Information Security News mailing list archives
Re: Student arrested for allegedly hacking university computers to derail election
From: InfoSec News <isn () c4i org>
Date: Wed, 25 Jun 2003 02:37:47 -0500 (CDT)
Forwarded from: Dragos Ruiu <dr () kyx net> I find this troubling. There is no reason I can see that this should have come in to the criminal justice system. (drug possession issues aside) I have seen much more potentially harmful and dangerous school pranks go virtually ignored during my University career, but since this involved a computer it seems to have evoked an over-reaction that is disturbing. There is no reason this prank should not have been dealt with in the confines of the school's disciplinary system. Surely negating his university career and chances at a degree is harsh enough punishment for what was ostensibly a prank (albeit a stupid one) - and a relatively victimless one at that. The real fiscal and monetary damages for disturbing a small *student* election would be trivial at best. At my university with 30k undergraduate students the budget for student elections was under $5,000. An 800 vote election cannot be very expensive even in the most inflated estimates. There was no fiscal theft, property damage, nor dangerous liability that could have brought physical injury to anyone, unlike some cases of computer meddling, which would seem to require intervention by the criminal law enforcement system. It used to be that over-reaction in crime and mischief cases involving computers and networks were justified by the lack of case-law and the need to set an example - but I would argue that time has passed. If this poor misguided student would have merely exploited a flaw in procedure and had physically stuffed the ballot boxes with 800 slips of paper bearing "American Ninja" would he also be facing three years in jail? Put him up before his school's disciplinary comittee, fine. But to push this into criminal law, and to make a hardened criminal of him, seems, well, criminal. I postulate the problem we are currently seeing is poor differentiation between real crime and harm done to people via computers (theft, risking physical harm or injury to people) versus childish pranks and stupid meddling. This seems partially motivated by the the much over-hyped and over-inflated damages estimates some people have been putting on computer errors as a way to cover up for other, real, negligence in planning. It appears that we are heading towards classifying wrongdoing involving computers as more serious than crimes involving lethal weapons (which arguably computers can sometimes be). But I fear we are somehow being blinded by damages overestimation and driven by fear and confusion surrounding this relatively new technology. Let's maintain some common sense here - it is after all one of the most important tenets of the judicial system. Law enforcement has a hard enough job and has a large enough work load as it is without troubling them with trivial mischief cases like this. I sincerely hope a larger sense of perspective and justice will prevail in this case and lament that I am reading about a stupid school prank in national media merely because it involves a computer. --dr On June 23, 2003 12:58 am, InfoSec News wrote:
http://cbs11tv.com/national/HackerArrested-aa/resources_news_html Saturday June 21, 2003 RIVERSIDE, Calif. (AP) A 21-year-old student was arrested for allegedly hacking into a university computer system during student elections to cast hundreds of votes for a made-up candidate he named American Ninja. Shawn Nematbakhsh, a computer science major at the University of California, Riverside, was arrested Friday for investigation of drug possession and altering computer data without permission. If convicted, he could face up to three years in prison and a $10,000 fine. He was being held Saturday on $10,000 bail. Arraignment was set for Tuesday. School officials said Nematbakhsh cast the 800 votes in April, forcing the university to scrap the election results and hold a new student government election the following month. Nematbakhsh told police he did it to show the university network was vulnerable, said university spokesman Ricardo Duran. ``I think he made his point, but you might say he went about it in the wrong way,'' Duran said. ``An e-mail to the webmaster might have sufficed.'' Nematbakhsh, who was expected to graduate this year, will be required to appear before a university judicial review board which could expel him, suspend him, require restitution or require him to repeat an academic quarter.
-- pgpkey http://dragos.com/ kyxpgp - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Student arrested for allegedly hacking university computers to derail election InfoSec News (Jun 23)
- <Possible follow-ups>
- RE: Student arrested for allegedly hacking university computers to derail election InfoSec News (Jun 24)
- Re: Student arrested for allegedly hacking university computers to derail election InfoSec News (Jun 25)
- RE: Student arrested for allegedly hacking university computers to derail election InfoSec News (Jun 26)
- Re: Student arrested for allegedly hacking university computers to derail election InfoSec News (Jun 27)
- RE: Student arrested for allegedly hacking university computers to derail election InfoSec News (Jun 30)