funsec mailing list archives

Holy Crap: Using a Command Prompt is 'Suspicious Behavior'

From: Paul Ferguson <fergdawgster () gmail com>
Date: Tue, 14 Apr 2009 16:49:57 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Be afraid. Be very afraid.

[snip]

On Friday, EFF and the law firm of Fish and Richardson filed an emergency
motion to quash and for the return of seized property on behalf of a Boston
College computer science student whose computers, cell phone, and other
property were seized as part of an investigation into who sent an e-mail to
a school mailing list identifying another student as gay. The problem? Not
only is there no indication that any crime was committed, the investigating
officer argued that the computer expertise of the student itself supported
a finding of probable cause to seize the student's property.

Should Boston College Linux users be looking over their shoulders?

In his application, the investigating officer asked that he be permitted to
seize the student's computers and other personal affects because they might
yield evidence of the crimes of "Obtaining computer services by Fraud or
Misrepresentation" and "Unauthorized access to a computer system." Aside
from the remarkable overreach by campus and state police in trying to paint
a student as suspicious in part because he can navigate a non-Windows
computer environment, nothing cited in the warrant application could
possibly constitute the cited criminal offenses. There are no assertions
that a commercial (i.e. for pay) commercial service was defrauded, a
necessary element of any "Obtaining computer services by Fraud or
Misrepresentation" allegation. Similarly, the investigating officer doesn't
explain how sending an e-mail to a campus mailing list might constitute
"unauthorized access to a computer system."

During its March 30th search, police seized (among other things) the
computer science major's computers, storage drives, cell phone, iPod Touch,
flash drives, digital camera, and Ubuntu Linux CD. None of these items have
been returned. He has been suspended from his job pending the
investigation. His personal documents and information are in the hands of
the state police who continue to examine it without probable cause,
searching for evidence to support unsupportable criminal allegations.

[snip]

Wow.

More:
http://www.eff.org/deeplinks/2009/04/boston-college-prompt-commands-are-sus
picious

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJ5SEdq1pz9mNUZTMRAnIGAKDHuADeJOe0m47Cyah3bEZsb+JUkgCeMVkt
MoovnOjZlHnKDZ/fHkmEyvE=
=eGda
-----END PGP SIGNATURE-----




-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
  - Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' Larry Seltzer (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' Paul Ferguson (Apr 14)
    - Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' quispiam lepidus (Apr 15)
    - Re: Holy Crap: Using a Command Prompt is'SuspiciousBehavior' Larry Seltzer (Apr 15)

(Thread continues...)