They raise the example of a former California judge who was convicted of possessing child pornography and sentenced to 27 months in jail.
The key evidence in the conviction came from a Canadian hacker, Brad Willman, who infected the convicted man's PC with a Trojan horse, disguised as images of child abuse, on an internet newsgroup visited by pedophiles in 1999. The hacker (who used the handle Omni-Potent) broke into the PCs of those he infected, focusing on those he suspected of being involved in child abuse.
Sophos would like you to vote on whether this illegally obtained evidence was justified.
We'll be following the results of that poll, but would also welcome your comments here on the following two questions...
- Should illegal evidence ever be permissible, no matter what the charge?
- Should the hacker, Brad Willman, have been charged and potentially convicted for his crime of illegally infecting PCs connected to the net (ignoring cross-border legal issues)?
5 comments:
How did a Canadian hacker get involved in the first place? It sounds like he may be some sort of psycho exercising vigilante justice. He should probably see a therapist!
Really, how is this any different from a white hat hacker showing a corporation how easily their systems can be infected? He penetrates the system first. That's illegal as well, isn't it?
Ultimately, it's a moral issue more than a legal one in my mind. If it puts another sick pedophile behind bars, then so much the better.
The cops have been sucking criminals in for a long time.
Speaking of illegal activity, I just spotted the following in ComputerWorld. Happy blogging!
New Storm Trojan variant spreads in blogs, forums, Webmail
February 27, 2007 (Computerworld) -- A new variant of the "Storm" Trojan is injecting its come-on into blogs, Web-based message forums and Webmail as part of an effort to spread itself to an ever-widening net of PCs, according to a security researcher.
Dmitri Alperovitch, principal research scientist at Secure Computing, said today that the Trojan -- best known as the "Storm worm" but also pegged as "Peacomm" and half a dozen other names by anti-virus vendors -- is using a novel approach to spread. "This is a really neat twist, through the Web channel," said Alperovitch.
An initial infection is still carried out via e-mail, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound Web traffic
"It has hooks for boards, e-mail, and blogs," said Alperovitch. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular Web-based mail services such as Hotmail, Gmail, and Yahoo Mail the Trojan adds text to the entry or message.
"It inserts 'Have you seen this link?' along with a link to what seems to be a video," Alperovitch said. Anyone clicking on the link will only find their system infected. "He's not targeting particular sites. Instead, his code is generic enough to work on lots of sites." Secure Computing has seen evidence of the bogus posting on messages forums, including one for Men's Health, as well as "thousands of blog entries," said Alperovitch.
Man uses free, public Wi-Fi; police seize his laptop (ComputerWorld)
By Preston Gralla on Fri, 03/02/2007 - 2:01pm
Next time you visit Alaska, leave your laptop behind. An Alaskan man has had his laptop seized by the police for --- horror of horrors! --- using a free Wi-Fi network at his local library.
The AP reports that 21-year-old Brian Tanner was sitting outside the Palmer public library after hours, using its free Wi-Fi network, when a policeman confiscated his laptop.
What's the crime? That's not at all clear. Apparently, the policeman had told Tanner previously not to use the W-Fi network, although exactly what crime Tanner was committing by using a free, public network at a library is not at all obvious.
When the AP asked the policeman what he thought when he saw Tanner using the library's network for the second time, he said, "It was kind of like, 'Well gee whiz, come on.'"
Oh, I see. That explains it.
Tanner won't be getting his laptop back for a while. The police want to inspect it to see what, if anything, he was downloading. Someone may need to show them where the "On" button is, though.
The police were supposed to have the laptop for only a day, but because the library director is out of town, Tanner won't get it for another week. What the library director has to do with the police inspecting the laptop isn't clear. Perhaps the director needs to show them where the On button is.
So what crime was Tanner committing? It's hard to say, although given that Alaska keeps voting Senator Ted Stevens into office, perhaps any sign of intelligence -- such as using a library -- may subject one to incarceration in the state.
Are Hackers Really to Blame?
By year's end, more than 72 million records with Social Security numbers, credit card numbers, birth dates and other personal data will have been exposed. That rate is about 200,000 more records per month than last year. But are hackers to blame for all of this? Apparently not.
A new study out of the University of Washington, Seattle that looked at major security breaches over the last 25 + years shows that malicious hacking accounts for only 31% of attacks, whereas corporate bungling made up 61%.
Here's the link to the results.
http://uwnews.washington.edu/ni/article.asp?articleID=31264
Here's another twist on the same theme.
Late next month, BreakingPoint Systems Inc. plans to launch a new network test appliance that sniffs out security holes in devices like load balancers, intrusion-prevention systems and routers. Called the BPS-1000, the device also gives users a way to see how their networking equipment performs under a high volume of networking traffic.
They first hired well-known hacker HD Moore to help them build it.
Not cheap either -- the hardware will cost btwn $100-$200K to buy and $20-$40K per year to update.
Post a Comment