[ISN] Oklahoma Paper Distances Itself From Hacker Flap

From: InfoSec News (isnat_private)
Date: Fri Aug 24 2001 - 01:39:06 PDT

  • Next message: InfoSec News: "[ISN] Word to the wise: Buckle up"

    By David McGuire, Newsbytes
    23 Aug 2001, 2:52 AM CST
    The publisher of a small Oklahoma newspaper suddenly caught in the
    middle of a national debate over what constitutes illegal "hacking" is
    working feverishly to reassure an angry e-mail mob that his paper has
    nothing to do with a controversial government prosecution.
    "We never filed any charges and we're not involved with the lawsuit at
    all," Poteau Daily News publisher Grover Ford said of the increasingly
    visible case of Brian West - an Internet services salesman who has
    been charged on several computer crime counts by federal authorities.
    West and his supporters in the Internet community contend that West
    was arrested essentially for acting as a "good samaritan," having
    alerted the then publisher of the Poteau Daily News of security holes
    in the newspaper's Web site (http://www.pdns.com ).
    According to accounts posted on West's Web site
    (http://www.bkw.org/pdf ) West discovered a hole in the PDNS.com
    security when his company was in the process of developing a banner
    advertisement intended to run on the site.
    West alerted the publisher of the paper (who has since left) that he
    was able to access sensitive information from PDNS.com without any
    Some media accounts have maintained that the newspaper turned around
    and went to the police with that information, but Ford tells a
    different story.
    When West told former Poteau Daily News publisher Wally Burchet of the
    holes, Burchet went to the newspaper's Internet service provider - an
    Oklahoma company called Cyberlink - to complain. Cyberlink in turn
    went to local Oklahoma authorities who in turn called in the FBI, Ford
    That was the last official involvement the Poteau Daily News had with
    the case, he said.
    But that hasn't stopped angry West supporters across the country from
    peppering the paper - which serves an 8,000-person community and
    boasts a paid circulation of 5,000 - with angry e-mails and phone
    calls, Ford said.
    The PDNS.com site, which typically clocks about 26,000 hits a week,
    has received more than 300,000 over the past week, Ford said.
    And while Ford says that his newspaper and its parent company,
    Community Newspaper Holdings Inc., takes no official position on the
    West case, he and others have questioned assertions that West was
    acting strictly as a "good samaritan."
    At the time that West made the discovery about the security hole on
    the Cyberlink-administered PNDS.com site he was working for a company
    called CWIS Internet Services, a Stigler, Okla.-based firm that Ford
    says was trying to break into the Poteau market.
    Ford said that West was eager to use the security hole as a hook to
    promote his company's Internet services over those of Cyberlink.
    And when FBI authorities set a "sting" for West, federal authorities
    found that West had downloaded sensitive data, including passwords
    from the Cyberlink-administered site, Ford said.
    "He was getting files that didn't really belong to him," Privacy
    Foundation Chief Technological Officer Richard Smith said Wednesday.
    "My read of the situation is that he probably showed bad judgement as
    much as anything else."
    While West may not be a hardened computer criminal, Smith argued that
    the "good samaritan" label is something of a stretch.
    "He needs to get a lawyer and stop talking to the media," Smith said.
    In a letter apparently sent by U.S. Attorney Sheldon Sperling to West,
    the government offers to settle with West if he agrees to plead guilty
    to one computer crime count and be put on probation. West includes a
    copy of the letter on his Web site.
    Attempts to reach Brian West through CWIS were unsuccessful and the
    Oklahoma U.S. Attorney's office did not return calls for comment.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 04:03:40 PDT