Crossing the line when doing computer security demonstrations

["Richard M. Smith" <rms () computerbytesman com>]

The LA Times story on WiFi eavesdropping reminded me a lot of these two
related stories from 2002.  The bottom line here is that it is a really bad
idea to mess with other people's networks and computer systems without a
good understanding of the law and/or the owner's permission of the computer
equipment.

Richard M. Smith
http://www.ComputerBytesMan.com

==================================================================

http://www.washingtonpost.com/ac2/wp-dyn/A24191-2002Aug15?language=printer

Sleuths Invade Military PCs With Ease

By Robert O'Harrow Jr.
Washington Post Staff Writer
Friday, August 16, 2002; Page A01 

SAN DIEGO, Aug. 15 -- Security consultants entered scores of confidential
military and government computers without approval this summer, exposing
vulnerabilities that specialists say open the networks to electronic attacks
and spying. 

The consultants, inexperienced but armed with free, widely available
software, identified unprotected PCs and then roamed at will through
sensitive files containing military procedures, personnel records and
financial data. 

ForensicTec officials said they first stumbled upon the accessible military
computers about two months ago, when they were checking network security for
a private-sector client. They saw several of the computers' online
identifiers, known as Internet protocol addresses. Through a simple Internet
search, they found the computers were linked to networks at Fort Hood. 

Former employees of a private investigation firm -- and relative newcomers
to the security field -- the ForensicTec consultants said they continued
examining the system because they were curious, as well as appalled by the
ease of access. They made their findings public, said ForensicTec President
Brett O'Keeffe, because they hoped to help the government identify the
problem -- and to "get some positive exposure" for their company. 

====================================================================

http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story 

Hacker Arrested in San Diego
By Tony Perry 
Times Staff Writer 
September 30, 2003 

SAN DIEGO - A computer security specialist who claimed he hacked into 
top-secret military computers to show how vulnerable they were to 
snooping by terrorists was arrested and charged Monday with six felony 
counts that could bring a 30-year prison sentence. 

Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a 
start-up company here, is accused of hacking into computers of the 
Navy, the Army, the Department of Energy, the National Aeronautics and 
Space Administration and several private companies. 

Before his arrest, O'Keefe told reporters that he had hacked into the 
computers to drum up business for his fledgling company and to show 
that the nation's top military secrets are not safe, despite 
pronouncements that security has been tightened since the terrorist 
attacks of Sept. 11, 2001. 
 
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.