RSS
Twitter
If You Get Caught Hacking, Don't Lie About It
from the rule-number-one... dept
Earlier this year, we wrote a story about a guy who was apparently arrested for using Lynx to visit a tsunami relief site. The story was very very thinly sourced, so we asked for more info... and no one seemed to have any. Perhaps that's because the story wasn't actually true. It's now come out that while the guy used that excuse originally, he later changed his story pretty drastically. He had donated to the site and when he didn't get a confirmation, he got worried that it was a phishing scam, so he went probing to find out if the site was legit or not. That's a somewhat reasonable defense (though, it doesn't mean you'd get off...), but it wasn't what he said originally, so a judge found him guilty of unauthorized access. From the judge's comments, it certainly sounds like a big reason for finding him guilty is the fact that his story changed so much.
Reader Comments
(Flattened / Threaded)
No Subject Given
No, no, no, the headline is ALL wrong...
It should read "If You Get Caught Hacking, Stick With Your Lie".
(reply to this comment) (link to this comment)
Re: No Subject Given
just make sure you don't get sued for that headline...
(reply to this comment) (link to this comment)
The alternate outcome
About four years ago, my eldest son got caught hacking the computers at his school when one of the hard drives went belly up right after he re-booted the system. When confronted, he was honest and owned up to it.
I got a call from the principal that evening, and he was amazed that my son had been so up front about what he had been doing. In fact, he was so happy to have a student tell him the truth without hours of interrogation that he waived the mandatory three days of in-school suspension.
Honesty will always afford you a better result than trying to hide the truth.
(reply to this comment) (link to this comment)
Re: The alternate outcome
Unless you are involved in Politics or Marketing.
Dan
(reply to this comment) (link to this comment)
Re: The alternate outcome
Isn't politics pretty much just marketing now anyway?
(reply to this comment) (link to this comment)
Re: The alternate outcome
Lying sure isnt the answer lol....
I dont hack so I guess im safe..
(reply to this comment) (link to this comment)
Re: The alternate outcome
First of all, he was a juvenile and he didn't go in front of a judge. That's not the real world. In the real world you might be able to get a plea bargain and light punishment but just magically telling the truth doesn't grant you much favor because that's what you are supposed to do. You don't get special treatment for doing what you are supposed to do.
Second of all, making some broad generalized assumption like that is silly. Different circumstances call for different actions. Honesty may be the morally right thing to do but sometimes lying can keep your ass out of jail. The only bad times to lie are when you are caught red handed or when you involve other people in your lies without them knowing it and without them being able to back you up.
(reply to this comment) (link to this comment)
Re: The alternate outcome
"Honesty will always afford you a better result than trying to hide the truth."
Grow up. Lies are not only essential social lubrication, they are necessary for any truly honest person's physical survival.
Those who believe they are consantly truthful are merely in thrall to consensus reality.
(reply to this comment) (link to this comment)
Re: The alternate outcome
That's a very hopeful logical fallacy.
'If my child was honest and was rewarded, then all children will be rewarded for honesty.'
I'm certain that for this one pat on the back there are thousands who have paved a shorter road to their punishment. You have a good kid and he was lucky.
Honesty will not always afford a better result.
Michael Jackson may have lied.
OJ Simpson did lie.
I'm sure there were plenty of other times where other times where honesty put people in a worse place.
I'm just splitting hairs, though. ;)
(reply to this comment) (link to this comment)
No Subject Given
So did he get arrested for lying or for using lynx? Which is it? Instead of spreading the hype that doesnt make any sense, how about digging for the real information.
Instead it is just another retread of the same misinformation.
(reply to this comment) (link to this comment)
Right...
Using the Lynx broswer is a crime? Really, tell me what law designates this specific early Unix web browser as an illegal peice of software. I use Lynx for most of the things that I do on the internet, it is VERY fast because it only has to load text and it gives you a choice ANY time something wants to access your computer (cookies, plugins, downloads, etc...)
Lynx is for security. I have Linux just so I can have security, but no, the government wants us all to be nice little conformists and go buy a Macintosh or shell out the same amount of money for a Macintosh to get the latest screw-up OS from Microsoft.
(reply to this comment) (link to this comment)
No Subject Given
No, no, if you get caught hacking, don't say anything to the police. Ask for a lawyer.
(reply to this comment) (link to this comment)
"Probing?"
What do they mean by probing? Port scanning ? OS detection? Doing a whois or a dnslookup on the hostname? None of these are illegal or contribute unauthorized access to a system. Neither does using Lynx.
Port scanning is seeing if a port is open on a server. It is not illegal. All it does is send a packet to a port to see if the port responds or not. It is a very legitimate tool used by network admins. When you open a web browser, you are sending packets to port 80 on a webserver. If it responds, you know the port is open. You can test other ports the same way or with a tool that tests all. It can be known as a precursor for an attack by script kiddies, but nothing about it is illegal.
OS detection is just getting a fingerprint of a computer to see what operating system it is runining. Nothing illegal about that.
Doing a whois on a domian to see who owns it is redily availbe from arin.net. That is public information. What would be agaist policy is if someone lied on the domain registration, but not looking at the information to see who owns the site. That is what it is there for. The DNS ifo is there as well.
Lynx is a text based web browser. It is very popular and much faster to view websites via lynx. All it displays are content and links of a site. You can move from one page to another much faster because you do not have to wait for grpahics to load up. It is a standard browser availabe on most *nix boxes.
Would someone please enlighten me on what is "illegal" about any of that? Now if he tried to brute force his way into the websites ftp and was successful and replaced files, or gained ENTRY to the computer or server.. I could see it being illegal.
"Probing" a computer is not illegal. That is also a broad defination. What is illegal is gaining entry to one and altering or viewing content not meant to be seen.
Even if you goto a website.. say http://www.whatever.com/1/2/3/4/index.html and use your backspace key to back up to the directory before such as http://www.whatever.com/1/2/3/ or http://www.whatever.com/1/2/ is not illegal at all. If it lists files in the directory than someone had better be more worried about the security of the server, but it is on that site for public display and if directories are lsiting and you see the contents.. then its not illegal.
The way that is written makes no sense. Either that judge is clueless or a lot of details were left out of the story.
(reply to this comment) (link to this comment)
Re:
The "hack" was a three level directory traversal (../../../) and the ' used to check for SQL injection problems.
(reply to this comment) (link to this comment)
What this UK Law says
"1. (1) A person is guilty of an offense if-
(a) he causes a computer to perform any function with the intent to secure access to any program or data held in any computer,
(b) the access he intends to secure is unauthorized
...
(3) A person guilty of an offense under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months" - United Kingdom Computer Misuse Act 1990
"The complication arises as to whether the access is unauthorized given that the servers are connected to the public Internet." - Gillian Law - IDG, commenting on another case
(reply to this comment) (link to this comment)
Re: What this UK Law says
"(a) he causes a computer to perform any function with the intent to secure access to any program or data held in any computer"
Isn't this exactly what a web browser, ftp client, email client...is designed to do? We secure access and data in another computer...
(reply to this comment) (link to this comment)
Re: What this UK Law says
You forgot the other part:
(b) the access he intends to secure is unauthorized
THAT is what makes it illegal.
(reply to this comment) (link to this comment)
got it
help a computer hacker
(reply to this comment) (link to this comment)
LoL lie lie lie lie lie lie
(reply to this comment) (link to this comment)
lie stick wit ur lie lie lie lie lie lie lie dont tell the truth the truth wont set u free lie
(reply to this comment) (link to this comment)
lie stick wit ur lie lie lie lie lie lie lie dont tell the truth the truth wont set u free lie
(reply to this comment) (link to this comment)
i failed, tell the truth cuz there is no way out
(reply to this comment) (link to this comment)
what that is dumb
why!!!!!!!!!!!!!!! :)
(reply to this comment) (link to this comment)
Add Your Comment