http://www.chron.com/cs/CDA/story.hts/tech/news/1507766 By ROSANNA RUIZ July 24, 2002 A Houston man who once showed a Harris County official how easy it was for an outsider to access a county computer system was accused by a federal grand jury Wednesday of doing just that. Stefan Puffer, 33, was indicted on two counts of fraud for allegedly hacking into the county district clerk's wireless computer system that has been taken out of operation because of its vulnerability. Puffer is accused of accessing the system March 8, costing the county $5,000 to clean up after the alleged breach. Puffer, a computer security analyst who worked briefly for the county's technology department in 1999, could get five years in prison and a $250,000 fine on each count if he's convicted. Puffer declined to comment Wednesday and referred questions to his attorney, who was not available. District Clerk Charles Bacarisse said no files were compromised, but the county had to shut down the wireless system about a month after it was set up. The county, he said, had intended to use the wireless service to connect personal computers used by court clerks at the Civil Courts Building, 301 Fannin, to their network. The old courthouse can no longer sustain more computer lines, he said. "I'm hopeful we can determine an appropriate way to secure that system well enough to use wireless service," Bacarisse said. On March 18, Puffer showed a county official and a Chronicle reporter how he was able to use his laptop computer and a $60 to $75 wireless card to tap into the clerk's system. In a Chronicle article about the demonstration, Puffer said he noticed he could access the county network in early March, when he scanned for weaknesses throughout Houston. He said he could also access numerous home, government, university and business computer systems. The article quoted Bacarisse as saying his staff was alerted when someone tried to access the system March 8. He also characterized Puffer's demonstration as a "low-level intrusion" that did no permanent damage. As for Puffer's March 18 demonstration, Bacarisse said Wednesday, "Normally you secure a contract with an entity before you hack into a system, if that's what you're saying your expertise is." County Attorney Mike Stafford said he will resume his investigation into whether the security breach was corrected as promptly as county officials learned of it and the origin of a pornographic picture found on the clerk's office server in March. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 04:02:32 PDT