January 30th, 2003, 01:19 AM
How to Not Get Wrongly Arrested
First of all...I say all of this under the assumption that you're not doing anything illegal. Otherwise, you probably should get arrested. (There are exceptions, but this is not the place to discuss them. Cosmos!)
It occured to me after some recent experiences of mine to post a tutorial on how to avoid trouble for doing innocent things, because there are many people who don't understand how things work, and punish people by default, because they don't know any better.
Step One: Don't do anything illegal/stupid.
If you do, you will inevitably be caught or arrested, if not for on thing, then for another. If you do something illegal or stupid, I can't help you much. I don't think even most of the people here at AO would help you get out of this. You're on your own here.
Step Two: Information is power. A lack of it is too.
If you find some way into or out of a system, then don't go ahead and tell everyone, bragging about it. That's just plain stupid. If something happens, everyone will think it was you, even if it wasn't. A lot of people will also have you arrested just for thinking you WILL do something.
If you need to tell someone what happened, for advice on what to do next, then be careful who/how you tell. Don't go telling your three year old neighbour, who will inevitably go and tell his parents, who will call the police. Tell someone who understands these things, and who you trust.
If you need to post the information in an open forum, do it on message boards or e-mailing lists, always annonymously. It will make your life much easier.
Step Tree: Just because you can...
If you can do something, that's not a reason to do it. Everytime you find a way to root, or someone else's files, walk away. Don't go looking at things you shouldn't, because that is stupid, and can easily get you put in jail.
Remember, if you do one small thing, and something else big happens, if they can pin the smaller thing on you, its a short step to the big thing, easily quadrupling any fines/sentences.
Step Four: Burn everything.
Don't keep records of what you've found. If you later get caught for something, these will link you to a lot of other possible crimes, and can be used as collaborating evidence. Plus, a friend can always look on your computer, and find password and username lists, DNS and IP Addresses. Its just plain stupid.
Step Five: Anonymity.
If you are going to report what you found, as many honorable people will do, make sure you do it anonymously. Some Admins will feel vengeful, or just not understand, and have you arrested. Its just annoying. "No good deed goes unpunished..." Its best to be the Anonymous Vigilante.
Step Six: Change nothing
If you find your way into some system, even if its just to look around, don't change anything. If you find some way to fix a problem with some network or computer you find yourself in, don't patch it yourself. If you make a mistake, or another one appears, it will be blamed on you. Instead, report it to the Admin, and tell them how to fix it. (Read Step Five.)
Step Seven: Silence is Golden
If you never tell anyone you know anything, no one will want to blame you. You appear as innocent as you are.
Step Eight: Credit Ain't Always Good
Never take credit for anything, whether you did it or not. You can always be blamed, and that's never good. Remember, fame from cracking is fleeting. But fame from honor and intelligence, earned over time, lasts forever.
Step Nine: Never assume
Even if you don't look around networks, aren't even a White Hat Hacker, or a security guru, you can always be blamed for something. I know people who have been suspended from their schools/universities for accidentally going to a "hacker" website, and these people know next to nothing. So if you actually know things, you are at a much higher risk of getting in trouble, even if its for nothing.
"The truth doesn't matter. It only matters what they think is the truth. Our job...our job is to make them see our truth."
Step Ten: If You Report...Don't.
Even if you report a problem in a network, deny doing so afterwards. The deed is done, but you don't have to take the "fall" for it.
There is no such thing as total security, but if you follow these steps, you're a LOT less likely to be wrongly accused, or punished for trying to help.
And, if you ever maliciously break the law or do something royally stupid, you deserve to get caught and punished, I will not help you here.
I don't want this tutorial to make everyone so paranoid they never report the flaws they find. By all means, do so. Just be careful how you do it, and who you tell.
One perfect way to do it...is send a "general" warning to the administrator of the network you feel is at risk. "Do YOU have any usernames with the password the same as the username, or the person's name? If so, change it!" This sort of thing will almost always work.
"If the deed is true, and the heart pure, despite any punishment, the person will come out the better for it, and so will those he helped."
I hope this will help people figure out how to do things when they report problems, which they should always do.
January 30th, 2003, 01:48 AM
....Everytime I write something, lately, it seems that someone thinks I'm saying I'm "l33t" or trying to prove it. I'm not, nor do I want to prove I am. Because I KNOW for a fact that I am not, nor will I ever be.
This tutorial was written for one reason only, to stop people from being punished for doing nothing. I've talked to a lot of people on IRC who have been wrongly punished for doing nothing, or trying to help out their school/company. In 2600, every month, I see letters, or "Missives" about that very thing.
I did mess up the in past, so what? My intentions were good, and I was punished. But I still messed up. I wrote this to help other people not mess up, and to help those who wouldn't mess up at all not be treated like they were.
Please stop misinterpreting what I do and write. When I post something, any bit of information, it isn't for me. Its to help someone else. Don't confuse that, because it makes it hard for everyone here. :-)
Peace and long life!
January 30th, 2003, 01:54 AM
Very sorry about before.
Look man.... you didn't get my point though.
My point was if you tell peaple repeatedly about how lame the security is and then tell them how to improve things then peaple will listen....
But if you tell peaple about how you could easyly take down the network then peaple will natuarally assume your intentions are bad.
If you go 'testing' the securities of a company without permission and you get in trouble for it then it is most definetly your fault for geting the blame.
January 30th, 2003, 01:59 AM
You're right, I didn't get your point. ::Grins::
Its a good one, and one that fits quite well in this article. Be careful how you word your warnings and advice for people and networks.
But the thing is..even if you innocently point out such problems, without any of these threats, then you can still get in trouble, as has happened to me, and I've seen happen to other people.
Thanks for clarifying your post, Specialist, I apparently really misunderstood it!
January 30th, 2003, 02:05 AM
hmmm well this post does sound handy. i mean, there are situations where u do get falsely accused and this might come in handy when that day comes. and i do also have a contingency plans incase something like that happens. before i was planning to run away from home and not leave a trace so i wont be followed, so yeah.. i came up with a list to do for a successful disappearance, and make it like i never existed or never lived in that house before.
January 30th, 2003, 05:39 AM
wise words ^Mobius^ a lot of people will find themselves leading successful lives instead of becoming "victims" if they follow your advice.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”