-
November 6th, 2004, 12:38 AM
#1
"There weren't any signs saying, 'Don't go in.'
There weren't any signs saying, 'Don't go in.'
There probably wasn't a welcome mat out either!
Former University of Texas student indicted for allegedly hacking into computers, stealing info
The Associated Press Nov 4 2004 11:23AM
A former University of Texas student was indicted on charges he hacked into the school's computer system and stole Social Security numbers and other personal information from more than 37,000 students and employees. In a four-count indictment announced Wednesday, Christopher Andrew Phillips, 21, was charged with fraud and storing credit card and bank account information with intent to defraud. He allegedly hacked into the system in February and March 2003. Officials said the university spent $167,000 responding to the security breach and warning people of possible identity theft. Phillips was not accused of using the information for illegal purposes, and his attorney, Allan Williams, said his client had no criminal intent. "He didn't use any hacking tools. The system was open," Williams said. "There weren't any signs saying, 'Don't go in.'" Phillips previously told officials he had no intention of using the information to harm anyone.
http://www.securityfocus.com/news/9861
Connection refused, try again later.
-
November 6th, 2004, 02:02 AM
#2
-
November 6th, 2004, 05:07 AM
#3
agreed. but still. social security info and who knows what else. that stuff should be properly secured. it's down to common sense. thats plain stupidity on the part of their IT people.
-
November 6th, 2004, 05:24 AM
#4
your absolutly right secure_lockdown, but that's still no defense.
"He didn't use any hacking tools. The system was open,"
what exactly does "open" mean and what do they mean by "hacking tools"? is a sharp mind considered a hacking tool?
is it that the site wasn't patched or was there a link they didn't expect people would click on or a hidden directory that someone could guess the name of> was the information found on google...?
if you have a web or ftp site and you dont post a statement of use its your fault if someone accessed it in a way you didn't intend.
if some one takes advantage of a directory transversal or downloads and changes an authentication form or injects code into a query then they've broken the law even though they havn't used any third party "hacking" tools. it's my understanding that the laws regarding computer crime are very clear on this. if you bypass authentication processes you've broken in. if you use phony logon credentials, those that are not yours, you've commited computer fraud..this doesnt make the admin any smarter but the perp is still very much at fault. im too tired to look up the law right now but that's my understanding of it.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
November 6th, 2004, 06:06 AM
#5
hmmmm, i do believe lawyers that defend/lie for people that are (a) obviously guilty *cough* OJ *cough* or (b) defend people that arent quite "guilty" but have obviously done something wrong (in this case, its kind of hard to explain how you ended up having lots of credit cards and socials that arent your own) should suffer the same punishment that the defendant recieves. I mean, yes, they are simply doing their jobs and what they are paid to do, but there should be a moral distinction between good and bad, black(hat) and white(hat).....just my 2 cents :-)
-z3
-
November 6th, 2004, 07:49 AM
#6
What, so now we have to have our networks "posted" before we can prosecute perpetrators of unauthorized/unwanted access, or for theft of information? Sounds to me like the lawyers are going to put us in the same position of farmers who don't want people hunting on their property and killing their farm animals or children. If we don't "post" there is no foul? That is a very huge step backward.
-
November 6th, 2004, 11:18 AM
#7
a.) He hacked the system on the network
There was most definatly something in his student hand book that gave a broad 'computer misconduct' charge. Bascially: if you mess with our computers in any way that we see unfit, then you are in the wrong.
Conclusion: The sign was there and the student signed a contract saying that he understood and agreed to obide by 'the sign'
b.) He had a whole crap load of info that he stole which was on his personal computer
Yeah, you really can't dispute that.
c.) There are plenty of systems on the internet that are insecure. There are plenty of backroom doors in the mall that are open too and people who leave their cars unlocked, and wallets that are loosely placed in pockets, and items and stores too close to the door, and SS checks that are just left in mail boxes....
Point being, it is still breaking the law. If he wanted to point out a shortcoming in the network setup, he could have contaced the officials and told them.
d.) No hacking tools were being used??? WTF kinda argument is that. Many people have robbed stores without 'tools' (aka weapons). Last time I checked Uncle Sam doesn't give bonus points for robbing banks without a gun.
Another case of "It's your own damn fault now live with your mistake instead of making silly excuses."
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
-
November 6th, 2004, 11:49 AM
#8
Phillips previously told officials he had no intention of using the information to harm anyone.
Because he is too retarded to be able to do it himself.
That does not mean that he wouldn't sell the information to someone who did know how to harm people.
AND:
his attorney, Allan Williams, said his client had no criminal intent.
For which you can read "did not have the requisite skillset, and was just waiting to meet someone who did"
This smells of plea bargaining for a lesser charge of conspiracy?
I do just love lawyers, but I don't think that I could eat a whole one
-
November 6th, 2004, 10:04 PM
#9
Originally posted here by Lansing_Banda
[B]
c.) There are plenty of systems on the internet that are insecure. There are plenty of backroom doors in the mall that are open too and people who leave their cars unlocked, and wallets that are loosely placed in pockets, and items and stores too close to the door, and SS checks that are just left in mail boxes....
true, but you will be very hard pressed to find a backroom door of a mall that takes you right into the back entrance of the bank branch located in that mall. most of the backdoors will most probbaly lead to a emergency stairwell or toilet!
-
November 7th, 2004, 03:10 AM
#10
hmmmm, i do believe lawyers that defend/lie for people that are (a) obviously guilty *cough* OJ *cough* or (b) defend people that arent quite "guilty" but have obviously done something wrong (in this case, its kind of hard to explain how you ended up having lots of credit cards and socials that arent your own) should suffer the same punishment that the defendant recieves.
I think that its kind of stupid if i am a lawyer and i lie to a judge or a police officer nothing happens to me but if i am just a person who is not a lawyer i go to jail for obstruction of justice so why can a lawyer lie to a cop or judge and i can't. i just thought that i would through that out their for you guys to think about you know why shouldn't all laws apply to lawyers.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|