Tweet
Re: Is accessing a public website 'hacking'?
to be honest I wasn't even aware that a browser would allow this to be used for linking images, yet then again it makes perfect sense.
I'm still quite amazed that a person with a severe lack of technical skills came up with this method for fixing the "why doesn't my website work" issue. I'm thinking that it was made using some WYSIWYG webpage-o-tronic software and that he filled this in as the website URL instead of the HTTP link, thus having everything autocreated in this manner.
well if you isolate a login entry there's really no difference to be seen, and they kept refusing to show him the full log, only the logs from his IP address. It showed a lot of consecutive logins, so "he must have been hacking really hard" ;)
connecting to an ftpd with a browser just results in this being logged, so no real visible difference: (just tested it, vsftpd by the way)
Tue Mar 16 08:54:59 2010 [pid 15609] CONNECT: Client "xxx.xxx.xxx.xxx"
Tue Mar 16 08:55:03 2010 [pid 15608] [username] OK LOGIN: Client "xxx.xxx.xxx.xxx"
possibly, however by then the page was gone and nobody saved a copy (which probably wouldn't really hold up in court anyway). This also happened in a time where most people didn't even know what the Internet was. The police officers involved in this would be acting like expert witnesses (they were with the FCCU, federal computer crime unit, and therefore were supposed to know everything about this, only they probably still got lost in minesweeper) saying that the logs certainly indicated an evil super hacker "because he logged in so many times"... and people would probably believe this.
Yet if it was me in that situation I'd have fought it to the bitter end, I'd never take risks resulting in losing my clearance.
Basically it can all be attributed to the sheer stupidity of the officials involved (I've since met some other people from the FCCU and they knew their stuff, and when I told them about this incident they replied that they have a lot of really dumb people there as well) and of course of the guy who created the website and basically put his credentials online for everyone to use. They should've given him a good taste of the LART.
I also hope for him that having this on his record won't harm him in the future. However in that time this was only a minor mischief (therefore the low fine and no court involvement) so it could be OK.
to be honest I wasn't even aware that a browser would allow this to be used for linking images, yet then again it makes perfect sense.
I'm still quite amazed that a person with a severe lack of technical skills came up with this method for fixing the "why doesn't my website work" issue. I'm thinking that it was made using some WYSIWYG webpage-o-tronic software and that he filled this in as the website URL instead of the HTTP link, thus having everything autocreated in this manner.
well if you isolate a login entry there's really no difference to be seen, and they kept refusing to show him the full log, only the logs from his IP address. It showed a lot of consecutive logins, so "he must have been hacking really hard" ;)
connecting to an ftpd with a browser just results in this being logged, so no real visible difference: (just tested it, vsftpd by the way)
Tue Mar 16 08:54:59 2010 [pid 15609] CONNECT: Client "xxx.xxx.xxx.xxx"
Tue Mar 16 08:55:03 2010 [pid 15608] [username] OK LOGIN: Client "xxx.xxx.xxx.xxx"
possibly, however by then the page was gone and nobody saved a copy (which probably wouldn't really hold up in court anyway). This also happened in a time where most people didn't even know what the Internet was. The police officers involved in this would be acting like expert witnesses (they were with the FCCU, federal computer crime unit, and therefore were supposed to know everything about this, only they probably still got lost in minesweeper) saying that the logs certainly indicated an evil super hacker "because he logged in so many times"... and people would probably believe this.
Yet if it was me in that situation I'd have fought it to the bitter end, I'd never take risks resulting in losing my clearance.
Basically it can all be attributed to the sheer stupidity of the officials involved (I've since met some other people from the FCCU and they knew their stuff, and when I told them about this incident they replied that they have a lot of really dumb people there as well) and of course of the guy who created the website and basically put his credentials online for everyone to use. They should've given him a good taste of the LART.
hopefully, this person won't click random links on IRC or will at least have the good sense to enable Tor before doing so. 
i'm glad that they weren't hit with other fines or any incarceration or confiscation of equipment. it's a shame it got that far, but technically someone else's login was "used" even if it could be proven to have been accidental/unintentional.
i'm glad that they weren't hit with other fines or any incarceration or confiscation of equipment. it's a shame it got that far, but technically someone else's login was "used" even if it could be proven to have been accidental/unintentional.
Comment