March 20th, 2003, 08:52 AM
What do you think???
A 18 year old hacker apparently broke into the Air Force website(They have one???).....
The damage to the Web site was estimated at $75,000.
Shakour(The Aqused Hacker), who also admitted other computer-related crimes, pleaded guilty to charges that carry sentences of up to 15 years in federal prison and fines of $250,000.
Outside the court, however, his lawyer said Shakour should be praised, not jailed, for showing how simple it is to compromise government computers.
"They call this a breach of security, but there's no security if a high school student can break through it," defense attorney F. Bari Nejadpour said. "Imagine what a terrorist could do."
His Lawyers main argument is that there IS NO SECURITY on the site if a 18 year old high school student can hack this website.
Therefore one could conclude that Shakour was doing the Air Force website a favor by exposing the sites weaknesses....On the other hand, he is facing those $250,000 fines and the 15 years in prison for Unauthorized Access to a government website....
Whats your opinion? One of the two I've listed...or something completly different???
March 20th, 2003, 09:07 AM
Where did you get this information from? I would love to read the full article. Where can i find it?
Ubuntu-: Means in African : "Im too dumb to use Slackware"
March 20th, 2003, 09:23 AM
This defense might hold more water if the dickhead hadn't caused $75,000 worth of damage. This damage pretty much invalidates any claim his lawyers have as to his 'doing a favour' for the Air Force. I don't know if he should go to jail, but he shouldn't be praised for actions, even if some good came of them.
His Lawyers main argument is that there IS NO SECURITY on the site if a 18 year old high school student can hack this website. Therefore one could conclude that Shakour was doing the Air Force website a favor by exposing the sites weaknesses
March 20th, 2003, 11:05 AM
Well, I read the article at a site.........I think it wuz http://www.undergroundnews.com
It wuz actually quite interesting......
I got one question......How could he cause $75,000 worth of damage???? What could he do to make it cost that much??? All a site is, is code....Code doesn't cost money......Unless you hire someone to write it....Is that why????
March 20th, 2003, 11:12 AM
The costs of a breach of site usually include (but not limited to):
- redoing any code that may not have been backed up
- time of admin to recover backup
- loss of any data (time is $$ and data is $$)
- time of admin(s) to investigate and deal with the attack (includes documentation of attack, going through logs, taking server offline if need be, etc.)
The Underground site didn't mention an important fact that the original article did: http://www.sacbee.com/content/news/s...-7224954c.html
He has stolen credit card numbers previously and used them to purchase items illegally (about $7,000 worth).
March 20th, 2003, 04:07 PM
I went to a seminar last year where an FBI agent who investigates cyber-crime spoke. He detailed the very creative means that they use to put a dollar figure on damage. Much of it, like Ms. Mittens said, has to do with man hours. Whether the person (people) would have been at work anyway or not is irrelevant. If they're working on a security breach, it goes on the tab.
Although I'm not sure how this would work with the Air Force as they are not a business, potentially lost income is also added to this. The example he used was of a medical researcher who got hacked. They guy had all his research data stolen on a project that he hoped would eventually be worth several million dollars. What's the bill on a few stolen files then? You got it......several million dollars.
The feds will also get involved this way:
I live 20 miles from where I work, and we use different ISP's. For me to access my network from home, my packets go from D.C., to Dallas, to Atlanta, and then back up to my office. If I were doing something illegal, that would be crossing state lines to commit a crime, a federal offense. All for a 20 mile hack. The feds will use that in prosecution.
March 20th, 2003, 04:21 PM
Packets going across state lines to commit a crime constitutes a federal offense? Wow, it's like throwing a boomerang that goes across the border and comes back to hit a guy in the head. One suggestion Turmoil: please name the topic something a little more descriptive next time. Good news, though, didn't hear this one yet.
Have you filled out an ID-10-T or PEBKAK form lately?
March 20th, 2003, 04:52 PM
I like how nice his defense is "well if the high school kid could do it so could terrorists". Good point, but he's not just "any old high school kid". The artical itself says he has admitted to other computer-related crimes, so I think he knows what hes doing. I mean he should have known better, if there was a problem with security he should have contacted the right people then showed them HOW TO instead of just doing. Plus the whole credit card thing is a little shady. Sometimes anyone will use any escuse possible to make it seem like they are not as guilty as they are being convicted of.
What will be next, someone who might be missing a finger or two but still hacks the DOD: "I don't think he should go to jail, I mean he's disabled, if a disabled person can do it than what about all those terrorists out there with all 10 fingers... they can type so much faster".
It's interesting to see how much work goes in to tracking someone. But I'm still not understanding, if you are only 20 miles away from the place you hack and your connection goes over state lines to get bounced back to the other computer, why is that so bad? I mean you're hacking the computer to begin with, that's bad enough, why is because the data is crossing state lines make it so much worse?
[shadow]There is no right and wrong, only fun and boring...
Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]
March 20th, 2003, 05:00 PM
This is how it was explained to me:
The data crossing state lines makes it a federal offense. If it went straight from my house to my network, it would be purely local. The local sherriffs department doesn't have the assets in place to track and build a cyber-crime case, but the Feds do. So, by it crossing state lines to go between ISP's, it's an excuse for federal prosecution, with their federal money to back them up, to get involved.
March 20th, 2003, 05:00 PM
When the packet crosses state lines it becomes a federal offense rather than just state or local. And that can carry harsher penalties.