Re: Revealed: how MP's son used computer in hacking scandal

[InfoSec News <isn () c4i org>]

Forwarded from: Grant Bayley <gbayley () ausmac net>

On Wed, 5 Sep 2001, InfoSec News wrote:

> http://www.smh.com.au/news/0109/05/national/national7.html
>
> By Geesche Jacobsen
> September 5, 2001

[snip]

> But Mr Kelly said his son was merely trying to protect his computer
> from hacking.

[snip]

> There was little information to show if any of the other programs
> had been used, it said.
>
> Mr Kelly admitted yesterday that one of his sons had accessed the
> computer and loaded the software on July 20 from 9.33pm until
> 11.32pm, when the LANguard software was apparently being run on
> more than 250 computers in Parliament.
>
> The report said the software could be used "aggressively" and
> appeared to have been used to scan various Internet addressees on
> the computer networks. It could also be used to identify security
> weaknesses, including weak passwords.
>
> But Mr Kelly said the software was used - without his knowledge or
> authorisation - because his son suspected the computer was
> insecure. "The purpose was to check the security of the system to
> make sure my computer was hackerproof," he said.

Note to Australian Commonwealth Attorney-General Daryl Williams:

This is a perfect example of the dual-use technology that a number of
submissions referred to in a recent Senate Inquiry.  It is this "dual
use" technology you wish to outlaw in the "Cybercrime Bill, 2001"
(478.3, specifically).

System administrators routinely rely on such technologies day-to-day
to probe their own networks for vulnerabilities.  Children of Members
of Parliament apparently used the same technology to confirm the
poorly designed network topology and file sharing policies on the NSW
Parliamentary network (see above).  And persons with criminal intent
might also use the same technologies in the commission of a crime.

But of course, the intent of the person must be proven before they are
charged with an offence under 478.3.  Or must it?  If the Explanatory
Memoranda circulated by Justice Minister Ellison is anything to go by
(these are typically used by Courts as an aid to interpretation), it
might not:

  "There will be many occasions where that intention will be evident
   from the content of the data."

For this reason and a long list of others that the Senate Inquiry
heard (and chose to ignore), the Cybercrime Bill 2001 is overbroad,
misguided, and largely ignores the benefits of a preventative approach
to computer security incidents in Australia.  At present, no such
preventative strategy exists.

Grant Bayley

-------------------------------------------------------
Grant Bayley                         gbayley () ausmac net
-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia
 www.ausmac.net   www.wiretapped.net   www.2600.org.au
-------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.