US Authorities Go Paranoid about HackersAdded: Tuesday, April 2nd, 2013
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extratorrent.com
It seems that the US Justice Department has become too paranoid about the hackers: for instance, last week Andrew Auernheimer went to prison for 41 months after obtaining the personal information of over 100,000 iPad owners from AT&T’s publicly accessible site.
The problem is that Andrew didn’t even hack anything – all he did was visiting the non-public bit of AT&T’s server and downloading the details. During the trial, Auernheimer, 26, was ruled guilty of one count of identity fraud and one count of conspiracy to access a machine without authorization. This was when he and his fellow developed a program to gather information on iPad owners which had been exposed by a security flaw in AT&T’s site. All they did was writing a program to send Get requests to the site.
Unfortunately, neither the prosecutors nor the jury knew or cared about technology. They somehow got a conviction based around the Computer Fraud and Abuse Act, which can’t make clear distinctions between criminal hacking and simple unauthorized access. As such, the innocent researchers whose activities are not criminal in intent can’t be protected. In other words, any sensible security expert will probably want to work for North Korea, whose authorities don’t arrest people for helping the IT industry.
In the meantime, Andrew Auernheimer and his colleague made no money from their hack, but instead contacted Gawker to report the vulnerability, claiming that AT&T must be held responsible for their insecure infrastructure. In response, prosecutors showed the court 150 pages of chat logs from an IRC channel where Spitler and Auernheimer admitted conducting the breach to destroy AT&T’s reputation and promote themselves as security specialists. In other words, the “hackers” were doing it for some form of gain, and the prosecutor’s attitude is odd – should anyone promoting themselves by showing a need for their services be banged up?
This situation puts the United States in a difficult position: on one side, the country is suffering from hacking attacks on companies with security flaws, while on the other side it is locking up those who expose those flaws. As a result, all the security experts will just give up doing their job and give the nation over to hackers elsewhere, by moving to places where their skills are appreciated.
April 2nd,2013Posted by:
Tuesday, April 2nd, 2013
|posted by (2013-04-02 07:11:44)|
|If you fxck with the government or a large corporation in the US, you're gonna get burned. That includes exposing embarrassing security breaches, such as this one. When this happened, AT&T wanted to show this guy who's boss by sicking the government on him. Too bad he wasn't paranoid or cautious enough to cover his own tracks. He could've simply encrypted his conversations and used a VPN, which logic tells me he didn't do. Another thing is his lawyer must've been incapable of explaining what his client did/didn't do, since he didn't actually conduct any exploits and didn't benefit from his activities. The same thing goes for pointing out that his client didn't even know he was doing anything wrong, didn't access a secure server, and that he was performing a public service. If his lawyer had done that, Auernheimer probably wouldn't have been convicted.|
I think the bottom line here is to ALWAYS cover your tracks, be very, very paranoid when dealing with governments or large corporations, and make sure you can profit off things which can end up burning you. In other words, simply revealing a security breach like this for free doesn't make any sense, given the amount of risk that needs to be taken to do it. Take the risk, then sell the info to a responsible buyer. It's that simple.
|posted by (2013-04-02 07:39:03)|
|their ways may be questionable But most of what they done fell within the lines. I don't know how torts are established in US system but it seems someone with a good attorney can teach AT&T very good lesson in higher courts. I think the "hacker" was bragging about how he would drag At&T in arena force them to apologize and fix the problem. By doing this., it could be a serious blow to AT&T's goodwill. At this this stage, all AT&T needed was an attorney able to prove that hackers had intended to cost them millions of dollars by damaging their goodwill.... This is only logical way of giving someone a prison cell for couple of months. NOT FOR 41 MONTHS... that's just ridiculous.|
|posted by (2013-04-02 07:44:03)|
|agree solcis.. Guy seems pretty immature to me..and rather old school.|
|It's a bit like Gary McKinnon's story. He hacked the Pentagon and they screwed him over but he pointed out that they are noobs with the computer tech.|
|...why am I not surprised? You will soon have the Electric Chair ready for hackers and a lame one month jail time for rapers and weapon charges. I'm not in US (anymore) ...and guess why? Next time you fart you may be in Jail since they are managed by Private corporations now. Anyway, a certain Julian A. has just won "People Choice Award" ...the news will may get eventually in the US ...isn't China the one that holds the information that are not good for their citizens? Wake up and do something US is on a verge of sinking Titanic Style if you guys don't read from different sources than CNN.|
|Using backtrack 5 a fellow downloaded 100,000 facebook account names and logins in 20 minutes,not the hardest servers to penetrate but shows that it is done and so by making a 3 ring circus and taking it to a court maybe they would also give him 41 months.The US has to be one of the most paranoid of countries with so many internal issues and run by corporate faceless clones and yet they still try to push their ideology on others and interfere in others politics at some point it will fetch home and then will bite them in their Ass.Many have proven that they have hacked the pentagon and created super viruses and been rewarded by such efforts by either being given a retainer for the use of their services or by being employed by major security companies since the saying set a thief to catch a thief applies to actually prosecute someone for showing their flaws and vulnerability only gives credence to the claims and lack of confidence in them to provide a secure server,so who loses more in the end.|
|No doubt on appeal they may get a suspended sentence and be employed by [email protected] or one of its rivals.|
|posted by (2013-04-04 01:31:47)|
|These guys were screwing with AT&T for their fun and profit.|
(In response, prosecutors showed the court 150 pages of chat logs from an IRC channel where Spitler and Auernheimer admitted conducting the breach to destroy AT&T’s reputation and promote themselves as security specialists.)
This is the same as if I broke into your home, or computer, stole your stuff and then when caught said I should be paid because I showed you had bad locks. When people who are caught stealing go to jail that is called Justice.
|@brods73 ...if it was easy to simulate an attack and blame someone nobody has seen shot to death, how hard could it be to find some hookers in Sweden the Country that is known Worldwide for their sex life to put down the person that has shown to the World how some nation like to use their weapons. I will not comment any further as this is not the theme we are discussing here. My bad if I started it ...but I will end it here.|
|posted by (2013-04-05 16:28:32)|
|@brods73 - the sex pest? I know he's been accused of a crime in that regard, in a rather conveniently timed accusation, but I didn't know he had admitted it or been found guilty of it?|
@lol66 - it's really nothing like that at all. If you want to come up with a more apt analogy that involves you, then you might say it's the same as you leaving your iPad in a coffee shop, a couple of computer security sorts came across it, saw that you were keeping the private and supposedly secret details of 100,000 of your companies clients on an insecure iPad, they made a copy and reported it to a third party which contacted your boss, and to save your own butt you throw them to the wolves and they then spend nearly 4 years of your life paying for your criminally negligent mistake.
I'd also argue there is a fundamental difference in copying files and "stealing" something. If I steal your car, you don't have it anymore. If I copy your files you still have them.
|posted by (2013-04-05 16:38:01)|
|Sorry, of course I don't mean YOUR life.. *Their* lives. Your life would continue to be spent carefree, secure in the knowledge that you're responsible for nothing, no matter how great your breach of trust with your clients is.|
|thnx for the great articles as always, keep up the good work ! ..... Love the comment section on some of these articles, one of the main reasons I use ET everyday.|
|posted by (2013-04-07 13:10:14)|
|posted by (2013-04-07 20:36:59)|
|""As a result, all the security experts will just give up doing their job|
and give the nation over to hackers elsewhere, by moving to places
where their skills are appreciated.""
Ya got That right. One can be a "messiah" for the IT world and still
be unappreciated (and under-Paid) for your tech skills.
Pack up and relocate to a better place that offers better health benefits,
better pay, cheaper taxes, a better democracy, and a respected living standard.
So then Why Not relocate to any better place than Here? Sign me up!
Most Popular Stories