FC: DOJ prosecution of "good samaritan" may be justified after all?

From: Declan McCullagh (declanat_private)
Date: Tue Aug 21 2001 - 08:02:58 PDT

  • Next message: Declan McCullagh: "FC: Petswarehouse.com sues aquatic plant list members for $15 million"

    *******
    Previous message:
    http://www.politechbot.com/p-02414.html
    *******
    
    From: rmsat_private (Richard M. Smith)
    To: <politechat_private>, <toddat_private>
    Subject: RE: Feds target Oklahoma good samaritan who noted web security hole
    Date: Mon, 20 Aug 2001 19:04:09 -0400
    
    Declan and Todd,
    
      >>> In addition to the story above see: http://www.bkw.org/pdf/ for
    several 
      >>> collateral documents, including correspondence from DOJ and a
    detailed 
      >>> description of how this ridiculous travesty unfolded.
    
    I think that anyone who is interested in this story, should carefully
    read over the 4 pages of comments posted after the Linux Freak story.
    Apparently some of the players involved in the situation are providing
    information beyond what the story itself had to say.  My impression
    after reading the comments as well as some earlier news reports is what
    happened is a bit more complicated than the Linux Freak story leads one
    to believe.  This news story in particular is very interesting:  
    
       http://www.bkw.org/pdf/stigler-news-hack.pdf
    
    (Please ignore the dumb definition of "hacking").
    
    I have always felt that it can be very risky to do too much research on
    security holes on other people's Web servers without their permission.
    It is particularly problematic if the servers belong to a direct
    competitor which apparently is the case in this story.
    
    The reason that the FBI and US attorney's office got involved is that
    they are alleging that a few hundred files where downloaded by Brian
    West from a competitor's Web server.  Some of this files included
    password files and Perl scripts owned by the competitor. 
    
    Richard M. Smith
    CTO, Privacy Foundation
    http://www.privacyfoundation.org
    
    *******
    
    Date: Mon, 20 Aug 2001 22:02:32 -0700
    From: Todd Jonz <toddat_private>
    To: "Richard M. Smith" <rmsat_private>
    Cc: declanat_private
    Subject: Re: Feds target Oklahoma good samaritan who noted web security hole
    
    Richard writes:
    
    	> Apparently some of the players involved in the situation
    	> are providing information beyond what the [Linux Freak]
    	> story itself had to say.
    
    Including the FBI in its affidavit, which I've only just read:
    
    	| 15.  ...West indicated to Burchett that West had accessed
    	| the PDNS Web site by obtaining the user names and passwords.
    
    which contradicts Linux Freak's claim that the site was accessed
    without authentication.  Furthermore:
    
    	| 19.  ...the logs reflect that the attempts to connect were
    	| not simply requests to view the webpage, but attempts to
    	| access the files and Perl scripts that cause the webpage
    	| to operate....[West's presumed host] was able to enter a
    	| command line to access the file containing user
    	| identifications and passwords...
    
    No doubt about it:  this was a simple case of breaking and entering.
    Declan, my sincerest apologies for the false alarm.
    
    
    --
    Todd Jonz				When cryptography is outlawed,
    toddat_private				bayl bhgynjf jvyy unir cevinpl.
    
    *******
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 08:19:59 PDT