On Sun, Aug 26, 2001 at 11:22:57AM -0400, Declan McCullagh wrote:

From: John Noble <jnoble@dgsys.com> Subject: Re: FC: U.S. Attorney replies to "Good Samaritan" outcry with statement Cc: gharlanr@bellsouth.net

It's an interesting defense -- accidental penetration. Maybe somebody on your list, Declan, who knows more about network security can answer this question: if a hypothetical cracker was nailed by real-time monitoring -- a "gotcha" while online and inside the network -- would he likely know it or suspect it?

"An intruder" given full shell access to the machine in question could find out anything about it, within reason, but from what I've read Mr. West is not alleged to have had that kind of access. It sounds like he got read-write access to a section of the filesystem, but probably not an area where any intrusion detection systems would be residing. Was he caught on any monitoring systems?

Or can we assume that his voluntary report of his accidental accomplishment was the product of good faith and stupidity?

I take some issue with the implication that the incident could not have happened casually. Whether it did or not is apparently open to question, no doubt we'll be hearing more about exactly what happened and when. But as I read the accounts presented so far, there is every reason to believe that the initial intrusion _could_ have happened almost before Mr. West had a moment to consider the implications of what he was doing. The alleged misconfiguration was that bad, that easy to exploit. One might ask then, why Mr. West did not immediately cease his actions, why he continued to download files if he knew that his access was illegitimate. I don't want to speculate on Mr. West's state of mind or intentions at the time, but a hole this egregious can outrage a technician, and my own first impulse would probably be to alert the owner of the web site, with proof included. After all, without proof I'm just smearing a competitor. Next an assertion without rigor but which I think bears some intuitive validity: a crime which does not feel at all like a crime, perhaps because of the ease with which it may be committed, should probably be viewed with a certain degree of leniency. Taking a shortcut across someone else's lawn is trespassing, but it's hardly breaking and entering. If someone leaves a business associate's private documents laying around on their front lawn, and a casual passerby picks them up -- well, technically that's stealing. But most of the police types and lawyers I've met would probably laugh at the notion of prosecuting the guy who picked up an unprotected bundle of documents lying on a lawn, rifled through them, realized who they belonged to, and then handed them off with the message "hey I found these on your buddy's lawn." Maybe he went looking, maybe he had something to gain, but one thing that seems clear to me is that without a glaring (negligent?) error on the part of the ISP, none of this would have been possible, and it seems reasonable to think that the ISP shares at least some responsibility for any harm inflicted. As Mr. Mournian seems to suggest in his own letter, the fact that the Internet was involved should not cloud the nature of what actually took place.

John Noble

Michael Jinks ******** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ----- End forwarded message -----