Oklahoma Paper Distances Itself From Hacker Flap

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/169317.html

By David McGuire, Newsbytes
WASHINGTON, D.C., U.S.A.,
23 Aug 2001, 2:52 AM CST
 

The publisher of a small Oklahoma newspaper suddenly caught in the
middle of a national debate over what constitutes illegal "hacking" is
working feverishly to reassure an angry e-mail mob that his paper has
nothing to do with a controversial government prosecution.

"We never filed any charges and we're not involved with the lawsuit at
all," Poteau Daily News publisher Grover Ford said of the increasingly
visible case of Brian West - an Internet services salesman who has
been charged on several computer crime counts by federal authorities.

West and his supporters in the Internet community contend that West
was arrested essentially for acting as a "good samaritan," having
alerted the then publisher of the Poteau Daily News of security holes
in the newspaper's Web site (http://www.pdns.com ).

According to accounts posted on West's Web site
(http://www.bkw.org/pdf ) West discovered a hole in the PDNS.com
security when his company was in the process of developing a banner
advertisement intended to run on the site.

West alerted the publisher of the paper (who has since left) that he
was able to access sensitive information from PDNS.com without any
password.

Some media accounts have maintained that the newspaper turned around
and went to the police with that information, but Ford tells a
different story.

When West told former Poteau Daily News publisher Wally Burchet of the
holes, Burchet went to the newspaper's Internet service provider - an
Oklahoma company called Cyberlink - to complain. Cyberlink in turn
went to local Oklahoma authorities who in turn called in the FBI, Ford
said.

That was the last official involvement the Poteau Daily News had with
the case, he said.

But that hasn't stopped angry West supporters across the country from
peppering the paper - which serves an 8,000-person community and
boasts a paid circulation of 5,000 - with angry e-mails and phone
calls, Ford said.

The PDNS.com site, which typically clocks about 26,000 hits a week,
has received more than 300,000 over the past week, Ford said.

And while Ford says that his newspaper and its parent company,
Community Newspaper Holdings Inc., takes no official position on the
West case, he and others have questioned assertions that West was
acting strictly as a "good samaritan."

At the time that West made the discovery about the security hole on
the Cyberlink-administered PNDS.com site he was working for a company
called CWIS Internet Services, a Stigler, Okla.-based firm that Ford
says was trying to break into the Poteau market.

Ford said that West was eager to use the security hole as a hook to
promote his company's Internet services over those of Cyberlink.

And when FBI authorities set a "sting" for West, federal authorities
found that West had downloaded sensitive data, including passwords
from the Cyberlink-administered site, Ford said.

"He was getting files that didn't really belong to him," Privacy
Foundation Chief Technological Officer Richard Smith said Wednesday.
"My read of the situation is that he probably showed bad judgement as
much as anything else."

While West may not be a hardened computer criminal, Smith argued that
the "good samaritan" label is something of a stretch.

"He needs to get a lawyer and stop talking to the media," Smith said.

In a letter apparently sent by U.S. Attorney Sheldon Sperling to West,
the government offers to settle with West if he agrees to plead guilty
to one computer crime count and be put on probation. West includes a
copy of the letter on his Web site.

Attempts to reach Brian West through CWIS were unsuccessful and the
Oklahoma U.S. Attorney's office did not return calls for comment.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.