Dubai court finds hacker guilty on two charges

[InfoSec News <isn () c4i org>]

http://www.zawya.com/Story.cfm?id=ZAWYA20011007092224&Section=Industries&page=Legal

07 October 2001

The Dubai Appeal Court yesterday over turned a lower court ruling
issued against Lee Alan Ashurst, the 22-year-old Briton accused of
hacking into Etisalat's computer network, by finding him guilty on
both charges of opening private e-mails of Etisalat employees and
misusing Etisalat services through unauthorised entry of its internet
system.

The Dubai Misdemeanours Court had, on July 1, found Ashurst not guilty
on the charge of opening private e-mails of Etisalat employees and
fined him Dh10,000 on the second charge alone. The appeal court upheld
the Dh10,000 fine but convicted Ashurst on both the first and second
charges.

The civil component of the case has been referred by the appeal court
to the Dubai Civil Court. Etisalat is asking the court to award the
Dh2,835,000 for damages they allege Ashurst caused to their network.

With regard the first charge, the misdemeanours court had said that
"Regarding the opening of private e-mail messages of Etisalat
employees without their knowledge or permission, the word 'message' in
law does not apply to "electronic messages" or e-mails, according to
the text of Article 380 of the Penal Code. The case goes back to June
15 last year when Etisalat informed Dubai Police that it had detected
an unauthorised entry of its internet network through the user name of
a local company and the connection was made through that company's
telephone line.

Following police investigation the person responsible was identified
as the defendant.

Etisalat claimed that Ashurst's unauthorised entry and his copying of
certain files resulted in harm to the network and network users in
addition to unauthorised disclosure of company secrets.

After confiscating Ashurst's laptop and other equipment the forensic
lab discovered files that proved that defendant scanned the network on
more than one occasion with the purpose of discovering security gaps
in the network and entering it. They also discovered that the
defendant had copied the password files to his computer.

The technical report prepared for the court, said the defendant used a
decryption programme to uncover names of various Etisalat internal
network users by using their passwords. He also roamed freely through
the main data base using names and passwords of Etisalat employees.

According to court records Ashurst had told police that he carried out
the entry of the Etisalat network then got the idea of entering the
operating system in the UAE using the 'Saint' computer programme.
Ashurst denied changing or destroying any computer files or causing
Internet server to collapse.

He also denied giving away the method by which he penetrated the
network and that what he was doing is called by Etisalat 'Instray',
which is using a decryption file and an internet user password
decryption file. "The technical report confirmed that the defendant's
laptop contained files and programmes used for piracy, infecting
computer systems and decryption of passwords, but the mere presence of
these programmes is no indication of (a crime)," the misdemeanour
court said.

Two senior academicians from UAE University and a computer engineer
were asked during the court hearings to give their expert opinion to
the court. The expert witnesses said that the two computer programmes
in question, 'John the Ripper' and 'Saint', which the prosecution
claims were used by the defendant to hack into restricted sites on the
Etisalat database, are not illegal and are standard tools that come
with the operating system, in addition, the programmes can be down
loaded from the Internet.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.