[ISN] Man indicted in alleged hacking of county's system

From: InfoSec News (isnat_private)
Date: Mon Jul 29 2002 - 01:31:15 PDT

  • Next message: InfoSec News: "[ISN] Secure site seals may be misleading: Netcraft"

    July 24, 2002
    A Houston man who once showed a Harris County official how easy it was
    for an outsider to access a county computer system was accused by a
    federal grand jury Wednesday of doing just that.
    Stefan Puffer, 33, was indicted on two counts of fraud for allegedly
    hacking into the county district clerk's wireless computer system that
    has been taken out of operation because of its vulnerability.
    Puffer is accused of accessing the system March 8, costing the county
    $5,000 to clean up after the alleged breach.
    Puffer, a computer security analyst who worked briefly for the
    county's technology department in 1999, could get five years in prison
    and a $250,000 fine on each count if he's convicted. Puffer declined
    to comment Wednesday and referred questions to his attorney, who was
    not available.
    District Clerk Charles Bacarisse said no files were compromised, but
    the county had to shut down the wireless system about a month after it
    was set up.
    The county, he said, had intended to use the wireless service to
    connect personal computers used by court clerks at the Civil Courts
    Building, 301 Fannin, to their network. The old courthouse can no
    longer sustain more computer lines, he said.
    "I'm hopeful we can determine an appropriate way to secure that system
    well enough to use wireless service," Bacarisse said.
    On March 18, Puffer showed a county official and a Chronicle reporter
    how he was able to use his laptop computer and a $60 to $75 wireless
    card to tap into the clerk's system.
    In a Chronicle article about the demonstration, Puffer said he noticed
    he could access the county network in early March, when he scanned for
    weaknesses throughout Houston.
    He said he could also access numerous home, government, university and
    business computer systems.
    The article quoted Bacarisse as saying his staff was alerted when
    someone tried to access the system March 8. He also characterized
    Puffer's demonstration as a "low-level intrusion" that did no
    permanent damage.
    As for Puffer's March 18 demonstration, Bacarisse said Wednesday,
    "Normally you secure a contract with an entity before you hack into a
    system, if that's what you're saying your expertise is."
    County Attorney Mike Stafford said he will resume his investigation
    into whether the security breach was corrected as promptly as county
    officials learned of it and the origin of a pornographic picture found
    on the clerk's office server in March.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 04:02:32 PDT