Submission + - White Hat Hacker? These days they Charge Everyone. (canada.com)
aqui writes: A university student at Carlton is learning that "no good deed goes unpunished".
Ottawa Citizen has the story: Carleton student charged in computer hack.
It appears that after hacking into probably a not so secure university network this guy took the time to write a 16 page paper on what he did and sent it to the sys admins. Sounds like White Hat behavior to me. Yes, he should have asked permission before trying, but throwing the book at the guy and wrecking his life with criminal charges (which stick for a long time) seems a little excessive. The university should spend money on hiring some sys admins with better computer skills and teaching skills rather than paying lawyers.
At my old university in the Engineering department the unofficial policy was that when you broke in and didn't damage anything and then reported the problem and how you broke in they didn't charge you (if you maliscously caused damage you usually faced academic sanctions). In some cases the students were hired or "volunteered" for the summer to help secure the servers or fix the hole they found. The result was that Engineering ended up with one of the securest systems in the university.
The truth is university students are going to have the desire to hack something and not all of them have the judgment to not get in trouble. If you acknowledge that and catch them inside the university you can straighten them out before they wreck their lives and teach them to be white hats. Rather than creating a hostile environment where people may become black hats, you create an environment where you guide them in the right direction to being good computer security professionals.
For every hacker they catch there's probably at least one that they don't know about. I can imagine that a number of those hackers at Carlton are now seeing the university as the enemy for burning "one of their own" and that some of them will become malicious to get even pursuing black hat like behavior.
If his intentions were good (which they appear to be) I cant help but feel some what sorry for the guy.
Ottawa Citizen has the story: Carleton student charged in computer hack.
It appears that after hacking into probably a not so secure university network this guy took the time to write a 16 page paper on what he did and sent it to the sys admins. Sounds like White Hat behavior to me. Yes, he should have asked permission before trying, but throwing the book at the guy and wrecking his life with criminal charges (which stick for a long time) seems a little excessive. The university should spend money on hiring some sys admins with better computer skills and teaching skills rather than paying lawyers.
At my old university in the Engineering department the unofficial policy was that when you broke in and didn't damage anything and then reported the problem and how you broke in they didn't charge you (if you maliscously caused damage you usually faced academic sanctions). In some cases the students were hired or "volunteered" for the summer to help secure the servers or fix the hole they found. The result was that Engineering ended up with one of the securest systems in the university.
The truth is university students are going to have the desire to hack something and not all of them have the judgment to not get in trouble. If you acknowledge that and catch them inside the university you can straighten them out before they wreck their lives and teach them to be white hats. Rather than creating a hostile environment where people may become black hats, you create an environment where you guide them in the right direction to being good computer security professionals.
For every hacker they catch there's probably at least one that they don't know about. I can imagine that a number of those hackers at Carlton are now seeing the university as the enemy for burning "one of their own" and that some of them will become malicious to get even pursuing black hat like behavior.
If his intentions were good (which they appear to be) I cant help but feel some what sorry for the guy.
