"There weren't any signs saying, 'Don't go in.'

[Relyt]

There weren't any signs saying, 'Don't go in.'

There probably wasn't a welcome mat out either!

Former University of Texas student indicted for allegedly hacking into computers, stealing info

The Associated Press Nov 4 2004 11:23AM

A former University of Texas student was indicted on charges he hacked into the school's computer system and stole Social Security numbers and other personal information from more than 37,000 students and employees. In a four-count indictment announced Wednesday, Christopher Andrew Phillips, 21, was charged with fraud and storing credit card and bank account information with intent to defraud. He allegedly hacked into the system in February and March 2003. Officials said the university spent $167,000 responding to the security breach and warning people of possible identity theft. Phillips was not accused of using the information for illegal purposes, and his attorney, Allan Williams, said his client had no criminal intent. "He didn't use any hacking tools. The system was open," Williams said. "There weren't any signs saying, 'Don't go in.'" Phillips previously told officials he had no intention of using the information to harm anyone.

http://www.securityfocus.com/news/9861

[nihil]

So why did he collect the information in the first place?..............

As in "well yes, my client did have 200kilos of anthrax spores but he didn't mean any harm................"

Maybe this guy's other hobbies were collecting automobile registrations and locomotive numbers?

ACK! there are times when I believe that lawyers who unsuccessfully defend lusers should get the same sentence, and have to share the same cell. It might focus their minds a bit

[secure_lockdown]

agreed. but still. social security info and who knows what else. that stuff should be properly secured. it's down to common sense. thats plain stupidity on the part of their IT people.

[Tedob1]

your absolutly right secure_lockdown, but that's still no defense.

"He didn't use any hacking tools. The system was open,"

what exactly does "open" mean and what do they mean by "hacking tools"? is a sharp mind considered a hacking tool?

is it that the site wasn't patched or was there a link they didn't expect people would click on or a hidden directory that someone could guess the name of> was the information found on google...?

if you have a web or ftp site and you dont post a statement of use its your fault if someone accessed it in a way you didn't intend.

if some one takes advantage of a directory transversal or downloads and changes an authentication form or injects code into a query then they've broken the law even though they havn't used any third party "hacking" tools. it's my understanding that the laws regarding computer crime are very clear on this. if you bypass authentication processes you've broken in. if you use phony logon credentials, those that are not yours, you've commited computer fraud..this doesnt make the admin any smarter but the perp is still very much at fault. im too tired to look up the law right now but that's my understanding of it.

[z31200n3]

hmmmm, i do believe lawyers that defend/lie for people that are (a) obviously guilty *cough* OJ *cough* or (b) defend people that arent quite "guilty" but have obviously done something wrong (in this case, its kind of hard to explain how you ended up having lots of credit cards and socials that arent your own) should suffer the same punishment that the defendant recieves. I mean, yes, they are simply doing their jobs and what they are paid to do, but there should be a moral distinction between good and bad, black(hat) and white(hat).....just my 2 cents :-)

-z3

[rapier57]

What, so now we have to have our networks "posted" before we can prosecute perpetrators of unauthorized/unwanted access, or for theft of information? Sounds to me like the lawyers are going to put us in the same position of farmers who don't want people hunting on their property and killing their farm animals or children. If we don't "post" there is no foul? That is a very huge step backward.

[Lansing_Banda]

a.) He hacked the system on the network

There was most definatly something in his student hand book that gave a broad 'computer misconduct' charge. Bascially: if you mess with our computers in any way that we see unfit, then you are in the wrong.
Conclusion: The sign was there and the student signed a contract saying that he understood and agreed to obide by 'the sign'

b.) He had a whole crap load of info that he stole which was on his personal computer

Yeah, you really can't dispute that.

c.) There are plenty of systems on the internet that are insecure. There are plenty of backroom doors in the mall that are open too and people who leave their cars unlocked, and wallets that are loosely placed in pockets, and items and stores too close to the door, and SS checks that are just left in mail boxes....

Point being, it is still breaking the law. If he wanted to point out a shortcoming in the network setup, he could have contaced the officials and told them.

d.) No hacking tools were being used??? WTF kinda argument is that. Many people have robbed stores without 'tools' (aka weapons). Last time I checked Uncle Sam doesn't give bonus points for robbing banks without a gun.

Another case of "It's your own damn fault now live with your mistake instead of making silly excuses."

[nihil]

Phillips previously told officials he had no intention of using the information to harm anyone.

Because he is too retarded to be able to do it himself.

That does not mean that he wouldn't sell the information to someone who did know how to harm people.

AND:

his attorney, Allan Williams, said his client had no criminal intent.

For which you can read "did not have the requisite skillset, and was just waiting to meet someone who did"

This smells of plea bargaining for a lesser charge of conspiracy?

I do just love lawyers, but I don't think that I could eat a whole one

[secure_lockdown]

Originally posted here by Lansing_Banda
[B]
c.) There are plenty of systems on the internet that are insecure. There are plenty of backroom doors in the mall that are open too and people who leave their cars unlocked, and wallets that are loosely placed in pockets, and items and stores too close to the door, and SS checks that are just left in mail boxes....

true, but you will be very hard pressed to find a backroom door of a mall that takes you right into the back entrance of the bank branch located in that mall. most of the backdoors will most probbaly lead to a emergency stairwell or toilet!

[Riot]

hmmmm, i do believe lawyers that defend/lie for people that are (a) obviously guilty *cough* OJ *cough* or (b) defend people that arent quite "guilty" but have obviously done something wrong (in this case, its kind of hard to explain how you ended up having lots of credit cards and socials that arent your own) should suffer the same punishment that the defendant recieves.

I think that its kind of stupid if i am a lawyer and i lie to a judge or a police officer nothing happens to me but if i am just a person who is not a lawyer i go to jail for obstruction of justice so why can a lawyer lie to a cop or judge and i can't. i just thought that i would through that out their for you guys to think about you know why shouldn't all laws apply to lawyers.