Hack the Army, Brag About it, Get Raided 402
SunCrushr was one of many who submitted this. A security company called ForensicTec decided to explore the U.S. government's computer systems, with particular emphasis on the Army. They talked to the press and had their fifteen minutes of fame. And surprise surprise, they immediately got raided by the FBI. What did they expect?
Publicly breakly the law is dumb (Score:4, Insightful)
Re:Publicly breakly the law is dumb (Score:2)
Re:Publicly breakly the law is dumb (Score:3, Troll)
how about speeding on highways?
IMHO the army and the FBI is taking this *way* too seriously. I mean, fine if they were doing this for criminal intent, then alright. but proceeding with criminal prosecutions? that's 158% bullshit.
the sad fact is unless you generate some publicity, a whole lot of times shit in the govn't does not get done. (same with M$, btw). Illinois had ppl warning them for YEARS that they need to seriously wipe the old PC's hard disks they put on auctions; and what did they do? promptly ignored it until someday ABC channel 7 news (i actually don't remember the channel #, so am making this part up) found out.
i mean, fucking a, i'd appreciate some kind of apology from the army instead of this. instead of "i am tracking down the 'law breakers' and taking a firm stand on unauthorized computer access", i think The Right Thing (tm) to do is actually apologize to ME, Joe Citizen, that they fucked up and should have kept this shit more secure in the first place, and things are being done about it; and they are switching to open source and capable sys admins.
glad my tax dollars are going toward such useful endeavors.
Re:Publicly breakly the law is dumb (Score:4, Insightful)
I think the obvious difference here is that when one uses Macrovision-disabling VCRs, one doesn't usually:
a) Send the RIAA/MPAA an email letting them know
b) Tell the press what an easy time you had doing it
Likewise, when speeding on the highways, one doesn't usually give the local police a call to let them know.
Furthermore, I don't know about you, but I expect the law to enforced consistently. You certainly don't want Al Qaeda claiming that knocking down the WTC and was just some proof-of-concept work they were doing to point out inadequacies of airport security in the US.
Re:Publicly breakly the law is dumb (Score:3, Insightful)
1) Less of this "benign tumors" develop (SecureTech, etc)
2) More of the "malign tumors" develop (Al Qaeda)
3) Security is improved a bit but not revisited thereafter, making the mil computer even more vulnerable.
If some guys tryed to divert a plane and flyby some densely populated scycrapers, then sept 11 would have never happened. Of course, nobody will try that because if the actually survive (ie: they dont get killed while trying) they will be killed after succeding (even though they would have preventing a tragedy).
So as nobody has an incentive to try, because the penalty is so high, nobody does try. But then a real terrorist takes advantage because they don't care about FBI raids. They get in, an gather the information or many launch an Nuke (or something nasty) and that's it.
I'd rather see these guys sentenced to work as free advisors to the mil for 10000 hours than be prosecuted. Actually, It'd be a good policy to offer rewards for hacing ANY mil computer (provided you do report inmediately and in proper way [ie: tell the mil, NOT the press]).
Re:Publicly breakly the law is dumb (Score:2)
Damn, then why did I even get this cell phone?
Re:Publicly breakly the law is dumb (Score:5, Insightful)
You're walking down the street in front of the bank where you've got your accounts, and there is a "Closed" sign on the bank front door. You check the door, and it's unlocked, and all the lights are on. You open the door and walk in, and see that there is money laid out in piles, and the safe is open. You still don't see anyone, so you walk out the front door, and you call a press conference saying that the bank is unlocked.
That is what happened.
The silly part on their part was holding the press conference, not checking the door. In this analogy, I would have told the bank officials first. Then, I would have checked the door a few days later. If the door was still unlocked, then I would hold the press conference.
Close but not quite... (Score:4, Insightful)
Prosecution is completely appropriate. Let's not forget that the "seriousness" of the actual offense should be reflected in the sentence, eg. a fine and a few weeks in jail rather than years in the slammer.
now taking bets.... (Score:3, Funny)
Think of it as evolution in action. (Score:2, Insightful)
For those objecting to the theory of evolution in the other thread, I submit that this is exactly how the human race got smarter. Those guys are going to miss out on a lot of breeding opportunities - at least, breeding of the kind that produces babies.
Shooting the messenger? (Score:2, Interesting)
Re: (Score:3, Insightful)
Re:Shooting the messenger? (Score:2, Interesting)
Since the amount of personal information that the government is capable of gathering seems to be increasing, I don't believe it's an unreasonable expectation that security be increased as well. In cases where the security is so obviously lax, I would rather somebody inform them like this (maybe under some sort of digital security good samaritan law) than to let it go unnoticed.
-Sou|cuttr
Re:Shooting the messenger? (Score:2, Insightful)
Now I come along. I say, I want to do something wrong when I am in there, and people are generating so much intrusion noise that I can slip in and out unnoticed within the sea of attacks.
Re:Shooting the messenger? (Score:3, Insightful)
I mean, I wouldn't actually steal anything. Just rifle the place a bit, see what you've got, that sort of thing. Then, I might call the press and see if they're interested in doing a story about the level of security at [insert your address here].
I'm sure you'd appreciate the free research, right?
Cheers
-b
Re:Shooting the messenger? (Score:3, Insightful)
I'd want the guy prosecuted for breaking into my personal property and I believe that a lot of you would, too. Why do we expect a lenient, "please, invade our property some more, sir" attitude from anyone else?
Re:Shooting the messenger? (Score:2)
You'd rather not know?
Back when you were in college you didn't e-mail people that left themselves logged in after they left the terminal?
You never got one?
I never like having my machine cracked, but I do like the fact that it's much easier to find out these days than when my first BBS was cracked. My workplace even hires people to come in and break into as many computers as they can. I wish the military took security as seriously. We have holes we know about, but we do keep at least one machine running a password cracker and port scans at all times. I get at least two attemped breakins into my computer a week, I'm sure their machines were owned many times over. At least these people had the good morals to tell the world.
Re:Shooting the messenger? (Score:3, Funny)
Loser.
Derek
Re:Shooting the messenger? (Score:2, Interesting)
Re:Shooting the messenger? (Score:4, Insightful)
And regarding the IT being busy doing other things: If they can't secure the network then they should _GET_OFF_THE_BLOODY_INTERNET_. I'm 100% serious. There are countless government computers and networks that are theoretically publicly accessible with absolutely no justifiable reason but that it was easier for the IT department.
Re:Shooting the messenger? (Score:2)
Re:Shooting the messenger? (Score:2)
I'd disagree. The 'consultants' certainly did get the publicity, which it seems they wanted. (How beneficial it's going to be at this point though is probably questionable.) They didn't have to go 'public'. This was a case of someone intentionally mucking around inside their systems. I don't care if it's the military, a company, or an individual. Once the breach is made , if intentional, and they continue, it's illegal. Once can accidently end up at a site because of a screw up in routing tables, etc, and that's not intentional. In that case, if they are notified, they'll fix the problem... and I mean fast.. in the case of the military. (On that one I speak from experience.) But the bottom line... this wasn't accidental
Should be rule #1 (Score:2, Funny)
Re:Should be rule #1 (Score:3, Insightful)
In all probability, they would've prefered to stay vulnerable if it meant saving face.
Typical tactic. When you expose their piss-poor security, they scramble for cover and instead of acknowledging that they don't know security from a hole in the ground, immediately accuse the people who exposed their incompetence.
Where's ForensicTec security now? (Score:4, Funny)
So it looks like those ForensicTec computers aren't secure enough
Re:Where's ForensicTec security now? (Score:5, Funny)
Re:Where's ForensicTec security now? (Score:2)
Re:Where's ForensicTec security now? (Score:2)
Re:Where's ForensicTec security now? (Score:3, Interesting)
Re:Where's ForensicTec security now? (Score:2)
Yeah I was joking, couldn't help it.
They handled it the wrong way (Score:2, Informative)
"Stumbled Upon"...heh (Score:5, Funny)
Someone new to a Dvorak probably tried to type in "lynx http://www.google.com" but instead got "nmap -v -p 1-1024 -sS -P0 army.mil -T paranoid".
Re:"Stumbled Upon"...heh (Score:2)
interesting point gets made (Score:2, Insightful)
It's like discovering that there's a loose brick in the wall between the boys' locker room and the girls' shower room at school: getting an eyeful before reporting is still wrong.
They probably got searched to see if they did the equivalent of "taking pictures."
Re:interesting point gets made (Score:5, Funny)
It's like discovering that there's a loose brick in the wall between the boys' locker room and the girls' shower room at school: getting an eyeful before reporting is still wrong.
No kidding... What kind of fucknut would report the loose brick?
Re:interesting point gets made (Score:2)
OK, OK, now that I've stoppped laughing aloud to your comment and sig together, think about it.
The obvious answer is "any bricklayer that was 13 once and had a wang." Ha.
Thanks for the laughter, bud.
Soko
Re:interesting point gets made (Score:2)
Hey man. Midgets need jobs too, you know.
Derek
Honestly, I'd have to say they were pretty dumb... (Score:4, Insightful)
Then they point out specific, make-people-lose-their-jobs flaws. The kind of thing congressmen would love to jump on in order to criticise incompetency. Do it on a widely-read medium. This pisses more people off.
Then make very clear how you did specific illegal acts, giving those you just pissed off a great and simple way to get back at you.
Why not just walk right into jail...? I mean, its like spitting in the face of a police officer who is holding a gun, insulting them, and then making a threatening move while simultaneously pulling out a joint and smoking it. You might as well hand them the rubber hose...
Why taunt someone and then give them an excuse to hurt you? To gain acclaim? Fame? Real hackers are not out to get publicity, but rather to expose vulnerabilities and try to fix them.
Whats this you say? You sympathise with the "security firm?" well, take this quote into account: I dunno about you, but that would be my definition of script kiddie. Especially someone who then brags about it for publicity.
Re:Honestly, I'd have to say they were pretty dumb (Score:3, Interesting)
I say enough is enough and its time for a change.
Re:Honestly, I'd have to say they were pretty dumb (Score:2, Insightful)
Which is nothing particularly new.
Oh, and the governement is better and has more rights than us. See vigiante justice. Lets say you know someone is a criminal. for example, they are pirating mp3s. You cannot do anything about it, other than maybe tell the governement. The governement can bust them, which almost never happens, because its a minor thing. Record companies want to have the "same rights as the governement," as you put it--they want to be able to search your computer, hack it, and basically fuck you up.
There is a reason why joe billy bob next door is not allowed to do the same things the police is allowed to do. Wouldn't it suck if any old bitchy mom could pull you over for speeding and make you pay $150?
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
If the government can monitor our phone calls, internet emails, conversations, etc. then why can't we spy on the government to?
Because there are things that the general public should not know. An obvious example would be the list of people in witness relocation program. Obviously there are a lot of military information that is not in our best interest for our enemies to know as well.
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
Then they should understand that there are things that the government should not know and stop spying on us.
Well, then you'll be happy to know that they aren't spying on "us". They spy on suspected criminals with permission from the judiciary.
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
Re:Honestly, I'd have to say they were pretty dumb (Score:4, Insightful)
The government is us. When you or I deal with the will of the people, we are not forced to do so by the whim of the crowd, but by the powers elected and appointed to speak for and act in the interests of the people.
The government, as a nebulous nonpersonal entity, is a slave to every one of its citizens, and exists for no other purpose than for the well being of those it serves.
The problem, of course, arises in that "the government" may be an inpersonal slave, but the people who run the government are very personal, flawed, human beings. It is these people who are put in power that are watched--and they're watched by other people in power who got put there different ways and across different levels, until we get back to the elected representatives and the voters en masse.
If you take away the government's unique right to spy & investigate with legal warrant, documentation, and accountability, (see: the FBI getting smacked for lying to judges), then you're left with either an illicit society of secrets ("If no one can see me do it, then I can get away with it") or a distopian society of eternal spying.
I would rather have some suit who's salary is paid for by my taxes spying on me than some random looney off the street.
Oh--and you (assuming that you're an American citizen) CAN spy on the government. You just need to do it with a time delay. Ever hear of FOIL? The fourth branch of government? The @#$ing drudge report? (slashdot?)
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
Except that the person spying on you may also be working for a criminal organisation. It happened several times here in Canada and I'm sure it's still happening.
Re:Honestly, I'd have to say they were pretty dumb (Score:2)
then stop saying it, and do something.sheesh.
Making a Point vs a Splash (Score:3, Interesting)
The bitch to bureaucracies and incompetence is that that a successful bureaucrat covers it up. And often anybody who would make the appropriate whistle-blower is ass-deep in alligators already with all the other crap that's on their plate because their IT budget can't handle proper staffing.
So... sure. Maybe someone does need to make something happen. They need to point a finger. They need to embarrass the bureaucrats in to fixing what is broke. Maybe this kind of act is the Right Thing.
So how does one pull this off? Make the run, collect evidence, find a reputable journalist (No... really) you can trust, and then anonymously dump the evidence in to their laps. Maybe drop it in to a couple journalists' laps just to make sure the story doesn't turtle at that point. When the story hits the papers, nod quietly at your civic duty done and hope that nobody can ever trace it back to you.
You do NOT use this as a vehicle for self-promotion.
Re:government (Score:2)
Re:government (Score:2, Insightful)
Re:government (Score:2)
Re:government (Score:2)
Well, duh. Do you really think you have a right to know, say, the operational plans of the 101st Airborne division? I'm all for transparency in government but you have to be reasonable. Does that mean in this case there's a reason for opaqueness? I surely do not know. But in some cases, there certainly is.
Just because it's "your" government doesn't mean you own the thing, for Pete's sake.
Re:government (Score:2)
Nope. Because a majority of the People have decided to allow the people they place in charge discretion in a few specific areas.
A majority of people feel that it's important to keep the identities of people in witness relocation programs secret.
You don't like it, grab a bullhorn and convince the Rest of Us why we should change.
They did the right thing (Score:4, Interesting)
I used to live near a couple military bases so I know it's not exactly geniouses running the place. But they are a very organized bunch and I would have expected a policy on passwords, and that in that culture it should be easy to enforce. Password crackers shouldn't work on the military. Someone who leaves a password of "password" or "administrator" on a computer should be dishonorably discharged at the very least. If any of those machines exposed sensitive data they should get at least a few years on a slab of concrete in Cuba.
The dirty little secret of the military is that sensitive information is a lot more important than classified stuff. Engineering data that was classified in 1950, that made it into every textbook by 1960, is still locked in a safe at night because it's too much work to declassify anything. The day to day functioning of the military tells any enemy everything they might care about and that never gets classified.
Hey even the top secret nuclear stuff doesn' really matter since the information to build a nuke was long ago published, and the high tech stuff the US and Russia have isn't of interest to anyone. It's already expensive to build a nuke that takes out Manhattan, building one that takes out the Jersey City in the same hit is just a waste of money. But what kind of gas masks are being packed for the attack on Iraq, well that could be useful.
Re:They did the right thing (Score:3, Interesting)
The basic problem is that effective security is hard, it can be easier to give the illusion of security. Hence ending up with locking technical data which is in the public domain up in a safe. Sometimes serious things get overlooked, e.g. the Japanese gathering data on where ships were at Pearl Harbour.
Hey even the top secret nuclear stuff doesn' really matter since the information to build a nuke was long ago published, and the high tech stuff the US and Russia have isn't of interest to anyone. It's already expensive to build a nuke that takes out Manhattan, building one that takes out the Jersey City in the same hit is just a waste of money.
I recall it being said that in the 70's there were something like a million people who knew or could work out the triggering details of a hydrogen bomb. Information which was at that time, and may still be, classified.
But what kind of gas masks are being packed for the attack on Iraq, well that could be useful.
As could the amounts of any type of supply to a war zone. How many gas masks gives an indication of how many soldiers might be involved.
Maybe they attended.... (Score:2, Funny)
Re:Maybe they attended.... (Score:2)
ObShamelessPlug: my journal [slashdot.org]
They went about it the wrong way.... (Score:2, Interesting)
1: Hack whatever.army.mil
2: Post anonomously to slashdot regarding army's computer problems.
3: Request "large_num" security agreement, else will release to usenet, BugTrac, Slashdot, many newspapers, magazines....
4: Release anyways.
Re:They went about it the wrong way.... (Score:5, Funny)
6: profit!
I'm sorry but ... (Score:2)
One thing you DON'T do is screw around with military computer systems and then publicize it.
These guys oughta get the death penalty for criminal stupidity accompanied by a posthumous (is there any other kind?) Darwin award
I did a security test this week (Score:4, Interesting)
This test really made me realise that there are plenty of crackers and criminals out there that are waiting for a chance to get into your PC.
The point I want to make is that, I'm sure those army computers have been accessed by crackers plenty of times before.
I don't see what the problem is... (Score:5, Funny)
Rent-a-cop company raided after beating up govenment officials
San Diego, CA
Officials at SecureTech expressed surprise over an early morning FBI raid. For the past few months, SecureTech had been waylaying public officials and beating them to a pulp. The raid came just hours after a Washington Post article mentioning the beatings.
Brent Clueless, SecureTech spokesperson, decried the search. "A few months ago, while installing video cameras in a local mini-mall, we realized that some government officials had woefully inadequate security. Some of them drove the same route home every day, and a few of them even left their front doors unlocked at night. By sneaking in and severely beating in their own houses, we hoped to draw attention to this problem and maybe gain some positive publicity for our security firm."
"We only continued the break-ins and beatings because we were surprised that it was so easy, and we were curious about just how much truly malicious people would be able to get away with, " Clueless continued.
Cheers
-b
What a bunch of fools (Score:2, Insightful)
One down (Score:2, Funny)
Run around saying "I have a bomb" at the airport while pointing around a squirt gun under your coat.
After that, urinate on an electric fence for a while.
Why is this even news? (Score:4, Interesting)
Look if you want the virtual world to be treated like the real world (privacy, source code = speech, etc) then you have to accept it works both ways. Breaking in electronically is the same as physically. It doesn't matter how "weak" the security is. Just because I can throw a brick through a window and rob a store, doesn't mean it is somehow the store's fault for having windows.
And sure I am concerned about military security. And it is disturbing someone could hack into it. But that doesn't give ForensicTec the right to go hacking it. I'm worried about airline security but I can't take it upon myself to see if I can get a gun through security.
Brian Ellenberger
Re:Why is this even news? (Score:2)
I think this is news because of ForensicTec's attitude. As the poster said: "What did they expect?" The problem is that there are quite of few people out there that see this activity as somehow different than breaking into the base and photocopying records, even though it's not.
Yes. However, not to lessen the severity of the issue, but I think you would find that the stuff that really needs to be protected, is really protected. From my reading of the article, they mostly got personnel records.
Security is a process, and it looks like the Army has quite a bit of "processing" to do.
Milalwi
"If they broke into the base..." (Score:3, Insightful)
Putting a file on a computer directly on the Internet is a far cry from putting a file in a locked file cabinet in a locked office in a secured building on a military base whose gates are protected by armed military personnel.
It much more like putting a file in a locked file cabinet in a public park.
-- Terry
Re:"If they broke into the base..." (Score:2)
This is more analogous to writing all the information in a big black marker on a white board in a locked room that has windows :-)
My 2 cents.
*shrugs* (Score:2)
On the other hand, if the Army didn't go after them, then that would send the wrong message to the public too.
ForensicTec made it painfully clear that our government should get off their asses and really impliment stronger security on their systems.
I mean damn, anyone with free software tools and a basic understanding of how to hack could have done this. The Army and other affected government facilities should be so lucky that ForensicTec was just curious, if it were another country doing this for profiling/spying/mounting an attack/sabotage, they'd be up shit creek without a paddle.
It's proof enough for me that the U.S. is more at risk then I previously thought. The amount of taxes taken each year from every citizen is alot, at least they could do is take the time to make sure their password isnt...um.."password" among other things.
I love my country, but it's embarassing to watch it do some of the things it does.
Well they (sort of) got what they wanted.... (Score:2)
Well they gots lots of exposure, not too sure about the positive part.
And from the mission statement on their website [forensictec.com]:
ForensicTec Solutions, Inc. intends to be the first name in computer forensics and network security. I think perhaps they left out listed as the defendant in a case brought by NASA and various military branches at the end of their mission statement?
Honeypots? (Score:2, Interesting)
Any chance?
Well, Army will not answer, of course ;)
This could amount to treason... (Score:2)
Hacking the govermnent's computers during time of war is monumentally stupid.
It's conceivable that because we are in a state of War, it might even be considered a treasonous (sp?) act.
It's pretty funny tho, the article quotes the gov't as saying if someone finds a vulnerability, they should report it.
Isn't that exactly what happened?
should have been more discerning (Score:2, Insightful)
It is not right that government/military computers were audited for security without express permission from the government.
ForensicTec was able to and *did* read sensitive information which they had no business in doing -- indeed they were not contracted by, and had no agreements with the government to do such a thing.
And it was an "audit" instead of an "attack" because obviously the company had no ill intent; otherwise they would not have gone public.
I speculate that the government probably already knew that such security problems could exist -- most organizations do. ForensicTec acted like a loose canon and did not help matters, but instead simply pointed out the obvious.
Immediately upon stumbling across the government computer network two months ago, ForensicTec should have obtained permission before attempting to "help".
Providing proof afterwards does not justify the means.
Let's hypothesize that ForensicTec did ask to perform a security audit in the first place, and the request was declined by the government. Well, in the words of president O'Keeffe, "We could have easily walked away from it,".
It was a self-serving stunt by ForensicTec for publicity purposes, and they dug themselves in too deep while hoping for the publicity (well, they got publicitly even though it's probably not the exact type they were looking for). The articles quotes: "get some positive exposure for themselves,".
I don't believe any penalty will be too harsh, and it will hopefully set a precedent for other companiess to take a more discerning approach to such a sensitive matter in the future.
I'm not saying that security holes shouldn't be researched when there looks to be a problem. But come on ... it can be done in a much better way than ForensicTec handled it. The government can't be blamed for taking exception to the method.
In the aftermath of ForensicTec (Score:2)
Silly People... (Score:2)
The government is run by ostriches! (Score:2)
They broke rule number two (Score:2)
You do not talk about hacking dot-MIL
Rule number two of hacking
YOU DO NOT TALK ABOUT HACKING DOT-MIL!
But then, they also broke rule number zero:
Anyone with half-a-brain stays the FSCK away from dot-MIL.
Funny thing though, I once did an ordinary google search that returned a page that I think was supposed to be internal use only, if not actually classified. It listed the current location of a warship. Hmm, I can't recall if it was when we first sent ships over by Afghanistan, or back during Desertstorm.
-
Re:They broke rule number two (Score:2)
Shhhh! Don't tell anyone, but my ping times are negative.
-
These are not bad guys (Score:2)
While maybe these guys should have approached this exploit differently, the fact is that they meant no harm in their actions and in fact have probably done us all a service by exposing, without exploiting (except perhaps for some cheap publicity), somebody else's fuckup in the US ARMY.
Does anyone really believe that any greater good is served by pursuing criminal sanctions against these guys?
My Question (Score:2)
Too greedy? (Score:2)
I think these guys got too greedy. They went public in the hopes that they'll get noticed and jump straight to "Step 3. Profit!!".
I hope they learn their lessons.
Re:Not so fast... (Score:4, Informative)
The story clearly stated that these people are newbs in the security field. Not someone I want protecting the security of computers belonging to the armed forces.
Additionally, they went about this the wrong way. The right way would have been to contact a responsible party and professionally report the issues they found, not grab a bunch of stuff and call a news team. I know that based on their actions, I wouldn't hire them.
That's just me. I choose to work with professionals.
Re:Need some advice guys! :o( (Score:2)
If you think it's sad that it's Friday night and you're on
I personally couldn't give a shit. I spend all weekends in browsing the internet, watching anime, masturbating excessively and playing computer games. Now society will tell me that I don't have a life- but I say that society is a bunch of dumb-fucks and I know what I enjoy.
graspee
disarmingly honest since 1862
Re:Authorization? (Score:3, Troll)
An unlocked door does NOT imply a "big honking sign that says 'enter'". If you walk in my house uninvited, whether I leave the door wide-ass open or not, you are still risking my blowing your head off.
Re:Authorization? (Score:2)
This got rated Informative?
Yikes, we've got paranoid moderators...
Re:Authorization? (Score:2)
Re:Authorization? (Score:2, Insightful)
Re:What is wrong with you all? (Score:5, Insightful)
It *is* like breaking into someone's house, going through their papers and files, then telling the local newspaper that this particular house has a crappy lock that's easy to break into.
Can you justify that?
As for whether "every" group that hates the US has already broken into Army computers, I wouldn't speculate on that. I would say, though, that these folks sure helped anyone who hasn't done so already pick an easy target. How patriotic, eh?
Yes, it could have been worse. However, what they did was 1) illegal (isn't everything these days?), 2) stupid, and 3) amateur. You can almost always get away with one out of those three. Often with two out of the three. Go for three out of three, though, and you're going to see some trouble.
-b
Re:What is wrong with you all? (Score:2)
My God! You don't see any difference between computers connected to a public network and papers locked behind people's closed doors?
But even if I were to allow your point, that would be a privacy violation. The issue here isn't a privacy violation. The issue is illegal hacking. We are being very stupid, not them, if we want these kinds of actions classified as illegal hacking.
As for this company being stupid--I see them as whistleblowers, not stupid. It's dangerous to be a whistleblower, but it is damn moral.
Re:What is wrong with you all? (Score:2, Interesting)
No, they were not breaking into someone's house. They were walking into an open unguarded government office, and picking up some confidential documents lying on the desk. I believe that confidential documents are traditionally behind locked doors and guards to keep such a thing from happening.
Can you justify that?.
How can you argue that it is acceptable to leave confidential document in an unlocked, unguarded office for anyone to take. Do you live in the real world where confidential documents are securely stored, or in la la land where everyone is trusted to follow the rules?
In this case, the government has not fulfilled their mandate to guard the security of the U.S. and it's citizens. A Citizen of the U.S. discovered this, and went to the press. Citizens of the U.S. have that right.
The Government also has the right to find some way to punishing these citizens for exposing Government incompetence. A cynic would say that was to expected. A more rational person would hope his or her government would spend some time trying to solve the problem instead of engaging in a cover-up. This is especially true as we are suppose to protect whistle blowers to ferret out corruption, although I realize the Bush administration is intent on hiding behind homeland security. [aclu.org]
I certainly am not saying that what these people did was strictly legal, but I would hope the U.S. government would take security a bit more seriously. I understand it is a learning curve.
Re:What is wrong with you all? (Score:2)
Which is still tresspassing and is still illegal. Just because the fence isnt very high, and the doors are unlocked doesn't mean you are allowed to enter and shuffle through their stuff.
There are alltogether too many people claiming that the 'online world' is different than the physical world, and should have different rules, laws and regulations. I believe this to be a bunch of bull. While there are a few paradigm changes the basics of freedom, privacy, and reasonable security still apply. The laws that exist currently should be smartly applied to online cases and only when they are found to be severely lacking should we consider new/different rules.
In most cases this is not needed. Trespassing laws (using their equipment w/o their permission for one) should neatly tie this case up.
Even if you did leave your front door open others are still liable for charges if they choose to enter your property without your permission.
-Adam
Re:What is wrong with you all? (Score:2)
Exactly how? Are they sending Al Qaeda (generic term for terrorism these days) information on how to get in, are they sending them some information they gathered?
I can only see these break-in that go into the newspapers as way to make sure the right people know they ARE vulnerable, and that you don't need much resources or reserach (no nukes, just an internet link) to do it.
It's a BIG WARN letter. You may not like it, but it's a gift from god these breaking come from these nerds and not from actual terrorists. You will disagree for sure, i just want to express that I do not understand your point of view.
Re:What is wrong with you all? (Score:2)
actually its a little different, because they sat at a computer terminal far away, they didn't get shot.
You can bet your butt there will be a calling out onto the carpet for those system admins.
Patriotism, the last refuge of scoundrels (Score:2)
I'm sorry, but since when are the two mutually exclusive?
Ever heard of Congress? Certain highest-ranking members of the Executive branch? =)
Re:hmm (Score:2)
Um, if they were so altruistic -- patriotic, evem -- then why didn't they tell the Army, rather than blabbing it on a public forum? I mean, yay for accountability and the holding of incompetent feet to the fire. But now you gotta pay the cost of your civic virtue...
Re:hmm (Score:2)
As soon as you open the floodgates for "white hat" hackers to help you, a) it becomes much more difficult to discern between "good" and "bad" traffic (meaning some people would be out to help you, some would be out to hurt you) and b) it would bring much more attention to hacking your network in general. I don't know about you, but I'd rather have 100(arbitrary) people trying to hack our government than 1 million people trying to hack our government -- the chance for success is much greater (yes, those numbers are made up and exaggerated).
The only time I can see something like this being effective is when the system being attacked is either a honeypot (see above) or
-kwishot
Yes, it is.... (Score:5, Informative)
Classified documents are NOT supposed to be on machines exposed to the Internet- PERIOD. Machines of that nature are not considered to be at a trust level sufficient for those sorts of things. Forget the security of the machines; the security of classified documents is supposed to be much higher than this appears to have been handled.
Re:Probably confiscated every computer (Score:2)
But an incident like this can take down the whole company. Where is the justice in that?
IDRTA, but I believe it was the Company that issued the press release, not invidual people who happened to work for the company. One of the downsides that comes with the privilege of incorporation is the ability to do things *as an entity*. If "the Company" does something, then it's "the Company" that will suffer for it.
Re:Simple theory + a suggestion (Score:2, Insightful)
No, the last thing they need is Al Queda sympathizers accessing their systems. If the portscanners point out that their systems are susceptible, they should *fix* them.