Re: [ISN] Revealed: how MP's son used computer in hacking scandal

From: InfoSec News (isnat_private)
Date: Wed Sep 05 2001 - 23:11:06 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, September 5, 2001"

    Forwarded from: Grant Bayley <gbayleyat_private>
    On Wed, 5 Sep 2001, InfoSec News wrote:
    > By Geesche Jacobsen
    > September 5, 2001
    > But Mr Kelly said his son was merely trying to protect his computer
    > from hacking.
    > There was little information to show if any of the other programs
    > had been used, it said.
    > Mr Kelly admitted yesterday that one of his sons had accessed the
    > computer and loaded the software on July 20 from 9.33pm until
    > 11.32pm, when the LANguard software was apparently being run on
    > more than 250 computers in Parliament.
    > The report said the software could be used "aggressively" and
    > appeared to have been used to scan various Internet addressees on
    > the computer networks. It could also be used to identify security
    > weaknesses, including weak passwords.
    > But Mr Kelly said the software was used - without his knowledge or
    > authorisation - because his son suspected the computer was
    > insecure. "The purpose was to check the security of the system to
    > make sure my computer was hackerproof," he said.
    Note to Australian Commonwealth Attorney-General Daryl Williams:
    This is a perfect example of the dual-use technology that a number of
    submissions referred to in a recent Senate Inquiry.  It is this "dual
    use" technology you wish to outlaw in the "Cybercrime Bill, 2001"
    (478.3, specifically).
    System administrators routinely rely on such technologies day-to-day
    to probe their own networks for vulnerabilities.  Children of Members
    of Parliament apparently used the same technology to confirm the
    poorly designed network topology and file sharing policies on the NSW
    Parliamentary network (see above).  And persons with criminal intent
    might also use the same technologies in the commission of a crime.
    But of course, the intent of the person must be proven before they are
    charged with an offence under 478.3.  Or must it?  If the Explanatory
    Memoranda circulated by Justice Minister Ellison is anything to go by
    (these are typically used by Courts as an aid to interpretation), it
    might not:
      "There will be many occasions where that intention will be evident
       from the content of the data."
    For this reason and a long list of others that the Senate Inquiry
    heard (and chose to ignore), the Cybercrime Bill 2001 is overbroad,
    misguided, and largely ignores the benefits of a preventative approach
    to computer security incidents in Australia.  At present, no such
    preventative strategy exists.
    Grant Bayley
    Grant Bayley                         gbayleyat_private
    -Admin @ AusMac Archive,, 2600 Australia
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 01:18:57 PDT