Home page logo
/

basics logo Security Basics mailing list archives

RE: How hackers cause damage... was Vulnerabilities in new laws on computer hacking
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 2 Mar 2006 08:26:49 +1100


So do we ban all modems?

Stop all WAN connections?

Not all remote connections are via the Internet. Next, there are
"virtual surgery" links from Australia to PNG to help the hospitals
there - these use Private VPN's. If the Carrier stuffed up and the
hospital had taken all due care is a compromise of the network during
surgery ok?

Again, look at what has occurred from the so called non-malicious phone
phreaks. They have stopped (without intent) emergency services lines.
They have placed people at risk. We still charge people for culpable
driving even when they manage not to kill somebody on the road.

I understand the 2600 argument, but it is flawed. It reduces trust in
systems and causes damage. What is misunderstood is that society is
about collective rights. No person has the rights to do whatever they
want to another and this is the argument.

It is similar physiologically to the military using distancing to
condition people to war. Killing at a distance is easier to doing it up
close. Breaking into systems you do not see the victims and thus you can
lie to yourself in the delusion that they do not exist. The facts are
however that they do.

The quoted cases below, none of these was connected to the Internet.
Phone systems have to be public, by definition.

Craig

-----Original Message-----
From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com]
Sent: 2 March 2006 8:08
To: Craig Wright
Subject: RE: How hackers cause damage... was Vulnerabilities in new laws
on computer hacking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: Craig Wright [mailto:cwright () bdosyd com au]
Sent: Tuesday, 28 February, 2006 16:37
To: Dave; security-basics () securityfocus com
Cc: ROB DIXON
Subject: RE: How hackers cause damage... was Vulnerabilities in new laws
on computer hacking

: Hello,
: A kid or adult or whatever (and the figures show that most script
: kiddies are adult - see prior post)
:
: Point 1 - Loss of life
: There is an example a few years back in the UK. A male nurse was
: "exploring" the hospitals servers and other attached systems. These
: systems ran a database. The result was that patient scripts where
mixed
: up.
:
: This case *luckily* was discovered before any lives where lost.
Several
: people did get hospitalized.
: Next NY 1993. A 21 YO male broke into the Bell systems to "study the
: internal workings". This resulted in the emergency services response
: lines (i.e. 911) being unavailable for a time. I see this as a threat
to
: life. I hope that you do as well.
:
: USA Boston 1997, male - under 18 (age not recorded) The person
accessed
: airport computers causing damage and disruption to air traffic control
: computers. He also broke into a pharmacy and accessed prescriptions,
he
: also caused the local phone company to be down for 6.5 hours on one
day
: (including emergency calls).
:
: NZ ([2001] NZCA 71) - April 2001, another break into a phone company
and
: cause inadvertent damage case.
:
: We are NOT talking a "super hacker". They are less likely to cause
: inadvertent damage.
:
: The script-kiddies you talk about are NOT kids in general. There are
: MORE 50 + script kiddies charged than there are under 18's. Most
script
: kiddies are in their 20's (I posted the stats previously)
:
: Regards
: Craig

Craig,

        The "sad" ting about the above is that the "good folks" (I don't
have an ax to grind w/2600) at 2600 would say that "sensitive" systems
shouldn't be able to be accessed from the "outside world."  Yet, I guess
that they don't realize that not everyone can/will agree on what is or
isn't a "sensitive" system. . .

        They would also "argue" that particularly in the cases where
there was no loss of human life, that those who broke into said systems
shouldn't have to be charged as IF they caused "x" amount of dollar's in
real world damages, "just" for accessing someone else's computer system.
. .

        Likewise they don't see much IF anything wrong with the various
phone phreaks making their so called "free" phone calls.  Even after I'd
sent them a letter telling 'em how I was the victim of such "free" phone
calls when one of those phone phreaks did whatever the hell it is that
they do and charged about a $1,000.00 worth of calls to my phone.
Needless to say I was NOT a very happy camper when I got that bill in
the mail.

Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com

iQA/AwUBRAYJeh/i52nbE9vTEQLIkACfXldTk28JEAqSemJZkc2iSCEYAsUAnRdt
jz2BzjEFXa5QcwuOlDdCLg0P
=GTzK
-----END PGP SIGNATURE-----


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]