[ISN] The case of the unhappy hacker

From: cult hero (jerichoat_private)
Date: Fri May 07 1999 - 18:58:56 PDT

  • Next message: cult hero: "[ISN] Math professor wins landmark crypto ruling"

    The case of the unhappy hacker
    By Paul Elias, ZDNN
    May 6, 1999 4:56 AM PT
    URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2254225,00.html
    As hackers go, Nicholas Middleton will never be confused with Kevin
    Mitnick or Kevin Poulsen. Middleton has neither the criminal
    sophistication nor the hacking track record for entry into the Hacker Hall
    of Fame. 
    Mitnick was caught by computer security specialist Tsutomu Shimomura and a
    huge FBI manhunt; the feds only nabbed Poulsen after a similarly
    exhaustive chase; Middleton was simply tripped up by a caller I.D. box. 
    Middleton didn't even have the common sense of Mitnick and Poulsen to cry
    'Uncle' and admit that the government had him beat. And because of that,
    Middleton's going to prison. 
    On Tuesday, a federal jury convicted Middleton of hacking into the San
    Francisco ISP Slip.net last year and knocking it offline for several
    hours. Because Middleton demanded a trial, he faces a prison sentence of
    six months to three years. Had he agreed to a plea bargain, he probably
    could have managed to get off with probation. 
    Hacker trial a first
    "We've had a number of computer hacker cases," said Assistant U.S. 
    Attorney Matt Jacobs. "But we've never had one go to trial." 
    These kind of cases don't go to trial because the hackers, even the best
    of them, invariably leave behind tell-tale footprints. Middleton was no
    exception. He left behind so much incriminating evidence that he all but
    admitted that he was indeed the hacker who damaged the ISP's computers on
    March 14, 1998. 
    What the six-day trial essentially boiled down to was whether or not
    Middleton caused more than $5,000 damage -- the minimum damage needed to
    get a felony hacker conviction. 
    A jury agreed with Slip.net's founder Ted Glenwright that more than
    $40,000 worth of damage occurred. 
    The blow-by-blow
    Here's what happened: In February 1998, Middleton quit Slip.net in a huff.
    He had been in charge of the company's internal operations. 
    On March 10 1998, Middleton, using a current employee's name and password,
    entered Slip.net's computer system and created two bogus accounts:
    "Santos" and "Torpid." The Radius log for that session had a caller I.D.
    function that showed the telephone call came from Middleton's San
    Francisco apartment. 
    Four days later, beginning at about 1:30 a.m. Middleton, using the
    "Santos" and "Torpid" names, logged on to Slip.net's system and damaged
    and destroyed data on a computer named "Lemming." Middleton logged on
    several times during that morning and each time the caller I.D. function
    showed the call came from his house. 
    So when Slip.net's founder Glenwright called the FBI about the hacking,
    they didn't have to do much sleuthing to prove Middleton was the culprit. 
    In addition, Middleton also sent an e-mail to another former disgruntled
    employee saying "I'm gonna see if I can fry me up a Lemming." The problem
    with that e-mail was that instead of just going to the former employee,
    Glenwright ended up receiving the e-mail too because accounts of former
    employees are routed into one account at Slip.net. 
    Middleton ended up knocking some of the biggest of Slip.net's 16,000
    customers offline, as well as erasing the computer passwords for
    employees. He also deleted the company's new billing system. 
    Senior U.S. District Judge William Orrick Jr. is scheduled to sentence
    Middleton on Aug. 4. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:08 PDT