posted 08-19-2001 07:33            

quote:

---

Why on earth are you people offering somebody up to the DA that tried to help you close up a gaping big security hole?

If you'd been hit by somebody malicious, your web site would have been defaced - hopefully in a really blatantly obvious fashion, possibly simply by mild editing of your articles to make you look like a pack of chumps, or possibly even make you appear guilty of libel. The s'kiddie doing it would have made his changes using an IP anonymizer or a machine belonging to some innocent home user he'd Sub-Sevened, and you would have had no way of tracking it down... and the s'kiddie (that's "script kiddie" if you aren't aware of the terminology) would, of course, have gotten away with doing thousands of dollars of damage to you scot-free, and laughed his irresponisble little butt of at you.

As it is, some random guy discovers that you've left a password file out in the public domain - no "exploits" required to get at it, merely type the URL into the browser - and he lets you know about it, and you turn him over to the FBI? What in God's name are you thinking? If a guy saw your car keys lying on the ground next to your car and left them with a note on your driver's seat, would you try to charge him with "breaking into your car?"

If you've got a different spin on this than the FBI search warrant affidavit and the various news articles have, I'd certainly be interested to hear it.

-J

---

posted 08-19-2001 18:36            

quote:

---

Originally posted by Jimbo:
Emailed out to the folks crying wolf hax0r! on Brian K West a few minutes ago:

[QUOTE]bla bla bla words

---

Expected response from whomever:

Dear "Mr. -J" (if that is your real name)

WE KNOW HOW YOU HACKERS LIKE TO STICK TOGETHER WE ARE NOT FALLING FOR YOUR CLEVER RUSE LIKE THAT ONE TIME WHEN YOU GUYS GAVE US "THE VIRUS". WE HAVE FORWARDED YOUR EMAIL AND ALL INFO TO THE FBI, HAVE FUN IN JAIL YOU COMMIE.

-responsible citizens at large

posted 08-19-2001 22:46            

The more I think about this, the more worried I get. I mean, anyone even vaguely familiar with how this shit works knows that Brian didn't do anything wrong, and that he DID, in fact, do that newspaper a service by notifying them of the vulnerability.

If my fly is open, please tell me - I won't call the FBI and accuse you of molesting me.

But here is the real problem. How is this man going to get justice? Justice, in this case, would be a prompt dismissal of the UNFILED ANYWAY charges, and the prompt dismissal of several FBI men, not to mention a prosecuting attorney. Also, the Editor in Chief should have a donkey penis surgically grafted to his forearm.

But how WILL justice be served if judges and juries don't understand the MERITS OF THE CASE?

The prosecuting attorney could say that Brian K. West altered files on the paper's webserver that they did not intend to be alterable by users or viewers, and he wouldn't be lying... technically. It's important to note that Brian didn't BREAK the security on the server, however - there WAS none. The one thing missing here is malicious intent. Well, ok, the other thing missing is any actual crime, but I dont' expect the FBI or Fugga prosecuting goddamn attorneys to know the difference between random acts of kindness and actual harms-others crimes.

Fugga morons.

posted 08-19-2001 23:34            

That's not "breaking security", that's "no security whatsoever." Much like a FrontPage-equipped website that exposes the damn un/pw list to anybody who hits "Edit" from their browser.

Come on folks, this is like somebody finding your key lying out on your front porch and opening your door, walking into the kitchen, and leaving the key and a note on your kitchen counter - yes, he entered your home without your permission, but can you REALLY call it "breaking and entering?"

posted 08-24-2001 21:43            

[q]Please see information below.

NEWS
RELEASE
U.S. Department of Justice
Sheldon J. (Shelly) Sperling
United States Attorney
Eastern District of Oklahoma

For Release: August 24, 2001

For Further Information Contact: Sheldon J. (Shelly) Sperling, United States Attorney

MUSKOGEE, OKLAHOMA - An article posted on the internet last Friday reported that an internet service provider employee is alleged to have penetrated a hole in the comparative security of a newspaper's website, employed a userid and a password, and downloaded a valuable computer program. The employee reported the penetration to the website owner to include site insecurity, access using user names and passwords, and downloading the program, but claimed his intrusion accidental. The website owner reported the alleged intrusion to law enforcement authorities.

Pursuant to a complaint to law enforcement officers, an application was made for a search warrant. A United States Magistrate-Judge ordered a search of the employee's place of business. A website's computer program was found on the employee's laptop. A copy of the search warrant was left with the employer as provided by law. The employee was not arrested and has not been charged.

Investigation into the allegations is pending. A very substantial portion of the investigation, to include interviews with witnesses, is not yet public and is ongoing. The question under investigation is whether valuable intellectual property has been improperly converted.

More particularly, the purpose of the investigation is to determine:
(1) whether the employee intentionally accessed a computer without authorization or exceeded authorized access (to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter),
(2) whether the employee thereby obtained information from a protected computer (a computer which is used in interstate or foreign commerce or communication), and
(3) whether the conduct involved an interstate communication. 18 USC 1030.
Only if all three questions are answered in the affirmative has a criminal offense been committed.

Even where there is probable cause to believe that a person has committed a criminal offense in the Eastern District of Oklahoma, a prosecutor must consider whether to:
(1) request or conduct further investigation,
(2) commence or recommend prosecution,
(3) decline prosecution and refer the matter for prosecutorial consideration is another jurisdiction,
(4) decline prosecution and initiate or recommend pretrial diversion or other non- criminal disposition, or
5) decline prosecution without taking other action.

A suspect's intent, the amount of loss occasioned by the behavior, and the context of the alleged offense are among many factors that are within the scope of the investigation and weighed in such prosecutorial decisions. Only after all these standards and issues have been considered would the United States Attorney's Office for the Eastern District of Oklahoma prosecute an individual for a criminal offense.

Pursuant to the employee's telephone call to our office, we sent him a letter containing an invitation to appear before the grand jury to answer questions concerning this matter, written advice of his rights, the option and importance of retaining counsel, and the prospect of an agreed plea. No final decision has been made or agreement reached to resolve this matter.

Because of the public interest in this matter based on hundreds of individuals who have written me about this matter and the publicity which has been generated, I am providing limited comments on this matter during the investigation. The purpose of the investigation is to determine whether the allegations warrant further action in a criminal setting.

Thank you for your interest.

Shelly
Sheldon J. (Shelly) Sperling
United States Attorney
Eastern District of Oklahoma
1200 West Okmulgee
Muskogee, OK 74401
sheldon.sperling@usdoj.gov[/quote]

This doesn't really address the fact that there WAS no security on the machine-in-question... And also implies that a very serious crime was committed... Note how Brian was 'invited' to answer questions from a grand jury.

Invited? How does that work?

"You are cordially invited to share finger sandwiches and tea with an 18 member federal grand jury and mingle for the purposes of establishing an indictment in your case. Please R.S.V.P. by suchandsuch date."

Invited?

Also notice the wording... 'and the prospect of an agreed plea'. Shouldn't DOJ establish that an actual CRIME was committed before they go looking to make a deal with a plea bargain?

posted 08-25-2001 08:22            

quote:

---

Shouldn't DOJ establish that an actual CRIME was committed before they go looking to make a deal with a plea bargain?

---

posted 08-25-2001 09:33            

quote:

---

Originally posted by Jimbo:
Wtf man, are you trying to stand in the way of convictions? What are you, some kinda lefty commie pinko fag?

---

Up until I saw this, I wouldn't have thought so, but your question has shaken my confidence in my values.

I have to give DOJ due credit where it is due, however. This push for convictions regardless of guilt or innocence makes perfect sense, given how uncrowded and unused our prisons are. (not to menetion more valid things to be sarcastic about, like actual guilt or innocence.)