FC: More on Brian K. West, DOJ, and "Good Samaritan" prosecution

mjinks at sysvi.com mjinks at sysvi.com
Sun Aug 26 10:43:56 PDT 2001 

On Sun, Aug 26, 2001 at 11:22:57AM -0400, Declan McCullagh wrote:
 >
 > From: John Noble <jnoble at dgsys.com>
 > Subject: Re: FC: U.S. Attorney replies to "Good Samaritan" outcry with
 >   statement
 > Cc: gharlanr at bellsouth.net
 >
 > It's an interesting defense -- accidental penetration. Maybe somebody on
 > your list, Declan, who knows more about network security can answer this
 > question: if a hypothetical cracker was nailed by real-time monitoring -- a
 > "gotcha" while online and inside the network -- would he likely know it or
 > suspect it?

"An intruder" given full shell access to the machine in question could find
out anything about it, within reason, but from what I've read Mr. West is not
alleged to have had that kind of access.  It sounds like he got read-write
access to a section of the filesystem, but probably not an area where any
intrusion detection systems would be residing.

Was he caught on any monitoring systems?

 > Or can we assume that his voluntary report of his accidental
 > accomplishment was the product of good faith and stupidity?

I take some issue with the implication that the incident could not have
happened casually.  Whether it did or not is apparently open to question,
no doubt we'll be hearing more about exactly what happened and when.  But
as I read the accounts presented so far, there is every reason to believe
that the initial intrusion _could_ have happened almost before Mr. West had
a moment to consider the implications of what he was doing.  The alleged
misconfiguration was that bad, that easy to exploit.

One might ask then, why Mr. West did not immediately cease his actions, why
he continued to download files if he knew that his access was illegitimate.
I don't want to speculate on Mr. West's state of mind or intentions at the
time, but a hole this egregious can outrage a technician, and my own first
impulse would probably be to alert the owner of the web site, with proof
included.  After all, without proof I'm just smearing a competitor.

Next an assertion without rigor but which I think bears some intuitive
validity: a crime which does not feel at all like a crime, perhaps because
of the ease with which it may be committed, should probably be viewed with
a certain degree of leniency.  Taking a shortcut across someone else's lawn
is trespassing, but it's hardly breaking and entering.  If someone leaves
a business associate's private documents laying around on their front lawn,
and a casual passerby picks them up -- well, technically that's stealing.
But most of the police types and lawyers I've met would probably laugh at the
notion of prosecuting the guy who picked up an unprotected bundle of documents
lying on a lawn, rifled through them, realized who they belonged to, and then
handed them off with the message "hey I found these on your buddy's lawn."

Maybe he went looking, maybe he had something to gain, but one thing that
seems clear to me is that without a glaring (negligent?) error on the part
of the ISP, none of this would have been possible, and it seems reasonable to
think that the ISP shares at least some responsibility for any harm inflicted.

As Mr. Mournian seems to suggest in his own letter, the fact that the Internet
was involved should not cloud the nature of what actually took place.


 > John Noble

Michael Jinks

********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------


----- End forwarded message -----

More information about the cypherpunks-legacy mailing list