Full Disclosure mailing list archives
CERT Employee Gets Owned
From: "badpack3t" <badpack3t () security-protocols com>
Date: Mon, 25 Aug 2003 17:42:49 -0400 (EDT)
Computer expert faces sex charges By Jennifer Reeger and Michael Hasch TRIBUNE-REVIEW Saturday, August 23, 2003 A Carnegie Mellon University computer security expert is accused of using the Internet to arrange a sexual rendezvous with someone he believed to be a naive 15-year-old Westmoreland County girl named "Kelly." Ian A. Finlay, of Spahr Street, Shadyside, didn't know that Kelly was really a Greensburg policeman who decided to do a little homework while taking a course on how to pose as a child to catch sexual predators, state police said Friday. Finlay, 26, an Internet system security analyst for the Computer Emergency Response Team (CERT) Coordination Center, was arraigned on 10 counts of unlawful contact with a minor and single counts of attempted involuntary deviate sexual intercourse and attempted statutory sexual assault. State police Lt. Robert Weaver said Finlay is accused of spending the past six weeks sending sexually explicit e-mails to Kelly, telling her he wanted to have sex with her and arranging a meeting that was to take place yesterday morning at a fast-food restaurant in Hempfield. When Finlay arrived for the rendezvous, he was taken into custody. He was arraigned before District Justice Mark Mansour and jailed in lieu of $150,000 to await a preliminary hearing. Bill Pollak, manager of communications at the Software Engineering Institute at CMU, said Finlay is not a faculty member but is on the staff at the institute's CERT Coordination Center. He said CMU is "cooperating fully" with police. Pollak, who refused to say how long Finlay has been an employee, said CMU officials are "reviewing" his employment status. According to an affidavit: Greensburg policeman Robert Jones was attending a computer crimes course at Edinboro University in early July, learning how to pose as children to catch sexual predators online. Jones decided to do some homework by accessing a chat room and observing conversations using the screen name "kelly_kellygirl2000." Soon, "ian_pittsburgh" sent her an instant message, saying he was 26 and from Pittsburgh. Police later identified him as Finlay. Jones responded as "Kelly" and said "she" was 15 and from Latrobe. Immediately, Finlay's end of the conversation turned sexual. "What are you wearing?" he asked. "Do you ever wear thongs? ... Are you a virgin?" Kelly repeatedly reminded Finlay that she was only 15. "If you had the chance to have sex with an older guy, would you consider it?" he asked. Finlay started giving Kelly personal information about himself, including his e-mail address and his work phone number. He told her he worked at CMU and was from Chicago. Jones began sharing the information with state police computer experts. More than 50 sexually graphic e-mails came from Finlay. Police were able to find out that Finlay was the owner of that e-mail account. Finlay continued to provide Kelly with personal details about himself, revealing his wife's name and sending Kelly pictures and newspaper articles about himself. "The officers were pretending that they were naive and were very scared about this situation," Weaver said. Finlay kept asking Kelly to meet him to have sex. She agreed to meet him yesterday morning at the restaurant at Hempfield Plaza. Finlay asked her to bring condoms but she refused. Finlay said he could buy them at a store in the plaza. Yesterday morning, Finlay talked on the cell phone to an undercover state policewoman pretending to be Kelly. But as he pulled into the restaurant and got out of his car, he was stunned to be surrounded by police. After he was taken into custody, police in Allegheny County served search warrants on Finlay's home and office at CMU. His home and work computers were seized. A woman who answered the telephone at Finlay's residence said she had no comment. When Finlay participated in an advance software engineering program for Korea last year, a Carnegie Mellon Web site said: "As a member of the vulnerability handling team, Finlay analyzes reports of vulnerabilities that threaten computer security. He identifies the potential impact of the vulnerabilities and publishes information about them in technical documents such as vulnerability notes and advisories. "During the process of handling vulnerability reports, Finlay communicates with affected vendors, technology producers and other technical experts. He also interacts with media and has been interviewed about computer security issues." Source: http://www.pittsburghlive.com/x/tribune-review/news/s_151471.html --------------------------- badpack3t founder www.security-protocols.com --------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CERT Employee Gets Owned badpack3t (Aug 25)
- Re: CERT Employee Gets Owned Kurt Seifried (Aug 25)
- RE: CERT Employee Gets Owned gml (Aug 25)
- Re: CERT Employee Gets Owned - OFFTOPIC Kurt Seifried (Aug 25)
- Re: CERT Employee Gets Owned - ONTOPIC badpack3t (Aug 25)
- Re: CERT Employee Gets Owned - ONTOPIC Ron DuFresne (Aug 25)
- Re: CERT Employee Gets Owned - OFFTOPIC Jeremiah Cornelius (Aug 25)
- RE: CERT Employee Gets Owned gml (Aug 25)
- Re: CERT Employee Gets Owned Peter van den Heuvel (Aug 26)
- Re: CERT Employee Gets Owned Kurt Seifried (Aug 25)
- <Possible follow-ups>
- RE: CERT Employee Gets Owned Myers, Marvin (Aug 26)
- Re: CERT Employee Gets Owned henry j. mason (Aug 26)
- RE: CERT Employee Gets Owned Nelson (Aug 26)
- Re: CERT Employee Gets Owned henry j. mason (Aug 26)