Ex-judge Gets 27 Months on Evidence From Hacked PC 610
netbsd_fan writes "A former California judge has been sentenced to 27 months in prison for possession of illegal pornography, based entirely on evidence gathered by an anonymous vigilante script kiddie in Canada. At any given time he was monitoring over 3,000 innocent people. The anonymous hacker says, "I would stay up late at night to see what I could drag out of their computers, which turned out to be more than I expected. I could read all of their e-mails without them knowing. As far as they were concerned, they didn't know their e-mails had even been opened. I could see who they were chatting with and read what they were saying as they typed."
Bust the buster? (Score:5, Interesting)
Re:I'm curious how you people think about this (Score:5, Interesting)
-> clear violation of privacy of thousands of people
-> use of that information for private gain
-> passing off vigilante-collected information to the police
-> (plus or minus) collecting that same porn
All this obviously without a court order, or even being in the police force.
This is also seriously worse than the riaa has ever done. So what should the punishment for the hacker be ? Clearly he cannot go free, despite having caught this criminal.
in defense of the hacker....... (Score:2, Interesting)
Re:I'm curious how you people think about this (Score:2, Interesting)
And then he will have a lot of job offers for computer security work. People will trust him.
Re:Bust the buster? (Score:2, Interesting)
The judge who has the evidence alone with him in his office during the trial?
Your logic is flawed.
It's a damn trojan ... it makes guesses ! (Score:5, Interesting)
The program is a damn trojan ! Most of the other virus/trojan software that use dat on victims' hard drive to disguise themeselve make wild guess based on file name and file type and pull mostly random MS Word
Now in this case we're speaking about a very specific situation. You know you're looking for JPEGs. You know those JPEGs may have "kid", "sex", "naked" or similar keywords in their file names (at least 1 file out of the 3000 is bound to have such a name). You know other messages in the same thread read by preps have similar name.
It's just enough that in some case the program will display an image (and given that at least 3000 of the JPEGs are porn, surely a huge percentage of all JPEGs, there's a huge chance that, just by luck, the trojan will find one of them). Even if finally it's a wrong image (some of those funny joke-pictures circulating on the net), there's still a proportion of users who'll think "Hm... It's only one of those jokes. Too bad, I already have one", instead of suspecting something.
Too little users will realise that there's something wrong and too little will alert the other readers of the thread. By then, several people will have executed the trojan. Then if the hacker have posted a lot of different mails using several different identities and on more than a few threads, the number of the victims will be high enough.
If it works with viruses pulling random DOC files (where the chance is little that the two person will work on the sme subject), it's bound to work in this case (huge proportion of the JPEGs are genuine porn, all readers of the thread are potential pronographers).
(It's like writing a trojan that spread it self on the mailing list of linux kernel developpers, and maskarade itself using ".c" or ".diff" files found on victims hard drives. It's bound to work).
Re:Bust the buster? (Score:4, Interesting)
Re:Bust the buster? (Score:3, Interesting)
Re:Hacker Must be Prosecuted for Committed Felonie (Score:5, Interesting)
It doesn't work that way. If a burglar breaks into your house and finds your child porn stash, then reports it to the police they can prosecute you all they like. The laws against illegal search and seizure only applies to law enforcement. The burglar is still guilty of breaking and entering though.
However, if that burglar is told "it's ok, you can keep breaking into people's houses as long as you report any child porn to us" then the burglar has become an agent of law enforcement, and any case after that point should be thrown out. If they refuse to investigate or prosecute cases where they suspect the same burglar has been at work, they're equally much doing so.
In order to make this work he should never have identified himself, never been in contact with law enforcement. He should only have left a package at their doorstep, never allowing any contact that could make him an agent of law enforcement. Those rules are very strict exactly so that you can't have a "pseudo-police" that doesn't need to follow the rules. Anyone who's paid any attention to history would know why that would be a very bad thing.
Re:I'm curious how you people think about this (Score:4, Interesting)
This mans snooping through the personal lives of 3000 people seems to me a far greater crime than a little kiddy fiddling and the fact that he is stupid enough to go to the Police with the results of his illegal, voyeuristic "investigations" just illustrates the sort of fantasy world he is obviously inhabiting. This man needs to be locked up, for his own good as well as the good of the people he is "investigating".
Re:More vigilantes please (Score:5, Interesting)
That's part of it, but the other side of that same coin is that even if you do speak out against these sort of laws, you're ignored.
The problem is that the argument on issues like this are not rational, they are emotional. Regardless of how many good points one can mention against these sorts of bills, the opposition just goes, "but THE CHILDREN!!" And that's it. You've been completely blown off without ever really being heard; sometimes it's hard to understand why it's worth wasting your breath on especially, as you say, with the additional fear that you could be branded with them and worse than just ignored.
On top of that, it's basically political suicide for the people who actually vote of these issues to vote against them. It's dangerous. Even if your intentions are completely related to opposing a poorly-written law, you might never get the chance to tell your side. All it takes is for one person in the other party to go, "he wants to let child molesters run free!!" and the news to repeat that a few times and there is big trouble.
For the record, the PROTECT Act passed 84-0 in the Senate. After the House agreed and the two voted on the final language, it passed 400-25 in the House and 98-0 in the Senate.
Put it all together and it just doesn't seem worth it.
Yay, but wtf? (Score:2, Interesting)
1984... (Score:2, Interesting)
There should be limits on what can be done legally. And that script kiddie should be jailed, too.
That's true, on the other hand you have to see things from law enforcement's point of view. I saw a documentary recently about child pornography. The reporters interviewed an FBI agent who is part of a task force that combats child-porn, child-prostitution and child-abuse. He described a case they have been working on for something like 2-3 years. It involves a tech savvy pedophile who regularly posts pictures of him self abusing a little girl in a pretty savage way. The FBI has no practical way of tracking him down if they stay within the strict framework of the law. This pedophile is clever enough to post his pictures in ways that ensure he can't be easily tracked, both the victim and he him self are disguised in such a way that they can't be recognized and there is nothing that is shown in any of the material he posts that can be used to narrow his location down any further than that he probably lives somewhere in the USA or Canada. Effectively the FBI has been doomed to watch this child growing up in the pictures they download off the net as it spends it's youth being savagely abused. I can understand why some law enforcement officers want us to allow them, under special circumstances of course, to employ precisely the kind of methods this hacked used. If we don't the odds favor many pedophiles in that they will probably get away with inflicting their perversions on innocent children and posting a record of that abuse on the Internet. I am fully aware of the abuse potential of allowing law-enforcement to hack computers as part of an investigation but I also deeply doubt that the vast majority of the law enforcement community is out to use such investigative tools as a stepping stone in their diabolical efforts to use Orwell's 1984 as a roadmap for creating a totalitarian surveillance state. The people we truly have to worry might rob us of our liberty will use hacking to further their cause regardless of whether the law allows it or not.
Oh... and I am sorry if I scared you even more.
</rant>
Slashdot Meme (Score:3, Interesting)
Government spying on suspected terrorists w or w/o a warrant - BAD
Vigilante spying on suspected perverts w/o a warrant = GOOD
Re:More vigilantes please (Score:4, Interesting)
"For law enforcement agencies to outsource work under the table to unregulated vigilantes who are free to break the law as long as the authorities in question find them useful is a bad thing."
There.
The trouble is that the above concept takes a bit of thought, it takes thinking about history and following through the likely consequences and abuses of having police-sanctioned vigilantes to do the illegal things the police aren't allowed to. And the time it takes to do that thinking is time you don't spend just furiously repeating yourself until you become convinced you are right, a la this post above [slashdot.org]. Think of the children! Seriously, THINK of the CHILDREN!!! WHY WILL NOBODY THINK OF THE CHILDREN????? AM I THE ONLY ONE SANE???@?!?!?!?!?@#$@#
That's what it comes down to -- everyone's got X amount of time to spend on it, so generally those who use less of that time in thought make most of the noise. I don't think it's necessary to postulate a state of fear or insanity.
Rhetorical questions go both ways (Score:1, Interesting)
2. Do you really believe that nobody is spending resources to study these problems?
3. Why do you oppose "getting tough", given that massive evidence show that rehabilitation rates are pretty low for criminals in general regardless of method used?
4. Assuming that some semi-reliable methods were found to "detect them early"/"fix them" (I presume "early" means 'before they have commited any crime'), do you really support the measures this implies? Forced testing for the entire population? Forced institutionalization for those that refuse treatment? Perhaps forced genetic therapy if a genetic component was found?
5. Do you think that the fact the Slashdot crowd is almost completely childress affects their view of this issue? Maybe urban single professionals have a lack of emphaty for married families? Compare current attidutes with, say, attitudes regarding spammers.
i do have the moral high ground (Score:2, Interesting)
once you had sought child porn, a prerequisite for getting targetted by this guy, it made the vigilante's actions acceptable
you seemed to ignore that crucial piece of info in forming your opinion, so your opinion is invalid: it does not take into account the entire context of what happened here. you can't pick and choose the facts and expect your opinion to be complete. you can't traffic in only parts of a situation and expect your opinion to have weight
Re:Also... (Score:3, Interesting)
Re:More vigilantes please (Score:2, Interesting)
Re:Waits for it.. (Score:5, Interesting)
They do. Usually they don't even do it anonymously, it just gets recorded in the paperwork as an "anonymous tip".
Re:Why Evidence Resulting from Illegal Search OK H (Score:4, Interesting)
Re:Also... (Score:2, Interesting)
Also the ends don't justify all means or we'd just run a systematic search, meaning going into EVERY house and searching through EVERY computer. That would be effective but it would be a violation of human rights.