Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Ethical hacker faces war driving charges

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    429

    Exclamation Ethical hacker faces war driving charges

    Found this article on TheRegister
    it sounds kinda scary, get arrested for showing how insecure the set-up is.
    anyway.. here's the article..



    By John Leyden

    A Houston computer security analyst has been charged with hacking after demonstrating the insecurity of a county courts wireless LAN.

    Stefan Puffer, 33, was indicted by a Grand Jury on Wednesday with two counts of fraud for allegedly breaking into Harris County district clerk's wireless computer system. It's believed to be the first case of its kind in the US.

    Puffer, who was employed briefly by the county's technology department in 1999, could get five years in jail and faces a $250,000 fine on each count if convicted, the Houston Chronicle reports.

    He's accused of accessing the system March 8 in an alleged intrusion that cost the county a reported $5,000 to clean up.

    District Clerk Charles Bacarisse told the paper that no confidential information was disclosed but the alleged intrusion eventually resulted in the county closing its wireless LAN only a month after it was activated.

    But is the court prosecution a case of shooting the messenger?

    On March 18, Puffer demonstrated to a county official and a Chronicle reporter how easy it was to gain access to the court's system using only a laptop computer and a wireless LAN card.

    Puffer first noticed the problem while scanning for insecure 802.11 networks throughout Houston earlier that month, around the time that the alleged offence took place. ®
    [glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

  2. #2

    Re: Ethical hacker faces war driving charges

    Originally posted here by jcdux
    Found this article on TheRegister it sounds kinda scary, get arrested for showing how insecure the set-up is.
    anyway..
    Yes, that is scary. However, we do not have the full facts on what process he used to prove his point. How do we know he didn't change a database to draw attention to this discovery, and don't you think he would first off say "Hey, I have a feeling this LAN is insecure, do you think we should check it out". He couldn't get into trouble if he had permission to test for insecurities. I just have this feeling that he was caught by setting someting up to prove the point. just my .02

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Or maybe he was trying to do something he shouldnt in the network, got caught and used the "checking the area for insecure lans" as a coverup?
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    from avenger_jcc
    Or maybe he was trying to do something he shouldnt in the network, got caught and used the "checking the area for insecure lans" as a coverup?
    Or maybe..

    [pong]/me starts ranting[/pong]

    if you keep your heads down and ignore the problem, the government will introduce shitty laws that protect the clueless and prosecute the security conscious folk.


    It’s not that far fetched to assume that one day in the not so distant future, you could be labelled a cracker or cyber-terrorist just for owning (not even using) tools or programs that could be used for cracking etc.


    Hell, it goes further than that.. if the US government / congress ($ Hollywood $)
    introduce their proposal that allows for “technological self-help measures”
    (ie: I think that by some very remote chance that you may have hax0red me and stolen my credit card details electronically from my pc, I can hack your ass with impunity) (see http://theregister.co.uk/content/6/26357.html for a register type biased background)

    Come to think of it.. the government has amassed *ahem* stolen lots of info about me and I want it back.. time to legitimately target those ‘secret’ servers to discourage big brother once and for all....
    ...
    ..
    .

    Where does it stop or start?
    Where can you draw the boundaries?

    It all gets blurred, if we’re not careful, anybody with a small of understanding of security could and might be labelled cracker, cyber-terrorist's or worst of all... hacker

    Security by obscurity doesn’t work.
    Punishing those who want to better understanding of the threat of cracking / cyber-crime doesn’t work either.

    All I see is governments heading full steam ahead into legislation and laws that protect the software companies & Hollywood at the expense off everyone else.

    [pong]/me stops ranting[/pong]


    jcdux
    [glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

  5. #5
    Originally posted here by jcdux
    It’s not that far fetched to assume that one day in the not so distant future, you could be labelled a cracker or cyber-terrorist just for owning (not even using) tools or programs that could be used for cracking etc.
    Jcdux.... You won't like this

    Originally posted here by 2600
    The Secret Service has made it quite clear with the recent prosecution of the Bernie S. case that they intend to use whatever means necessary to put hackers behind bars. In the Bernie S. example, they successfully managed to lock him up with violent criminals for nearly a year, solely because of his possession of written material, software, and bits of hardware. In other words, not much at all. With such vague requirements, the prospect of selective prosecution seems a certainty for many more of us. What the Secret Service has done transcends the mere interests of computer hackers. Their behavior, vindictiveness, and lack of concern for upholding the values of a free society are of concern to Americans of all varieties.
    Originally posted here by jcdux
    Where does it stop or start?
    Where can you draw the boundaries?
    Patriot Act = Hackers *Life in Prison*
    New MPAA Bill = Legal Hacking

    and that works how??????

  6. #6
    Banned
    Join Date
    Oct 2001
    Posts
    297
    well, I guess....

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    The system was hacked on March 8

    Puffer gave his 'demonstration' on March 18

    On march 18 he claimed to have discovered the hole around march 8, while war driving.

    Puffer also used to work for the place that got hacked.

    So they put 2 and 2 together, added in the 1, and arrested him, i think they have enough to rightfully charge him.

    was he stupid enough to announce he found the hole, after he broke in or just a victim of circumstance and someone else broke in. thats kinda up to a jury to decide.

    In this case, i don't think law enforcement was wrong to arrest him and it dosn't sound trumped up to me.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Just my 2c worth, and i hope tdob1 and i are correct in this, but... if i know of, or discover, a security problem in the county system, it takes about five minutes to call the Sheriff and explain to him what i think the problem might be, and would he like to test the theory. He's gonna say 'sure, let's get the commissioners together, a fresh pot of java and have a go at it. if you're correct, we'll fix the problem and send a letter to the editor showin' all the citizens how we're tryin' to stay ahead of our system-based problems...' On the other hand, if i go prowling around in the county server without permission, and get caught, somebody's gonna get an elevated temperature about it all, complain to the co. atty, and if there's a law that can whack me you can bet they'll use it. After all, the co. atty works for the citizens, not the lawbreakers although he is charged to also make sure there is good faith prosecution.
    With the case at issue, we don't know what kind of a relationship there was between the accused and his ex-employers, why he no longer works there, or what the background is. Like somebody said, now it's up to the jury. if the technician is indeed innocent, i hope the twelve stay awake long enough during the techno-babble to find for him. JMHO

  9. #9
    how in the hell do you get caught war driving? if he was truly trying to inform the county about a problem and got arrested for it, then when they get hacked again they deserve whatever they get... it doen't pay to be a white hat, you still looked upon as a cyber terrorist!

    all white hats should come to the darkside!

    p.s. how do they come up with those figures, $5000 loss because of an intrusion, home pc's get rooted everday are these users allowed to quoted dollar figures to thier losses?

    if a company access a cookie on my computer without my permission am I allowed toroot thier box for hacking mine?

    just my .02

  10. #10
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Good point Old Man just cause you know of a hole it is not an invatation to get on the netwok. Then ya know Old Man gov thing lowest bidder got the job and the consultant told the powers that be no one will know cause they are young and foolish cause hey they inveneted all this dot come dot gov stuff no one knows but them the faults.

    How ones gets caught War Driving funny where honey pots are
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •