trivialized.

All crime, whether it be murder, rape or cracking errode the common beliefs that people have established to form a working society. All crimes should be punished. Period.

I was trying to get across the message thatwas cracking is criminal because of the effects on large numbers of people. The same rule can be applied to any case where the public impact is great (or potentially so). They need to be dealt with in a swift and concise manner so as not to establish a precedence of nonchalence.

Thoughts?

Re:Crackers: Worse than murders/rapists/molestors

[msanto]

And women shouldn't go into Tyson's hotel room alone, don't go down dark alleys, etc, etc.

There are "common sense" measures a person (or web site) can take to prevent a physical crime (or hacking), yet there is no way to guarentee security. When a population is threatened with physical crime the gov't response is More Police which is a physical presence and acts as a deterent. There is no comparable response to internet hacking, thus the attempt at deterence is based on escallating sentences.

Besides, the gov't isn't responsible for commercial computer security. Comparably, should a rapist be given a lighter sentence because the victim didn't have "common sense" (or good computer security)?

Not that I'm saying that raping and hacking are comparable or should get similiar sentences. Personally, I'd like to bring back public flogging & execution for violent offenders. Now that's deterence!

Re:Crackers: Worse than murders/rapists/molestors

[Chuut-Riit]

You've left out an important "feature" of the government view of the "paradigm." Information is only sacrosanct if it's the government's information. If the information belongs to a mere citizen, then it is imperative that that government be able to access and decrypt it because, you never know, that citizen might be up to no good. Welcome to fascism. Don't worry, it will get worse.

Re:Crackers: Worse than murders/rapists/molestors

[Stonehand]

Well, you've been bringing up the m/r/m people repeatedly. Got some names and cases for us?

Re:Crackers: Worse than murders/rapists/molestors

[mochaone]

Sorry. I disagree. I have no sympathy because this guy is a teenager. Our society has suffered quite a bit by coddling teenagers who break the law.

The simple fact is if we are to further this information/technology paradigm, integrity of data and systems is sacrosanct. You achieve this by prosecuting all who impede this goal. This wild west mentality where you just do as you please in the face of established law has to stop.

If you are looking for equity in law, please exhume my corpse in a 1000 years when you find it.

Re:Crackers: Worse than murders/rapists/molestors

[FreeUser]

Crackers are spending more time in prison than muderers, rapists, and child molesters because the government, particulary those portions of the executive branch concerned with the control and (mis)use of information (the FBI, CIA, NSA, SS, etc.), feel much more threatened by a cracker (whether a knowledgable one such as Mitnick, or Script Kiddie such as Davis appears to be) than they do by most violent criminals.

Let's face it, if someone spray paints obscenities on your house, rapes your child or kills your mother the government is not the least bit threatened, no matter the degree of personal trajedy in your life. On the other hand, crackers inhibit the government's ability to propogate its world view when they deface a web page, with the (unspoken?) threat of possibly doing much more (such as compromizing their databases and whatnot). Add to that the perceived threat to large business interests and you have an explosive combination of political will to CRUSH the perceived threat. Details like fairness, civil rights, or even constitutionality have a long and dark history of being swept under the rug under these kinds of circumstances. The law is being used to protect the existing base of power more than it is to protect individuals. It should be no surprise that the government will spare no expense going after those people it finds threatening, nor will it feel any compunction whatsoever in treating those individuals with as little fairness as it can get away with.

If we do not speak up and put an end to this dispraportunate treatment of crackers it will not change, as it does serve the interests of those who persue and prosecute the cases.

Re:Crackers: Worse than murders/rapists/molestors

[Danse]

Sorry. I disagree. I have no sympathy because this guy is a teenager.

Nobody was asking for sympathy. Just for fair treatment. Screwing up someone's webpage is far less damaging than raping, murdering, molesting, etc. Yet, for some reason, crackers get harsher treatment. It has nothing to do with age. It has everything to do with having the punishment fit the crime. As someone else pointed out, he didn't do anything to harm national security, but he'll probably receive a lot more punishment than those who allowed nuclear secrets to be released to China. It's a sick society we live in.

?

[supz]

just reading the comments on this article is like really [mind expanding?]. there are mainly two totally different perspectives on this subject, that are both totally legit, but go contradict each other so much.

#1 being that you believe that the kids should get what they deserve for being stupid
#2 being that the server's are stupid for not checking

alot of educated-looking people have posted stuff supporting both of these view points.

just felt like sharing that

19 isn't a kid

[QBal]

I thought the guy was 19, around my age.

The guy was warned by the FBI that they where cracking down on their group.
But what does he do, he lash's out and hacks a web site.

I agree with your last point, but isn't that just what Chad did. He declared war on a group he didn't like.

I don't dig crackers who try and boost their own ego by defacing other peoples property.

Re:19 isn't a kid

[Danse]

As far as I'm concerned, you're a kid 'til you hit 21. At least that's the way the government looks at you, when it suits them anyway. If they limit your rights based on age, then they are treating you like a child. When you have the same rights as everyone else and are allowed to make your own decisions about what you should or should not do, then you're an adult and should be made responsible for all of your actions as well. It's no big wonder that so many of these teenagers act so immature. The government is trying to play parent to them and make decisions that should be left up to their real parents. It's not designed to do that and it fails miserably.

I agree with your last point, but isn't that just what Chad did. He declared war on a group he didn't like.

I believe the FBI caused much of the problem here in the first place. They call anyone who can run a script a hacker. They violate the rights of the people they charge with hacking. They demonize every stupid stunt some kid pulls as if it was a major threat to national security. It's no wonder they've pissed off a lot of people. The fact remains that what he did was only minor electronic vandalism.

I don't dig crackers who try and boost their own ego by defacing other peoples property.

I don't agree with what he did any more than you do. I'm just saying that there needs to be some perspective here. Throwing some kid in jail for a relatively long time for a relatively harmless, albeit stupid, stunt is not the answer. He did something that is done every day by thousands of kids across the country. He vandalised something that didn't belong to him. Unfortunately, since he fits the FBI's description of a "hacker", and since the "war on computer crime" is the FBI's latest crusade, he's going to be treated MUCH more harshly than any other vandal in the country. Where's the justice in that? Equal crime should get equal time. That's not going to happen in this case though. They're going to blow it way out of proportion and get the media in on the act. Make the kid out to be some kind of anti-American troublemaker who was out to screw up the governments computers and cause general chaos. He'll be tried and convicted in the media before he ever sees a judge.

Let's see here...

[GMontag]

Is Chad going to be placed in solitary confinement until he "voluntarily waives" his rights to preliminary hearings, like Kevin?

Is Chad going to be charged in the farthest point away from WI, in the continental US, like Bill Cheek?

Is Chad going to have to rot in a "pre-trial" facility for 4.25 years until he "voluntairly pleads" to some of the charges?

Have the Feds created $multimillion in damages yet?

Yea, screwing with a web site should be punished, at about the same level as littering. NOT to the same level as murder.

Re:Let's see here...

[GC]

Littering?

Surely if someone removes your files from a web site and puts their files in their place then we are talking theft. They have taken YOUR pages.

I personally believe that you shouldn't be able to be charged with computer crime unless the authorities can prove that you used a known exploit such as brute-force password cracking or exploiting a trust relationship. If the only evidence is that the files were changed then the fault should lie with the poor security at the site concerned and not with the person who changed the files. I understand that this can be complicated to enforce, but if people are going to leave their sites wide-open to attack they can expect them to be attacked.

After all, you wouldn't leave your wallet on the pavement and expect it not to be stolen, and I doubt the authorities are going to waste their time trying to find it if you tell them where you left it.

Re:Let's see here...

[stanlee]

I'm reporting your OBSCENE posting to my local literary warden. The use of the word 'smarmy' on an electronic storage and retrieval system is prohibited by USC3098.9 (classified).

You can expect your literary license to be revoked shortly. Honest, hardworking readers of Slashdot will not tolerate your public posting of trash.

Re:Let's see here...

[GMontag]

If use of that language is illegal, should not the coward be hanged? LOL

Re:Let's see here...

[Stonehand]

If you waive your right to a speedy trial, you deserve what you get.

It's standard practice to move inmates far from their homes. It's SOP because you want to keep them away from their contacts and their previous environment as much as possible, because otherwise you get cases like the leader of the OGs quite probably running his narcotics business from jail.

If you damage a web site, any admin worth his salt knows that he quite possibly has to reinstall the whole damn thing, *AND* warn all his users who may now disappear due to a lack of trust. That's damage. It's more destructive than littering, unless the latter includes, say, littering with attache cases lined with RDX and timed fuses.

I got raided because of gH

[poptix_work]

The morons at the FBI actually thought I was one
of the leaders in this group, that I hadn't ever
heard of before, because some complete MORON at
Internet America (www.iadfw.net) in the abuse
dept. has a personal grudge against me, they took
my computers and said they needed them for
evidence, now, 6 months later, I haven't heard
anything from the FBI or anyone else about my
computers. This goes back to the story the other
day about the FBI keeping peoples computers...

I just wish the FBI had more of a clue, or would
understand that they're taking on way more than
they can handle, it's like someone said the other
day, the 'war on hax0rs' is like the 'war on drugs'
they can't win simply because of the number of people
hacking/cracking/being script kiddies, and they spend
so much time harassing the people who didn't do
anything that they don't even notice the people who
are.

Re:This proves that people need to tighten securit

[HiThere]

Let's not confuse things.

1) The bank and it's employees should be liable because they did not fulfill their responsibilities properly.

2) The bank robbers should also be liable, because they took the money.

The problem is when you try to weigh the relative responsibility. If it was easily predictable that the money would be taken, then the bank and its responsible people, if any, should be totally 100% liable.

If it is on a busy street next to an elementary school, the students there have been tempted unfairly.

Adults are expected to act in an adult manner, even in the face of temptation. This may not be realistic, but it is what is expected.

Persons intermediate in age between elementary school children and adults should be treated in an intermediate manner.

Problems:
1) How can you hold an abstract entity, like a company, responsible? (Possible solution, band together in groups to hire lawyers, etc.)

2) So the kids were unfairly tempted? So what! If you don't teach them about consequences, they'll never learn. (Counter argument: children need to be protected from the serious results of bad decisisons. They need appropriately graded challenges and rewards/punishments.)

3) ...

There doesn't seem to be a clear-cut point here, except:
a) The officials should be held responsible (i.e., face the consequences of having created and maintained an attractive nuisance, at minimum. If they are more culpable, then they should be punished equally with the other criminals.)
b) SOME punishment should be inflicted on the infringers (tresspassers, graffitti "artists", whatever happened)

BUT
most of the "officials" are probably incompetent, and those who are not were likely not to be in positions where they were allowed to make and implement decisions...

Global Hell?

[logycke]

Global Hell - ah, so that's what it stands for. Of course. I always wondered what that symbol for David Geffen was all about.

Re:This proves that people need to tighten securit

[substrate]

So in other words if you happen to forget to lock the door to your abode I can feel free to walk out with your computer, tv set or anything else that catches my eye? What was your address?

Speedy Trial

Yes, this script kiddie deserves to be prosecuted, but he also deserves a speedy trial, not to be left rotting away for several years in prison.

People need to learn that computers are personal property and you are tresspassing if you do not have authorization to enter. Finding a security hole in a computer is like finding a broken window in a house. Sure, you are able to gain access to the house, but you are tresspassing if you do so. Yes, the owner should make every attempt to fix the broken window once it is discovered, but that still doesn't give you the right to enter.

Re:Speedy Trial

[magnetx]

Damn, I wish I could fix the broken window on my system that is letting SPAM in.

Your're wrong!!! (?)

[seizer]

Actually, you are half right. I think the issue here is whether the authorities will sentance fairly (all assuming the guy's guilty *cough*) or whether they'll try to make another punitive example of somebody who may still have some redeemning qualities.

--Remove SPAM from my address to mail me

Re:why compare?

[KrAphtd1nN3r]

Sorry to say that, but Kevin Mitnick never took profit from the hacks (or cracks, whatever!) he pulled. He might have stolen 20 000 credit card numbers, but never used a single one of them to buy stuff!



It might not have been real intelligent, but please get the right facts! Kevin never stole from anyone!

The key issue of the article, that I see is:

[fastang]

Take into account the following 2 quotes:

""It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator."

"like Davis, who are relatively brazen and unskilled, according to federal law enforcement officials and computer security experts."

If they are so unskilled how did they crack so many, high profile sights? Is the security that bad, or do they expect us to believe that these crackers have in their possession "SuperDooper" powerful software that cracks the excellent security in place on these servers.

Re:The key issue of the article, that I see is:

[fastang]

Oops, sites that is.

There's a common thread

[KnightStalker]

I think everybody agrees, this schmuck is not going to get a whole hell of a lot of sympathy :-)

Um....

[PollyJean]

Nice to compare a script kiddie to three mass murderers & a mail bomber. Let's see...

Folks listed above...approximately 11,900,167 deaths / script kiddie 0 deaths

Not exactly the same league.

If he cracked the site, he should be punished, but let the punishment fit the crime.

Pol Pot died under house arrest for his mass murders. A web site cracker should get, what, a fine, maybe some community service & probation. Let's keep this in perspective, here.

As usual /.ers just don't get it

It is no doubt that what these kids are doing is wrong.

However they are being penalized for breaking and entering/destruction of gov property

when the crime is more akin to

Grafiti

With easy to wash off/non destructive paint

It's not crime/nocrime but the fact that the USGOV, in lieue of installing proper security (no firewalls at my gov site!) is putting it's efforts into something it understands: Harrasing civilians.

(I would PAY for a /. spell checker!)

Enough already

[asad]

Am I the only one to be tired of hearing about script kiddies in the news ? I mean there are so many more interesting people doing constructive things with their time that I am amazed with the media's fascination with "crackers". I could understand if the person had found some new and obscure bug that no one else had noticed, ok that would be minor news but the fact that some script kiddie broke into a military site *again* is hardly new worthy. And the worst part of this whole thing is the image the computer industry gets from this, I don't know how many times I had friends who don't know anything about computers ask me if I can break into some computer site for them. Is anyone else tired of all these "cracker" stories ?

Re:Enough already

[Iambe]

Why it sounds like actually cracking into government sites is a bad thing....


Quite frankly, I do not give a shit. A script kiddie caught. BFD

Re: This is a bunch of

[friskyotter]

Crap. Don't try to dignify anti-social behavior as "protest". The whole point of culture jamming is to gain a voice in media that ordinary people (read: not rich) are shut out of. Most folks can't afford a billboard, a 30 second TV commercial or even a half page ad in the local newspaper. Virtually anyone can get their content onto the web however, and could probably even do it for FREE if they talked to enough people. And if no one wants to hit gHell's web site to drink of their wit and wisdom, well cry me a river... Everyone should be guaranteed the right to speak their mind, but NOBODY has the right to be guaranteed an audience! Let's face it, by hijacking a web site these dolts are forcing people (however briefly) to view something that they had no intention of viewing, as well as denying those people whose sites are hacked the right to express their own views. And don't even start with that "The MAN has no rights because he's so bad" crap: Free speech means free to everyone, else it ain't free now, is it?

Re:Why I Gave Up on Representative Democracy

[dpdx]

I sincerely hope you read this, despite it having been posted a day late.

You left out one serious change effector:

• Large gobs of people, especially when they make large gobs of noise and cast large gobs of votes.

See, the "large gobs of $$$" thing is one of the things we're supposed to get mad about, and throw the bastards out for. But it doesn't work when so many people (especially 18-35) give up on the process.

The other forms of protest are wonderful, but they can be repelled by force of law, unless more people like you continue to assert their right to vote, and continue to work for change within the process.

That's how Burma keeps its citizens down, BTW; by doing a buttload of horrible acts to ensure that they feel just like you do -- powerless. By comparison, it's a cakewalk for you to change your government; just continue to be as smart as you are, but be noisier.

I am glad to see...

[KrAphtd1nN3r]

that most people don't automatically get a "throw the guy in jail, or just kill him for that matter" approach to the subject. It seems that past polls on such controversial subjects have produced comments I could not believe!



He might have done something stupid, but he still has rights! Still, what he did was kinda lame, and he deserves a punishment, just not a big one!

Actually it was tourism.

[DunbarTheInept]

There are a lot of people in Chicago who drive north into Wisconsin for quick little weekend trips or cheap summer vacation camping. Most of Illinois' forests, what little there once were, have been cleared off for flat farmland. Wisconsin has more woods, although it has some cleared out areas too. So there are a lot of places to go canoeing, hiking, camping, skiing, snowmobiling and whatnot. The problem is that all it takes are a few bastards to make the whole group look bad, and for a while there was a feeling that when you saw an Illinois license plate, you cringed. It was unfair and irrational, but that's what the common feeling was. There was also often a sense that a lot of Chigacoans saw Wisconsin as being their backyard playground, and this caused some resentment.

I don't know how much of this sentiment is still around. It's kinda dumb when you think about it - these people are bringing in lots of money, so be nice.

This is the most/only interesting part for me...

[E-Rock]

Quoted from the article:
"...like Davis, who are relatively brazen and unskilled, according to federal law enforcement officials and computer security experts.

"It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator. "

So he didn't have any mad skills, but he walked all over government servers?! Is this an advertisment that govermnet servers have poor admins and no security?

Fix the servers!! Stop wasting my money chasing script kiddies around the internet and make the server safe from all but the truely skilled hackers.

Used as an example? Oh, the poor martyr.

[Wakko+Warner]

Look, if you do something illegal, you should expect to go to jail. The first "Free Chad!!!" web banner or tag I see, I'm going to vomit.

- A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Re:Used as an example? Oh, the poor martyr.

[G_Love]

Get a bag, then, cause some A.C. posted that already...www.freechaddavis.com. Yeah great. This kid is stupid. "hmmm, let's see, the FBI knows I'm into cracking, they've confiscated my computer once...maybe they stopped watching me!!! Yeah, that's it!". Seriously, this kid deserves a nice speedy trial by jury to get his dumb-a$$ in jail. To attack a gov't. site is inviting the FBI to come after you. Now, the gov't. shouldn't get away scott-free either. If he was truly "unskilled", it must have been the 31337 scripts that he downloaded that allowed him to crack a gov't. server, right? Try improving the security before wasting more of my tax money on prosecuting some kid who's just trying to prove he's cool too. Bah! The whole thing is stupid. And only barely comparable to the Mitnick case.

FREE * !

[babyroo]

Come to my website, and click on the ads to support the Free Chad cause! Also, visit my other sites:
"People for Pol Pot"
"Save the Unibomber"
"Free McVeigh"
"Heritics for Hitler"
All the money I make will go to these worthy cause, I promise!

"What is now proved was once only imagin'd"

Hear hear!!!!

Well said, mattc.

So another script-kiddie acts like he is god and gets caught.

Big smegging deal!

Throw him in jail with all the other criminals, and let's move on to more important / worthwhile topics.

Re:This proves that people need to tighten securit

[Androgynous+Coward]

What if I just walk through your neighborhood checking each door and window to see if there's a forgotten lock or latch? Or maybe you didn't roll the window on your car all the way up and with a piece of wire I can easily get the lock open?

But I'm not evil. I wouldn't steal your car; just take it for a ride and piss in the interior before I leave.

But maybe you're careful but your family isn't. Perhaps the gas cap on your mother's car doesn't have a lock and I can pour sugar into the tank.

Think carefully about what you're saying. It's corny but in essence time is money and having to rebuild a server after compromise is expensive.

AC

Punishment should fit the crime

[Sun+Tzu]

Agreed. Violent criminals should rank higher on the FBI's lists than mere vandals, even computerized ones.

And, your suggestion for punishment is a good one, IMO. The ego-driven cracker/vandal would be appropriately punished in a way that diminishes their prestige and matches the crime.

Meanwhile, there would be room in the prisons for longer sentences for murderers and rapists... Unfortunately, those evil pot-smokers are sucking up so many cells as to make this cracker problem vanishingly small.

just what we all need

[kootch]

another case to make hackers look like the bad guys. I can respect people that hack sites to point out security problems and make a political stance, but hacking a site just to poster inappropriate messages on the splash page and so you can brag to your little prepubescent friends is just enough.

while the hack/non-hack of hotmail the other day was a welcome and necessary hack (I only use hotmail with PGP), this little turd who just wants the attention his parents didn't give him isn't worth the electrons that are flying at my eyes as I read what I'm posting.

Re:just what we all need

[kootch]

Oh, I respect them, but they should also be punished. sorry I didn't make that clear. but then again, I'd rather be warned about a security flaw by something harmless than have it bite me in the ass on something important.

He gets what he deserves

[Billkr]

This kid is class A1 STUPID! When you are under investigation from the FBI you should not be hacking into government computers to get back at them DOH! Oh well, I guess this is an example of Darwinism. Put another criminal behind bars.

Re:He gets what he deserves

[Kilzall]

and certainly not from his own phone. Natural selection among crackers at it's finest.

The feds just need another Rusty Scabre to rattle.

[mattz]

...at all the script kiddies since mitnick is basically a done deal......

Too funny

[Billkr]

I laughed hard and then started to worry that you might be serious. Whew... no such page

Stay! Your wish is granted.

[Signal+11]

Before everybody goes off with the "you get what you deserve" rant.. I would like to make a few points, and why if the government does what I think it's going to do .. it wouldn't be good for anybody.

First, defacing websites is a crime - duh. But it shouldn't be a felony to do so - it should be a misdemeanor just like the realworld equivalents of "damage to property" and "vandalism". The government is deathly afraid of a medium that it can't control - which neatly explains the outrageous legislation being passed right now.

Second, this story will get sensationalized. Again, another obvious "duh!". The media loves scaring people - and the idea of some guy involved in a hacker crime ring hell bent on overthrowing the evil capitalistic system will be raised no less than 2^32 times. Jesse Burst may even comment on it.

Third, the you're-guilty-otherwise-they-wouldn't-have-arreste d-you dogma will also come to bear in the next few hours on slashdot. May I remind you that unless you disagree with the constitution - it's guilty until proven innocent.

I would also like to point out that the "setting an example" method of enforcing laws has been proven to be ineffective. We legislated the death penalty.. and the murder rate didn't change. We took it away.. the murder rate didn't change. That is one example, but their are case studies replete with more.

So what does this accomplish? It gives law enforcement good publicity (makes them look like they're doing their job instead of snacking down donuts and violating people's civil liberties), and it gives everybody the shaft because it's one less right that you have in our legal system.

constructive criticism appreciated - flames to /dev/null.

--

Re:Stay! Your wish is granted.

[Signal+11]

Sorry, I meant to say "innocent until proven guilty". A freudian slip, perhaps?

--

Re:Stay! Your wish is granted.

[Overt+Coward]

I would also like to point out that the "setting an example" method of enforcing laws has been proven to be ineffective. We legislated the death penalty.. and the murder rate didn't change. We took it away.. the murder rate didn't change.

Actually, that's not true. States that have the death penalty and that actually use it on a consistent basis have seen a shift away from violent crime. Oddly, the crime rate overall remains roughly the same, but property crimes increase while violent crimes decease...

Re:Stay! Your wish is granted.

[Signal+11]

That's really odd, because we discussed this in our state & local politics class - and it was that exact example used to prove that "setting examples" didn't work for law enforcement - ie: had a negligible effect.

Maybe the study you read made the mistake of going by total murders rather than per capita? I don't know.. but I'd love to see anything you can dig up on the topic.

--

Mindphasr/gH

[prodeje]

Heh. You get what you diserve. If you think this kid did nothing to provoke the FBI, check out some of the hacks by Global Hell (the hacking group Chad Davis was affiliated with).

http://www.attrition.org/mirror/a ttrition/gh.html

...

Re:Mindphasr/gH

[prodeje]

Chad Davis is a he.

And he still broke the law by breaking into their systems and defacing their web page. They're also charging him with trying to cover up his tracks, altho I don't understand that charge.
...

Some People have to Ruin it for others

[JediLuke]

You know how the media loves fodder to blow everything out of proportion, so the mindless masses can say "oh computers are evil"? Its people like these that help the media procreate this steriotype that the internet is a hole of fraud, trechery, and deception. But the don't see it for what it can be, the greatest information resource on the planet.
JediLuke

We were DoS'd yesterday

[macdaddy]

Our University mail server was DoS'd yesterday. Thanks to our NFS mounting scheme, it eventually stalled our central unix system (all new connections at least--if you were already on you were ok for the most part). From what I understand, the FBI has been notified. What does this mean to hackers? Don't fsck with someone that's bigger and badder than yourself unless you want one hell of a headache! Hackers be warned!!!

The only reason one should care about Chad Davis..

[ScrappyTheObscure]

Ok, so Chad Davis is no Kevin Mitnick, but by shrugging off what happens to him -- stupid insignificant grafiti-loving brat that he is, we're saying that the government should incarcerate for electronic breaking and entering as though it were the same crime as 1st degree murder.

Is electronic breaking and entering without actual destruction of data really a high crime? Chad Davis didn't cost the govt anything but its pride. He destroyed nothing, and took nothing with him when he left, just left his tag behind. He cost them system down time probably, but what else?(Correct me if I'm wrong about this one.)

Don't get me wrong, the kid IS a criminal--but I wouldn't send him to the pokie to be raped daily by violent offenders for the next 20 years of his life in the hopes that someone else will remember it and think better of cracking. People who crack IMHO will NOT care -- and the really young kids who do it will simply idealize the incident.

I love it!

[Fastolfe]

"It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.

It's about time the media started relaying this crucial bit of information. These gimps are nothing more than IRC script/packet kiddies that were shown how to use a few of those l33t exploits that appear every week or two.

They're not smart (obviously in this case); they aren't "skilled members of the hacker community." They're CHILDREN that aren't supervised enough by their parents.

The kids deserve what they get, and their parents deserve to be held accountable for the monetary damages.

I mean how stupid can you be? If you're going to break into a government system, don't do it straight from your dialup account! Again, he deserved it. I have no sympathy. In fact, I just wish the number of arrests for this type of thing (including more of the DoS-type of attacks) increased by an order of magnitude.

He asked for it

[um...+Lucas]

Based on what I know, briefly... The FBI told him they were on to him & his group. He went out of his way to taunt them by defacing a military site. For that, HE'S NOT GONNA GET JUST A SLAP ON THE WRIST.

Simply defacing a site, who cares? I mean, anyone in the world should have a tape backup somewhere that they can grab and restore. When you start talking gov't & military sites, though, the action is taken much more seriously. Just like if you spray paint something on a building, that's vandalism, but if someone spraypainted something on the Vietnam Memorial, they'ed be lynched either in or out of jail...

Re:He asked for it

[Danse]

Just like if you spray paint something on a building, that's vandalism, but if someone spraypainted something on the Vietnam Memorial, they'ed be lynched either in or out of jail...

I wouldn't compare spraypainting the Vietnam Memorial to defacing some Army webpage. More like tagging the side of the post office or army recruiting station or something.

Punishment not fitting the crime?

[Fastolfe]

For those that invariably keep repeating that punishments for computer crimes seem excessive compared to other violent crimes, WRITE YOUR CONGRESSMEN.

If you folks would spend HALF the time actually writing letters as you do whining on Slashdot, I'm tempted to say we'd see a difference in the behaviors of some of our congressmen and thus, our nation.

I bring this up every once in a great while, and every time I get somebody responding that says I'm naive, that our government isn't OUR government at all, but acts in its own best interests (which, "obviously," aren't our own). Do you have any idea how many letters your congressmen get? I know my state representatives somehow find time to individually read and respond to my letters in just a few days. My national representatives usually have somebody else going through the mail first, but each of my letters have been hand-signed and written *by* the person I wrote (and yes, I can tell the difference between an aide-written letter and one written by The Man himself). If these guys can find the time to do this sort of thing in addition to their duties as our state and nation's lawmakers, perhaps they aren't hearing enough from their constituents? Hell, most (all?) of them now have e-mail addresses that are given just as much priority as postal messages.

I wish you doomsayers would stop sulking under this dark cloud of opression and figure out that this is YOUR government. These are YOUR elected leaders. Do you guys honestly believe that each of your elected leaders just somehow automatically get inducted into some secret club hell-bent on destroying the lives of the citizens that elected them in the first place?

he's not even accused of the same thing as mitnick

[stanlee]

This kid is *NOT* 'the next kevin'.

He has about as much in common with Kevin Mitnick as Steve Jobs (they were both 'hackers', get it?).

So now Kevin Mitnick is accused of web hacks?

[stanlee]

Since when did Kevin Mitnick deface .gov web sites?

I fail to see any similarities.

Re:Your're right!!!

[Danse]

All t his cracking is really not much different than graffiti you see on buildings.

Yep. It's roughly the electronic equivalent of graffiti. The difference is that with all the paranoia in the government, they like to take the offender, lock them up for a year or 2 without a trial, blow the case all out of proportion so that the media can demonize the kid (maybe they can compare him to the Littleton killers or tell us all how this script kiddy is a serious threat to national security), confiscate anything remotely related to a computer and ban them from using computers for several years upon their release.

When was the last time anything remotely similar happened to somebody who tagged the side of a building or highway overpass?

4.5 more years without trial?

[stanlee]

Oh I see, the similarity is going to be when this kid gets put in the hole for almost 4 years too.

Re:Setting an example

[MoodyLoner]

No, but the words "due process" do.

6th amendment, perhaps?

I believe that is where the "presumption of innocence" falls, but I am not certain as I am no Constitutional lawyer. Once I'm off work, I'll be sure to ask my friend who is :)

Re:Right on! Cracking == 20 years min!

[Fastolfe]

I didn't realized he'd already been found guilty and sentenced yet.

In the future, wait until the guy's actually been SENTENCED before you go comparing his sentence to that of other types of criminals, and remember: Just because the law provides a MAXIMUM penalty of "..." rarely means the offender will actually get that sentence.

Apples and Oranges

[X-Nc]

This kid is nothing like Mitnick. He malichously broke into a system to intentionaly cause damage. I happen to personally know the guys who run www.army.mil and the kind of crap this script kiddie pulled isn't really worth space on /. but that's not my call.

The one part that I am behind is the punishment for this crime. It should not be anything near what a "real" crimminal desirves. He should get a big-ass fine and maybe some minimal time in a minimum security place.

That's my opinion.

---
"Who pill da cubby custar?"

Re:Apples and Oranges

[stanlee]

What was the damage he 'intentionally caused' again? He must be a *really* inexperienced cracker, because I don't remember reading about any damage being done.

Re:This proves that people need to tighten securit

[Ronin+Developer]

What gives anyone the right to gain unauthorized access to someone elses home or computer? This isn't just about some script kiddie. It's about lawlessness and anarchy. How many of you actually think it's okay to run a stop sign because "nobody's coming" (oops..didn't see that jogger) or drive through a residential neighboorhood at 11 PM with your windows open blasting 1000 watts of pure bass for all to hear? Same thing. Lawlessness.

Is it okay for someone to check to see if your front door is unlocked and just walk in, look around, and do whatever they want?

People scream about privacy and how the gov't is allowed to invade ours. How is what this punk did any different? Don't people have a resonable right to privacy and intrusion? At least the gov't has the law on their side and have to account for their actions.


Burn the little punk. Let him become the girlfriend of a 300lb cellmate named Bubba.

Re:yawn.

[stanlee]

Well they have to divert attention away from East Timor and Somalia *somehow* don't they?

go go gadget phf!#$

[joq]

I personally think that anyone toying with anyone elses server should know it's illegal in any shape form or fashion, therefore it's time to pay the piper. Its cool to code/hack/etc, but when you take it to a criminal level on a constant basis or any basis for that matter, anyone in their right mind should not look at mindphsr as a martyr.

I've been on the scene for a few years and have seen people come and go and to compare criminals is petty. Has anyone forgotten that Kevin too is a criminal? He was no great hacker... Just someone who engineered info from other hackers, got caught, and every single damn hacker cried foul. All respect due to some members of global Hell which are actually cool, but mindphsr isn't someone script-kiddies worldwide should worship.

elite script kiddie sploit

Re:Right on! Cracking == 20 years min!

[Danse]

In the future, wait until the guy's actually been SENTENCED before you go comparing his sentence to that of other types of criminals

Jeez... how long did it take them to sentence Mitnick? How long did he sit in jail before he even got to see a judge? The problem here is that they assume guilt and you can sit in jail for a long damn time before you even find out what evidence they have!

Re:This proves that people need to tighten securit

[substrate]

Whether or not a person takes adequate measures to secure their belongings, whether physical goods like my tidy pile of gold coins or the company network, has no bearing on the legality of the intrusion. If you abscond or destroy my personal belongings I expect you to be prosecuted to the fullest extend of the law. Whether or not the security measures (Did I lock the doors? Are the security patches up to date on the external computers on my network?) satisfy my insurance company is another matter. I'm not arguing that at all.

If the legal system takes the stance that unless you take adequate precautions any theft or damage done to your property is not a crime chaos will ensue. Any legal prohibitions against theft or intrusion will be moot since by definition if you've been intruded on you didn't take adequate precautions against that particular intruder.

You put a dead bolt on your door and religiously lock it, you make sure all your windows are closed and locked. I throw a brick through your window and steal your prized lint collection. Since you had the audacity to have windows on your dwelling you are therefore not worthy of being protected by the law. I walk away without a blemish on my record.

The truth is just about all computers exposed to the internet at large take adequate precautions to justify protection. Unless they leave the site up without password protection and post notices that intrusion is explicitly allowed they're afforded protection by the law.

Insurance companies and the stock holders are of course entitled to more stringent measures. If a lack of these more stringent measures results in theft of services and intellectual property or a loss of service then they are entitled to make the company pay. They do this by either not honouring their insurance policy or dumping their stock and deflating the value of the company. The company is still entitled to seeing any criminals rot in jail.

To borrow and extend a rather colourful phrase from Neal Stephenson's Cryptonomicon: If you don't want to be the wife of the convict with the most cigarettes, don't do the crime.

Cann your home insurance and file a theft claim. And tell them you left the front door unlocked. See what they say. Sane with auto insurance companies. If you're ripped off for being stupid, they'll compensate you less, if at all. Blame is not something that rests all on you or all on the thief, but a question of who bears what percentage of the blame. What would you expect to happen if your wife parked your new convertible Ferrari on the street in the middle of Watts and left it there over the weekend. Would you feel 100% relaxed and not worry because 'the law' says the theifs bear all of the guilt? Would you place zero blame on your wife? I wonder.

Re:Before anyone even says the word 'hacker'...

[stanlee]

Praise the lard.

Mitnick who?

[joq]

First off you know jack from adam about Kevin...

Kevin was a very good social engineer who had 0-day skills... Now DarkDante is a different story altogether... Mitnick sucked so get over it.

Setting an example

[opus]

I agree that the "setting an example" method of enforcing laws has generally failed for violent crime/ordinary property crime, but in that case the criminals on average (a) are not particularly intelligent, and (b) don't have a potentially bright future to contrast with a life of prison and probation.

Script kiddies, on the other hand, are generally pretty intelligent kids with potentially bright futures. "Setting an example" may well work with them.

Oh, and the words "innocent" and "guilty" appear nowhere in the U.S. Constitution. :)
--

Re:This proves that people need to tighten securit

[Androgynous+Coward]

I monitor several servers and I spend too much time firing off emails to sysadmins about scanning scripts running agaminst various subnets. They don't have to crack machines for it to be a pain in the ass. If a machine is running wide open and gets cracked it's a lesson learned but one that isn't necessarily deserved.

AC

Re:Skill is not an excuse to break the law!

[Danse]

Doesn't matter if you are dumb or smart, just don't break the law!

Tell that to the people who kept Mitnick in jail for so damn long without even a trial. In that case, both sides were acting criminally. I would consider Mitnick's offense to be the lesser one though.

Re:Right on! Cracking == 20 years min!

[cswiii]

:Get a FUCKING clue! Defacing a web site, like grafitti on a wall is hardly a major offence.

As far as I'm concerned, taggers can be thrown in with bubba, too. It's not a major offense until it's your house or car. Better yet, defend them all you want, after you spend a day scrubbing down, acid blasting their 'art'.

I revert the question back to you; how would you punish a grafitti vandal? You can't tell me that a kid is intimidated anymore, after one or two stern warnings from a judge.

Re:This is the most/only interesting part for me..

[jflynn]

s/wandering in/breaking out/

"Why should all our tax dollars go to build a bigger cage to keep overgrown children from breaking out and breaking things?"

Build cages around your computers or your children -- it's your choice. You can use judgement in individual cases -- it's allowed.

Jim

Re:Right on! Cracking == 20 years min!

[noom]

In general, defacing a web site should be considered MUCH worse than mearly spray-painting a wall. Consider for a minute how much money a popular site like CNN.com could lose if their Ad banners weren't displayed... Cracking a website is more akin to editing an episode of "Friends" before it airs on television so that Chandler appears to say "Suck my #$^@ FBI!" instead of his normal one liners.

I say give him a $1000 fine and a crapload of community service. If he's as stupid as Mitnick and keeps doing this shit, give him a year in prison (along with fining him for any damages). And beat his ass with a cane on national television while you're at it.

-NooM

Hackers in Green Bay?

[vitaflo]

Having spent the last 22 years in Green Bay I must say that this kid should be put away. He's ruining our city's reputation as technically illiterate folk who only drink beer, eat brats, and watch anything and everything Packer related.

Seriously though, this surprised me when I heard this on the news. We're not a very technical town at all, and I'm sure now half the population of Green Bay (both of them) will be all worried that this kid (or someone else) is gonna hack into their computer while they're tying in Word. The ISP's in Green Bay don't help the cause any either. But hey, at least we have our Packers!

Re:I always wondered what FIB meant.?

[BugMaster+ChuckyD]

FIB = F?cking Illinois Bastard

I beleive it originated from when the drinking age was21 in IL & 18 in WI so teenagers would drive up to WI to get drunk and act like bastards up there and kill people on the drive home.

Re:Give the cheesehead a break...

[toolj23]

...and I'm sure you too came to Wisconsin Dells every summer for vacation to waste your money on the huge ass tourist trap that is the dells, just like every other person from IL!

btw, im from IL and now live in WI, and still love IL more than WI... just that working in the dells for a summer changes your views.

No Sympathy Here....

[Chokai]

I don't have any sumpathy for this guy. The defense department as much as we may dislike it does many things of great importance to us. I hope he gets a harsher sentence than most others would. Interfering with national defense is not a laughing matter.

I'm surprised

[cthonious]

.. at the number of goodie-woodies in here.

The kid's skills are not the issue. How he cracks is irrelevant.

When dissent is outlawed, only outlaws will dissent. What happens when dissent is irrelevant? When dissent is a product, bought and sold, remanufactured semi-annually, churned, massaged and resonated in the public's memory, what does dissent mean then? When our government is a fabulous and absurd spectacle, where dishonesty is the norm and no one ever even questions it?

What does free speech mean in such an environment?

And you wonder why young people are so restless?

We are persecuting this kid for the equivalent of graffiti (actually it's less harmful than that).

This is a misdemeanor at best, not some sort of horrible crime. Go ahead and believe the corporate propaganda. They want you to.

Why I Gave Up on Representative Democracy

[MoodyLoner]

Look, I vote.

I write my congress-ppl whenever portions of my government do something that alarms me.

When I get no reply or a form letter, I go on to vote against that person in the next election.

That's what I'm supposed to do, right?

So why doesn't it work? When I wrote my congress-ppl to tell them to lay off Steve Jackson Games, I don't remember the Secret Service saying, "Well, we thought you were aiding and abetting computer crime, but that letter from that Mundstock fellow straightened us out in a hurry. Why, if more citizens performed their civic responsibilities with his diligence..."

I do everything htat they tell us to do in high-school civics, and I see no effect at best.

No, I don't honestly believe that all of our elected leaders get secretly inducted into the "Let's Destroy the Lives of Our Citizens" club, but I'm beginning to wonder...

I have yet to see people in my government, even people in my government that I am ostensibly a constituent of, act in my interests over the interests of the people that donate scads of $$$ to their elections. If that's how democracy is supposed to work, I can't afford it.

As far as ol' what's-his-name goes, IF he is proven guilty, it would be of poor taste and stupidity. God knows I had poor taste and I was stupid when I was 19. The last thing he and script kiddies like him need is the Fedz coming down on him like they did Kevin Mitnick. After all, one of those script kiddies might grow up to become the next (insert name of 'leet hacker/coder/open source operating system guru here)

Okay, rant off. You ppl in the NSA reading this, go ahead and take me away, I really don't care anymore.

Re:yawn.

[Stonehand]

... or other fun stuff like former paramours of first people alleging cocaine abuse by a certain highly-placed ex-Governor while in office, or whether Congressional minority party "investigators" coached witnesses on how and when to take the 5th, or so forth.

Or, the fact that the UN is still trying to force ethnicities that bitterly hate each other to remain in the same nation...

Or, that the fact that most watchers of the national news here have absolutely no clue where East Timor and Somalia are, or remember our most recent excursion to the latter.

Sure, might as well distract 'em. Toss 'em a story that people think they understand.