dmorin@wpi.wpi.edu (Duane D Morin) (08/10/90)
Ok, here it is, my formal apology -
I made a sweeping, generalizing post that was stated by a programmer who has
had far too much experience in the sociology field. What I said was said as
a sociological comment, not as a statement of "this is the way things are,
period." No sociological statement is ever as balck and white as that, and I
never expected it to be taken that way. I would never say "Im right, thats
that" and I would hopefully not expect anyone here to say "You are wrong,
thats that". everyone has their examples of what they are trying to say,
and I understand that.
For anyone on the net who was insulted or offended by what I posted, I am
hereby sorry. I did not mean to start the commotion that I did. What I
did do was simply respond to one users original post with my own opinion.
Had I not posted it, this never would have happened. As it stands, it
seems that everyone has forgotten about the original post. COuld we please
try to get back to the original subject?
What about:
* People who write and distribute viruses?
* People who crack and distribute commerical software?
* People who break into high secuirty systems for the purpose of theft
and/or destruction of property?
THESE are the computer crimes that I assumed the original post to be talking
about. Could we possibly get back to a subject that has some use (and maybe
give my poor mail account a rest?) Thank you.
Duane Morin
DDMpeter@ficc.ferranti.com (Peter da Silva) (08/10/90)
Actually, the guy who did the first virus would probably qualify as a hacker. It was a cool hack as a new idea. Same with the guy who cam eup with the first copy protector, and the first guy to crack it. But there's no point in doing the same thing over and over again... -- Peter da Silva. `-_-' +1 713 274 5180. 'U` <peter@ficc.ferranti.com>
POPOVICH@ucf1vm.cc.ucf.edu (Peter Edward Popovich) (08/13/90)
In article <14479@wpi.wpi.edu>, dmorin@wpi.wpi.edu (Duane D Morin) says: >What about: > > * People who write and distribute viruses? People who write viruses do so (from what I've read and think) for two reasons: The Challenge, and The Power. The Challenge is the idea that goes 'I wonder if I can write a virus.' The Power goes 'I wonder if I can write a virus that will cause people grief'. People who write for The Challenge are okay in my opinion. I respect them and bear them no malice. (I've even considered trying it myself, but I can't sacrifice a computer and disks to make sure I don't contaminate other systems right now.) People who write for The Power are scum. I can't see any justification for their actions. > * People who crack and distribute commerical software? Whew. Tough call. I can't vehemently berate them, because I don't feel that strongly. I can't support them either because I know what they do is wrong. They're wrong, but I'd only call them scum if they did it for profit. > * People who break into high secuirty systems for the purpose of theft > and/or destruction of property? Scum. People who break into systems to see if they can are wrong, but not scum. People who do it with intend to do real damage are scum. I guess I'm not very absolute about my ideals, but then again I don't think there are any moral absolutes. The real deciding factor is motive. If you do something for learning purposes, I can tolerate it, even if I don't agree with it. If you do it for profit or for malice, you're scum. >THESE are the computer crimes that I assumed the original post to be talking >about. Could we possibly get back to a subject that has some use (and maybe >give my poor mail account a rest?) Thank you. I wonder how many flames you actually got... >Duane Morin >DDM
wolfe@wolves.uucp (G. Wolfe Woodbury) (08/14/90)
In <KG35QC8@ggpc2.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes: > >Actually, the guy who did the first virus would probably qualify as a hacker. >It was a cool hack as a new idea. Same with the guy who cam eup with the first >copy protector, and the first guy to crack it. > >But there's no point in doing the same thing over and over again... In one very real sense, the progeny of that first "virus" program that retained control of the machine despite other programs using the hardware IS STILL WITH US TO THIS VERY DAY! Just think about what an operating system or monitor really does. -- G. Wolfe Woodbury @ The Wolves Den UNIX, Durham NC UUCP: ...dukcds!wolves!wolfe ...mcnc!wolves!wolfe [use the maps!] Domain: wolfe%wolves@mcnc.mcnc.org wolfe%wolves@cs.duke.edu [The line eater is a boojum snark! ] <standard disclaimers apply>
jon@vector0 (A Product of Society) (08/19/90)
POPOVICH@ucf1vm.cc.ucf.edu (Peter Edward Popovich) writes: > I guess I'm not very absolute about my ideals, but then again I don't think > there are any moral absolutes. The real deciding factor is motive. If you do > something for learning purposes, I can tolerate it, even if I don't agree > with it. If you do it for profit or for malice, you're scum. Damn right from the legal standpoint. If you murder someone, it can be: premeditated (you planned to do it and did it), intentional (you killed the guy and you wanted to), or accidental (you killed the guy but you *truely* didn't mean it). In hacking there are the same things. There are crashers, who break into systems to *explicitly* wreck them; there are hackers, who break in and look around but don't change anything; and there are "tourists" who break in *just* to get past the Password: prompt (and after which they hang up). All this makes a lot of difference in punishment. The crashers should be hung, the hackers should be slapped, and the tourists should be directed to other challenges. I was busted and the feds laided 8 felony counts on me, basically all the same: I called a number and connected. There was no damage, I didn't even get to the login: prompt - the system needed special software to connect to it. As a minor I got off easy. If I were an adult, I'd be serving 5 to 10 years and over 5,000$ fine. The judge recognized the fact that I was a tourist and let me off easy. Most judges will assume you're a crasher and hang you. It was *all* motive. If I were a crasher, I could have easily lied and posed as a tourist with the same result. But that's America. If you don't like it, move. ___ Jon ..??$!...ames!pacbell!sactoh0!vector0!jon Internet: sactoh0!vector0!jon@pacbell.com <bee dee deep> "We're sorry, the .signature you have reached has been disconnected. Please check your path and try your read again."
russotto@eng.umd.edu (Matthew T. Russotto) (08/21/90)
In article <iRk5N1w162w@vector0> jon@vector0 (A Product of Society) writes: > > I was busted and the feds laided 8 felony counts on me, basically >all the same: I called a number and connected. There was no damage, >I didn't even get to the login: prompt - the system needed special >software to connect to it. As a minor I got off easy. If I were an >adult, I'd be serving 5 to 10 years and over 5,000$ fine. The >judge recognized the fact that I was a tourist and let me off easy. >Most judges will assume you're a crasher and hang you. It was *all* >motive. If I were a crasher, I could have easily lied and posed as a >tourist with the same result. But that's America. If you don't >like it, move. Is this true, or some sort of horror story, or what? On the LAW echo on Fidonet, I pointed out that making mere unauthorized modification of files had some dangerous implications, such as: telnet 8.128.x.y /* I meant 128.8.x.y */ Unix System V 5.2 (sundevil.ss.gov) login:^D And the Secret Service could bust me for causing an unauthorized log entry-- If merely CALLING A NUMBER WITH A MODEM (or telneting to an address) can be made illegal, then we are definitely living in a police state. -- Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu ][, ][+, ///, ///+, //e, //c, IIGS, //c+ --- Any questions?
jon@vector0 (A Product of Society) (08/22/90)
russotto@eng.umd.edu (Matthew T. Russotto) writes: > In article <iRk5N1w162w@vector0> jon@vector0 (A Product of Society) writes: > > > > I was busted and the feds laided 8 felony counts on me, basically > >all the same: I called a number and connected. There was no damage, > > Is this true, or some sort of horror story, or what? If it's all make believe, my probation officer should know. Didja know that technically, reading comp.dcom.telecom is against my probation? During probation "certain rights are sacrificed".. I'm not 'supposed' to read 2600 Magazine or any other hacking related mags. "You shouldn't need to read those anymore anyway," the judge said. And I hope this is educational, since I'm only supposed to use the computer/modem for education... > Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu > ][, ][+, ///, ///+, //e, //c, IIGS, //c+ --- Any questions? ______Whoa!... Jon ..??$!...ames!pacbell!sactoh0!vector0!jon Internet: sactoh0!vector0!jon@pacbell.com "It's hard to believe that the entire fate of the world lies in the hands of the Phone Company." --- War of the Worlds
new@ee.udel.edu (Darren New) (08/24/90)
>>> > I was busted and the feds laided 8 felony counts on me, basically >>> >all the same: I called a number and connected. There was no damage, What did you do, waive jury rights? I find it hard to belive you were convicted of 8 felony counts by a jury of your peers for accidentally calling a number once. Now maybe you mean you called NORAD's dial-in line without a scrambler and did so eight times, trying to break in, but never suceeded. This seems like it could be a felony offense to me. But without more details, I'm not going to start calling the USA a freedomless country. (Not that I think we are not slowly loosing our freedoms. I just don't believe that dialing the wrong number will get you 8 felony counts.) -- Darren -- --- Darren New --- Grad Student --- CIS --- Univ. of Delaware ---
hollombe@ttidca.TTI.COM (The Polymath) (08/25/90)
In article <1990Aug23.235734.9401@ddsw1.MCS.COM> zane@ddsw1.MCS.COM (Sameer Parekh) writes: }>> > }>> > I was busted and the feds laided 8 felony counts on me, basically }>> >all the same: I called a number and connected. There was no damage, ^^^^^^^^^^^^^ }All I can say is that a country where a person can get 8 felony counts for }just CALLING A PHONE NUMBER, is not a free country. He didn't just call a number. He called a number he knew had a modem on the other end and connected with his modem. It was a number he had no legitimate reason to call. His saying there was no damage doesn't mean there wasn't any. If nothing else, he tied up that number and caused a temporary denial of service to the legitimate users. -- The Polymath (aka: Jerry Hollombe, M.A., CDP, aka: hollombe@ttidca.tti.com) Head Robot Wrangler at Citicorp(+)TTI Illegitimis non 3100 Ocean Park Blvd. (213) 450-9111, x2483 Carborundum Santa Monica, CA 90405 {csun | philabs | psivax}!ttidca!hollombe
eal@kaarne.tut.fi (Lehtim{ki Erkki) (08/25/90)
One day, when I was going to connect to node xxx.yyy.a.b, I
mistakenly connected to yyy.xxx.a.b
Well, I get message Sun-Os ....... and the login-prompt, which I was expecting.
But before I typed my user name, I noticed that the organization was wrong,
so I typed ^D instead.
Now, have I committed a crime or not?
Erkki Lehtim{ki eal@kaarne.tut.fi "I don't eat nutrasweet or use a disclaimer"spl@cs.nps.navy.mil (Steve Lamont) (08/25/90)
In article <19375@ttidca.TTI.COM> hollombe@ttidca.TTI.COM (The Polymath) writes: >In article <1990Aug23.235734.9401@ddsw1.MCS.COM> zane@ddsw1.MCS.COM (Sameer Parekh) writes: >}>> > >}>> > I was busted and the feds laided 8 felony counts on me, basically >}>> >all the same: I called a number and connected. There was no damage, > ^^^^^^^^^^^^^ >He didn't just call a number. He called a number he knew had a modem on >the other end and connected with his modem. It was a number he had no >legitimate reason to call. His saying there was no damage doesn't mean >there wasn't any. If nothing else, he tied up that number and caused a >temporary denial of service to the legitimate users. By this reasoning, any wrong number dialed could be a prosecutable offense. After all, the caller is denying the callee service. Even if we put aside this admittedly extreme and perhaps absurd example, one has to ask why such intentional "denial of service" is legal in the case of such annoyances as "junk fax" or computerized telemarketing and not in the case of some clown dialing a bunch of computer modem numbers? [Please not that I am in no way defending or accusing the original poster (zane@ddsw1.MCS.COM). We have been presented with almost no evidence or information other than one clearly self serving and unverifiable statement. Certainly insufficient grounds to form any conclusion whatsoever.] spl (the p stands for phone *this*, suckah!) -- Steve Lamont, SciViGuy -- (408) 646-2752 (subject to change at random) NPS Confuser Center / Code 51 / Naval Postgraduate School / Monterey, CA 93940 "You're okay," said Honeysuckle. "The dogs like you." - Charles Bukowski, "How to Get Published"
jon@vector0 (A Product of Society) (08/26/90)
zane@ddsw1.MCS.COM (Sameer Parekh) writes: > >> > I was busted and the feds laided 8 felony counts on me, basically > >> >all the same: I called a number and connected. There was no damage, > > All I can say is that a country where a person can get 8 felony counts for > just CALLING A PHONE NUMBER, is not a free country. Not just calling a number, but connecting... At this point, not everyone has a modem, so everyone knows only hackers would break the law, right? The laws (California penal code) were written by a paranoid person who knows nothing about computers. And they also haven't been tested in court. (And don't let them be! Anyone who gets busted should *immediately* settle out-of-court) > -- > Sameer Parekh | Disclaimer: I do not work for anyone. > Libertyville IL 60048 | ()_____________ () > (708)-362-9659 | / \ > zane@ddsw1.MCS.COM | ~~~~/~~~~~~~\~~~~ ______Whoa!... Jon ..??$!...ames!pacbell!sactoh0!vector0!jon Internet: sactoh0!vector0!jon@pacbell.com "It's hard to believe that the entire fate of the world lies in the hands of the Phone Company." --- War of the Worlds
gordon@sneaky.UUCP (Gordon Burditt) (08/26/90)
>}All I can say is that a country where a person can get 8 felony counts for >}just CALLING A PHONE NUMBER, is not a free country. > >He didn't just call a number. He called a number he knew had a modem on >the other end and connected with his modem. It was a number he had no >legitimate reason to call. His saying there was no damage doesn't mean >there wasn't any. If nothing else, he tied up that number and caused a >temporary denial of service to the legitimate users. I know a lot of people who have called a number they knew had a human on the other end, and connected with their human. It was a number they had no legitimate reason to call. Their saying there was no damage doesn't mean there wasn't any. If nothing else, they tied up that number and caused a temporary denial of service to the legitimate callers. They also wasted the time of the human on the other end. JAIL TELEMARKETERS AND WRONG-NUMBER DIALERS (for the FIRST offense)! Do we really want to fill up the jails this badly? Gordon L. Burditt sneaky.lonestar.org!gordon
jon@vector0 (A Product of Society) (08/27/90)
eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: > > One day, when I was going to connect to node xxx.yyy.a.b, I > mistakenly connected to yyy.xxx.a.b > > Well, I get message Sun-Os ....... and the login-prompt, which I was expectin > But before I typed my user name, I noticed that the organization was wrong, > so I typed ^D instead. > > Now, have I committed a crime or not? Yes, if in California and the connection was not interstate. :California Penal Code S [Section] 502: :::Computer data access fraud; legislative findings; definitions... ...any person who commits any of the following acts is guilty of a public offense: (1) Knowingly accesses and without permission alters, damages, deteles, [...etc...] data...in order to either (A) devise...a scheme, or (B) wrongfully control or obtain money... (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, [etc].... (3) Knowingly and without permission uses or causes to be used computer services. [ You did this one: You used computer services without permission. But as per a court ruling somewhere, a "Welcome to.." message was judged to be adiquate permission. ] (4) Knowingly accesses and without permission...alters...data... (5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. [ You did this one too. Technically, there's more than one node per system; but a legitimate user might have gotten a busy code while you were connected. --Two felonies, not bad for a wrong number, eh? ] (6) Knowingly and without permission provides or assits in providing a means of accessing a computer.... (7) Knowingly and without permission accesses or causes to be accessed any computer....or computer network. [ This one too. Note that this, #7, is almost the same as #3. These laws repeat themselves a lot. But now we're up to THREE felony counts! :Any person who violates... (1), (2), (4), or (5)...is punishable by a :fine not exceeding ten thousand dollars, or by imprisonment in the :state prison for 16 months, or two or three years, or by BOTH fine and :imprisonment... :Any person who violates paragraph (3)..is punishable as follows: (A) ...Fine..not exceeding $5,000...[ or jail for one year, or both] (B) [For anything which causes $5,000 injury to victim] by a fine not exceeding $10,000..or by imprisonment..16 months, or two or three years, or by BOTH that fine and imprisionment... :Any person who violates paragraph (6) or (7).. is punishable as :follows: (A) For a first violation which does not result in any injury, an infraction punishable by a fine not exceeding $250. [ In reality, there is *always* a ball-park dollar amount injury thought up by someone ] (B) ..$5,000..or imprisonment..one year... (C) For any violation which [the victim has $5,000 damage], a fine ..$10,000..or by imprisonment..16 months..two or three years... -------- I'll stop here. See ya in jail, guy. Sorry... (Maybe someone should post this to TELECOM Digest and/or Computer Underground Digest too. Remember, I'm the guy who *was busted*, so I think I know what I'm talking about here...) > Erkki Lehtim{ki eal@kaarne.tut.fi "I don't eat nutrasweet or use a disclaimer ______Whoa!... Jon ..??$!...ames!pacbell!sactoh0!vector0!jon Internet: sactoh0!vector0!jon@pacbell.com "It's hard to believe that the entire fate of the world lies in the hands of the Phone Company." --- War of the Worlds
v116kznd@ubvmsb.cc.buffalo.edu (David M Archer) (08/27/90)
>(1) Knowingly accesses and without permission alters, damages, deteles, >(2) Knowingly accesses and without permission takes, copies, or makes >(3) Knowingly and without permission uses or causes to be used >(4) Knowingly accesses and without permission...alters...data... >(5) Knowingly and without permission disrupts or causes the disruption >(6) Knowingly and without permission provides or assits in providing a >(7) Knowingly and without permission accesses or causes to be accessed Now I'm hardly a law student, but I do at least understand most of English, and so I ask a question. Since all of these things start with the word Knowingly, doesn't that person mean they have to know what they are doing? Unless people dial wrong numbers on purpose, I then don't think these laws would apply. In a loose sense, I could imagine that when using either a modem with ATE set or in telneting to somewhere, that since the person could look at the screen and verify what they typed before they hit return, making a wrong connection in one of those ways could be considered as knowing (or at least negligence), but in the case of a phone call with a normal phone, there's not really any way of knowing you dialed a wrong number until after you dialed it. I've also had cases where my modem didn't dial the number correctly (or perhaps the phone company equipment didn't work right, or something), and in that case, I'd have no way of knowing what had been done. There's also cases where someone might post Xyz's mainframe's phone number as a local BBS, and then someone else might call that number, not knowing what he was doing. Etc. Etc. Etc. I think maybe some of the people who said you needed a better lawyer might have been right, or maybe there's more to this than you've told us, or as usual, I might have missed something.
john@mintaka.mlb.semi.harris.com (John M. Blasik) (08/27/90)
In article <XT5io1w162w@vector0> jon@vector0 (A Product of Society) writes: >eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: >> >> One day, when I was going to connect to node xxx.yyy.a.b, I >> mistakenly connected to yyy.xxx.a.b >> >> Well, I get message Sun-Os ....... and the login-prompt, which I was expectin >> But before I typed my user name, I noticed that the organization was wrong, >> so I typed ^D instead. >> >> Now, have I committed a crime or not? > >:California Penal Code S [Section] 502: > >:::Computer data access fraud; legislative findings; definitions... .... > ...any person who commits any of the following acts is guilty of a >public offense: > >(3) Knowingly and without permission uses or causes to be used > computer services. > > [ You did this one: You used computer services without permission. > But as per a court ruling somewhere, a "Welcome to.." message was > judged to be adiquate permission. ] What ever happened to "intent"? Lehtim{ki did not knowingly connect so i fail to see and problem here. Also, the "Welcome too..." ruling is an Urban Myth (tm) [more stuff about Knowingly and without permission... and various penalties deleted] > >I'll stop here. See ya in jail, guy. Sorry... (Maybe someone >should post this to TELECOM Digest and/or Computer Underground Digest >too. Remember, I'm the guy who *was busted*, so I think I know >what I'm talking about here...) I sure hope your LAWYER does too! -- john
sparks@corpane.UUCP (John Sparks) (08/27/90)
jon@vector0 (A Product of Society) writes: >POPOVICH@ucf1vm.cc.ucf.edu (Peter Edward Popovich) writes: > I was busted and the feds laided 8 felony counts on me, basically >all the same: I called a number and connected. There was no damage, >I didn't even get to the login: prompt - the system needed special >software to connect to it. Sheesh! how can they arrest you for calling a phone number? If you didn't even get a login prompt, the the worst you were guilty of was dialing a phone number. You needed a better lawyer :-) -- John Sparks |D.I.S.K. Public Access Unix System| Multi-User Games, Email sparks@corpane.UUCP |PH: (502) 968-DISK 24Hrs/2400BPS | Usenet, Chatting, =-=-=-=-=-=-=-=-=-=-|7 line Multi-User system. | Downloads & more. A door is what a dog is perpetually on the wrong side of----Ogden Nash
phil@zorch.SF-Bay.ORG (Phil Gustafson) (08/27/90)
In article <XT5io1w162w@vector0> jon@vector0 (A Product of Society) writes: >eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: >> >> One day, when I was going to connect to node xxx.yyy.a.b, I >> mistakenly connected to yyy.xxx.a.b >> [disconnected at first opportunity] >> Now, have I committed a crime or not? > > Yes, if in California and the connection was not interstate. >:California Penal Code S [Section] 502: >:::Computer data access fraud; legislative findings; definitions... > >(3) Knowingly and without permission uses or causes to be used > computer services. > [ You did this one: You used computer services without permission. > But as per a court ruling somewhere, a "Welcome to.." message was > judged to be adiquate permission. ] Wrong. Dialing a wrong number is not "knowingly" doing anything. If he knew he had dialed the wrong number, he would have redialed even sooner. Note that the resemblance of the correct and wrong numbers is evidence to support honest error rather than intent to misuse services. >(7) Knowingly and without permission accesses or causes to be accessed > any computer....or computer network. > > [ This one too. Note that this, #7, is almost the same as #3. > These laws repeat themselves a lot. But now we're up to THREE > felony counts! Still wrong, same argument. There's also a basic notion in law about the law "not bothering with trifles." It's illegal to harass someone on voice phone -- it's not illegal to bother someone accidentally when your dial finger slips. >I'll stop here. See ya in jail, guy. Sorry... (Maybe someone >should post this to TELECOM Digest and/or Computer Underground Digest >too. Remember, I'm the guy who *was busted*, so I think I know >what I'm talking about here...) You're the guy who was busted, and you're the guy least likely to have an objective opinion of what happened. You're not doing anything but blowing hot air unless you describe what really happened, what you were charged with, and what you were convicted of. A case number might help others look up the event and keep you honest. Look, I'm usually one of the _last_ people to defend the legal system, and I'm sure people are railroaded into jail every day. But based on what you've said, I simply don't believe you. >Jon ..??$!...ames!pacbell!sactoh0!vector0!jon -- | phil@zorch.SF-Bay.ORG | Phil Gustafson | (ames|pyramid|vsi1)!zorch!phil | UNIX/Graphics Consultant | | 1550 Martin Ave., San Jose CA 95126 | | 408/286-1749
zane@ddsw1.UUCP (08/27/90)
>> > >> > I was busted and the feds laided 8 felony counts on me, basically >> >all the same: I called a number and connected. There was no damage, All I can say is that a country where a person can get 8 felony counts for just CALLING A PHONE NUMBER, is not a free country. (You should've had a better lawyer too, I think that would've helped, or maybe you underestimated how unfree this country really is) -- Sameer Parekh | Disclaimer: I do not work for anyone. Libertyville IL 60048 | ()_____________ () (708)-362-9659 | / \ zane@ddsw1.MCS.COM | ~~~~/~~~~~~~\~~~~
ralphs@halcyon.UUCP (08/27/90)
zane@ddsw1.MCS.COM (Sameer Parekh) writes: > >> > I was busted and the feds laided 8 felony counts on me, basically > >> >all the same: I called a number and connected. There was no damage, > All I can say is that a country where a person can get 8 felony counts for > just CALLING A PHONE NUMBER, is not a free country. I don't think we're getting the whole story here. Perhaps his access to the 'system' was by other-than-legal means, such as using a credit-card that wasn't his, an illegal computer access account, etc. You _could_ receive a felony charge on each _attempt_ to access a system in that manner. > (You should've had a better lawyer too, I think that would've helped, or > maybe you underestimated how unfree this country really is) The system does work. We just don't have the whole story, and based on the gentleman's previous statments, we might not get it, due to one of the conditions of his parole related to his computer access. However, this shouldn't prevent someone with intimate knowledge of what transpired from bringing us up to speed. -- No matter who you elect, the Government still gets in.
eal@kaarne.tut.fi (Lehtim{ki Erkki) (08/27/90)
In article <XT5io1w162w@vector0> jon@vector0 (A Product of Society) writes: >eal@kaarne.tut.fi (Erkki Lehtim{ki - yes, that's me) writes: >> One day, when I was going to connect to node xxx.yyy.a.b, I >> mistakenly connected to yyy.xxx.a.b ^^^^^^^^^^ > Yes, if in California and the connection was not interstate. So, i was/am not in California, so that's it. >(3) Knowingly and without permission uses or causes to be used > computer services. > > [ You did this one: You used computer services without permission. > But as per a court ruling somewhere, a "Welcome to.." message was > judged to be adiquate permission. ] Not knowingly, so that's it. >I'll stop here. See ya in jail, guy. Not likely. > Remember, I'm the guy who *was busted*, so I think I know >what I'm talking about here...) Don't pay your bill from your lawyer! >______Whoa!... Excuse me? Erkki Lehtim{ki eal@kaarne.tut.fi "I don't eat nutrasweet or use a disclaimer"
spl@cs.nps.navy.mil (Steve Lamont) (08/27/90)
In article <XT5io1w162w@vector0> jon@vector0 (A Product of Society) writes: #eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: #> #> One day, when I was going to connect to node xxx.yyy.a.b, I #> mistakenly connected to yyy.xxx.a.b #> #> Well, I get message Sun-Os ....... and the login-prompt, which I was expectin #> But before I typed my user name, I noticed that the organization was wrong, #> so I typed ^D instead. #> #> Now, have I committed a crime or not? # # Yes, if in California and the connection was not interstate. No. Read on, please. I'll try to trim but the posting was fairly long... #:California Penal Code S [Section] 502: # #:::Computer data access fraud; legislative findings; definitions... # # ...any person who commits any of the following acts is guilty of a #public offense: [... acts deleted ...] #(3) Knowingly and without permission uses or causes to be used # computer services. # # [ You did this one: You used computer services without permission. # But as per a court ruling somewhere, a "Welcome to.." message was # judged to be adiquate permission. ] [...] #(5) Knowingly and without permission disrupts or causes the disruption # of computer services or denies or causes the denial of computer # services to an authorized user of a computer, computer system, or # computer network. # # [ You did this one too. Technically, there's more than one node # per system; but a legitimate user might have gotten a busy code # while you were connected. --Two felonies, not bad for a wrong # number, eh? ] [...] #(7) Knowingly and without permission accesses or causes to be accessed # any computer....or computer network. # # [ This one too. Note that this, #7, is almost the same as #3. # These laws repeat themselves a lot. But now we're up to THREE # felony counts! Nonsense. The key is the word *knowingly*. A mistyped IP address is a typographical error, not a willful act. Terminating the connection and taking steps to avoid the error in the future (watching your typing, for instance) should be _prima facie_ evidence of innocence. Followups, if any, are directed to misc.legal, since there is little to do with folklore or any other of the groups this is crossposted to. spl (the p stands for _prima facie_ evidence.) -- Steve Lamont, SciViGuy -- (408) 646-2752 (subject to change at random) NPS Confuser Center / Code 51 / Naval Postgraduate School / Monterey, CA 93940 "You're okay," said Honeysuckle. "The dogs like you." - Charles Bukowski, "How to Get Published"
lars@spectrum.CMC.COM (Lars Poulsen) (08/27/90)
eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: >> One day, when I was going to connect to node xxx.yyy.a.b, I >> mistakenly connected to yyy.xxx.a.b >> >> Well, I get message Sun-Os ....... and the login-prompt, which I was expectin >> But before I typed my user name, I noticed that the organization was wrong, >> so I typed ^D instead. >> >> Now, have I committed a crime or not? In article <XT5io1w162w@vector0> jon@vector0 (A Product of Society) writes: > Yes, if in California and the connection was not interstate. You are way out in left field, buddy. >:California Penal Code S [Section] 502: >:::Computer data access fraud; legislative findings; definitions... > ...any person who commits any of the following acts is guilty of a >public offense: > ... >(3) Knowingly and without permission uses or causes to be used > computer services. > > [ You did this one: You used computer services without permission. > But as per a court ruling somewhere, a "Welcome to.." message was > judged to be adiquate permission. ] The premise stated was a MISTAKEN connection. The statute says there is fraud only if KNOWINGLY using such service without permission. And just as it is generally deemed okay to walk of to the front door of a house to read the nameplate, and then walk away when you see that you don't know the person, it should be assumed that the public is granted permission to read the login prompt. >(5) Knowingly and without permission disrupts or causes the disruption > of computer services or denies or causes the denial of computer > services to an authorized user of a computer, computer system, or > computer network. > > [ You did this one too. Technically, there's more than one node > per system; but a legitimate user might have gotten a busy code > while you were connected. --Two felonies, not bad for a wrong > number, eh? ] Again, the example's connection was not made KNOWINGLY. >(6) Knowingly and without permission provides or assits in providing a > means of accessing a computer.... At the level you are going, I'm surprised that you don't chalk one up to the phone company (for providing wires - knowingly), to the owner of the originating host, for allowing the TELNET program to be executed ... The real issue is that we - as professionals in the field - have a somewhat fuzzy concensus of what's right and what's not. We may disagree a lot, but locked up in a jury room, I bet we could find common ground. But we do not trust the courts - or even the district attorney - to be "reasonable". -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM
scott@bbxsda.UUCP (Scott Amspoker) (08/28/90)
In article <19375@ttidca.TTI.COM> hollombe@ttidca.TTI.COM (The Polymath) writes: >He didn't just call a number. He called a number he knew had a modem on ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >the other end and connected with his modem. It was a number he had no ^^^^^^^^^^^^^ >legitimate reason to call. His saying there was no damage doesn't mean >there wasn't any. If nothing else, he tied up that number and caused a >temporary denial of service to the legitimate users. Did he call the number he intended to call or was it a wrong number? Can someone prove he intended to call that number and for malicious purposes? Perhaps a friend gave him the phone number and told him it was a public BBS of some sort. In any case it is impossible to prove his intent and the prosecution has the burden of proof. I would suspect there is more to this than what we're being told. -- Scott Amspoker Basis International, Albuquerque, NM (505) 345-5232 unmvax.cs.unm.edu!bbx!bbxsda!scott
scott@bbxsda.UUCP (Scott Amspoker) (08/28/90)
In article <XT5io1w162w@vector0> jon@vector0 (A Product of Society) writes: >eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: >> [deleted story about *accidental* connect to wrong computer] >> >> Now, have I committed a crime or not? > > Yes, if in California and the connection was not interstate. >[penal code...] >(3) Knowingly and without permission uses or causes to be used > computer services. > > [ You did this one: You used computer services without permission. > But as per a court ruling somewhere, a "Welcome to.." message was > judged to be adiquate permission. ] Does the word "knowingly" have any meaning or is it just a legal buzzword? How does someone "knowingly" dial a wrong number. -- Scott Amspoker Basis International, Albuquerque, NM (505) 345-5232 unmvax.cs.unm.edu!bbx!bbxsda!scott
jon@vector0 (A Product of Society) (08/28/90)
john@mintaka.mlb.semi.harris.com (John M. Blasik) writes: > I sure hope your LAWYER does too! My lawyer's solution was to follow the rules in a stupid juvenile court game. The outcome of my *entire* case was not judged on breaking the law at all. It was judged on: (1) My attitude towards it (most important) (2) My lawyer's charm (second most important) (3) My lawyer's ability to charm the DA into dropping all of the charges if I pleaded guilty to a misdemeanor. We ain't talking laws here, in my case. It was all a little political game. And it was no different from any other case in juvy. The lawyers get on their little stage and dance around with the DA, and afterwards, maybe, you've been saved. > > -- john ______Whoa!... Jon ..??$!...ames!pacbell!sactoh0!vector0!jon Internet: sactoh0!vector0!jon@pacbell.com "It's hard to believe that the entire fate of the world lies in the hands of the Phone Company." --- War of the Worlds
arrizzo@cbnewsl.att.com (anthony.r.rizzo) (08/28/90)
In article <1990Aug25.095033.29589@funet.fi> eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: > >One day, when I was going to connect to node xxx.yyy.a.b, I >mistakenly connected to yyy.xxx.a.b > >Well, I get message Sun-Os ....... and the login-prompt, which I was expecting. >But before I typed my user name, I noticed that the organization was wrong, >so I typed ^D instead. > >Now, have I committed a crime or not? >Erkki Lehtim{ki eal@kaarne.tut.fi "I don't eat nutrasweet or use a disclaimer" No you have not committed a crime, for the following reasons: 1) You did not access the machine. 2) You did not try to access the machine. 3) Connecting to the wrong node was a genuine mistake, which you corrected by typing ^D. -- \ | / att.com!whuts!rizzo -- tonyR -- / | \
bryden@sun.udel.edu (Christopher F. Bryden) (08/28/90)
In article <> scott@bbxsda.UUCP (Scott Amspoker) writes: }In article <> jon@vector0 (A Product of Society) writes: }>eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: }>> [deleted story about *accidental* connect to wrong computer] }>> Now, have I committed a crime or not? }> Yes, if in California and the connection was not interstate. }>[penal code...] }>(3) Knowingly and without permission uses or causes to be used }> computer services. }> [ You did this one: You used computer services without permission. }> But as per a court ruling somewhere, a "Welcome to.." message was }> judged to be adiquate permission. ] }Does the word "knowingly" have any meaning or is it just a legal }buzzword? How does someone "knowingly" dial a wrong number. The word "knowingly" has to be taken in context, though. I know that many franchise businesses have cash-register computer systems that are interrogated by the parent companie's mainframe at the end of each business day (it keeps the owner of the franchise honest). Usually, the over glorified cash-register just sits on the line until the mainframe correctly identifies itself. Now, if the phone number to the cash-register at the local Roy-Rogers happens to end up on a well distributed list of local bbs's to call, there is the potential for a big problem. So, Joe Intrepid User tries to call the Roy's cash-registers thinking that he has every right to access this bbs that god/the constitution has granted him. Roy's starts to get pissed when their mainframe can't connnect because JIU is tieing up the line every night from 11pm to 2am. Roy's calls the police. Now, if you were going to try to rip off Roy's, wouldn't you publicize their number to the "hacker community" in an effort to look like part of the noise? Of course you would. Most big computer scams are pulled off by people on the inside. Why? Because people on the inside have knowledge that isn't available to people who aren't. If I were going to rip off a company computer (which I wouldn't do), I would want as many monkeys with keyboards banging away at the company computer as I could possibly manage. Personally, I can't think of a bigger source of monkeys than the "hacker community" (no offense intended, of course).
htstms (Rich Buckmaster) (08/28/90)
> >> Remember, I'm the guy who *was busted*, so I think I know >>what I'm talking about here...) I suspect that this whole discussion is based upon insufficient facts, much hearsay, and a bucket of blarney. Not even in Iraq would you be convicted and sent to jail for dialing a wrong number. Until the real facts of the case are presented for all to see and judge, why not drop the whole discussion. -- All opinions expressed are my own and so on... |There comes a point in every Richard Buckmaster, Hughes Training Systems, Inc. |project when it is time to 2200 Arlington Downs Rd., Arlington Tx. 76011 |shoot the engineers and get redsim!hssiarl!htstms!rich |on with the work. -- UNKNOWN
mokry@ctr.columbia.edu (Robert Mokry) (08/28/90)
In article <1990Aug27.194144.10910@cbnewsl.att.com> arrizzo@cbnewsl.att.com (anthony.r.rizzo) writes: >In article <1990Aug25.095033.29589@funet.fi> eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: >>One day, when I was going to connect to node xxx.yyy.a.b, I >>mistakenly connected to yyy.xxx.a.b >>Well, I get message Sun-Os ....... and the login-prompt, which I was expecting. >>But before I typed my user name, I noticed that the organization was wrong, >>so I typed ^D instead. >>Now, have I committed a crime or not? > >No you have not committed a crime, for the following reasons: >1) You did not access the machine. It all depends how the legal system defines "access." After all, the machine was talking to you. And it might have let you use itself without asking for a login prompt. >2) You did not try to access the machine. We don't really know if you didn't do it intentionally, and then posted this note in order to prove that you did it unintentionally. >3) Connecting to the wrong node was a genuine mistake, > which you corrected by typing ^D. What sort of statement is ^D? Try explaining that to the judge. ("Well, your honor, first you hold down the control key and then you press the D key, and no you don't let go of the control key till you've pressed the D key, and no the D key doesn't need to be upper case so you don't need to press the shift key at the same time, though I don't think it would make any difference if you did so.") No, the only legally-correct thing that you could type at this point would be something like: THE CONNECTION MADE BY THE PARTY OF THE FIRST PART (ME) WAS COMPLETED WRONGLY, WHICH MAY OR MAY NOT HAVE BEEN THE FAULT OF THE PARTY OF THE SECOND PART (THE RECEIVING COMPUTER), AND THE PARTY OF THE FIRST PART HOLDS THE RIGHT TO ASK THE PARTY OF THE SECOND PART FOR DAMAGES FOR THE AFOREMENTIONED CONNECTION IN ERROR. And don't forget the caps; it isn't legally correct unless you include the caps. Good thing you didn't enter your name and password, or then you would have really been in deep legal trouble. :-)
jik@athena.mit.edu (Jonathan I. Kamens) (08/29/90)
In article <1990Aug28.161459.11497@ctr.columbia.edu>, mokry@ctr.columbia.edu (Robert Mokry) writes: |> In article <1990Aug27.194144.10910@cbnewsl.att.com> arrizzo@cbnewsl.att.com (anthony.r.rizzo) writes: |> >2) You did not try to access the machine. |> |> We don't really know if you didn't do it intentionally, and then posted this |> note in order to prove that you did it unintentionally. Remember "innocent until proven guilty?" If the defense states that the access to the machine was unintentional, and it is necessary for the access to have been intentional in order for a crime to have been committed, then it is up to the prosecution to prove that the access was intentional. If the defense says, "I typed a wrong address by mistake," and the prosecution can't prove otherwise, then the prosecution has not mistake, especially all the defendant did was connect and then disconnect. |> >3) Connecting to the wrong node was a genuine mistake, |> > which you corrected by typing ^D. |> |> What sort of statement is ^D? Try explaining that to the judge. ("Well, |> your honor, first you hold down the control key and then you press the D |> key, and no you don't let go of the control key till you've pressed the |> D key, and no the D key doesn't need to be upper case so you don't need |> to press the shift key at the same time, though I don't think it would |> make any difference if you did so.") |> ... This is a red herring. If the judge is incapable of understanding the relatively simple principles involved ("There is a standard character which is used to signal to the other end of a remote connection that you wish to disconnect from that connection. The defendant typed that character as soon as he realized that he had connected to the wrong machine, and his connection was ended."), then the defendant is not getting a fair trial, and a good lawyer should be able to use that as the basis for an appeal, if the defendant is found guilty by that judge. Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8495 Home: 617-782-0710
mokry@ctr.columbia.edu (Robert Mokry) (08/29/90)
In article <1990Aug28.174333.22132@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: >In article <1990Aug28.161459.11497@ctr.columbia.edu>, mokry@ctr.columbia.edu (Robert Mokry) writes: > Remember "innocent until proven guilty?" If the defense states that the >access to the machine was unintentional, and it is necessary for the access to >have been intentional in order for a crime to have been committed, then it is >up to the prosecution to prove that the access was intentional. Simple proof: The prosecutor points to the witness box where a nerdy boy is sitting and says, "This thing is a hacker, and he has a computer, and his computer dialed up another computer, and we all know computers don't make mistakes." The prosecutor doesn't need to make any strictly logical sense; he or she must just convince the judge or jury. >|> >3) Connecting to the wrong node was a genuine mistake, >|> > which you corrected by typing ^D. >|> >|> What sort of statement is ^D? Try explaining that to the judge. > > This is a red herring. If the judge is incapable of understanding the >relatively simple principles involved ("There is a standard character which is >used to signal to the other end of a remote connection that you wish to >disconnect from that connection. The defendant typed that character as soon >as he realized that he had connected to the wrong machine, and his connection >was ended.") Is it really a standard character? It may be standard in Unix, but what about other systems? Why not use ^C? What if a login program on a non-Unix computer gets confused and crashes when it gets ^D, letting the person on the system? And what if the person knows that this is the case?
raymond@ele.tue.nl (Raymond Nijssen) (08/29/90)
jon@vector0 (A Product of Society) wrote: > >:California Penal Code S [Section] 502: >:::Computer data access fraud; legislative findings; definitions... > >...any person who commits any of the following acts is guilty of a >public offense: > > .... knowingly ... blablabla .... knowingly .... blablabla .... knowingly .. > .. blablabla .... knowingly .... etc. .. after which ralphs@halcyon.UUCP stated: :The system does work. No, it does not, and it will never work, unless the system is far more advanced than this. It strikes me that nobody mentioned this aspect so far, but what about the responsibilities of the system administrators? I'm not familiar with details of US law, but where I live, if an owner of a jewellers shop leaves at the end of the day without locking his safe, without switching on his alarmsystem, or without even closing the door of his shop, anybody walking into the shop and taking something away will still be guilty, but the owner might be punished even harder than the thief for provoking the theft! What I'm trying to point out is that a legal system which seeks to protect the interests of persons/organisations just by saying: 'if someone tries to damage such interest, he will be punished', without enforcing the persons/ organisations to do what they can to prevent any damage, they simply won't do so, which leaves them very very vulnerable. ______________________________________________________________________________ Raymond X.T. Nijssen / Don't speak if you / Oh VMS, please forgive me all raymond@ele.tue.nl / speak for yourself / unfriendly things I said about you
spl@cs.nps.navy.mil (Steve Lamont) (08/29/90)
In article <1990Aug28.182451.11662@ctr.columbia.edu> mokry@ctr.columbia.edu (Robert Mokry) writes: >Is it really a standard character? It may be standard in Unix, but what >about other systems? Why not use ^C? What if a login program on a >non-Unix computer gets confused and crashes when it gets ^D, letting the >person on the system? And what if the person knows that this is the case? Oh, for heavens sake! What if? What if? What if? What if Eleanor Rooseveldt could fly, fer cryin' out loud? This is getting stoopid (tm). Give it a rest. spl (the p stands for please drop this silly discussion.) -- Steve Lamont, SciViGuy -- (408) 646-2752 (subject to change at random) NPS Confuser Center / Code 51 / Naval Postgraduate School / Monterey, CA 93940 "You're okay," said Honeysuckle. "The dogs like you." - Charles Bukowski, "How to Get Published"
russotto@eng.umd.edu (Matthew T. Russotto) (08/30/90)
In article <19375@ttidca.TTI.COM> hollombe@ttidca.TTI.COM (The Polymath) writes: >In article <1990Aug23.235734.9401@ddsw1.MCS.COM> zane@ddsw1.MCS.COM (Sameer Parekh) writes: >}>> > >}>> > I was busted and the feds laided 8 felony counts on me, basically >}>> >all the same: I called a number and connected. There was no damage, > ^^^^^^^^^^^^^ >}All I can say is that a country where a person can get 8 felony counts for >}just CALLING A PHONE NUMBER, is not a free country. > >He didn't just call a number. He called a number he knew had a modem on >the other end and connected with his modem. It was a number he had no >legitimate reason to call. His saying there was no damage doesn't mean >there wasn't any. If nothing else, he tied up that number and caused a >temporary denial of service to the legitimate users. Oh, f*k that. Using those grounds I could charge most salespeople with a few felony counts. (They call me, they have no legitimate reason to call (I don't consider trying to get me to buy product 'X' legitimate), they sometimes cause damage by filling up my answering machine tape, and they do indeed cause a denial of service to people I want calling me). -- Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu .sig under construction, like the rest of this campus.
peter@ficc.ferranti.com (Peter da Silva) (08/31/90)
How about this scenario... you're told that there's a great MUD at [ww.xx.yy.zz], but when you telnet it it's obviously some bozo IBM mainframe. Is that a felony? -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
tneff@bfmny0.BFM.COM (Tom Neff) (08/31/90)
In article <YDK5+.@xds13.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes: >How about this scenario... you're told that there's a great MUD at >[ww.xx.yy.zz], but when you telnet it it's obviously some bozo IBM >mainframe. Is that a felony? That depends on what happens AFTER you find out it's some bozo IBM mainframe. If you log out immediately, it would be hard to demonstrate any intent to misuse or steal. But if you sat there are spent an hour or two trying to crack the system or otherwise mess with it, the owner would have a beef. And if the IBM system in question was the 19th of 42 such systems you "just happened" to access in that night's session... then you might expect a knock on the door. Shades of Cuckoo's Egg...
rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) (09/01/90)
Most of the discussion on this topic is based on a very biased description of
what the author was indicted for. We have gone off on many tangents trying to
read many different things into the data provided by the author. May I suggest
that the original author post the indictment so we can see exactly what he was
accused of. Until we see that, this entire thread is nothing but speculation
and supposition.
--
Richard H. Miller Email: rick@bcm.tmc.edu
Asst. Dir. for Technical Support Voice: (713)798-3532
Baylor College of Medicine US Mail: One Baylor Plaza, 302H
Houston, Texas 77030jon@vector0 (A Product of Society) (09/01/90)
peter@ficc.ferranti.com (Peter da Silva) writes: > How about this scenario... you're told that there's a great MUD at > [ww.xx.yy.zz], but when you telnet it it's obviously some bozo IBM > mainframe. Is that a felony? What if you connected to the NSA's special spying link? What if you connected to Saddam's system and uncovered his plans to nuke the net with a killer worm? *If* they want to press charges, *if* they can find you, *then* maybe it'd be a _possible_ felony, *if* they can prove intent, but only *if* someone even notices that someone logged on who wasn't supposed to.... [ That's intent to cause harm, BTW ] There is really little chance of a wrong number actually becoming a felony. But if you have felonies stacking up *anyway*, the truth is that a wrong number *can* and probably *will* get added, *if* the phone.cops can figure out you actually called. But there's no such thing as a DNR for telnet, is there? Then the fact that you even called is highly unprovable. > Peter da Silva. `-_-' ______Whoa!... Jon ..??$!...ames!pacbell!sactoh0!vector0!jon Internet: sactoh0!vector0!jon@pacbell.com "It's hard to believe that the entire fate of the world lies in the hands of the Phone Company." --- War of the Worlds
jjewett@math.lsa.umich.edu (Jim Jewett) (09/01/90)
In article <1NLso3w162w@vector0> jon@vector0 (A Product of Society) writes: >peter@ficc.ferranti.com (Peter da Silva) writes: > >> How about this scenario... you're told that there's a great MUD at >> [ww.xx.yy.zz], but when you telnet it it's obviously some bozo IBM >> mainframe. Is that a felony? > > What if you connected to the NSA's special spying link? What if you >connected to Saddam's system and uncovered his plans to nuke the net >with a killer worm? With luck like that (particularly the evil mainframe instead of a cool MUD), maybe you would be in trouble. ;) -- -jJ jjewett@math.lsa.umich.edu Take only memories. Jewett@ub.cc.umich.edu Leave not even footprints.
shields@yunexus.YorkU.CA (Paul Shields) (09/06/90)
peter@ficc.ferranti.com (Peter da Silva) writes: >How about this scenario... you're told that there's a great MUD at >[ww.xx.yy.zz], but when you telnet it it's obviously some bozo IBM >mainframe. Is that a felony? That's no felony. If anyone disagrees -- if anyone can flash-mold the laws to fit and turn that into a felony, then it's really time to test the laws. P.