funsec mailing list archives
Crossing the line when doing computer security demonstrations
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sat, 28 Apr 2007 16:07:42 -0400
The LA Times story on WiFi eavesdropping reminded me a lot of these two related stories from 2002. The bottom line here is that it is a really bad idea to mess with other people's networks and computer systems without a good understanding of the law and/or the owner's permission of the computer equipment. Richard M. Smith http://www.ComputerBytesMan.com ================================================================== http://www.washingtonpost.com/ac2/wp-dyn/A24191-2002Aug15?language=printer Sleuths Invade Military PCs With Ease By Robert O'Harrow Jr. Washington Post Staff Writer Friday, August 16, 2002; Page A01 SAN DIEGO, Aug. 15 -- Security consultants entered scores of confidential military and government computers without approval this summer, exposing vulnerabilities that specialists say open the networks to electronic attacks and spying. The consultants, inexperienced but armed with free, widely available software, identified unprotected PCs and then roamed at will through sensitive files containing military procedures, personnel records and financial data. ForensicTec officials said they first stumbled upon the accessible military computers about two months ago, when they were checking network security for a private-sector client. They saw several of the computers' online identifiers, known as Internet protocol addresses. Through a simple Internet search, they found the computers were linked to networks at Fort Hood. Former employees of a private investigation firm -- and relative newcomers to the security field -- the ForensicTec consultants said they continued examining the system because they were curious, as well as appalled by the ease of access. They made their findings public, said ForensicTec President Brett O'Keeffe, because they hoped to help the government identify the problem -- and to "get some positive exposure" for their company. ==================================================================== http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story Hacker Arrested in San Diego By Tony Perry Times Staff Writer September 30, 2003 SAN DIEGO - A computer security specialist who claimed he hacked into top-secret military computers to show how vulnerable they were to snooping by terrorists was arrested and charged Monday with six felony counts that could bring a 30-year prison sentence. Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a start-up company here, is accused of hacking into computers of the Navy, the Army, the Department of Energy, the National Aeronautics and Space Administration and several private companies. Before his arrest, O'Keefe told reporters that he had hacked into the computers to drum up business for his fledgling company and to show that the nation's top military secrets are not safe, despite pronouncements that security has been tightened since the terrorist attacks of Sept. 11, 2001. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Crossing the line when doing computer security demonstrations Richard M. Smith (Apr 28)