Politech archive on U.S. v. Brian K. West: http://www.politechbot.com/cgi-bin/politech.cgi?name=sperling ********** http://www.wired.com/news/politics/0,1283,47146,00.html 'Good Sam' Hacker 'Fesses Up By Declan McCullagh (declanat_private) 7:10 a.m. Sep. 27, 2001 PDT WASHINGTON -- It seemed like such a straightforward example of prosecutorial misconduct: An Oklahoma man was being investigated by the Justice Department for helping a newspaper fix a website security hole. The outcry among the geek community last month began with an uncritical story on LinuxFreak.org entitled "Cyber Citizen Lands Felony Charges?" Sites such as Slashdot soon picked up the sad tale of 24-year-old Brian K. West as evidence of out-of-control, tech-clueless government lawyers, and urged everyone to e-mail the U.S. Attorney in charge of the prosecution. Making the story even more appealing to the open-source community was the Microsoft angle: West was said to have reported to the Poteau (Oklahoma) Daily News and Sun a security flaw in Microsoft NT 4.0 IIS and Microsoft FrontPage. But a guilty plea that West signed tells a far different story -- and shows how easily a well-meaning community of programmers and system administrators can be led astray. [...] ********** Date: Wed, 26 Sep 2001 17:36:08 -0400 From: "Sperling, Sheldon" <Sheldon.Sperlingat_private> Subject: USAO/EDOK Message-Id: <"USAOKEML01-010926213607Z-20823*/PRMD=USDOJ/ADMD= /C=US/"@MHS> NEWS RELEASE U.S. Department of Justice SHELDON J. SPERLING United States Attorney Eastern District of Oklahoma (918) 684-5100 For Release: September 24, 2001 For further information contact: Jeffrey A. Gallant, Assistant U.S. Attorney MUSKOGEE, OKLAHOMA - BRIAN KEITH WEST, age 24, of Stigler, Oklahoma, pled guilty today to intentionally accessing and obtaining information from a protected computer without authorization through the use of an interstate communication in violation of Title 18, United States Code, Section 1030(a)(2)(C). United States Magistrate-Judge James H. Payne accepted defendant's plea of guilty, found defendant guilty of the misdemeanor charge, and ordered a presentence investigation report. Defendant was released pending sentencing, pursuant to the agreement of the prosecutor and defendant, on an unsecured promise to return for sentencing. Pursuant to a written plea agreement which was filed in open court, defendant "agree[d] to the following statement of facts: On February 1, 2000, defendant was viewing the Poteau Daily News and Sun (PDNS) website using MS Front Page and a web browser, MS Internet Explorer. Using MS Front Page, defendant discovered a common security flaw between MS Front Page and MS Internet Information Server (IIS), the server software being run by PDNS. Defendant recognized the security flaw and continued to probe the website following the discovery. Computer logs from the PDNS web server confirm this. While probing the site, defendant made copies of six proprietary Practical Extraction Report Language (PERL) scripts that were part of the source code running the PDNS webpage. Defendant also obtained password files from PDNS and used those passwords to access other parts of the PDNS webpage. Defendant electronically shared the scripts and the password files for the PDNS website with another individual. Defendant's access to the webpage involved interstate communications. On February 2, 2000, defendant contacted PDNS and alerted them concerning the security flaw. On February 11, 2000, agents of the FBI executed a federal search warrant at the CWIS Internet Services office in Stigler, Oklahoma. During the search, FBI Computer Analysis Response Team (CART) members made image copies of computers used by defendant. On February 11, 2000, defendant was interviewed by FBI agents. During that interview, defendant indicated that he found the security hole in the PDNS website, and copied the PERL scripts. Defendant further stated that he was re-writing the scripts in another computer programming language. Following the interview, defendant provided the FBI with written consent to search his laptop computer and all the computers he controlled inside CWIS. Defendant indicated previously to other individuals that he could use the PDNS PERL script to produce and market his own version. A review of the electronic evidence obtained from defendant's computers show that he saved the PERL script in several places and created separate directories called "/home/PDNS/" and "/home/pdns2". These two directories were substantially the same directories and contained substantially the same files. One of the directories was a "shortcut" to the other. In these directories files were found indicating that defendant was rewriting a part of the PDNS program in another computer language. The files written by defendant were in the PHP computer programming language and the file extensions of those files ended in .inc and .asp. These files were not in the PERL programming language." WEST penetrated a security hole in the website of the Poteau Daily News and Sun, employed a user ID and password, and downloaded computer files of value. WEST reported to the newspaper editor that he had penetrated the website, accessed the site using a username and password, and downloaded several files. West told the newspaper editor that his intrusion accidental. The website owner reported the unauthorized access to law enforcement authorities. Pursuant to an application for search warrant, a United States Magistrate-Judge ordered a search of WEST's employer's place of business. Files which WEST had downloaded from the website were found on WEST's laptop. A copy of the search warrant was left with WEST's employer as provided by law. WEST was not arrested nor charged at the time. Subsequent investigation revealed that WEST had downloaded the computer files, was in the process of rewriting the files, and intended to market the revised software program. At the plea hearing before United States Magistrate-Judge James H. Payne, WEST waived the right to proceed before a district judge and entered a plea of guilty to the misdemeanor Information. The defendant was represented by Cherie Chappel, of Edmond, Oklahoma, and Kenneth Poland, of Cleveland, Texas. WEST said he was satisfied with the performance of his attorney and believed they had done all that they could do to counsel and assist him with regard to this matter. "In the context of recent events, even as before, we don't prioritize unauthorized computer access where there is no consequence," noted United States Attorney Sheldon J. Sperling. "This matter was pursued because the defendant downloaded files and intended to derive a financial benefit from the unauthorized access. Of course, hacking with attendant web site damage would be taken much more seriously." "This case generated a very substantial amount of e-mailed correspondence to our office and across the world,' Sperling said. "The wide range of opinion was instructive. In this case, the defendant rewrote the files he downloaded, planned to distribute his rewrite, added another page to the website, modified the password file, and misled sympathizers and others as to both the character and scope of what he had done." "It is important that web sites are secure from unauthorized access and that intellectual property is protected. Cyberspace will be a better place for all if such privacy and property rights are respected," stated Assistant United States Attorney Jeff Gallant. The offense to which WEST pled guilty is a misdemeanor which is punishable by a term of imprisonment not to exceed one year. Prosecutors expect that, under the United States Sentencing Guidelines, WEST will eligible for probation. The Information to which defendant pled guilty is as follows: COUNT ONE [18 U.S.C. § 1030(a)(2)(C)] (Accessing a Computer without Authorization) On or about February 1, 2000, in the Eastern District of Oklahoma, and elsewhere, the defendant, BRIAN KEITH WEST, did intentionally access a protected computer without authorization through the use of an interstate communication, and did thereby obtain information from a protected computer; to wit: the defendant, BRIAN KEITH WEST downloaded proprietary Practical Extraction Report Language scripts and password files from the protected computer. In violation of Title 18, United States Code, Section 1030(a)(2)(C). . Shelly Sheldon J. (Shelly) Sperling United States Attorney Eastern District of Oklahoma 1200 West Okmulgee Muskogee, OK 74401 918/684-5151 (phone) 918/684-5150 (fax) sheldon.sperlingat_private ********** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 09:59:11 PDT