Busted for (L0pht)Crack Possession 479
TaoJones writes, "Seems like the city of Hopkins, Minn. has declared L0phtcrack illegal. The story from Channel4000 details 11 felony charges against one David Thomas Bell, including two counts of "possession of burglary or theft tools"... namely L0Phtcrack.
" What next? Debuggers?
Makes sense... (Score:5)
Having lockpicks isn't illegal. Using them in conjunction with a crime (breaking and entering, robbery, etc.) is illegal and a separate charge.
There is no difference in having cracking tools. If I'm not cracking anything, then it doesn't matter. A quick look at the article indicates they were using those tools to crack machines. Thus, a separate charge.
What's the issue here? (Score:3)
In this case, the purpose appears to have been the theft of userids/passwords from their former employers, which is already illegal under several existing statutes I'm sure.
So, please pardon my confusion, where does their posession of l0phtcrack become an issue here?
Anthony
Title of Article is BS (Score:5)
Just like there's nothing wrong with owning a crack pipe until you get caught with crack, there's nothing wrong with owning crack() until you get caught cracking.
--
blue
Since when... (Score:2)
These tools were actually used to commit a crime.. (Score:4)
I think this is akin to carrying a screwdriver. You can use it to fix a lock, or you can use it to break a lock, enter a building and steal the contents.
Let's not get too sensationalistic here..
ekk
Read closely (Score:5)
L0phtCrack is a legit tool and is legal, HOWEVER, should you use that tool, it could be called a tool to commit a crime. If he had done a physical entry they would have called his power tools, should they have been used to break in, as theft tools. Its a way to add on years (or the threat of) to their possible sentance. Somehow this is supposed to deter other criminals. Don't ask me if it works or not. I don't have a clue.
Virtual != Physical (Score:4)
People need to learn that the two simply don't equate. Stealing means that a victim does no longer have what was once theirs. Breaking into something means physically harming a device intended to prevent entry for the purpose of extracting data.
Neither of these things apply in this case. I understand that IP works differently, but we're going to have to work on the laws to make them apply. "[P]ossession of burglary or theft tools" just don't cut it.
-Waldo
Re:Rediculious... (Score:2)
The software isn't banned. You can use it for any legal purpose. This guy wasn't.
Just like slim jims (the car entry device, not the alleged food product). OK to have, OK to use on your own car, NOT OK if you have one while snagging somebody else's radio.
Bad summary. (Score:2)
This guy was not charged because he had L0phtcrack, but because he used it to steal passwords from companies. It's like a locksmith having tools to break locks. He wouldn't be charged with a felony for possessing lock-breaking tools. However, if he used them to break into a store, and steal inventory, then he would be charged with a felony for use lock-breaking tools.
Whether it's lock-breaking tools, or guns, or axes, or 2x4's, or password-cracking tools, they can all be used ethically, or illegally. If used ethically, you won't have a problem. But if used illegally, should it be any surprise that you are charged with a felony?
-BrentRe:Makes sense... (Score:4)
Flame on (Score:2)
-jwb
How do they define "significant"? (Score:2)
What "significant" security measures allow a widely known freely distributed security program to crack all the company's passwords? How about putting some restrictions on the password formats to make them resistant to such tools?
Try reading the article! (Score:2)
These people are not primarily being charged for having L0phtCrack. They're being charged with stealing a lot of sensitive information from former employers, and L0phtCrack is one of the tools that they used to break into others' accounts to get that information.
One interesting quote from the article, though:
The company may have considered the passwords very confidential, and they may have tried to keep them secret, but they apparently didn't do a very good job of it. Their security measures may have been significant, but they weren't particularly effective. Running some standard security checking programs (not to mention requiring hard-to-crack passwords) probably would have helped a lot in preventing this.
Re:Makes sense... (Score:3)
http://lethal.xs4all.nl/lockpic k/lock1/appendB.html [xs4all.nl]
This is a bit more narrow (look at the wording) but in a broader sense, l0pht could be a tool, and the depository could be a machine. It's dated 1991, so the laws may have changed since.
Deliberately Misleading? (Score:5)
The summary of the article provided as the blurb here on slashdot, right down to the very title of the article itself "Busted for (L0pht)Crack Posession" is extremely misleading, and I have to wonder if it's deliberately so?
I'm not usually one to come out and accuse the
The article says they were arrested and charged with 15 felony counts not for posession of L0phtcrack, but for repeatedly hacking into the computers of their former employers to steal lists of usernames and passwords. This is illegal, and no new news.
If we could moderate the articles themselves, I'd moderate this one down as Flamebait or Troll.
Anthony
legal vs. illegal actions... (Score:3)
While it is perfectly legal for me to walk around with a baseball bat, even swinging it around wildly... But it becomes illegal at your nose...
Oh yeh - at this point the baseball bat would become "a deadly weapon"
So posession of these programs is not illegal, but using them to harm someone else's property is... and then they become "weapons".
As long as we only prosecute people for actions and not thoughts, we're fine...
of course... with "hate crime" legislation and profiling people to community forced anti-psychotic medication (really... its happening in california) we may have moved far away from this principle...
hopefully we can fix this system and not have to scrap it...
There is more to this..... (Score:2)
They face 11 felony charges.
To quote the article
"They face three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system). "
I have no remorse for them. I don't know anything about L0Phtcrack, but if it is a program for extracting names and passwords and you use it illegally and get caught. Tough.... You made your bed and now you have to sleep in it.
If you have the L0Phtcrack software and don't use it illegaly, I doubt anybody will come knocking on your door.
grrrrrrrrr (Score:4)
The line between tools that are dangerous... (Score:5)
The problem comes because there is a level at which something isn't dangerous enough that it needs to be illegal. Obviously we can't use the argument that something MIGHT be used to harm someone, therefore it should be illegal to possess, since just about any piece of matter in the universe could be used to hurt someone in some way. (Ban books, because big heavy ones can be dropped on people from ten stories up!)
The point is that we eventually do draw a line somewhere. However I don't think that, in general, things that aren't intended for causing injury to other people should be illegal. (Burglary tools, for example, or cracking programs.) I say SHOULD because, in general, things that aren't intended for harming people are NOT illegal. So why should software be any different? The only way I can see this being justified is if the software is designed to circumvent safety locks/overrides on, say, an elevator, or the air traffic control system, or a nuclear reactor -- things that, if they break, will almost certainly cause injury. And much as I appreciate and agree with the old saw about cracking to show that the security is weak, when people's lives are at stake, I don't think it holds up any longer.
lOphtCrack != crowbar (Score:2)
This is incorrect reasoning. Crack's purpose is [drum roll] to crack passwords. There is no other application for the program. That's why it exists. Much like a set of lock-picks.
Here's the rub though, lock-picks and Crack can be used in a legal manner, by people who provide a service to breaching security to people who should rightfully have access. Ever lock the keys in your car? Nice to have somoene to call, isn't it?
They can also be used illegaly, to gain access to where you do not belong. This is when such tools become implements of criminal activity - when a trespasser has gained illegal entry to your home, and a set of picks is found in his posession, wouldn't you want that used against him?
Nobody is going to outlaw crowbars, flashlights or SATAN - even though any of these can be used to 'scope a place out'. But if you bludgeon a guard with a blackjack, or have a program designed for DoS attacks on your machine, and you are conclusively linked to a crime, then you're in for it.
Commiting robbery with your bare hands versus doing so whith a gun are two very different crimes, because of the potential for harm, or the ease with which harm can be caused. Similarly with means of trespass, if after being caught, your place is searched, and a map of the sewer beneath the facility you broke into is found on your desk...
Before we all over-react to this, let's read the article for what it is. The possession of Crack wasn't the crime, it was an additional charge brought against people who had commited a break-in.
Monetary Issue (Score:4)
anyway, I'm puzzling over the fact that the company states that it will cost US$12 500 to issue new logins and passwords? WTF? Depending on the size of the company, it's going to be an administrative bitch, but it's nothing terribly difficult and is basically a time is money issue.
Are they embellshing for effect, or are they just morons?
----
Lame even by /. standards (Score:2)
Jesus H. Christ on a popsicle stick! A 30 second glance at the linked story would make it obvious that the charges stem from using the prog to actually break into systems. How can that possibly justify the hyperbole in the headline/blurb?
I don't expect slashdot to be the most journalistcally sound source of info, but this is pathetic.
--
If your map and the terrain differ,
trust the terrain.
Re:Just when you thought 10 years is such a long t (Score:3)
Do you actually claim that the man and woman did nothing wrong? I just can't see it. Bell was *FIRED* and then used both his contact on the inside and l0Phtcrack to break in and steal stuff. It's clear he wasn't supposed to be there. There's no way he could use the defense "I was just looking around/experimenting/playing/didn't know what I was doing". It was pretty clear he was persona non grata.
The main page headline for this article is just sensationalistic. Please, read, then THINK, then post.
Re:Title of Article is BS (Score:2)
Misdemeanor charge handed to someone caught with a crack pipe. While it is usually given to someone without enough residue to prosecute for PCS, crack pipes and certain flavors of 'bowls' have no redeeming secondary use other than to consume a controlled substance and are illegal.
irresponsible headline (Score:5)
after reading the article, these people were not just busted for possesion of l0phtcrack. they were busted for illegal activities and for the possesion of the tools that they used to commit those illegal activities.
this is not only irresponsible, but sensationalistic on the part of cmdrtaco.
Re:Makes sense... (Score:2)
GENERAL LAWS OF MASSACHUSETTS
Chapter 266: Section 49. Burglarious instruments; making; possession; use.
Section 49. Whoever makes or mends, or begins to make or mend, or knowingly has in his possession, an engine, machine, tool or implement adapted and designed for cutting through, forcing or breaking open a building, room, vault, safe or other depository, in order to steal therefrom money or other property, or to commit any other crime, knowing the same to be adapted and designed for the purpose aforesaid, with intent to use or employ or allow the same to be used or employed for such purpose, or whoever knowingly has in his possession a master key designed to fit more than one motor vehicle, with intent to use or employ the same to steal a motor vehicle or other property therefrom, shall be punished by imprisonment in the state prison for not more than ten years or by a fine of not more than one thousand dollars and imprisonment in jail for not more than two and one half years.
--
We need story moderation (Score:3)
Either that, or have the
Exactly right (Score:2)
Had the submitter actually read the story, the lead-in might have been a little different. The tool became a theft tool as soon as they used it to steal as opposed to securing their own machines.
Anyone can have a copy of l0phtcrack; when they use it to commit a crime, though, then they'll get nailed for it.
Re:Since when... (Score:2)
Similarly, it's not good form to be found carrying a knife used in a stabbing. And the real no-no is to be found with a smoking gun in your hand and a until-recently-alive person splayed on the floor, their brain decorating the wall.
Possesion and intent (Score:3)
Owning a crowbar for use in opening locks, it's questionable.
Owning a crowbar for possible use in killing living beings, a bit more questionable.
Owning a crowbar for bashing people's heads in plain sight, most likely illegal.
I think this is a very poor arguement. It's quite clear that these two were busted for illegal use of the 'tools' and they are just trying to bring as many charges as possible against the two. That way, that's one more charge that they have to plea bargin down.
I know I have been burned by this issue myself once or twice, but it's important to establish intent to use a weapon/tool. I might own a gun and be just a hunter. Or I might own a gun and use it to shoot children. Our country has decided that intent is more important than the possiblities of danger. And well.. that's a whole different issue. `8r)
--
Gonzo Granzeau
Oh, come on... (Score:2)
Read the article before going off please... (Score:2)
Just because someone has cracking tools does not make them a criminal. However, just because someone has cracking tools, they are not automatically some kind of hero either. They might just be a petty criminal.
Funny, the slashdot article headline and the actual story seem to communicate completely different stories to me... Either the poster / editor know something about the case that is not in the cited news article, the poster / editor did not read the article very closely before publishing, or the poster / editor have some kind of alternate an agenda here.
Of course a 4th possiblity is that *I* misunderstood something. This would not be the first time
A rough analogy here is the position of the NRA relative to firearms. They will fight like crazy to protect your right to own and possess them, up until the point where you have used them in commission of a crime. They then fight like crazy to see that you DON'T have any right to possess them (for example Project Exile and the three strikes laws), and in fact work pretty hard to see that you spend a LONG time in jail for it.
Bill
Not Quite.... (Score:2)
Occassionally one of my friends used to pull out a little brass pipe and smoke pipe tobacco out of it just to be a wiseass. He was questioned but they couldn't do anything because there weren't any traces of anything naughty inside. You can posess a questionable item, unless its used in a criminal action. Then the posession of the guilty object becomes a felony (basically levied by the DA to increase the number of charges the prosecuter can try to nail you for).
Re:grrrrrrrrr (Score:3)
Slashdot Misleads Users with Inflammatory Headline (Score:2)
Re:Virtual == Physical (Score:3)
Breaking and Entering dosen't have to involve harm to a device. If you find a store key laying on the sidewalk and unlock the door and walk in, you can still be rightfully charged with B&E. The reason? You didn't belong there. You had no permission and having possesion of the key is not a free license to use it as you see fit. It is still a crime if no damage is caused.
If someone had a duplicate set of keys to your car, would you complain when they take it only because they can? What if they decide to just keep it because they like it?
Geez, I learned these things when I was a child. Do most people even care anymore?
Re:$ 2.5 million? (Score:2)
No? I didn't think so.
Think about it this way -- how much $ was spent to acquire each and every customer? Wouldn't it have some value approximate to that?
Re:Virtual != Physical (Score:2)
So I can break into an office, copy all of the information in the filing cabinets with a copier and as long as I replace the toner and paper I used and restored everything to its original condition, then its not illegal?
Waldo wrote:
I understand that IP works differently, but we're going to have to work on the laws to make them apply.
That's not what I said. What I said was that the tools used to steal IP aren't the same as tools used to steal objects. They should be treated differently in the eyes of the law.
Re:Now arrest gun owners! (Score:2)
Gun Owners that use their guns to commit crimes are arrested. Maybe the wording of the charges isn't the same, but its the same basic principle. If you have dynamite and blow up a safe with it, you will be introuble for having it. However if you use it legitimately there is no problem.
P.S. http://not.a.real.link.com [link.com] is back up...
Re:Virtual == Physical (Score:2)
That's what makes this all so interesting. I own a crowbar, which provides me with access to your vehicle. Owning a crowbar is not illegal. They're using for many things beyond getting into cars. Using a crowbar to get into a car is illegal.
I'd hate for this to be the first step towards banning digital crowbars (read as: tools.)
[INANE TITLE GOES HERE] (Score:2)
Although I don't nescessairly agree with the emphasis on l0phtcrack that the article has, I'm fairly sure this is the usual case of underinformed slashdotites getting over excited when the see a word they recognize in a mainstream article.
Let's be perfectly clear with something. It was illegal to steal the customer lists from their two places of employment, regardless of the methods. The article has some bad wording, but it seems like they were referring to a l0phtcrack datafile found on the guy's computer, not the software itself.
In any case the software was used to commit a crime and therefore it's not like the police saying it's illegal to have the software.
What these people really should be busted for is stupidity. They got caught. They were using prefabbed tools (prolly not 100% suited to the job) and didn't use encrpytion. Geeze, what happened to the good old days when people knew how to commit computer crime.
Re:L0pht(crack) vs lock pick set (Score:2)
How so? If I run L0phtcrack from my home machine on the cable modem and happen to intercept some login packets, and then decrypt them, what Bad Thing have I done?
Using that information to break into the network - yeah, that's bad, that's illegal. But listening for login packets and decrypting/storing the info seems to me to be just as "bad" as using a scanner to listen to cell calls. If the data is sensitive, don't blast it through my airspace/network.
Re:Has the whole world gone nuts? (Score:4)
Back on topic: While in the case at hand, the person getting busted may have actually used the tools for unlawful purposes, it may be only a matter of time before someone else is charged with only possession of tools. Not every jurisdiction makes sane judgements about such things, even ones who might on other issues. Heck, sometimes such things are strictly related to election year politics (the 'head shop' crackdowns tend to happen in years the county prosecutor is up for re-election). Coincidence?
The point is, this is one of those slippery slope issues where once things start downhill, it is very hard to get back up again.
NOT Outlawed (Score:2)
If you caught breaking in to someone's house, and you happen to have a bag containing a crowbar, grappling hook, climbing harness, glass cutter, and a portable blowtorch, a radio scanner, and a stethoscope, they can accuse you of having 'burglary tools' in your posession, and this adds to the charges against you.
These items by themselves are certainly not outlawed, and you can posess them all you want.
Why should computer related crime be any different?
Brings back memories. :) (Score:2)
As best as I recall, the judge threw the case out, on the grounds that cracking software could not be construed as a lockpick, that the means of gaining entry was transient (the password wasn't stored, so no fake "key" was ever really in the posession of the cracker), and no actual damage had occured (therefore there was no "breaking").
The UK introduced a "Computer Misuse Act", forbidding unauthorised use of a computer's resources, not too long after.
Re:irresponsible headline (Score:2)
Hey have you seen the prices of VALinux and Andover stock lately? They've got to get the add impressions up...
Re:Makes sense... (Score:2)
I can own a gun, that doesn't make it okay for me to hurt someone with it.
I gotta admit, I think the head honchos at slashdot need to do a better job with user submitted articles. I know there is a ton of stuff submitted, but if they're going to post something, they should at least read it and proof-read the post for greatest clarity. Reading this article would have changed the 'oooh, the man is killing us' to 'look at what bad things people can do with our cherished tools'. Don't take this as an attack at those tools either, I think they are something that does need to exist. OTOH, they have to be used responsibly and this is a prime example of how they can be mis-handled.
Re:Deliberately Misleading? (Score:4)
Slashdot moderation works so well it's time to use it for article selection. Let moderators look at the article-submission queue and moderate them up into publication, or down into the slush pile.
Re:Monetary Issue (Score:2)
Last summer one of our users RH boxes was broken into and basically used for a pirate games repository over the weekend. I was notified Monday for by our ISP of a 5000% increase in our traffic over the weeken (gee, thanks guys, could have called me saturday). It took me 6 hours to figure out what happened plus another 24-36 to fix the problem and seal the security hole. During this time period I was unable to do other tasks around here. I don't make nearly close to what the person in the other message posted, but we lost a few grand in my time when I could have been doing jobs for customers. Plus you end up behind schedule and you have to makeup the time you lost either threw overtime (if you get it) or by sacrificing other tasks. From that one litle break in it took me close to a week to catch-up and get back to where I'd been. Sounds confusing, but business is confusing.
Matt
And the Inflamatory Headline of the Year goes to.. (Score:2)
As far as the overesitimate of monetary damages, companies have an incentive to overestimate damages for insurance reasons. There was a great series of articles in 2600 a year or two ago (summer '97 issue if I recall) called "A Guide to Getting Busted" that explains how/why a company will grossly overestimate monetary damages due to being cracked and how that translates directly into figuring how much jail time an unlucky skr1pt k1ddy will serve.
So the bottom line is this guy cracked a former employer and he got caught and now they're throwing the book at him as is the case when any cracker gets caught. Don't be surprised if they charge him with the Kennedy assination and the ebay DoS attack just for good measure.
Re:grrrrrrrrr (Score:3)
The actual charges against the defendents... (Score:2)
Directly from the article:
In short, as has been pointed out elsewhere in this discussion, these people weren't busted for having l0phtcrack. They were busted because they had it, and actually used it gain unauthorized access to computers. Also found in Bell's possession was the confidential list of clients for the company in question, username and (cracked) password pairs, and the contents of a restricted file on the system.
If this shouldn't be against the law, I ask you to tell me what should.
How about exercising your brain? (Score:2)
1) Nothing was DECLARED ILLEGAL
2) Nobody was busted FOR HAVING L0PHTCRACK
3) This is no big deal.
1) people were busted for cracking.
2) One of the charges laid against them was for posession of burglary tools. THIS HAPPENS WITH ANY CRIME! THE TOOLS USED YOU ARE ALSO GUILTY OF POSESSIN!
Jeesus christ... get a grip people.
Re:$ 2.5 million? (Score:2)
o How much did it cost to produce?
o How much would someone who really wanted it, pay for it?
Let's look at bullet one. According to Epicor's 4th quarter release (from http://www.epicor.com), they did $258M in sales last year. According to their balance sheet from the Feb.2 earnings release, last year's cost of sales and marketing was $89M. That makes $2.5M for the customer list (the primary product of that $89M) seem pretty darn reasonable to me.
Now bullet two. You are the primary competitor of Epicor. Don't you want to know what sales they just landed? Don't you want to know what regions they are expanding into? What companies bought the newest product? How much would you be willing to pay for that? $500K? $1M? How much of YOUR $89M will having that list save you?
My point being: damages are up to a jury to decide. The company is in the best position to figure out how much they have been damaged. I imagine that estimate could be 2x-5x off from reality. But I doubt it's much more than that. This estimate seems pretty close to me.
Re:What about boltcutters? (Score:2)
(Disclaimer: IANAL)
"The axiom 'An honest man has nothing to fear from the police'
Now that eveyone has their panties in a bunch... (Score:2)
If this is the case, the company has a legitamate criminal complaint. There's good reason to believe that he would have reason to attempt to hurt his former employer.
This isn't a heavy handed crackdown. This isn't a small town declaring that L0phtcrack is illegal to possess. This is a criminal arrest where a former employee is believed to have accessed a computer system after being terminated from his job. The logical motive would be to hurt the company by giving information to competitors.
CmdrTaco, how many times have we complained of uneven, uninformed media coverage of internet and digital media issues? Wouldn't it help our credibility and our cause to not be guilty of the same thing? I read the story that was linked to in your post. Did you even bother? You post does not provide ONE DAMN SHRED of evidence that you did.
How did they know that? (Score:2)
cracking tool? (Score:5)
The issue that I see is that many many programs can be exploited manually. What if you have a vulnerable network daemon and the attacker uses nc to feed it input. Is nc illegal then? How about if somebody writes a trojan in C, is the compiler illegal? the linker?
I'm not attempting to be difficult, I just fail to see the point of criminalizing a particular password recovery tool moreso than other methods of attack. If the alleged crimes are true, then I have no problems with them going down for what they did, but I don't see the how as being particularly relevant.
----------------------------
No CmdrTaco, this is not a conspiracy... (Score:2)
I hope these geeks-gone-bad get nailed. They give the rest of us (and the tools we use) a bad name.
Jailbrekr.
Re:Bad summary. (Score:2)
I know this has *nothing* to do with your point, which I agree with, but be careful with your wording. It's dangerous to confuse ethics and legality. Just because something's illegal doesn't make it immoral, nor if it's legal is it necessarily an ethical act.
Sorry for being offtopic, but just a pet peeve.
the best part... (Score:2)
You can be arrested for carrying a screwdriver if a cop thinks you might have bad intentions. It doens't matter if you have actually commited a crime or not.
Re:grrrrrrrrr (Score:2)
Now here is how IT staff was explained to me and it makes perfect sense. Sysadmins, helpdesk staff and other similar positions are financial overhead. We are a neccesary evil. The cost of sysadmins cannot be rolled into the cost of a product/project in terms of billable manhours to a client except in unique situations like the one I described above. Therefore maintaining passwords and user accounts is already part of my daily tasks.
Now let's look at yet another point of view. At least they were security aware enough to change the userids as well as the passwords. I can see this being a bit of overhead as you have to recreate all the accounts as well as notify the users. If they hadn't changed the usernames, the issue would have been less costly. Since we know this was an NT password list that was cracked, all the sysadmins would have to do is send out an email to all users notifying them that they would need to log off and log back on. The sysadmin would only need to run through usermanager and make all users change password at next logon.
I do see one aspect that I didn't think of before though that someone pointed out above you. The employees who were locked out during this time period were unable to generate revenue. And quite honestly the cost is starting to sound more reasonable to me now. If this were my network (At least my password policy requires users to use at least 3 numeric characters and requires a password change every three months), I would take down everything and do a full security audit on all the machines to verify that none of the crack tools were on any client systems. I could see this downtime being at MINIMUM justified by a $12,000 price tag.
Re:cracking tool? (Score:2)
The state attorney's office is probably largely ignorant of technology and probably doesn't really care, either. They will just heap on as many charges as possible (14?!) knowing it will be plead down, just to get what they can in jail time from the Court.
BTW - about your sig: I expect stupidity is painful some of the time. Great idea if it could be implemented, tho.
Re:Makes sense... (Score:2)
...but not in Illinois!
I'd love to dabble in lockpicking like in my college days, but in the Land of Lincoln possesion of lockpicks without a locksmith's license is, as far as I could tell, a felony.
As far as I could figure from the requirements for the license, it appears to be a sort of guild move. Most, if not all, other states don't have this kind of restriction.
Of course, the subjects of the article apparently weren't actually nailed according to the /. headline.....
Re:grrrrrrrrr (Score:3)
Let's assume, for the sake of argument, that the company I work for contracts you to come in and change everyone's user ID and password.
There are 500 users in the company, at five sites. Here's what we need you to do (within 2-3 days):
- assign all users a new ID and password
- enter those IDs and passwords in all domains and Netware servers (total of about 25 Netware and NT servers)
- delete the old IDs
- add the new IDs to all the existing groups
- delete old IDs from all the existing groups
- reconfigure Exchange to work with the new IDs
- reassign all the group memberships in Exchange, too
- reconfigure our document management software to work with the new IDs.
- go to all the NT workstations where people have shared files and reconfigure those
- rewrite the brain-dead login scripts that check for user IDs instead of group memberships to work with the new IDs
You need to do this outside of normal working hours. You can subcontract as much of this as you like. We won't loan you any of our staff; they're too busy with damage control and normal duties.
What's your fee? I think $12,500 is CHEAP.
P.S.
new id's
New ids would be pretty expensive actually, though not as much as new egos or superegos
Re:cracking tool? (Score:2)
>charged with murder, not possession of a rock.
But if you attacked me with it you'd get charged with
assault with a deadly weapon.
Law enforcement has to stack up as many charges as
they can come up with to give them a chance to get a conviction.
The guy that got busted was planning on stealing the companys clients
and was using these tools to break into the
companys system to cover his tracks.
Honestly,
of Jesse Berst from zdnet.
"Let's post inflammatory stuff to get the banner ad revenue up."
Umm... you're wrong... (Score:3)
From the article: (emphasis is mine)
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
So, you see? Apparently (L0pht)Crack is a burglary tool, and Bell was charged with 2 counts of possession of it.
Re:Has the whole world gone nuts? (Score:2)
I was (young and stupid long ago) arrested, for attempted burglary. In addition to the burglary charge was a charge of possession of burglary tools. These tools included: a flashlight, a backpack, a hammer, my old homework (as it was in the backpack).
If yo use something, no matter how legal it may be in and of itself, to do something illegal, it becomes another thing they can tack onto the charges.
It's always been like that.
m.
Apples & Oranges (Score:4)
The point is that you're also charged with murder. Should you get out of the murder charge for some reason, there's still use of a deadly weapon. I'd bet there would be a string of charges should you kill someone with a rock.
L0pht crack when used to steal passwords is illegal. This doesn't make the compiler illegal, much like using a grinder to make lockpicks doesn't make the grinder illegal. It's the picks and using them in a crime that is.
It's just that the laws in this jurisdiction are probably broad enough to cover this. See my earlier comments for the laws in MA (which appear to be tighter). The DA/prosecutor is probably savvy enough to know cracking technology.
Re:Read closely (Score:3)
Over-charging is just a tool to get more punishment heaped on the accused criminal.
SlashInquirer? (Score:2)
Had I not checked out the story, I would have been left thinking these guys got busted for possessing (L0pht)Crack.
So when did Rupert Murdoch buy the guys who bought the guys who bought the guys who bought slashdot?
>What next? Debuggers?
What next, aliens having Linus babies?
Re:grrrrrrrrr (Score:2)
$90,000/52/40=~$43
$30*40*52=$62,400
no no no... (Score:2)
If you hit someone with a bat, it becomes assault with a deadly weapon, but possession of a baseball bat is not a legitimate charge. Even possession of deadly weapon shouldn't be a legit charge. I mean, what's the point of making it a separate crime if you can't be prosecuted for it without committing another crime? Why not just increase the punishment for the actual crime? Bell was charged with 2 counts of possession of burglary tools for having (L0pht)Crack on his computer in addition to his actual crimes.
MGL Online (Score:2)
http://www.magnet.state.ma.us/leg is/laws/mgl/index.htm [state.ma.us]
--
Re:Since when... (Score:2)
You know you've been playing too much Quake when ... ;)
Re:legal vs. illegal actions... (Score:2)
A better analogy might be a gun (at least, here in the US). You're allowed to own a gun, just like you're allowed to own L0phtCrack. If you use it to commit a crime, you not only will be charged with the crime, but also "... with a deadly weapon", or at perhaps just "discharging a firearm within city limits".
Nobody is going to get arrested just for owning a cracking tool (at least not yet), but prosecutors can easily add on things like that to any actual crimes committed.
--
'...let the rabbits wear glasses...'
Y2038 consulting
Once again.. (Score:3)
From the article (my emphasis):
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
Seems like that's where possession of (L0pht)Crack comes in.
from the misleading-summary dept. (Score:2)
Try this... (Score:2)
Well gee, what are they gonna charge you with? Possession of a "SWAG BAG?" If they are going to charge you with murder, then they should charge you with murder, not possession of a knife. If they want the sentence to be longer, then they should work at getting the maximum sentence for murder to be made more severe (hmm.. in Texas, that would mean they get to fry you AND your dog :) If they can't get that done, then maybe it's because people feel that the current punishment is enough, and if that's the case, tacking on b/s charges is just wrong.
Links (Score:2)
a bunch of crap... (Score:2)
From the article (my emphasis):
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
From this we see that having the "burglary tools" is one of the charges. The screwed up thing about charges like this is that they can't seem to be brought unless you commit a crime. Once you commit a crime, they tack on this extra crime, that isn't really a crime by itself, just so they can increase your sentence. Why is this necessary? Apparently because some people don't want anyone to understand just what the penalties are for a crime. If they want to put people away for a longer time, why don't they just work to get the maximum sentence increased for that crime? Maybe because people wouldn't like that? So they just look for a way to get around what the people want and we end up with b/s charges like this one.
"Possession" laws are fundamentally flawed (Score:2)
If someone runs over you with a car, you are still just dead as you would be if they shot you; but people think that a gun is somehow more "evil" than a car. If 10 people got shot standing on the sidewalk, every knee-jerk idiot will come out of the woodwork saying how bad guns are and that the government should do somthing about those evil guns. But if those same 10 people had been run down by a lunatic in a Buick, those same people wouldn't be screaming for car control, they'd put the blame right where it belongs - on the actions of a person.
"Possession" laws (of weapons, tools, drugs, whatever) are all flawed because they assign criminality to an object, instead of an action. Let's say that one person breaks into a house by picking the lock and steals $5000, and second person breaks into a house by kicking down the door and steals $10000. It is morally indefensable to say that burglar 1 deserves a harsher punishment than burglar 2 merely because burglar 1 used a tool and burglar 2 used his foot. The additional charge of "possession of lockpicks" achieves no useful purpose.
The criminal justice system is so mismanaged and overtaxed that it usually cannot keep convicted criminals behind bars for more than a small fraction of the time they are sentanced to. Rather than fixing the real problem, the politicians have decided to try and keep criminals in jail longer by creating more crimes. Police and prosecutors are rewarded (with raises, promotions, etc) for having a large number of arrests and/or convictions, providing them with a personal interest to come up with as many charges as possible for any given case, regardless if it's in the public's interest or not. These factors combine to create a system that has an enormous potential for abuse.
Sorry if this seems rambling or off-topic; I'm running on too much caffeine and not enough sleep...
"The axiom 'An honest man has nothing to fear from the police'
let's try to make some sense... (Score:2)
Using anything to break into a car (without the owner's permission) is illegal. I could use a rubber ducky to break in and it would be illegal. The point of this is that the crime is breaking into the car, not possession of a rubber ducky. Possession of a rubber ducky shouldn't be a crime, even when it's used to break into a car. The crime is breaking into the car. That crime has a punishment associated with it. Why do we have to overcomplicate matters by trying to say that possessing a rubber ducky is a crime if you break into a car with it?
Re:They did not get busted for L0phtcrack!!!!!!!!! (Score:2)
From the article (my emphasis):
David Thomas Bell, 33, of Coon Rapids, faces 11 felony charges. They include three counts of unauthorized computer access, two counts of theft of trade secrets, two counts of attempted theft of trade secrets, two counts of computer theft and two counts of possession of burglary or theft tools (specifically, a software program for extracting user IDs and passwords from a computer system).
Re:Title of Article is BS (Score:2)
Re:Virtual != Physical (Score:2)
Getting hold of my credit card number isn't a crime. Using it to make purchases when you aren't the cardholder is fraud and is a crime.
Re:Makes sense... (Score:2)
As was stated before, if you're not doing anything illegal, owning the tools (or the software) is not a crime. Proving intent is much harder than proving possession, and rightly so.
Unfortunately, the same logic is not always applied to firearms, radar detectors and many other devices that are not inherently criminal but are used by some people to commit crimes.
What next? Debuggers? (Score:2)
Well, I don't see why not. I'll admit that I do not understand why using a tool to commit a crime is somehow "more of a crime" than committing the same crime without a tool. But I've heard of strange laws where using a gun to commit a robbery is treated as worse than using some other type of weapon (e.g. katana, disintegrator beam generator, monkey wrench). For some reason, that's just how the law is in some places. Use a gun, go to jail. Use a nuclear warhead (the "implosion" model -- not the "plutonium gun" model!) and maybe you won't go to jail.
The funny thing is that logical extension, the tool definition could be applied to just about anything. Commit a computer crime, and you're in trouble. But if you used a keyboard or a monitor to help you commit that crime, you're in even worse. Maybe if you commit purse-snatching and then run away from the scene, your shoes could be considered theft tools? What about the spoon that you used to eat the Wheaties than make you run so fast? Spoon == theft tool. Since it might be difficult and distracting to commit a crime while suffering from a toothache, I would definately classify a toothbrush as a theft tool too. And, of course, the perp wouldn't have been able to commit the crime if he had stayed home taking care of the kids, so a condom is a theft tool too. And if he had died in the car crash that he had last year, this crime surely would not have occurred, so his seatbelt and anti-lock brakes are theft tools.
But let's get back to that condom thing. Dad was sloshed on beer, after a night's celebration due to winning a high school football game. Dad didn't have a condom handy, nor the foresight to use one, and when the head cheerleader saw his big football trophy, she got really excited and one thing led to another, resulting in the birth of the perp. Dad died years later, and the perp inherited his house, which includes that old trophy up in the attic somewhere. That trophy is a theft tool. He is in possession on an object that enabled him to commit a crime.
It looks like just about any crime can have an arbitrary number of sub-crimes attached to it, thanks to these using-tools-laws. I think it would be fun to be a prosecutor for a day, just to throw the book (which probably happens to be a theft tool in some way) at suspects.
---
Re:When did THIS happen? (Score:2)
Re:Virtual != Physical (Score:2)
Sort of like saying rape really isn't a problem. She didn't lose anything.
That's just dumb. Rape isn't even comparable to theft, it's a form of assault, which is a crime and nobody is arguing that.
Your other arguments have at least some merit. Stick to those.
Re:The actual charges against the defendents... (Score:2)
Think of it this way: I own a set of lockpicks. That in and of itself is not illegal. If I were arrested for burglary and they found the lockpicks in my possession (either at home or on me) they'd add the charge of owning tools specific to the purpose of commiting a felony. It's now up to the DA to determine if those tools were actually used in any crime and are therefore relevent to this case. If they aren't, then those charges will be dropped.
The police can charge you with anything, that doesn't make it illegal. Contrary to popular belief, the police and the DA don't determine what is legal and what is not. Not directly anyways.
Now, it is illegal to own a device that's only use is to commit fraud, like a red box, or a tricked out cable descrambler. Simply owning one of those devices is a crime. That's because they have no legitimate purpose other than to facilitate the commission of a crime. L0phtcrack doesn't fit that description, but that may not be the software that this idiot was arrested for. We don't know. They have insinuated that was what it was for, but all the article stated was that he used L0phtcrack, and was arrested and charged with two counts for having in his possession software for busting passwords. I think the journalists could be trying to stir up a little controversy, by being intentionally vague.
Re:Rediculious... (Score:2)
You're missing the point. It dosn't matter if they used a slim jim, a rock, or their fist; your radio is still gone. The action of stealing it is what should be punished, not what tools they used to help them steal it.
Stealing a radio out of someone's car is already illegal. It's unnecessary, illogical, and immoral to invent a new "crime" for the mere possession of an object, regardless of what they have done with it or might intend to do with it. Put the blame where it belongs, on the criminal and not the tool.
Bad laws do not help deter or punish crime; all they accomplish is to create a system that's prone to abuse.
"The axiom 'An honest man has nothing to fear from the police'
Re:Bad summary. (Score:2)
The language is important here: he should have been charged with "illegal use of password-grabbing tools", just like a felonious locksmith would be charged with "illegal use of locksmithing tools".
Actually, he should have just been charged with theft of whatever he stole, as well as breaking into a computer system, regardless of what he used to get in.
Folks aren't getting the implications (Score:2)
Jurisdictions that make possesion of certain tools illegal refer to them as burglary tools. This is by state or by county. It is quite illegal to carry lockpicks in some places if you're not a licensed locksmith.
The definition of burglary tools is anything that has been classified as burglary tools.
There is no licensing for security professionals or system administrators.
Therefore, since L0phtcrack has been classified as a burglary tool in Hopkins, and you can't get a license to "carry" it, it's illegal to have there, for as long as the "burglary tool" classification sticks.
Quite stupid, yes?
Re:Possesion and intent (Score:2)
You might get off with Murder in the second degree if you beat someone to death with your fists (or a even a crowbar), but if you kill someone with a high-power sniper rifle with a 30x night vision scope, most people would have a tough time believing that you didn't plan to kill anyone.
The same goes for breaking into computers.
You have the tools: this is a pre-meditated act and is worth a few extra years in the slammer.
IANAL, but I've seen enough 5-0 to know what consitutes a pre-meditated act, at least in Hawaii anyways.
Re:irresponsible headline (Score:2)
Noel
RootPrompt.org -- Nothing but Unix [rootprompt.org]
Re:Makes sense... (Score:2)
IANAL, but I do have a minor in Criminal Justice, and I know that in Iowa at least, you can be charged with posession of burglary tools for having a SCREWDRIVER. Now of course they don't charge everyone who owns a screwdriver, they charge those people who use it as a tool to commit a crime.
I completely understand why the DA filed so many charges, in this kind of case, you never know what you can make stick, you can't try them again later if you don't get them the first time (double jeopardy applies) so you throw the book at them in the hopes to get them on several charges, or, even better from the DA's point of view, you get them to plead guilty to two or three of the charges in return for dropping the other 8 or 9.
This is how the Criminal Justice system works folks, if you don't like it, become a judge!
---
Re:let's try to make some sense... (Score:3)
Because something must be done about those rubber duckys! If you are in the legislative branch of government and breaking into cars is already a crime, then you have no way to show how tough on crime you are. When it's time to be re-elected, are you going to run an ad that says, "And I would have passed the don't-breaking-into-cars law, if it hadn't already been done"? That is soooo lame!
So here's what you do: raise the visibility of rubber duckys in the public eye, and make sure that everyone knows that rubber duckies are a car thief's favorite tool. I bet you can even find someone to get on 60 Minutes and tearfully recount how a child molester stole their car just to pay for their rubber ducky habit. Then pass the law that makes it an additional crime to use a rubber ducky in the commission of other crimes.
Next election ad season, make sure that your ad states that you are pround to run on your record, and mention that your sponsored or supported the three-ducks-and-your-out law. Point out that your opponent opposed the rubber ducky law. He is obviously soft on crime. He is one of those liberals who thinks we should let everyone out of jail.
This is not a joke. This really happens. Watch the ads. I think they're quite a bit a part of the reason we have these types of laws.
---
Re:Makes sense...to a point (Score:4)
I have to concur. When a police officer recieves a complaint or sees something suspicious, the first thought is to take care of the situation as quickly as possible by using whatever methods they have at their disposal.
These include:
Speaking to the subject(suspect)
Confiscation of item(s)
Arresting the subject(suspect) or taking the subject into custody (these are different things, of course).
Shooting or disabling the subject (almost always a last resort).
Anecdote:
In the State of Illinois, all knives are legal besides switchblades and ballistic knives (knives which shoot the blade). Butterfly knives are (and contrary to popular opinion), last I checked, legal. So, by extention, swords are legal. So, standing out in your front lawn with a sword, chopping on your own tree is legal.
A friend of mine did this.
And when the police officer came by, she confiscated the sword. The reason the officer was called was because an elderly person across the street called and complained.
After some hassle, including threatening legislation, he got the sword back.
So, the sword is not illegal.
However, if he went over and threatened the elderly person who called with the sword, that would be illegal, and the tool would be rightfully confiscated. Same thing if he chopped her head off.
I hope this wasn't that confusing.
later
Not quite (Score:3)
Not quite. (IANAL, but) it is a crime ("menacing") the instant you present a credible threat of intentionally striking the other person with the bat.
This has some pretty deep consequences. If you swing the bat at me, I don't have to wait until the bat connects before acting in self-defense. This applies even if you're "spoofing" me and I misinterpret the facts in the fraction of a second between seeing a fast-moving bat and my response. Since a baseball bat to the head is "lethal force," in most jurisdictions I have the right *to kill you* in self-defense. In these cases it won't even matter that the bat is a hollow plastic toy, if I have no reasonable way to know this. (This could happen if you come up on me from behind.)
On a related note, every so often you hear about some teen killed while branishing an unloaded weapon - or even a realistic toy. They seem to think that there is some legal distinction if the weapon is unloaded (or unreal). They're wrong - and just as in the case of the bat the victim isn't forced to wait until the instant the bullet strikes his skull before he can act. In many jurisdictions merely displaying possession of a gun constitutes use of lethal force - and the other person is legally able to use lethal counterforce to remove himself from that situation. People might be able to outrun bats and knives, but not guns, and the only sure way for most people to disarm someone with a gun is to kill them first. Remember that next time some kids complain that The Man has no sense of humor about them driving down the street while waving (realistic) toy guns out the window. That actually happened here, a few years ago!
What you quoted is actually a misquote a First Amendment "protected speech" argument. Your speech might offend me (and others), but it doesn't cause us harm in the same way that a punch in the nose does. So we have to live to learn with objectionable speech, not with idiots who wildly swing their fist (or bats!) around others.
Back on point, this is totally irrelevant. Nobody said that L0phtCrack was intrinisically illegal to possess, they said that it was a "criminal tool" used while commiting criminal acts. That's no different from calling a hammer a "criminal tool" because it was used to break car windows, a screwdriver a "criminal tool" because it was used to break the lock in the steering column, etc.