Wi-Fi whistle blower faces criminal charges

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.theregister.co.uk/content/55/32799.html

By John Leyden
Posted: 12/09/2003 

A North Carolina man faces criminal charges after his attempt to 
expose the insecurity of his local medical facility's wireless network 
landed him in hot water with the authorities. 

Clayton Taylor Dillard, 29, an information security consultant, is 
accused of breaking into Wake Internal Medicine Consultants' computer 
system and illegally accessing information of hundreds of patients. 

Dillard is charged with one felony count of computer trespass, one 
felony count of unlawful computer access and one misdemeanor count of 
computer trespass, according to a report by local TV station WRAL. 

After Dillard allegedly broke into the hospital's network he 
reportedly sent WRAL a letter containing "copies of cheques and 
insurance forms for patients", accompanied by the note "these guys are 
a bunch of bozos". He also reportedly contacted patients and insurance 
companies informing them of the clinic's allegedly lax security. 

Investigators say Dillard's motives are irrelevant to their 
investigation. 

"It doesn't matter. He wasn't authorised to do what he did, and what 
he did was illegal," Sergeant Gary Hinnant, who heads the Cyber Crimes 
Unit for the Raleigh Police Department, told WRAL. 

Members of the FBI's Hi-Tech Task Force are also involved in the 
investigation, and federal computer crime charges may yet be filed in 
the case. 

Wake Internal Medicine is playing down the incident. Executive 
Director Steve Lauhoff told WRAL that "actual patient medical records 
were never accessed" as a result of the security breach to its 
systems. It says that it has implemented improved security procedures 
to prevent further intrusions. 

Meanwhile, Dillard was released from custody on Tuesday after posting 
$1000 bail. He is due to return to court at the end of the month. 

Dillard's case follows that of 'ethical hacker' Stefan Puffer, who was 
accused of breaking into the wireless network of a Texan court last 
year. Puffer was acquitted of all charges against him in February 
after a jury accepted his arguments that he didn't intentionally cause 
any damage to Harris County district clerk's wireless computer 
network. 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.