|
Grex > Agora35 > #28: Prosecution in the case of the Great M-net Crash | |
|
| Author |
Message |
| 25 new of 145 responses total. |
tod
|
|
response 59 of 145:
| 
Sep 29 17:51 UTC 2000 |
pussy whipped
|
jerryr
|
|
response 60 of 145:
|
Sep 29 18:32 UTC 2000 |
that's how "big pussy" got his name, on the soprano's
|
krj
|
|
response 61 of 145:
|
Sep 29 20:49 UTC 2000 |
Answering scg's question in resp:51 :: Over on M-net, willard reported:
#261 Michael Smallwood (willard) Thu, Sep 28, 2000 (14:00):
Just spoke with the AG's high tech crimes office. According to the
gentleman that I spoke to, Salcedo waived his preliminary exam, and was
bound over to circuit court. My understanding is that from here, he can
stand trial or plea bargain.
Perhaps Larry or Aaron or someone can explain "preliminary exam"
and "bound over to..."; these terms come up a lot in Michigan
criminal news stories and I don't really fully understand them;
I didn't grow up here and I don't recall hearing these terms in
Maryland.
|
jerryr
|
|
response 62 of 145:
|
Sep 30 00:18 UTC 2000 |
yeah, ignore response #53
the prelim is a hearing where the d.a. presents enuff evidence to try to
convince a judge that there is sufficient evidence to support the charges
against an accused. if the judge so finds, the defendent is "bound over"
- which means, the accused gets a trial. there can also be evidentuary
and other motions presented to the judge at that time.
one of the more famous prelims was the televised one before judge kennedy,
in california, where o.j. simpson plead "aboslutely, 100% not guilty."
|
richard
|
|
response 63 of 145:
|
Sep 30 06:45 UTC 2000 |
if I were the kid's lawyer, I would have mnet's box subpoenaed..unplug
the thing and bring it in to courtand introduce it into evidence. There's
no doubt that any jury could have the impression that mnet is a bigger
and more substantial system than itis. So they should see "mnet",
see that its just a box, a used box that didnt cost $1,000.
|
scott
|
|
response 64 of 145:
|
Sep 30 12:45 UTC 2000 |
They can have it, since M-Net upgraded to a new box anyway.
|
senna
|
|
response 65 of 145:
|
Sep 30 13:45 UTC 2000 |
<laugh>
|
jerryr
|
|
response 66 of 145:
|
Sep 30 14:53 UTC 2000 |
this is becoming quite amusing. one more time: the economic impact had to
do with entities in *addition* to those that might have involved m-nut
directly.
shall i type that a few more times, or do you think you might finally get it?
|
gull
|
|
response 67 of 145:
|
Sep 30 17:32 UTC 2000 |
I think the point that's being made is just because the system is run by
volunteers doesn't mean that their time has no value.
|
jerryr
|
|
response 68 of 145:
|
Sep 30 18:13 UTC 2000 |
their time indeed has value. however, all the people volunteering to help
defend this moron are doing so because they believe there wasn't an economic
impact to m-nut in excess of $1,000.00
whether or not that is true, is irrelevant to this case. he caused damage in
excess of $1,000.00 not involving the hardware or hourly workload of staff
of m-nut.
|
jp2
|
|
response 69 of 145:
|
Sep 30 18:36 UTC 2000 |
This response has been erased.
|
scg
|
|
response 70 of 145:
|
Sep 30 18:38 UTC 2000 |
The old M-Net was actually quite a substantial looking box. It took two
people to lift it. But I fail to see how that's relevant to anything. There
are certainly smaller looking boxes wtih considerably more processing power,
that are used as mission critical servers in expensive corporate networks.
Your point, Richard?
|
jp2
|
|
response 71 of 145:
|
Sep 30 18:46 UTC 2000 |
This response has been erased.
|
tpryan
|
|
response 72 of 145:
|
Sep 30 23:15 UTC 2000 |
Does your Apollo have a richard hatch?
|
bhelliom
|
|
response 73 of 145:
|
Oct 1 01:01 UTC 2000 |
Thoe whole affair sounds rather sad. What are the implications if the
person in question gets convicted?
|
tod
|
|
response 74 of 145:
|
Oct 1 13:32 UTC 2000 |
A confessed cracker gets a penalty for breaking a law. Simple.
|
jazz
|
|
response 75 of 145:
|
Oct 1 16:21 UTC 2000 |
None of the infrastructure of the internet is quite as impressive as
it's meant to be (and Worldcomm's headquarters are nowhere near as cool as
the office that the young-looking Generation D fellow scooters into).
Have to say I'm not terribly sympathetic for someone who gains root
and then immediately sets about destroying a system. Had he merely done it
to count coup, and send mail to staff or something along those lines, that'd
be one thing, but deliberately destroying other people's work isn't playing
very nice.
|
wyrefall
|
|
response 76 of 145:
|
Oct 2 02:56 UTC 2000 |
What luck for me. I am new to Grex, I am new to puters and the net,
relatively, and part of why I got an account here on Grex was, in all honesty,
to understand the portion of society that calls itself 'hackers'. Now that
everybody knows that I am a newbie who doesn't really know peas from carrots
as far as computer and internet security are concerned, nobody should be
offended by what I say.
Firstly, as regards the whole issue of dammage incurred (and please remember
all of my information is coming from what I have read on this item); from what
I have managed to understand thusfar about the hacking community is (beyond
the very discernable difference between hackers and crackers) that a good part
of the purpose for such interactions/activities/behaviours is to test the
security of information systems because information shoul be more than free,
it should be secure. (Of course there are more than just a few psychologial
theories which pair hacking and sexual and/or intellectual development, but
I am going to leave those aside for sake of ease and succinctity.) Also from
what I understand no physical dammage was done to the system. I do recall
mention of the boy using the m-net systen as a intermediary to U of MNaryland
(pardon if the school is incorrect) systems, which he also did no dammage to.
(This last part is confused and contrary information would cause me to revise
my statements here.) If no physical dammage was done, this rules out most
laws which could effect him.
As far as software: my first question would be 'does (did) m-net claimn their
system to be secure?' If they do, they have been grossely negligible, and
as far as I am concerned have no real business pressing charges, since there
are a number of charges they would be eligible for.
In respect to the downtime: the length of time that the system was
unavailable is not a factor of whatever the boy did while in the systems, it
is a factor of the system administrators and service providers being
limited--something the boy is not responsible for.
Now, for the actions he chose to take (completely hacking the systems instead
of simply reporting the security breaks to whoever was responsible for them
(and actually the irresponsible party)), certainly there were better ways to
handle the information he had than to use it against the system, although,
also from what I understand from other sources, this is not unacceptable in
the culture.
Personally, I think he will suffer most from his colleagues for getting
caught, and this is a good tool--public humiliation--and he should definitely
NOt be sentenced to any jail time (as it has been proven an ineffective
measure), and monetary punishement is not something he has much control over,
and so that should probably be avoided also. Personally, I think the
best-fitting punishment would be for him to rebuild the system, securely, by
himself. But then again, we all know how little I know about these things.
Thatnk you for reading this.
|
bobcat
|
|
response 77 of 145:
|
Oct 2 07:19 UTC 2000 |
There's a few problems that occur in cases of this type:
Teenage geeks should not be put in prison for stupid computer tricks.
But they are with alarming frequency.
The DAMAGE done in these cases is often wildly overstated: Kevin Mitnick was
charged with doing $300,000,000 of damage - total nonsense.
The costs to FIX the damage are overstated and not germane to the case:
Let's assume there was a current tape backup of m-net.
The sysop reloads the system - poof! - and it's back to how it was before the
damage occurred. How much time is involved in typing a few lines to do that?
The proper punishment would be to make the VANDAL do something of service to
the community, like pick up trash for afew hours.
Time the system gods spend upgrading security is time they would have spent
ANYWAY, it's not because of the VANDAL, it's because it is a good and kindly
thing to do.
IRL, if you have no lock on your door, and someone walks in and steals your
frammistat, you can sue him to recover it (or its cost), but you'll never
prevail on the court to award you money to buy a lock.
But it seems that cyberdoors are treated differently in the current digital
red scare climate.
|
scott
|
|
response 78 of 145:
|
Oct 2 11:27 UTC 2000 |
The trouble with just "poof" doing a tape restore is that staff had no idea
how long root had been compromised. So how far back does it make sense to
restore, versus a clean start with a known non-compromised fresh install?
|
md
|
|
response 79 of 145:
|
Oct 2 12:12 UTC 2000 |
Mnet is indeed "grossly negligible," but I don't think they know it and
I certainly don't think it's a crime.
|
jazz
|
|
response 80 of 145:
|
Oct 2 14:25 UTC 2000 |
The time to repair isn't really relevant. If you start a fire in a
warehouse and the warehouse puts out the fire because it was properly equipped
with a fire extinguishing system, it's still arson. But in this case, it was
about a month of volunteer and unpaid effort.
|
polygon
|
|
response 81 of 145:
|
Oct 2 14:53 UTC 2000 |
Re 79. Heh!
|
scg
|
|
response 82 of 145:
|
Oct 2 16:50 UTC 2000 |
Could somebody please explain to me the rationale under which the amount of
time requred to fix something that's been vandalized, or at least the amount
of time it could be reasonably expected to take, shouldn't be considered in
figuring out the amount of damage incurred? In that case, how do you measure
the cost of damage?
|
mdw
|
|
response 83 of 145:
|
Oct 2 17:30 UTC 2000 |
The problem with fixing vandal damage is not the same as the problem of
cleaning up after a regular disk disaster. If it were just a failing
drive then, yes, restoring the last good backup is a fine strategy. For
a vandal, however, it's *much* harder, because not only do you not
necessarily know when they broke in, but for the data they didn't tamper
with, you'd generally want to restore the newest data, even if it's
after the vandal broke in. Even more importantly, you need to figure
out *how* the vandal broke in, or otherwise take effective steps to make
sure the vandal can't break in again, perhaps coupled with additional
logging stuff so that you can (hopefully) detect another break-in
attempt before they succeed. There may be other less direct problems -
for instance, if the vandal stole user passwords (a common ploy) you may
need to worry about resetting user passwords, and users may have to not
only worry about getting a new password on m-net, they may also need to
change their passwords elsewhere. (This is one reason why it's a bad
idea to use the same password in more than one place.) A lot of these
problems (figuring out what the vandal did/stole, dealing with possible
stolen passwords, etc.) are issues that don't arise with a simple
security upgrade.
|