Security Basics mailing list archives
RE: How hackers cause damage... was Vulnerabilities in new laws on computer hacking
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 2 Mar 2006 08:26:49 +1100
So do we ban all modems? Stop all WAN connections? Not all remote connections are via the Internet. Next, there are "virtual surgery" links from Australia to PNG to help the hospitals there - these use Private VPN's. If the Carrier stuffed up and the hospital had taken all due care is a compromise of the network during surgery ok? Again, look at what has occurred from the so called non-malicious phone phreaks. They have stopped (without intent) emergency services lines. They have placed people at risk. We still charge people for culpable driving even when they manage not to kill somebody on the road. I understand the 2600 argument, but it is flawed. It reduces trust in systems and causes damage. What is misunderstood is that society is about collective rights. No person has the rights to do whatever they want to another and this is the argument. It is similar physiologically to the military using distancing to condition people to war. Killing at a distance is easier to doing it up close. Breaking into systems you do not see the victims and thus you can lie to yourself in the delusion that they do not exist. The facts are however that they do. The quoted cases below, none of these was connected to the Internet. Phone systems have to be public, by definition. Craig -----Original Message----- From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] Sent: 2 March 2006 8:08 To: Craig Wright Subject: RE: How hackers cause damage... was Vulnerabilities in new laws on computer hacking -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----Original Message---- From: Craig Wright [mailto:cwright () bdosyd com au] Sent: Tuesday, 28 February, 2006 16:37 To: Dave; security-basics () securityfocus com Cc: ROB DIXON Subject: RE: How hackers cause damage... was Vulnerabilities in new laws on computer hacking : Hello, : A kid or adult or whatever (and the figures show that most script : kiddies are adult - see prior post) : : Point 1 - Loss of life : There is an example a few years back in the UK. A male nurse was : "exploring" the hospitals servers and other attached systems. These : systems ran a database. The result was that patient scripts where mixed : up. : : This case *luckily* was discovered before any lives where lost. Several : people did get hospitalized. : Next NY 1993. A 21 YO male broke into the Bell systems to "study the : internal workings". This resulted in the emergency services response : lines (i.e. 911) being unavailable for a time. I see this as a threat to : life. I hope that you do as well. : : USA Boston 1997, male - under 18 (age not recorded) The person accessed : airport computers causing damage and disruption to air traffic control : computers. He also broke into a pharmacy and accessed prescriptions, he : also caused the local phone company to be down for 6.5 hours on one day : (including emergency calls). : : NZ ([2001] NZCA 71) - April 2001, another break into a phone company and : cause inadvertent damage case. : : We are NOT talking a "super hacker". They are less likely to cause : inadvertent damage. : : The script-kiddies you talk about are NOT kids in general. There are : MORE 50 + script kiddies charged than there are under 18's. Most script : kiddies are in their 20's (I posted the stats previously) : : Regards : Craig Craig, The "sad" ting about the above is that the "good folks" (I don't have an ax to grind w/2600) at 2600 would say that "sensitive" systems shouldn't be able to be accessed from the "outside world." Yet, I guess that they don't realize that not everyone can/will agree on what is or isn't a "sensitive" system. . . They would also "argue" that particularly in the cases where there was no loss of human life, that those who broke into said systems shouldn't have to be charged as IF they caused "x" amount of dollar's in real world damages, "just" for accessing someone else's computer system. . . Likewise they don't see much IF anything wrong with the various phone phreaks making their so called "free" phone calls. Even after I'd sent them a letter telling 'em how I was the victim of such "free" phone calls when one of those phone phreaks did whatever the hell it is that they do and charged about a $1,000.00 worth of calls to my phone. Needless to say I was NOT a very happy camper when I got that bill in the mail. Herman Live Long and Prosper ___________________ _-_ \==============_=_/ ____.---'---`---.____ \_ \ \----._________.----/ \ \ / / `-_-' __,--`.`-'..'-_ /____ ||- `--.____,-' -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com iQA/AwUBRAYJeh/i52nbE9vTEQLIkACfXldTk28JEAqSemJZkc2iSCEYAsUAnRdt jz2BzjEFXa5QcwuOlDdCLg0P =GTzK -----END PGP SIGNATURE----- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: How hackers cause damage... was Vulnerabilities in new laws on computer hacking Craig Wright (Mar 02)
- RE: How hackers cause damage... was Vulnerabilities in new laws on computer hacking Ebeling, Jr., Herman Frederick (Mar 02)
- <Possible follow-ups>
- FW: How hackers cause damage... was Vulnerabilities in new laws on computer hacking Ebeling, Jr., Herman Frederick (Mar 03)