Topic: Briton claims he broke into Pentagon, NASA computers to find UFO data

[knightstorm]

The system operators by not even using basic security on their systems (no firewalls and blank admin passwords remember) left the systems under their care open to malevolent hackers, were they not reckless and endangering those very same people while betraying the trust that they accepted with the job?  Where is their punishments?

Other people recklessly endanger the lives of others but we don't give them long jail terms, especially on the 1st offense.  Drunk driving and flying for example.  How long was the jail sentence of the Exxon Valdez captain?  His recklessness (DID not COULD have) cost Exxon billions and destroyed businesses and lively hoods for people ($50,000 fine and 1000 hours community service over 5 years).  The damage this captain did was 3 orders of magnitude higher (at least maybe more) yet his sentence includes no jail time. 

I still assert that based on what we know was done that the threatened sentence is far disproportianate, both in time and the maximum security  jail aspect for the damage he caused compared to other criminals. Child molesters, rapists and killers get lower sentences.

I agree the system operators were wrong, they should have been dismissed and possibly charged also.  That doesn't mean that this guy did not commit a serious offense.

[toasty0]

The system operators by not even using basic security on their systems (no firewalls and blank admin passwords remember) left the systems under their care open to malevolent hackers, were they not reckless and endangering those very same people while betraying the trust that they accepted with the job?  Where is their punishments?

Other people recklessly endanger the lives of others but we don't give them long jail terms, especially on the 1st offense.  Drunk driving and flying for example.  How long was the jail sentence of the Exxon Valdez captain?  His recklessness (DID not COULD have) cost Exxon billions and destroyed businesses and lively hoods for people ($50,000 fine and 1000 hours community service over 5 years).  The damage this captain did was 3 orders of magnitude higher (at least maybe more) yet his sentence includes no jail time. 

I still assert that based on what we know was done that the threatened sentence is far disproportianate, both in time and the maximum security  jail aspect for the damage he caused compared to other criminals. Child molesters, rapists and killers get lower sentences.

I agree the system operators were wrong, they should have been dismissed and possibly charged also.  That doesn't mean that this guy did not commit a serious offense.

I'm not sure I agree with this. If we were to charge the SysAdmins do to this guy's activity, then we would be required to charge law enforcement personal for the reckless acts of criminals, or traffic engineers for negligent drivers speeding through a red lights.

[Dracho]

It's a tired old hacker's argument that if the owner was serious about security he wouldn't have been able to compromise the system.  It's like a robber blaming the victim he shot for not wearing a bulletproof vest.  When all the BS is washed away, the fact still remains that if the perp hadn't broken the law, there would be no crime.

[Fedman NCC-3758]

LONDON - Britain's top court refused Wednesday to stop the extradition to the U.S. of a British hacker accused of breaking into Pentagon and NASA computers — something he claims to have done while hunting for information on UFOs.

For a sec there I thought this may have been Roman Polanski.


My bad.

[knightstorm]

The system operators by not even using basic security on their systems (no firewalls and blank admin passwords remember) left the systems under their care open to malevolent hackers, were they not reckless and endangering those very same people while betraying the trust that they accepted with the job?  Where is their punishments?

Other people recklessly endanger the lives of others but we don't give them long jail terms, especially on the 1st offense.  Drunk driving and flying for example.  How long was the jail sentence of the Exxon Valdez captain?  His recklessness (DID not COULD have) cost Exxon billions and destroyed businesses and lively hoods for people ($50,000 fine and 1000 hours community service over 5 years).  The damage this captain did was 3 orders of magnitude higher (at least maybe more) yet his sentence includes no jail time. 

I still assert that based on what we know was done that the threatened sentence is far disproportianate, both in time and the maximum security  jail aspect for the damage he caused compared to other criminals. Child molesters, rapists and killers get lower sentences.

I agree the system operators were wrong, they should have been dismissed and possibly charged also.  That doesn't mean that this guy did not commit a serious offense.

I'm not sure I agree with this. If we were to charge the SysAdmins do to this guy's activity, then we would be required to charge law enforcement personal for the reckless acts of criminals, or traffic engineers for negligent drivers speeding through a red lights.

Well if what Nemesis says was true they were severely negligent, to the point of being criminal.  However, this does not excuse his activities, and he should face the full sentence.

[knightstorm]

LONDON - Britain's top court refused Wednesday to stop the extradition to the U.S. of a British hacker accused of breaking into Pentagon and NASA computers — something he claims to have done while hunting for information on UFOs.

For a sec there I thought this may have been Roman Polanski.


My bad.

No, its the French who refuse to extradite Polanski.  They refuse to extradite their own citizens.

[Fedman NCC-3758]

Which is why I made the pun.

[knightstorm]

Which is why I made the pun.

Yeah, but the title of the post makes it clear that its Britain, which makes that a really  bad pun.

[Fedman NCC-3758]

IYHO

Brits are our buds.  France is still learning.

We may get him yet.

[knightstorm]

By this point, I don't think France will relent before the child rapist dies.

[Fedman NCC-3758]

Justice does not cease with the guilty taking his final breath.

[knightstorm]

Yeah, but then it becomes a matter of eternal justice and is outside of the hands of earthly governments.

[Fedman NCC-3758]

And that justice is perfect.

[Bonk]

In related news...

[Fedman NCC-3758]

Don't mess with Mars.

 

[Bonk]

Or the Hydran base on Titan! 

[Nemesis]

It's a tired old hacker's argument that if the owner was serious about security he wouldn't have been able to compromise the system.  It's like a robber blaming the victim he shot for not wearing a bulletproof vest.  When all the BS is washed away, the fact still remains that if the perp hadn't broken the law, there would be no crime.

That is not what this is. This comes down to two things.

1/ They are inflating the damage he is accused of by including the cost of putting in the security they should have had in the first place.  The "damage" he did should be determined by the cost to put things back to how they were before he intruded not to put them to how they SHOULD have been.  If they used that value his sentencing would be far less.

2/ These are government and military computers that were supposed to be secured and the administrators did not do so.  I would suspect for the military systems at the least they have a legal obligation.  If a base security officer did not put in a security system and there was an intrusion into secure areas would he not be court martialed?  Why are not the officers responsible for these military computers facing court martial?  Instead they are trying to portray him as a dangerous hacker who severely damaged the computer network - he is merely their scape goat sacrificed to protect themselves. 

Just as I want to see him punished in proportion to his ACTUAL actions, I want to see the administrators punished for their negligence in performing their duties.  Duties that if they are members of the military they swore an oath to do to the best of their ability and if they are civilians they have contracts in which they committed to do the same. 

The hacker is not responsible for the negligence of the administrators in setting up proper security in advance and he should not be held responsible for the expense to set it up now.

[Nemesis]

I'm not sure I agree with this. If we were to charge the SysAdmins do to this guy's activity, then we would be required to charge law enforcement personal for the reckless acts of criminals, or traffic engineers for negligent drivers speeding through a red lights.

Negligent homicide is already a crime.  Negligence in fulfilling your duties should be a crime. 

The thing is I am not proposing the admins be punished for his actions. I am proposing the they be punished for the negligence in not setting up the security they were responsible for.  The duty they accepted with the job and then neglected.

I want him punished for his crimes not for the negligence of the administrators.

What is happening here is if someone entered a bank, looked around and left through the unlocked front door that he entered by.  Then when charged he is held accountable for the bank putting functioning locks on the doors, security lights and security cameras and a vault.  None of those were in place before he entered so why would the burglar be held criminally  responsible for the banks costs in adding them?  That is the equivalent of what this man is facing.  He did minimal harm but is being held responsible for costs for security that was added afterwards but which should have been in place before he intruded.

[toasty0]

It's a tired old hacker's argument that if the owner was serious about security he wouldn't have been able to compromise the system.  It's like a robber blaming the victim he shot for not wearing a bulletproof vest.  When all the BS is washed away, the fact still remains that if the perp hadn't broken the law, there would be no crime.

That is not what this is. This comes down to two things.

1/ They are inflating the damage he is accused of by including the cost of putting in the security they should have had in the first place.  The "damage" he did should be determined by the cost to put things back to how they were before he intruded not to put them to how they SHOULD have been.  If they used that value his sentencing would be far less.

2/ These are government and military computers that were supposed to be secured and the administrators did not do so.  I would suspect for the military systems at the least they have a legal obligation.  If a base security officer did not put in a security system and there was an intrusion into secure areas would he not be court martialed?  Why are not the officers responsible for these military computers facing court martial?  Instead they are trying to portray him as a dangerous hacker who severely damaged the computer network - he is merely their scape goat sacrificed to protect themselves. 

Just as I want to see him punished in proportion to his ACTUAL actions, I want to see the administrators punished for their negligence in performing their duties.  Duties that if they are members of the military they swore an oath to do to the best of their ability and if they are civilians they have contracts in which they committed to do the same. 

The hacker is not responsible for the negligence of the administrators in setting up proper security in advance and he should not be held responsible for the expense to set it up now.

You'tre blaming the victim for criminal's action?

[knightstorm]

I'm not sure I agree with this. If we were to charge the SysAdmins do to this guy's activity, then we would be required to charge law enforcement personal for the reckless acts of criminals, or traffic engineers for negligent drivers speeding through a red lights.

Negligent homicide is already a crime.  Negligence in fulfilling your duties should be a crime. 

The thing is I am not proposing the admins be punished for his actions. I am proposing the they be punished for the negligence in not setting up the security they were responsible for.  The duty they accepted with the job and then neglected.

I want him punished for his crimes not for the negligence of the administrators.

What is happening here is if someone entered a bank, looked around and left through the unlocked front door that he entered by.  Then when charged he is held accountable for the bank putting functioning locks on the doors, security lights and security cameras and a vault.  None of those were in place before he entered so why would the burglar be held criminally  responsible for the banks costs in adding them?  That is the equivalent of what this man is facing.  He did minimal harm but is being held responsible for costs for security that was added afterwards but which should have been in place before he intruded.

If someone got into my house and shot me in my sleep because I forgot to lock the door, it doesn't make him any less guilty.  This guy intended to hack the computers, and he did so.  The negligence of the administrators does not change that.  Even if the damage is inflated by a factor of 10, its still significant.  He should go to jail for the full sentence.