Report Security Problems, Face The Consequences 552
An Anonymous Coward writes: "Doing a good deed has caused one man a lot of trouble in the past year. Brian K. West, a tech support junky in a SE. Oklahoman ISP is now facing felony charges due to alerting his competition about a serious security flaw in their systems. The full story can be found at LinuxFreak.org ... I find this rather disturbing that our federal government would do such a thing to someone.." The details of the story lead to some head-scratching.
Donations... (Score:5, Informative)
Re:this is not a new thing (Score:3, Informative)
Even big stupid companies [theregister.co.uk] do it!
Whistleblowers take 3Com to court over unsafe kit claim
By: John LeydenPosted: 15/02/2001 at 18:43 GMT
3Com is facing a multi-million dollar lawsuit from former employees claiming it knowingly sold unsafe products and conspired to file false police reports against them when they reported problems with its kit.
Re:Not the whole story... (Score:5, Informative)
Re:Not the whole story... (Score:3, Informative)
And I think that the "hundreds of attempts" mentioned is just their normal daily load (their advertising claims to reach "over 1000" readers daily, and this is over a year later, right?). And if only *some* were trying to access these files and scripts, why even bother mentioning "hundreds of attempts" - that number is irrelevant!
Basically, he did a bit more than click on "edit," but it sounds like he really did just find the hole and check to be sure.
Contact Wally Burchett and the Poteau Daily News (Score:3, Informative)
the Poteau Daily News has something coming to them if they think they can get away with this.
Everyone should start writing letters, call the editor, etc. From their Web site:
Address:
Poteau Daily News & Sun
P.O. Box 1237
804 N. Broadway
Poteau, OK 74953
Office Hours:
7a.m. - 6p.m. Mon.-Fri.
8a.m. to Noon Sat.
Phone Numbers:
(918) 647-3188
(918) 647-8198 Fax
Email:
pdns@pdns.com
publisher@pdns.com
If you write letters, direct them to Mr. Wally Burchett.
As with all the causes we at
For all the security holes I've pointed out to various sites, if people called the FBI on me I would be in jail for the rest of my life.
Re:Wire Fraud (Score:2, Informative)
Here [cornell.edu]'s the law entry for what he's charged with, and Here [usdoj.gov]'s the reference for the Oklahoma wire fraud law.
Per the fbi afidavit (Score:3, Informative)
So, going back to the house analogy, he is guilty of going inside and looking around.
The details of the affidavit are from Brian West's own web site, http://www.bkw.org
wierd tactic - details of Title 18 Section 1039 (Score:3, Informative)
The problem with prosecuting under this theory is that as far as I can tell (and the article doesn't really say either way) accessing the computer hosting the newspaper website was not done across state lines (thus affecting interstate commerce - which is why this clause can exist in the US COde at all). Does anyone know weather access to the newspaper website was done across state lines? It doesn't look like it to me.
--CTH
Pick your analogy (Score:4, Informative)
ENTER HERE -->
TAKE EVERYTHING IN MY HOUSE! PLEASE! I DON'T WANT IT! IF I DID, WHY WOULD I PUT THIS SIGN UP AND LEAVE MY FRONT DOOR OPEN?
So, the guy looks at the mailbox to find a house number, looks up the number in the neighborhood directory, and calls the owner to make sure he's aware of the situtation.
We can start an entire thread on analogies for things like what Brian did and what portscanning is, but it just becomes subjective depending on how familiar you are with the technology. To many of us, open up a file that contains contact information after Frontpage accidentally goes into editing mode instead of read-only mode (or whatever) and then contacting someone about it seems trivial. But to your average FBI cybersleuth, it's just as trivial to spin this in an insanely dark direction.
Isn't it more fun to catch cybercriminals than to wander around determining that those people are actually innocent? Try to convince your average cocky FBI boy of that.
[OT] Re:Who-hoo! Land of the Free! (Score:2, Informative)
Think about it this way: Suppose you embark from Podunk, Idaho on your way to Frankfurt, with a connection in LaGuardia (New York City) each way. (Assume that Podunk Regional Airport has no customs and immigration facilities, but it wouldn't matter if it did.) On your way back, you'll go through customs and immigration in New York, because after New York, it's all domestic flights.
It works the same way going abroad.
Don't trust the Oklahoman - HORRIBLE REPORTING (Score:3, Informative)
Title 18 Section 1030 (Score:2, Informative)
For anyone interested in reading the law under which the prosecutor is planning to charge this guy, it is here [psionics.net]
If the details of the story are correct, there's no way the DOJ can win this case, as all of the provisions under the law have to with intent to defraud or demonstrable harm having occurred. But, as others have pointed out, the details are little sketchy.
Re:wierd tactic - details of Title 18 Section 1039 (Score:2, Informative)
"weather [dictionary.com]" is not the same as "whether [dictionary.com]."
Re:Has common sense become less common? (Score:3, Informative)
While I certainly would agree, on the surface, this looks stupid, we may not have the full story. AND, accidental or intentional, he is almost certainly guilty of "computer tresspass". The "door" analogy is a little flawed... one cannot "see" that a password is not required without actually trying. Look at it more as walking up to knock on a door while blind-folded. Bascially, a locked door looks just like an unlocked door; you have to try to open it to tell one way or the other. And thus, the law is broken (bent, whatever.) Laws that apply to the physical world don't always have an equal in the virtual world.
(The lack of formal charges would suggest nothing will ever come of this stupidity.)