[ISN] Dubai court finds hacker guilty on two charges

From: InfoSec News (isnat_private)
Date: Mon Oct 08 2001 - 01:09:35 PDT

  • Next message: InfoSec News: "[ISN] Many companies still vulnerable to DNS outage"

    07 October 2001
    The Dubai Appeal Court yesterday over turned a lower court ruling
    issued against Lee Alan Ashurst, the 22-year-old Briton accused of
    hacking into Etisalat's computer network, by finding him guilty on
    both charges of opening private e-mails of Etisalat employees and
    misusing Etisalat services through unauthorised entry of its internet
    The Dubai Misdemeanours Court had, on July 1, found Ashurst not guilty
    on the charge of opening private e-mails of Etisalat employees and
    fined him Dh10,000 on the second charge alone. The appeal court upheld
    the Dh10,000 fine but convicted Ashurst on both the first and second
    The civil component of the case has been referred by the appeal court
    to the Dubai Civil Court. Etisalat is asking the court to award the
    Dh2,835,000 for damages they allege Ashurst caused to their network.
    With regard the first charge, the misdemeanours court had said that
    "Regarding the opening of private e-mail messages of Etisalat
    employees without their knowledge or permission, the word 'message' in
    law does not apply to "electronic messages" or e-mails, according to
    the text of Article 380 of the Penal Code. The case goes back to June
    15 last year when Etisalat informed Dubai Police that it had detected
    an unauthorised entry of its internet network through the user name of
    a local company and the connection was made through that company's
    telephone line.
    Following police investigation the person responsible was identified
    as the defendant.
    Etisalat claimed that Ashurst's unauthorised entry and his copying of
    certain files resulted in harm to the network and network users in
    addition to unauthorised disclosure of company secrets.
    After confiscating Ashurst's laptop and other equipment the forensic
    lab discovered files that proved that defendant scanned the network on
    more than one occasion with the purpose of discovering security gaps
    in the network and entering it. They also discovered that the
    defendant had copied the password files to his computer.
    The technical report prepared for the court, said the defendant used a
    decryption programme to uncover names of various Etisalat internal
    network users by using their passwords. He also roamed freely through
    the main data base using names and passwords of Etisalat employees.
    According to court records Ashurst had told police that he carried out
    the entry of the Etisalat network then got the idea of entering the
    operating system in the UAE using the 'Saint' computer programme.
    Ashurst denied changing or destroying any computer files or causing
    Internet server to collapse.
    He also denied giving away the method by which he penetrated the
    network and that what he was doing is called by Etisalat 'Instray',
    which is using a decryption file and an internet user password
    decryption file. "The technical report confirmed that the defendant's
    laptop contained files and programmes used for piracy, infecting
    computer systems and decryption of passwords, but the mere presence of
    these programmes is no indication of (a crime)," the misdemeanour
    court said.
    Two senior academicians from UAE University and a computer engineer
    were asked during the court hearings to give their expert opinion to
    the court. The expert witnesses said that the two computer programmes
    in question, 'John the Ripper' and 'Saint', which the prosecution
    claims were used by the defendant to hack into restricted sites on the
    Etisalat database, are not illegal and are standard tools that come
    with the operating system, in addition, the programmes can be down
    loaded from the Internet.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 03:04:52 PDT