Bugtraq: Re: Major hack attack on the U.S. Senate

[Daniel.Capo () tco net br]

~Kevin Davis³ wrote:

> This was clearly not a "hack attack".  The title and opening content of this
> article is quite intentionally misleading.  The phrases "infiltration",
> "monitoring secret memos", "exploited computer glitch", "hack attack" are
> used.  If you read the entire article you will find out the following:
>
> First, "A technician hired by the new judiciary chairman, Patrick Leahy,
> Democrat of Vermont, apparently made a mistake that allowed anyone to access
> newly created accounts on a Judiciary Committee server shared by both
> parties -- even though the accounts were supposed to restrict access only to
> those with the right password."
>
> Which means the Democrats screwed up setting up their own share point and
> allowed public access to it.  There was no "computer glitch" which was
> "exploited".  This was completely a human screw-up.  And there was no
> hacking ("exploitation of a computer glitch") done by the Republicans.
> Unless you wish to call clicking on a share point configured with public
> access and opening it up "hacking".
AFAIK, "hacking" is legally defined in the USA as being unauthorized 
access to computer resources. It doesn't matter if the resource was 
adequately protected (or protected at all) in first place or not. If you 
were not given permission to make use of that resource, you are 
criminally liable.
--
Daniel C. Sobral