US Busts Military Network Hacker 466
yorgasor writes " KATU has an article announcing the case of a mysterious hacker who has broken into roughly 100 military networks has been solved. The hacker is a British citizen and authorities were considering extradition for the case. Although no networks containing classified information were compromised, they do consider the hacker to be a professional rather than recreational due to the large number of networks he hacked."
zerg (Score:5, Funny)
Re:zerg (Score:2, Funny)
Re:zerg (Score:5, Funny)
Re:zerg (Score:2, Funny)
What did he exactly get into? (Score:2)
couldn't have been anything THAT serious
Any military insiders/Brit HaX0rs care to describe some US Military systems?
Re:What did he exactly get into? (Score:3, Interesting)
Tracer
USMC
Not Commanding
Re:What did he exactly get into? (Score:3, Interesting)
Want to know why? Do a google search on SIPRNET.
There's a nice, safe air-gap between your local Internet connection and anything "THAT" serious on military networks.
Re:What did he exactly get into? (Score:2, Interesting)
yeah, until some yahoo with clearance takes his personal laptop and plugs it into SIPRNET. And yes, it has happened. I think Bruce Schneier mentioned dumb stuff like this in a cryptopane issue...
Re:What did he exactly get into? (Score:4, Interesting)
Of course there is a safe-air gap, but unless every machine allowed to connect to those networks is physically locked down, every IO port disabled, and every removable media drive locked with a physical device, you're going to have people downloading sensitive material and moving it on to unsecured networks.
Granted it's been a few years, but I have seen young underpaid geeks walk up to such systems wearing paper badges with "NO CLEARANCE" stamped in red ink on them, and proceed to insert floppy disks into said systems in order to defragment drives or install drivers.
A chain is only as strong as its weakest link.
Re:What did he exactly get into? (Score:4, Interesting)
It makes me sick.
Re:What did he exactly get into? (Score:2, Interesting)
However, there are some non-MS systems in use, including some unix variants. Geeks are geeks, military or not... they need something to play with.
I'm not a systems guy, just a geek in an allied field. I have not even attempted to look around our network for one main reason: Even looking will get you a visit from the OSI, or some other type of spook... not fun. I would rather not be doing my job in a federal prison complex somewhere.
I always rap with the systems types when they come around to reimage a system or some other support task. They were NOT supportive when I was discussing the feasibility of running NMAP behind the firewall. Nice guys though...
100 penetrations later... (Score:3, Insightful)
They probably had to bait and switch to catch him...
Re:100 penetrations later... (Score:2, Funny)
Re:100 penetrations later... (Score:3, Funny)
Re:100 penetrations later... (Score:3, Insightful)
British Hacker ... (Score:3, Interesting)
Obviously a pro, anyone who bats higher than 100 hacks is destined for the pros. Is there sponsorship for this wonderful sport of hacking?
Re:British Hacker ... (Score:2)
Re:British Hacker ... (Score:5, Funny)
By George (Score:2, Funny)
Re:By George (Score:4, Funny)
Just be thankful that the geniuses at MIT invented the elasticated waist and made America safe for Truth, Justice and the Chicken Parm Sub.
That guy kicked the military's a$$ (Score:5, Insightful)
Re:That guy kicked the military's a$$ (Score:3, Interesting)
I'm pretty sure this guy has gathered a lot confidential information(aka profitable) this way.
Re:That guy kicked the military's a$$ (Score:4, Insightful)
Re:That guy kicked the military's a$$ (Score:3, Insightful)
True, but as a practical matter, I'd say that NAT has improved security in general. NAT requires a connection-tracking firewall to work. So it means many people have them who wouldn't otherwise. And it enforces a specific good practice in setting up the firewall: no incoming connections to any of the internal hosts unless you explicitly configure them. Nothing people couldn't get otherwise, but something they probably wouldn't get otherwise.
There is one thing it adds over a properly-configured firewall: hiding information about how many computers you have, which one opened a connection, etc. You might or might not consider that information sensitive.
Re:That guy kicked the military's a$$ (Score:4, Interesting)
I work for a company that's cooperating with the FBI in a particular financial investigation. They know exactly who the bad guy is: name, address, MO, everything. They've known for a while, they're just waiting to gather more evidence, and are probably hoping the bad guy will lead them to more bad guys...
Keep in mind also the potential difficulty of getting foreign ISPs and LE agencies to cooperate. Even if they're willing, that kind of organization is *very* difficult, when there aren't pre-existing lines of communication, procedures, etc.
Re:That guy kicked the military's a$$ (Score:3, Insightful)
Re:That guy kicked the military's a$$ (Score:4, Interesting)
Actually, no, they are probably more secure. The average military base takes hundreds, thousands of unauthorized hits every day, simply for being what they are. A fat juicy target. Far more than the average corporate network.
My last base, Langley AFB, was a HUGE target. ACC headquarters, and also a bit of name confusion (people were thinking CIA HQ in Langley, VA). We had a special team set up, whose only function was to ward off intrusion attempts, and DoS attacks. For a couple of week stretch once, we were getting 10's of thousands of spurious emails per day. I believe someone got busted behind that too.
Professional Hacker? (Score:5, Funny)
Dental plan = null&void (Score:2)
Re:Professional Hacker? (Score:5, Funny)
Best 401K around, you invest all the 'half cents' that are left over from other transactions.
Better link (Score:4, Informative)
http://story.news.yahoo.com/news?tmpl=story&u=/ap
100 Sites? (Score:5, Insightful)
Anybody have any good stories of catching elusive hackers, or insights into how they might have got him?
Re:100 Sites? (Score:2, Informative)
Thus it should be easier to figure out where you are from after 100 than it is with 1.
This is also true with reality attacks.
eg. For recent news the Washington Sniper as he shot at more and more people more and more information can be gathered making it easier and easier to figure out who he is.
Re:100 Sites? (Score:5, Insightful)
Same with the snipers- the police can hardly claim to have beaten them. (the number of bodies they left behind made it a phyrric victory at best). A professional assasin would've killed his target, got out, and collected his paycheck.
So far we can barely defend ourselves from recreation "hackers" and gunmen. If some real terrorist group starts funding some, it will be much much worse.
Re:100 Sites? (Score:3, Insightful)
Yes and no. Mostly yes -- a professional assassin is typically hired to kill a specific target. A true mercenary does the job purely for financial gain, not for ideological purposes, and so the motivation to escape is obviously high.
But what if your aim is to instill fear? Suicide bombers don't care about getting out; they want to take as many with them as possible. Similarly, I wouldn't be surprised if we discover the motivation for the snipers was to instill as much fear as possible in the American population. To that end, it was a big success -- no apparent link between the targets, which meant anyone could be next, and they just kept on going day after day with no-one having a clue who they were.
So, the lesson is that, while professional is usually taken to mean that one gets paid for the task, that's not the only definition. It can refer to someone who performs a task to high standards and with a certain degree of expertise (look it up on Merriam-Webster [m-w.com]).
(Oh, and it's Pyrrhic, not phyrric. Even without the correct spelling, it still refers to Pyrrhus, so you should at least capitalize it as a proper noun. Classical education ain't what it were.)
Re:100 Sites? (Score:4, Interesting)
NO! NO! don't mod me! I'm too young to die a troll. {click} Oh the pain, the pain...
Watch to see their target... (Score:5, Insightful)
Re:100 Sites? (Score:5, Informative)
The Cuckoo's Egg by Clifford Stoll is an engaging story of a grad student assigned to track down a 75 cent discrepency in computing resources. He eventually uncovers a ring of crackers working out of Germany for the KGB.
Read a review [ercb.com]
Re:100 Sites? (Score:3, Funny)
Actually, he cracked one site consisting of a 100 node beowolf cluster. Imagine ... his surprise when he got caught.
This post broght to you by the laws of physics.
Re:100 Sites? (Score:5, Interesting)
Just because they haven't come for you, doesn't mean they don't know.
Generally, law enforcement (usually with organized crime or the white-collar variety) will track a suspect for a while, gathering evidence. You'd be amazed at the truckload of intelligence data amassed during a large narcotics investigation. (I never worked computer crimes).
The point is, why bust the guy after the first "penetration" so he gets probation? If you feel he's a threat, then you wait, let him continue to add to the charges, then pop him and put him away for a long stretch. They probably "had him" long before they busted him.
note: anyone cracking US government networks, either has an agenda or is incredibly self-destructive.
Re:100 Sites? (Score:2)
The key here is that he broke into "unclassified" sites. These sites can often be adminstrated by people who are just learning how to use a computer. Well, I currently work at an unclassified site and it sure feels that way around here. Unclassified sites often will not even have a properly functioning firewall.
It sounds much more impressive than the actual task really would have been. The real trick is to learn about the sites. My site (for instance) doesn't even really think about computer related security... there's nothing here anyone would want anyhow.
Now the trick is, you break into a horde of "unclassified" sites and hope you caught one that is going to go "classified" then you have a backdoor into a classified network. But, even this wouldn't get you anything truly juicy.
The really good stuff is kept on an isolated network and even the cat 5 wires have to be kept a minimum of six inches from any other electronic devices not on that network. So, if you want the real stuff you have to cross an "air-gap" and I don't know of any networking protocol that can do that.
This fits here.. (Score:5, Funny)
At least quote it right! (Score:2, Insightful)
Extradition (Score:3, Interesting)
Re:Extradition (Score:3, Informative)
Is it just me... (Score:4, Insightful)
Why not just extradite them? The US has a extrdition treaty with Russia I'm sure. Now I'm not saying that arresting them was "wrong", but why resort to deceptive law enforcement tactics like this?
Re:Is it just me... (Score:2)
You mean, you don't read slashdot? [slashdot.org]
Re:Is it just me... (Score:2)
BTW, luring criminals that way isn't "dirty". As far as I knw, it's fairly common. I've read of local police forces doing something similar to herd together folks who have skipped out on their child support payments.
Extradition treaty, nyet (Score:2)
There's no problem with deceptive law enforcement so long as it is not entrapment or go so far as to violate the constitution. For many types of crime it is the only practical way to get a collar. It depend son the circumstances. One of my favorites were a bunch of guys who owed child support; the cops had arrest warrants and called them all to tell them they'd won the lottery and all they had to do was claim the prize. It was a slaughter....
Interestingly, some countries are unwilling to extradite to the U.S., Russia, or other countries that practice capital punishment. This is a background issue re 9/11 prosecutions.
Re:Is it just me... (Score:3, Insightful)
Stings like this are done all the time within our own country. Creating a "new" crime that has a well-documented beginning and arrest becomes a more solid conviction. Proof of activity across the Internet by multiple people at undocumented times leads to reasonable doubt in the minds of jurors.
Punish those responsible... (Score:5, Insightful)
Ok, don't be that harsh on them. Scare em a little, then let the go with a warning. But national western militaries cannot continue to run their networks like this. It's dangerously irresponsible.
For a national military to assume they can use police arrests (force of arms) to secure their networks is folly. Armed force only works against attacks that are perpetrated from inside your range of military dominance. For the US that's a big area, but there's still many places where they can neither call in a SWAT team, nor direct an unmanned plane to assasinate the target.
If this fellow had been a professional (earning money from these hacks), then he'd be living in a secret compound provided by his employers in Iraq/Korea/China. True, the internet bandwidth isn't that great there, but a good hacker doesn't need it. He can just compromise some broadband PCs in the US or UK (possibly with the help of an agent on scene- a retailer who sells trojaned machines for instance) and use that to leapfrog to the real targets.
(If this guy was any good, we'll find out that this British suspect was just a patsy)
One big argument against more stringent computer-crime laws in the US is that they permit businesses and the military to postpone installing real network security. Why bother defending yourself, if the FBI just busts the punks for you?
This sets us up for disaster in 20 years, when the economy really needs the internet to survive day-to-day, and China has caught up to our 2005-era connectivity levels. If President Bush the 3rd angers China and they set 200 top computer professionals at making mischief, the damage could be real.
("Vaccinate now! Free Heckenkamp")
Re:Punish those responsible... (Score:5, Insightful)
Hear me out here. The people running these systems (from my ex-air force perspective) are between kids out of high school (Airmen) and 20-sometings that have been doing military computer stuff since high school (NCOs). All they know is what the military trained them to do. Guess who decides what to train them in? NCOs and Officers. That's for the military people. There are civilians too, usually retired military. They all have to abide by policies set out by the DOD which are something short sited and not very well thought out. They also leave very little room to impliment no ideas and take care of important problems right away.
The best and the brightest who can actually secure a system don't go into the military. When they do, they're ignored because they're 'young' and have no 'experience'. I fell in the later catagory. There's nothing like the feeling of fixing somebody else's screw up (usually a contractor) and 30 minutes later be taking out the trash or doing some other degrading duty. Needless to say I got out and now make alot more money with alot less hassle, have a boss who listens to me (mostly), and can actually advance in the company and my career without having to wait X number of years and take a test on things that have nothing to do with my job.
Anyway, without going off topic. You can't blame these guys, most of them don't have a clue, those with a clue have their hands tied by stupid policies.
If you want to blame somebody, blame the high ranking Officers, they make the policies and the training programs that made this happen. Of course, that would never happen, some poor Airmen or overworked NCO will get railroaded.
Oh well, I'm free and clear now. At least I got a jump start on life and some free college out of the deal.
Re:Punish those responsible... (Score:4, Informative)
Well-said!
I'll add--the reason this guy didn't get into any classified information is because the military doesn't store classified information on the NIPRNet, that is, Unclassified but sensitive Internet Protocol Router Network. This NIPRNet is the Internet that DARPA originally developed and that everyone here uses today. Classified information is transmitted only along a SIPRNet, or Secret Internet Protocol Router Network, which is not actually connected to the public Internet.
Releasing or altering classified information would almost certainly require physical access to one of the computers that's already linked to the military SIPRNet. If the rest of the computers across the military are protected in similar fashion to the ones where I work--behind a foot-thick wall of steel with armed guards stationed at the entrances--I feel pretty good about the security of our classified information networks.
Re:Punish those responsible... (Score:2)
That doesn't mean that there isn't a lot of profitable data on the connected network. My pops works for a company that does about 80% of its business with the military. I'm sure that if the Brit got one of their proposals off a network share, there's a rival firm with a slimy exec out there who'll buy it to undercut the contract.
That seems a lot more likely than him selling troop movements and materials checklists to the Iraqis. Also seems that they'd be willing to track this activity long enough to make a strong criminal case rather than simply disappear you.
Re:Punish those responsible... (Score:4, Insightful)
No actually, if this guy is any good we won't find out that this Brit is just a facade...
Kinda OT (Score:5, Interesting)
Closed Source
Admin'd by a Private Buisiness
Secured by Microsoft
Run by volunteers at each polling place.
Kinda makes you wonder if you really did/will vote, eh?
If this guy does get extradited to the US, I bet he'll be working for someone in a five-sided building real soon.
Re:Kinda OT (Score:5, Funny)
Re:Kinda OT (Score:5, Insightful)
The voting machines, on the other hand, aren't connected to the internet - they save the votes onto removable cards (compactflash cards, IIRC) that get taken (under guard) to a location where they're all downloaded and the results determined.
They're two completely different problems.
Re:Kinda OT (Score:2, Funny)
Alternatively you could just take it out of the computer.
Re:Kinda OT (Score:3, Interesting)
Makes me wonder... (Score:5, Insightful)
I say throw these guys some more computers and some fat internet pipe and ask them to find all the vulnerabilities in the system.They are obviously good probably too good, but why waste their talent and energy. I say focus it in the right direction. The more you find these kind of guys, the more they'll spring in the horizon.
Re:Makes me wonder... (Score:2)
But you are also forgetting the point that he eluded the govt for about 100 times. That is good enough. And believe me if you can elude feds for that long you are good. We are not talking script kiddies, serious crackers.
Security (Score:5, Insightful)
I'm sure there could otherwise be some very unfunny security breaches. Even our allies (even the British?!?) spy on us. Some leaks like the Pentagon Papers may be a good thing, but I digress.
(Um, also, could
Re:Security (Score:5, Informative)
Yes, there are several distinct levels of classification (the main ones being Unclassfied, Confidential, Secret, Top Secret, and SCI). Almost anything of any importance at all is classified at the Secret level, and kept on the SIPRnet (Secure Internet Protocol Network), the secret-classified general purpose network. The SIPRnet is a completely seperate WAN connected through highly encrypted circuits. There are also other networks that coorospond to higher levels of classification for different purposes, but there are no "general purpose" networks such as those.
The key thing to remember, though, is that there is something called "information segmentation" which means that while a whole of something may be classified, its parts may not be. For example, lets say you're building a missle. The missle itself is classified, but the specifics of its guidance system, or propulsion unit, or manuvering system are not, as long as they are not put together in the context of a missle. That way, you can have scientists, techs, or mechanics work on parts at an unclassified pay-rate, and not have to pay more for someone that's cleared. Same thing goes for troop movements, ship schedules, etc. etc.
This is where network security becomes paramount. Someone that has access to various file servers at different locations, may be able to put the pieces together and get the bigger, far more important picture together.
Re:Security (Score:5, Informative)
The key thing to remember, though, is that there is something called "information segmentation" which means that while a whole of something may be classified, its parts may not be.
You left out the key acronym here: EEFI, or Essential Elements of Friendly Information.
"Taken separately, EEFI in themselves _are not_ necessarily classified; that is, there will be participating forces or organizations in a field exercise that are not in themselves classified information. However, specific answers to validly formulated EEFI are generally classified responses..." link [fas.org]
Re:Security (Score:4, Insightful)
A host of human errors can lead to someone accidentally violating his clearance and bringing classified content onto an unsecure system. It happens, and if enemy "hackers" get more sophisticated, it could be a problem. Suppose one of the big-spreading viruses decides that instead of crashing 1000s of machines, it'll just quietly install a little file-watcher and start to pattern-match against the regular spook keywords: "Telex codes Arnett HAMASMOIS Ron Brown LABLINK 22nd SAS White House threat high security lynch IRA terrorism", transmitting any file with multiple matches back to its home base?
Unlikely, but lets rely on more than luck to protect us.
(Hey, one good start could be forbidding Classified data to be stored in Microsoft file formats... yeah... Classified Word(tm) documents are just begging for trouble)
AP story... (Score:5, Insightful)
Terrorist (Score:4, Insightful)
Yeah.. that terrorist definition is very selective (Score:3, Insightful)
Since a US-Iraqi war is brewing, you hear about it both ways, only differently.
If it's the USA, it's called "Sending in the marines to assist or execute surgical warfare."
If it's Iraq, it's called "Smuggling in terrorists to aid or commit acts of terror."
I don't mean to say they're exactly the same thing either, but there's a few more shades of gray than black or white. Of course, since I'm telling you this, I must be:
Propaganda Minister
Axis of Evil
Just a matter of time before (Score:2)
hmmm. (Score:5, Interesting)
I was watching this discovery channel documentary and there was this military type, jar-head cyber guard guy. He was standing there talking about how they monitor all the traffic on their networks, and keep a close eye out for any signatures of attack.
He was stressing how secret they keep all their information about their networks - that they dont let anyone know even their IP sets assigned to different networks, and that this information could help an attacker find out the machines they would need to attack.
The whole time he was talking about this - he was standing in front of a bunch of monitors, and the ones to the left of him was scrolling some sort of log and it was showing IPs to hostname mappings and some traceroutes as well. They were all in the really low IPs - and their hostnames were all
and i do not think it was something that was done on purpose and made to look like an accident. Not by the way these people were acting.
especially since they avoided filming any of the screens that people were working on.
So I am not too surprised.
sanitized bet on it.... (Score:3, Interesting)
"professional" (Score:5, Insightful)
Sleeping with a lot of men/women makes someone a slut; it requires getting paid for it to be considered a professional.
Re:"professional" (Score:3, Insightful)
I believe there was a related debate on a recent Slashdot poll involving programming, where two of the options were "Professional" and "Open Source". This was a poor choice of words, since the two are not mutually exclusive.
If you do it a lot, you're a "professional" (Score:5, Funny)
Wow, I guess I'm a professional
Re:If you do it a lot, you're a "professional" (Score:3, Funny)
The bad news is that you only get paid with Karma.
The good news is that is may be more valueable than VA's stock.
Another re-write of the language? (Score:4, Informative)
Either this person was making his money from this (which I doubt) or this is another case of "they don't know the what they are saying".
Just like the abuse of the words "theft" and "pirate" in relation to software when no one is permenantly deprived of anything.
These terms are being misused, not out of ignorance (although the ignorance is obvious) but out of a desire to create a false impression and make the crime seem worse than it is.
Extradition? (Score:4, Insightful)
Basically what he did was sit at a keyboard typing and looking at a screen in, presumably, the UK. At what point was the crime committed? When he hit the return key, or when he viewed the resulting data? I would suggest that is the case, and any prosecution should take place in the UK - there is plenty of existing legislation.
I am sure that someone will start bleating on about the theft of CPU cycles, or whatever. But this is extremely abstract. If the sites were non-secure, then presumably they had public access. If we are going to pass laws that people can only view websites as the designer intended, it may suit the kind of Government idiots that once threatened someone with prosecution for telling them they had an open SQL port with anonymous login on a military server, but is hardly going to promote good design (or be enforceable).
This is exactly the kind of case that makes the notion of a World Court reasonable. But I can just imagine his lawyers going to the EU Courts to argue that (a) the US is refusing to allow its citizens to be subject to the ICC, thus demonstrating that US law is not even-handed, (b) in the present climate of hysteria he could in any case not get a fair trial, (c) that US law is in conflict with EU human rights legislation.
It seems to me we have more to fear from the kind of idiots that go in for the kneejerk "This guy looked at a Govt. site! He is a terrorist!" reaction. The word for them is Stalinists, and the last thing we want is for the delightful security and political policies of the former Soviet Union to gain a foothold in the Republican Party.
Re:Extradition? - ICC (Score:4, Interesting)
The present US govt. will not allow the extradition of US citizens by the ICC for the most serious crimes, war crimes, mass murder etc. So why should anyone allow extradition to the US for lesser crimes committed outside its jurisdiction? Either the Bush government recognises that all states and citizens have legitimate cross-border security interests, or it doesn't. At the moment, it recognises them in a very one-sided way (You can prosecute Milosevic, but not Kissinger.) It also has a habit of tearing up international treaties. So why should other states recognise treaties with the US? This is a no-brainer. If Bush wants to be isolationist, fine. If he wants to be internationalist, better. But saying "I can be isolationist in my interests but internationalist when I want something from you" - Tony Soprano government.
What is a Professional Hacker? (Score:3, Funny)
Q: How can you tell a professional hacker has hacked into your network?
A: You can't. That's why he's a professional.
What frightens me most.. (Score:4, Funny)
Oh well...
Of course he didn't get to any classified info (Score:3, Insightful)
I love it when some U.S. gov't computer getting hacked makes headlines....The most sensitive info a hacker could ever get would be HR type info.
Echelon (Score:4, Insightful)
The US Military want to prosecute somebody for doing something they've been doing [echelonwatch.org] for years ?
They just released his name - Gary McKinnon (Score:3, Informative)
Re:Why must we persist in... (Score:2)
Re:Why must we persist in... (Score:2, Insightful)
Give it up. This one has been lost, just like split inifinitives or latin plurals. Why must we persist in calling fora forums?
Guess you just have to accept that the word 'hacker' now has more than one meaning, it happens to words sometimes. One of them is a synonym of 'cracker,' the other(s) is(are) something quite else.
Re:Why must we persist in... (Score:4, Interesting)
Because it's gauranteed to elicit responses like yours, followed by more page views, followed by more ad revenue. Frankly, I'm surprised I had to scroll this far down to read this post, which I anticipated as soon as I read the headline.
Do you think the /. editors aren't aware of this little linguistic duel? This, BTW, is also the same reason they don't really care about polishing the stories, and may in fact be intentionally putting little grammar and spelling gaffes into them--more page views, more ad revenue. I put forth that theory many posts ago; though I don't claim to be the originator of it.
At any rate, "cracker" is already reserved for crazy people, a racial slur used against Whites by Blacks, and most commonly a crunchy snack food. Overloading it any further just didn't make sense. Hacker can be used exclusively for those who break into computers as far as I'm concerned. We already have many thesaurus entries with less sinister connotations: geek, nerd, guru, and hobbiest, all of which may be modified with "computer" as an adjective when the context is unclear (which it usually isn't). Speaking of context, when modified with the name of something (e.g., Linux hacker, assembly hacker) the word regains its positive connotation; but you still need to be careful when using it in the company of laymen.
At any rate, I seem to recall a time when the /. editors were on the side of the purists; but that time has passed. Some may choose to look back to a time before /. "sold out". I prefer to think that the battle is over and the "cracker" advocates lost.
However, I will give you guys something in your favor. Use of the term "safe cracker" persists so we have introduced yet another context-sensitive rule into the English language, making it that much harder for people to learn the language.
Could it be simply that "computer cracker" is too aliterative and just doesn't sound right? Also, a safe cracker may literally have to crack (break) something to get in, whereas a hacker (a good one anyway) usually doesn't break anything.
Re:Hacker (Score:2, Funny)
Don't you mean "GNU/Linux hippie freak"
Re:This is not 'hacking' (Score:5, Informative)
No, it isn't. Terrorism is the use of violence and/or threats to frighten a civilian population, to coerce or punish them.
Re:This is not 'hacking' (Score:2, Funny)
Re:This is not 'hacking' (Score:4, Insightful)
They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.
Would breaking into British Military also be terrorism? How about Iraq?
There is a difference between breaking into a companies network out of curiosity and breaking into a millitary network. At worst, it could be considered an act of war from the country where the hacker originated against the country that was hacked. This would be bad for britain as they are totally dependant on America for support and are controlled by America's millitary policy.
Britian is dependent on the US? Tony Blair certainly is Bush's Yes Man, but I wouldn't go so far as to say that they are dependent on us, or controlled by our policy.
100 successful hacks is quite impressive, and it's good to see that America's war on terrorism is paying off and this man was caught before he could have caused serious damage to the western world.
Yes. The war on terrorism is paying off, just like the war on drugs. We prevented this guy from breaking into *every* military network, just like we've taught kids to 'Just Say No' and quelled the importation of millions of dollars of coke and dope.
Thank you Geoilrge Bush, and God Bless Amerika!
Yes, I know, IHBT,IHL,HAND - I just wanted to practice my italics and paragraph tags.
Re:This is not 'hacking' Haiku for ACs (Score:2)
It's true that.... (Score:2, Interesting)
Seriously, I would not argue that Britain is totally dependent on the U.S., and certainly not control by our military policy (they can defend themselves against, um, the French?). It just looks that way because they're the only ones (the gov't anyway) who agree with the U.S. half the time on international issues.
Flamebait?!? (Score:2)
Re:This is not 'hacking' (Score:5, Funny)
Re:This is not 'hacking' (Score:3, Interesting)
Wow, that's a pretty extreme definition of terrorism.
There is a difference between breaking into a companies network out of curiosity and breaking into a millitary network.
hmmm... Are you saying that morality can be judged as a function of whether or not a particular act is committed against the state or a private company? I agree that if info. had been stolen that it would be a very bad thing, but since nothing broken into was classified ??? I'm not sure we know that he did anything other than make some web/sys admins look bad.
I can tell you right now I would not be amused if someone hacked into my systems because they were curious. I wouldn't take any legal action unless someone actually took intellectual property, but I'd probably 'hack' my sysadmin a new one!
All of that being said, I say hang him upside-down for 20 years and then turn him rightside-up for another 20.
porn*! - hanging upside-down for almost 20 minutes now!
Re:This is not 'hacking' (Score:5, Insightful)
The term "terrorist" has certainly been overused in the past year or so, but what many people don't realize is that it actually has a strict legal definition. (Well, actually several strict legal definitions, depending on the jurisdiction you're paying attention to at the time.)
Way back in 1937, the League of Nations defined terrorism as, "All criminal acts directed against a State and intended or calculated to create a state of terror in the minds of particular persons or a group of persons or the general public." So under that definition, an act is terrorism only if it's specifically intended to create a state of terror. September 11, yes. This guy, no.
In 1999, the UN defined terrorism this way: "Reiterates that criminal acts intended or calculated to provoke a state of terror in the general public, a group of persons or particular persons for political purposes are in any circumstance unjustifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic, religious or other nature that may be invoked to justify them." So here to we have the idea that the act must be specifically intended to invoke a feeling of terror. So by that definition, too, this incident is not terrorism.
The USDOD defines terrorism to be, "The calculated use of violence or the threat of violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological." Once again we have the idea that the act must be calculated to cause fear. If an act merely incidentally causes fear or terror, it's not strictly terrorism.
Since 9/11, laws have sprung up in several US jurisdictions making it a crime to plan, enact, or carry out any act designed to produce a fear response in the population. In fact, the DC sniper suspects are being indicted in Maryland under just such a law. But all of these also have the same basic thread: that the act must have been done with the specific and deliberate intent of causing fear.
So no, what this loser did isn't technically terrorism.
At worst, it could be considered an act of war from the country where the hacker originated against the country that was hacked.
Not really. In order to make the leap from crime to act of war, there has to be an element of direct or indirect state sponsorship. An individual acting on his own to carry out a criminal act-- even a horrible or devastating one-- in another country does not automatically constitute an act of war. But if another government sponsors the act, that's a different story. The basic idea here is that war is a state of armed conflict between nations, not between groups or individuals. Rhetorical shorthand aside, the United States could never be in a state of war against al Qaeda, or against Osama bin Laden personally. The concept of war can't be applied to those sorts of conflicts in any meaningful way.
Re:This is not 'hacking' (Score:5, Interesting)
No, it is not. Terrorism is the use of terror tactics against a civilian population (which presumably isn't able to defend itself). Attacking military targets is perfectly legitimate acts of guerilla warfare, and the perpertrators of such are entitled to be treated as prisoners of war, and not this "enemy combatant" category that Bush invented.
So:
* attacking that supertanker the other month - terrorism.
* ramming the Cole - legit.
* blowing up the WTC - terrorism.
* blowing up the Pentagon - legit.
* shooting off-duty US marines in Yemen - legit.
* hacking military bases - legit act of war, or civil crime. Definitely not terrorism.
* dropping a 2000 pound bomb on a wedding party - a regretable accident.
Essentially, any act against a government office or military base would be a legitimate act of war.
Re:This is not 'hacking' (Score:2, Funny)
Re:British hate us (Score:2, Interesting)