Forwarded from: security curmudgeon <jericho (at) attrition.org> : http://news.com.com/Intel+hacker+sentence+expunged/2100-7350_3-6164113.html : : A former Intel contractor has seen his conviction for hacking into the : company's systems expunged, after a battle lasting more than a decade. : : Schwartz was arrested in 1993 after using a program called "Crack" to : find out the passwords of various former colleagues in the Intel : Supercomputer Systems Division (SSD). Schwartz had left SSD under a : cloud, and told the court he decided to crack the Intel passwords to : show that SSD's security had gone downhill since he had left, and to : reestablish respect he said he had lost when he left SSD. This wording, and the wording of several other recent articles, make it sound like Schwartz had left Intel ("former colleagues") before cracking the password. Google is fairly polluted since the case has been discussed extensively the last decade, but pulling up the cache for http://www.cyberlaw.com/cylx1195.html shows: Notable legal developments reported in November 1995 include the following (updated 12/95): Randall Schwartz, a former Intel systems administrator, was convicted under Oregon law on three felony counts of altering a computer system without authorization and gaining access to a system with the intention of committing theft. Originally hired as a contract programmer and systems administrator, Schwartz conducted routine security checks using a program called "Crack," which guesses user passwords. After being hired by another Intel division, Schwartz performed a security check on his old division, despite reprimands by Intel for two previous incursions into computers at Intel and other companies. During that check, Schwartz used Crack to determine the password of a user, gained access to a core cluster of Intel computers, moved a password file from a computer to a quicker one, where he used Crack to break 48 of 600 passwords. Intel conceded there was no evidence Schwartz took passwords out of the system, but maintained that merely moving the passwords constituted theft. Schwartz was sentenced to five years probation, a deferred ninety-day jail term, 480 hours of community service, and $170,000 in legal fees. He also faces a $72,000 damages claim. New York Times, 11/27/95, C5. This suggests he was still being employed by Intel, and crossed internal division boundaries when he cracked the passwords, and the information never left Intel's network. As far as I recall, the outrage at the time was this being charged as a 'crime' when this was standard security practice for security administrators. So, over the last decade, has the story changed and are people under the impression he was an ex employee/contractor and did the password cracking after leaving Intel? Or are these articles just getting sloppy on wording and not painting a clear picture of what happened? _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Mar 05 2007 - 22:41:23 PST