Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://news.com.com/Intel+hacker+sentence+expunged/2100-7350_3-6164113.html
:
: A former Intel contractor has seen his conviction for hacking into the
: company's systems expunged, after a battle lasting more than a decade.
:
: Schwartz was arrested in 1993 after using a program called "Crack" to
: find out the passwords of various former colleagues in the Intel
: Supercomputer Systems Division (SSD). Schwartz had left SSD under a
: cloud, and told the court he decided to crack the Intel passwords to
: show that SSD's security had gone downhill since he had left, and to
: reestablish respect he said he had lost when he left SSD.
This wording, and the wording of several other recent articles, make it
sound like Schwartz had left Intel ("former colleagues") before cracking
the password.
Google is fairly polluted since the case has been discussed extensively
the last decade, but pulling up the cache for
http://www.cyberlaw.com/cylx1195.html shows:
Notable legal developments reported in November 1995 include the
following (updated 12/95):
Randall Schwartz, a former Intel systems administrator, was convicted
under Oregon law on three felony counts of altering a computer system
without authorization and gaining access to a system with the intention
of committing theft. Originally hired as a contract programmer and
systems administrator, Schwartz conducted routine security checks using
a program called "Crack," which guesses user passwords. After being
hired by another Intel division, Schwartz performed a security check on
his old division, despite reprimands by Intel for two previous
incursions into computers at Intel and other companies. During that
check, Schwartz used Crack to determine the password of a user, gained
access to a core cluster of Intel computers, moved a password file from
a computer to a quicker one, where he used Crack to break 48 of 600
passwords. Intel conceded there was no evidence Schwartz took passwords
out of the system, but maintained that merely moving the passwords
constituted theft. Schwartz was sentenced to five years probation, a
deferred ninety-day jail term, 480 hours of community service, and
$170,000 in legal fees. He also faces a $72,000 damages claim. New York
Times, 11/27/95, C5.
This suggests he was still being employed by Intel, and crossed internal
division boundaries when he cracked the passwords, and the information
never left Intel's network. As far as I recall, the outrage at the time
was this being charged as a 'crime' when this was standard security
practice for security administrators.
So, over the last decade, has the story changed and are people under the
impression he was an ex employee/contractor and did the password
cracking after leaving Intel? Or are these articles just getting sloppy
on wording and not painting a clear picture of what happened?
_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Mar 05 2007 - 22:41:23 PST