Chat with
Hackers

How to Defend
Your Computer 

The Heretic! 
A Hacker Thriller

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

  Busted!

Good News (for once) for Two Busted Hackers

From SANS Newsbytes (http://www.sans.org) --UK Teen Found Not Guilty of Attacking Port of Houston Computer System
(17 October 2003)
Aaron Caffrey, the UK teenager accused of launching a distributed denial-of-service attack in the port of Houston (TX), has been acquitted. Caffrey maintained that though the attack did come from Caffrey's computer, it was the work of someone who had installed a Trojan horse program on the machine; he also claimed that an intruder altered his computer's log files. Some feel that Caffrey's acquittal sets a dangerous precedent.
http://news.com.com/2102-7349_3-5092781.html?tag=st_util_print
http://news.bbc.co.uk/1/hi/technology/3202116.stm
http://www.theregister.co.uk/content/55/33460.html
[Editor's Note (Schneier): Innocent, or merely possessing plausible deniability? Can this defense be used as a shield by not-so-innocent attackers? Could the elimination of this defense be used to convict the innocent? Proving that a computer is involved in an attack is much easier than making the leap across the keyboard to a person.
(Ranum): So, now, if you're a hacker, you need to install a "plausible deniability Trojan" on your machine, and you're safe from prosecution. Whether or not Caffrey was innocent I really don't know, but this case raises tough questions about the definition of "reasonable doubt."]

--Federal Prosecutor Admits Error, Moves to Vacate Whistleblower Conviction
(14 October 2003)
The appellate division of the US Attorney's office in Los Angeles (CA)
will move to vacate a felony conviction against Bret McDanel, who last year was convicted under the Computer Fraud and Abuse Act for using his former employer's computer system to send out more than 5,000 e-mail messages warning customers of the company about a vulnerability in the company's e-mail service. McDanel appealed the decision; a federal prosecutor now says the government will file a "confession of error" acknowledging that McDanel was convicted under a misinterpretation of the Computer Fraud and Abuse Act. McDanel has already served his entire 16-month federal prison sentence. If McDanel's conviction is overturned, it would set a significant precedent.
http://www.securityfocus.com/news/7202
http://news.com.com/2102-7348_3-5092697.html?tag=st_util_print
[Editor's Note (Schultz): This case appears to be a major setback for cybercrime legislation. Perhaps it is time for the US Congress to go back to the proverbial drawing boards and draft new legislation that improves upon the weaknesses of previous legislation.]

Carolyn's note: If you read through the "busted" links below you won't find any other cases where hackers were acquitted of their crimes. This is because the police usually only arrest hackers when they are sure of winning the case. However, even if someone gets acquitted, fighting the case costs lots of money that the suspect doesn't get back even if judged innocent. And in some cases, such as McDanel, by the time the suspect wins his or her case, he or she has already spent lots of time behind bars. It's better to be extra cautious to not even appear to be guilty!

Wife Busted for Hacking into Husband's Ex-wife's Email

From NewsScan Daily, 20 October 2003, we get the news that "An Arizona woman was sentenced to 60 days of home detention for intercepting at least 215 e-mail messages directed to her husband's ex-wife. Law enforcement officials said Angel Lee fraudulently obtained the ex-wife's user name and password, allowing her to log in and read mail. Ex-wife Duongladde Ramsey said Lee's actions were comparable to breaking into her house and reading her diary, and the judge agreed, saying Lee's penalty is a warning to others who might be tempted to spy on others' e-mail accounts. 'Privacy is still a cherished value,' said U.S. District Judge Richard P. Matsch. (AP 19 Oct 2003)"
More on this story at http://apnews.excite.com/article/20031019/D7U97UCG0.html

Carolyn's note: What is really sad about this story is that so many people write to me asking how to break into email accounts. They say they can solve problems with their spouses and lovers if only they could snoop on them. Then there are the people who swear that their friend/boyfriend/girlfriend gave them permission to break in, therefore I should help. See "It sucks to be me" for choice examples. News flash: Anyone who thinks crime is the solution is going to be better off without the relationship. Certainly the target of their wannabe crime will be better off!

More about the woes of computer criminals --->>

California's Premiere Criminal Defense Team

© 2003 Happy Hacker All rights reserved. 
 
Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group


My SQL for Free