GrepLaw |
|
|
This site is a production of the Berkman Center for Internet & Society. Please email if you have questions, contributions, or ideas about improving this site.
|
|
|
|
| |
|
|
Houston Hacker Accused of Breaking into Court Computer System
|
|
|
|
posted by justfred
on Monday July 29, @08:03AM
from the enter-our-computer-system-and-you'll-get-the-Grand(Jury)-tour dept.
|
|
|
|
|
Stefan Puffer, a Houston computer security analyst, has been charged with hacking after demonstrating the insecurity of a county court wireless LAN. He was indicted by a Grand Jury on Wednesday with two counts of fraud for allegedly breaking into Harris County district clerk's wireless computer system. Puffer faces a $250,000 fine on each count and could get five years in jail if convicted.
|
|
|
|
|
|
Puffer is accused of accessing the system March 8 in an alleged intrusion that cost the county a reported $5,000 to clean up.
On March 18, Puffer showed a county official and a Houston Chronicle reporter how he was able to use his laptop computer and a $60 to $75 wireless card to tap into the clerk's system.
Puffer noticed he could access the county network in early March, when he scanned for weaknesses throughout Houston. He said he could also access numerous home, government, university and business computer systems.
District Clerk Charles Bacarisse said Wednesday, "Normally you secure a contract with an entity before you hack into a system, if that's what you're saying your expertise is."
For a full report, check out the Houston Chronicle.
|
|
|
|
< U.S. Ambassador Plugs Microsoft in Peru
| Feds and State Authorities Root Out Internet Scams >
| |
|
This discussion has been archived.
No new comments can be posted.
|
Houston Hacker Accused of Breaking into Court Computer System
|
Login/Create an Account
| Top
| 9 comments
|
Search Discussion
|
|
The Fine Print:
The following comments are owned by whoever posted them.
We are not responsible for them in any way.
|
|
|
|
|
|
|
|
|
I'd be interested in knowing exactly what happened in the ten days between the first access and his demonstration.
Even so, it looks like he's being charged, in part, with "costing the county $5,000 to clean up after the alleged breach." At the same time, though, "no files were compromised, but the county had to shut down the wireless system about a month after it was set up."
So he's being charged with the cost of shutting down an insecure network, because he demonstrated the vulnerability? This seems retaliatory; the county seems more upset that he demonstrated the problem publicly and forced them to spend money to do it right.
|
|
|
|
| |
|
|
|
|
|
|
|
|
I missed a critical part of the article:
"County Attorney Mike Stafford said he will resume his investigation into whether the security breach was corrected as promptly as county officials learned of it and the origin of a pornographic picture found on the clerk's office server in March."
County Attorney: "How did that pornographic picture get onto your server?!"
County Clerk: "Hackers, sir. Evil hackers hacked their way into this computer with their hacker tools, and planted this disgusting Ms. March photo shoot as part of their hacker agenda."
County Attorney: "Damned dirty hackers. Round up the posse!"
I wonder how many county employees are blaming security breaches for pr0n on the office computers? Only in Houston . . .
|
|
|
|
|
|
|
|
|
|
|
|
|
Society today is so blind and ignorant to believe this bullshit. They don't understand that there are white hats as well as the blackies. They just don't think that a hacker could be good, therefore blaming something like this on them works well for the horny, pr0n-viewing employee because the boss (or anyone else for that matter) is too stupid to question him. A quote from the most inspirational piece of literature that I've ever read seems to fit well in this case: "My crime is that of outsmarting you, something that you will never forgive me for."
|
|
|
|
|
|
|
|
|
by
Anonymous Coward
on Wednesday July 31, @11:39AM (#138)
|
|
|
|
|
"So he's being charged with the cost of shutting down an insecure network, because he demonstrated the vulnerability?"
This seems to be the new security model touted around, meaning that if you can break into/trip into/accidentally type in the wrong IP address and find yourself kneedeep in corporate/government files, then you can be prosecuted to the fullest extent of the law. And we know that's a deterrent for terrorist peadophiles that use popup webbugs to read your email.
Sorry, in an odd mood as the huge number of incompetents wibbling around wiring up corporates and governments appears to be outnumbering the competent people. Where's the serious questions asked of the company that set up the security in the first place? Shouldn't they be questioned about it? Isn't it fairly likely that it's a relative of someone?
|
|
|
|
|
|
|
|
|
by
Anonymous Coward
on Thursday August 01, @12:13AM (#142)
|
|
|
|
|
To be honest I do not understand what he can be charged with?
Maybe the law is different in the UK, but what other law analogies are there for this. Finding an unlocked briefcase in a pub detailing government policy. Does that mean the person who found Blunkett's Security plans last week should be locked away.
This one seriously does not make sense. If it s a uniquely Texas situation, then build a fence along the state borders.
|
|
|
|
|
|
|
|
|
by
Anonymous Coward
on Thursday August 01, @03:16AM (#144)
|
|
|
|
|
I think this is a bit of a narrow view. He demonstrated the vulnerability publically. If you humiliate someone (i.e. the court) in public you should expect them to become upset. Their response is a bit over the top, though. I'm not sure, of course, but I suspect they might have been quite happy had he demonstrated it to them in private.
Anyhow, the original installer was incompetent, but IT Pros aren't helping themselves when they spring to the rescue of people like David McOwen. I agree there was cause for outrage there (the punishment demands were Americanly draconian) but the EFF's position that there was no rule about installing distributed computing clients is laughable.
Any competent sysadmin knows better than to install this sort of software without getting approval from his client first - just assuming it's OK indicates a highly unprofessional mindset, and lack of understanding that they are SOMEONE ELSE's computers. Granted, criminal prosecution is a bit over the top...
This looks like another prime example of an IT pro doing something stupid and the establishment going overboard on it...
|
|
|
|
|
|
|
|
|
|
|
|
|
Of course they over reacted to it! They fear their own computers because they lack the knowledge to find these holes in their security by themselves, then this guy comes along and shows them up in front of the press.
Unfortunately, it's not a uniquely Texan viewpoint, I run into that kind of thinking any time I talk to technophobes. In the long run, government agencies in Houston and elsewhere can expect not to get a free consultation (and lets face it, he did them a service with a value far above the amount of 'public image' value he's been charged with damaging.) Instead, when weekend code-warriors and beginning hackers find these kinds of holes in security in the future, agencies and businesses will find their files ripped to shreds and their websites filled with pr0n.
Of course, at that point, they'll point fingers and yell "See, we were right!"
|
|
|
|
|
|
|
|
|
|
Humanity has the stars in its future, and that future is too important to be
lost under the burden of juvenile folly and ignorant superstition.
- Isaac Asimov
|
|
|
|
|
[
home |
contribute story |
older articles |
past polls |
faq |
authors |
preferences ]
|