Home page logo
/

isn logo Information Security News mailing list archives

Re: Revealed: how MP's son used computer in hacking scandal
From: InfoSec News <isn () c4i org>
Date: Thu, 6 Sep 2001 01:11:06 -0500 (CDT)

Forwarded from: Grant Bayley <gbayley () ausmac net>

On Wed, 5 Sep 2001, InfoSec News wrote:

http://www.smh.com.au/news/0109/05/national/national7.html

By Geesche Jacobsen
September 5, 2001

[snip]

But Mr Kelly said his son was merely trying to protect his computer
from hacking.

[snip]

There was little information to show if any of the other programs
had been used, it said.

Mr Kelly admitted yesterday that one of his sons had accessed the
computer and loaded the software on July 20 from 9.33pm until
11.32pm, when the LANguard software was apparently being run on
more than 250 computers in Parliament.

The report said the software could be used "aggressively" and
appeared to have been used to scan various Internet addressees on
the computer networks. It could also be used to identify security
weaknesses, including weak passwords.

But Mr Kelly said the software was used - without his knowledge or
authorisation - because his son suspected the computer was
insecure. "The purpose was to check the security of the system to
make sure my computer was hackerproof," he said.

Note to Australian Commonwealth Attorney-General Daryl Williams:

This is a perfect example of the dual-use technology that a number of
submissions referred to in a recent Senate Inquiry.  It is this "dual
use" technology you wish to outlaw in the "Cybercrime Bill, 2001"
(478.3, specifically).

System administrators routinely rely on such technologies day-to-day
to probe their own networks for vulnerabilities.  Children of Members
of Parliament apparently used the same technology to confirm the
poorly designed network topology and file sharing policies on the NSW
Parliamentary network (see above).  And persons with criminal intent
might also use the same technologies in the commission of a crime.

But of course, the intent of the person must be proven before they are
charged with an offence under 478.3.  Or must it?  If the Explanatory
Memoranda circulated by Justice Minister Ellison is anything to go by
(these are typically used by Courts as an aid to interpretation), it
might not:

  "There will be many occasions where that intention will be evident
   from the content of the data."

For this reason and a long list of others that the Senate Inquiry
heard (and chose to ignore), the Cybercrime Bill 2001 is overbroad,
misguided, and largely ignores the benefits of a preventative approach
to computer security incidents in Australia.  At present, no such
preventative strategy exists.

Grant Bayley

-------------------------------------------------------
Grant Bayley                         gbayley () ausmac net
-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia
 www.ausmac.net   www.wiretapped.net   www.2600.org.au
-------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault