Full Disclosure mailing list archives
How *not* to point out a security problem
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 30 Sep 2003 15:48:05 -0400
http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story Hacker Arrested in San Diego The security specialist could face 30 years for downloading from the military and others. By Tony Perry, Times Staff Writer September 30, 2003 SAN DIEGO - A computer security specialist who claimed he hacked into top-secret military computers to show how vulnerable they were to snooping by terrorists was arrested and charged Monday with six felony counts that could bring a 30-year prison sentence. Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a start-up company here, is accused of hacking into computers of the Navy, the Army, the Department of Energy, the National Aeronautics and Space Administration and several private companies. Before his arrest, O'Keefe told reporters that he had hacked into the computers to drum up business for his fledgling company and to show that the nation's top military secrets are not safe, despite pronouncements that security has been tightened since the terrorist attacks of Sept. 11, 2001. .... http://www.washingtonpost.com/ac2/wp-dyn/A24191-2002Aug15?language=printer Sleuths Invade Military PCs With Ease By Robert O'Harrow Jr. Washington Post Staff Writer Friday, August 16, 2002; Page A01 SAN DIEGO, Aug. 15 -- Security consultants entered scores of confidential military and government computers without approval this summer, exposing vulnerabilities that specialists say open the networks to electronic attacks and spying. The consultants, inexperienced but armed with free, widely available software, identified unprotected PCs and then roamed at will through sensitive files containing military procedures, personnel records and financial data. One computer at Fort Hood in Texas held a copy of an air support squadron's "smart book" that details radio encryption techniques, the use of laser targeting systems and other field procedures. Another maintained hundreds of personnel records containing Social Security numbers, security clearance levels and credit card numbers. A NASA computer contained vendor records, including company bank account and financial routing numbers. ForensicTec officials said they first stumbled upon the accessible military computers about two months ago, when they were checking network security for a private-sector client. They saw several of the computers' online identifiers, known as Internet protocol addresses. Through a simple Internet search, they found the computers were linked to networks at Fort Hood. Former employees of a private investigation firm -- and relative newcomers to the security field -- the ForensicTec consultants said they continued examining the system because they were curious, as well as appalled by the ease of access. They made their findings public, said ForensicTec President Brett O'Keeffe, because they hoped to help the government identify the problem -- and to "get some positive exposure" for their company. ..... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- How *not* to point out a security problem Richard M. Smith (Sep 30)