from the shades-of-"Weev"-and-Aaron-Swartz dept.
Thanks in part to America’s ill-defined hacking laws, prosecutors have enormous discretion to determine a hacker defendant’s fate. But in one young Texan’s case in particular, the Department of Justice stretched prosecutorial overreach to a new extreme: about 440 years too far.
Last week, prosecutors in the Southern District of Texas reached a plea agreement with 28-year-old Fidel Salinas, in which the young hacker with alleged ties to members of Anonymous consented to plead guilty to a misdemeanor count of computer fraud and abuse and pay $10,000 in restitution. The U.S. attorney’s office omitted one fact from its press release about that plea ( http://www.justice.gov/usao/txs/1News/Releases/2014%20November/141120%20-%20Salinas.html ), however: Just months ago, Salinas had been charged with not one, but 44 felony counts of computer fraud and cyberstalking—crimes that each carry a 10-year maximum sentence; adding up to an absurd total of nearly a half a millennium of prison time.
(Score: -1, Flamebait) by Anonymous Coward on Sunday November 30 2014, @05:45AM
"Cyberstalking" - Women hate men having freedom of speech, so in this WOMAN's DEMOCRACY men do NOT have freedom of speech.
I really hope there is a brutal civil war or revolution in this cuntry some time, and the women are killed.
(The hebrews had the right idea: kill the women, keep the young female children)
(Score: 3, Interesting) by kaszz on Sunday November 30 2014, @07:27AM
Sounds all to similar to the [url=https://en.wikipedia.org/wiki/Aaron_Swartz]Aaron Swartz[/url] case with too eager prosecutors. Guess Anonymous have to start with the old fashioned political craft of digging out dirty stuff that's completely irrelevant to the actual issues.
(Score: 2) by kaszz on Sunday November 30 2014, @07:45AM
Linkfix: Aaron Swartz [wikipedia.org]
(Score: 5, Interesting) by aristarchus on Sunday November 30 2014, @07:50AM
Or five years in Federal (**) Prison, if you dare rip a dvd for later viewing? And we are surprised that someone could be liable for a "Gazzilion years" in Federal (office space) Prison? Especially when these prisons are run by for profit companies, most likely the same ones that are giving us education by Corinthian, food by Soylent Green (not Soylent News, or course, but both _are_ people), and custody by C ..C ,,,C :: wholly f! How can a website for a despicable corporation like this not spell out their acronym? It is easier to find out:
"P.S. I Love You" Learn how a CCA program keeps incarcerated mothers connected with their children.
Holy Barfing Jesus! This is the upside? OK, we all should spend 440K year in prison before we allow this to go on.
1. There is no such thing as intellectual property. If someone steals your ideas, you should be flattered. Of course, they should give you credit.
2. If any computer system is compromised, "hacked," or subject to unauthorized access, the owners of said system should be subject to legal action, or at least public ridicule and strict liability for all client data.
3. Identity theft is the responsibility of the grantor, not the holder of the identity. If you allow a charge to me on false credentials, I should be able to whip you with a wet noodle an infinite number of times, and seize 57.5% of your publicly held stock. Why 57.5%? Why not, you let some script kid steal 100% of my net!
4. Anyone who can hack any military networks of any country should be awarded a medal, most appropriately by the nation/military that is now aware of a security vulnerability.
Feel free to add more. I get the feeling that legislators around the world are in need of guidence.
(Score: 2) by Wootery on Monday December 01 2014, @03:27PM
There is no such thing as intellectual property. If someone steals your ideas, you should be flattered. Of course, they should give you credit.
Intellectual property covers more than just ideas. You're thinking of patents. Anyway, you're wrong: of course there's such a thing. The laws create it. Perhaps you meant to say There should be no such thing, which I would strongly disagree with.
Identity theft is the responsibility of the grantor, not the holder of the identity.
I'm inclined to agree. If some company is storing my credit-card details without having asked me if I want them to do that (and many companies seem to do this), they should absolutely be liable if they get hacked and my payment details are abused by the attackers.
(Slight aside: in my opinion, companies should be legally prohibited from this practice. Storing my credit-card details should be explicit, and opt-in, and it should be very simple for me to have the company secure delete my credit-card details from record.)
Anyone who can hack any military networks of any country should be awarded a medal, most appropriately by the nation/military that is now aware of a security vulnerability.
This stuff needs to be done properly, otherwise anyone that's caught doing it can just say Oh I was doing it to serve our country, honest! Much the same way that sneaking into a millitary base should be a serious offence, even if it does prove a point. (This is what 'tiger teams' are for: these testing techniques should be used by those in charge of the system/facility.)
(Score: 0) by Anonymous Coward on Sunday November 30 2014, @08:55AM
They brought millions of clueless people to computers and they proved you can make absolutely shitty software with zero security. Now some 30 years later most software is very bad from the security viewpoint and thus very inviting for people to snoop around. Almost every single day we read how so and so many millions of records got snatched by criminals. This leads to prosecutors scared shitless and having the shoot first ask later mentality towards "hackers" (should be crackers). And the clueless prosecutors make no distinction between white, gray or blackhats...
(Score: 1) by anubi on Sunday November 30 2014, @10:45AM
I'd love to blame Microsoft for this mess, I guess because they are big and have made lots of money being everything for everybody, but the biggest thing I see is the Rube Goldberg concoction of code that evolved into trying to keep secrets.
I just got through evicting another rootkit from my machine ( Thanks, Malwarebytes, for finding it and getting rid of it! ). [malwarebytes.org] Hidden process. Would not show up in Task Manager. I was wondering what got into my machine when it got sluggish as hell last week.
Now, I would not be running Task Manager unless I had a problem... now why the hell have hidden processes? That's akin to me making myself invisible so I can do bad things to other people and get away with it scot-free.
Its things like that, where Microsoft puts special hickeys in the operating system for their special friends that make the likes of me distrust them. First, its Sony abusing the CD Autorun privilege, we think that has been fixed, then someone plugs is something as innocuous as a USB E-Cig charger and gets hit with code intrusions? C'mon now, just how finicky should we design this stuff? Then I find out something as simple as a FTDI interface chip can be bricked with some code. If FTDI can do it, then anyone who knows the secret handshake can do it too. How in the hell are we supposed to build anything on top of this kind of framework? Its like trying to build a bridge with bad cement.
I think this is more a problem of our damned law. With the passing of the DMCA, people who wanted law to protect their IP should be required to either reveal exactly how it works, or if they want, keep it secret and assume full liability for it malfunctioning. Discovering and fixing bad code should not be a violation of any kind of law.
Neither should it be illegal to do whatever one has to do to find out why his machine is behaving incorrectly.
There was once a day I could pull out a debugger to fix bad code, however I have not kept up with all the ways of finding bugs in code that now runs in the megabyte range.
This seems to be a result of what happens when special interests buy Congressmen to get special law passed just for them.
There has just GOT to be a far more elegant way of implementing a standard computational infrastructure than what we have now. If I was to compare computers to astronomy, I would say we are at the Ptomelaic level. We need a Copernicus to see the big picture and establish a workable framework.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Hairyfeet on Sunday November 30 2014, @01:02PM
Oh Lord where do I even begin, with so much dumb shit piled into a single post?
First of all MSFT has hidden processes to keep dumbasses from going "Herpa de derp, I didn't install no "arrr pee cee, that must be one of them thar bugs!" and fucking up their shit. Second MSFT didn't "allow" Sony to do squat, the Sony rootkit used the same procedure to install their rootkit that OEMs use to install graphics driver and it said plainly what it was doing in the EULA. Its not MSFT's fault if you can't read or even ask WTF when a fricking CD wants to install shit just to play. This the USB thing ain't got shit to do with MSFT, that is how the USB consortium designed the USB spec and what is more they did so for good intentions, it was to keep scumbum hardware resellers from rigging the firmware on USB devices to report info like what we are seeing now with all the fake Nvidia cards. Sadly in a perfect example of why we can't have nice things scumbums eventually figured out how to go around it to make money not only on malware but by selling 4-8GB flash sticks as 128-256GB, been seeing more and more of that shit showing up in online auctions and flea markets. Finally WTF could they have done more about FDTI, a vendor that had in the past provided perfectly fine drivers that decided one day to use their drivers as a weapon? MSFT did what any vendor would do and yanked that shit but since WHQL is about testing drivers for use on the CORRECT hardware, not trying to run drivers to see if third party hacked hardware that uses an incorrect ID likes it or not? Really can't see what else they would have been able to do on that one.
And WTF kinda sites you going to that you are getting rootkits Bubba? I work on PCs at the shop 6 days a week and I see MAYBE 3 rootkits a year and they are all from either pirate sites or seriously dodgy porn sites. If you are watching pirated videos might I suggest that you run a VM or at the very least use something like Comodo Internet Security or Sandbox IE to sandbox your browser? The same goes for porn but I'd suggest just signing up to MyFreePaysite, they have several thousand DVDs worth of movies you can watch for free with no bugs. Glad you managed to remove the bug but if you are running Vista or newer frankly you shouldn't be getting them in the first place! Just run a decent free AV like Avast or Comodo Internet Security, avoid Firefox (because it runs in the same rights as the user) and instead use anything based on Chromium (Comodo Dragon and Secure Chromium, SWIron, Chromium, plenty to choose from) so that your browser runs in low rights mode and for the love of FSM if you are going to dodgy sites run your browser in a sandbox!
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Whoever on Sunday November 30 2014, @05:17PM
I have no idea why you got insightful mods.
In that era (XP) most systems had autorun enabled. Combined with this: [wikipedia.org]
Summary: insert the CD and the software installs, irrespective of how the user responds. And that's somehow not Microsoft's problem?
(Score: 2) by sjames on Sunday November 30 2014, @06:50PM
The CD and USB things are ion MS. Nobody made them implement the obviously harmful autorun feature.
The whole email and document virus thing is on them as well. I remember well at the time they were busily making documents and emails into executable code they were warned that no good would come of it. Until then, email viruses were somewhere between urban legend and a mildly funny joke (the honor system virus for example).
Arguably, since you'd be insane to even read email or browse the web without a 3rd party AV installed, Windows is in itself incomplete.
(Score: 2) by Hairyfeet on Monday December 01 2014, @08:10AM
Oh please, you are STILL bitching about fucking Windows XP? You wanna bitch about how you could bypass login on Windows 98 by hitting cancel while you are at it? You DO know that Windows XP was FOUR, soon to be FIVE releases ago, yes? And that autorun was disabled in SP 2 IIRC which was in 2003?
Oh and just FYI the whole autorun thing was REQUESTED by the OEMs who got fucking tired of having support calls that said "I put teh CD in and it did nuffin!" because they were too damned dense to open Computer. Also FYI but that is now why you get a dialog box when you stick in a CD with the option of running it, because they just removed autorun with SP2 and the users fucking HOWLED in rage at the thought of having to open Computer!
I personally find it hilarious that MSFT gets shit if they do what the users ask of them, then get shit if they DON'T do what the users ask of them, is it any wonder that Balmer got fed up and tried to turn Windows into an oversized cellphone just to shut them up?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by sjames on Monday December 01 2014, @04:07PM
You still seem pretty hot about it yourself. They could have done what Gnome does. Just open a file window showing the contents of the CD. If the user doesn't know about click the little picture to make things happen, they're simply incapable of using Windows at all.
But as for current issues, have they yet made their interface show the user the difference between opening data and running a program? That confusion is certainly a big part of the problem with Windows machines getting trashed.
(Score: 1) by anubi on Monday December 01 2014, @03:40AM
Hairyfeet:
The business owner and the glazier are apt to have two completely different perceptions of the kids running around breaking windows.
I have been messing with these things since they first came out. Even built and programmed my IMSAI 8080 from a box of discrete parts.
Yes, I probably picked up that rootkit while trying to find out the nasty little secrets others know that I am ignorant of. One does not find that kind of info, unless its some sort of computer security classes taught to government investigators or industry insiders paying for the "first call". I scrounge all over the net trying to find it, so at least I can get some idea of what I am up against instead of calling someone else in to charge me to reload Windows. I have had it with what passes as "computer repair".
My system seems so Rube Goldbergian and of the likes of Ptolemy, who had conceived of immensely complex planes of spheres rotating within spheres to describe the motions of the planets. I see all sorts of stuff done in software that should be done in hardware, and vice versa, but is not done that way in the name of legacy or implementation of proprietary business models.
I believe the Commodore64 paradigm was the way to go. All the basic stuff was in ROM. Yes, one could still have rogueware, but it would really be a trick to make it persistent. One could cycle power to the machine, reboot and go directly to a debugging program, which would scan your work disk for any known malware without the malware on the work disk being able to grab control and hide.
I believe this stuff we have today is way too fragile knowing the threats of determined people out there deliberately crafting code to cause destruction.
A business may have several thousand POS machines rendered useless by just one determined hacker that is onto the secret handshake that bricks the interface chip that opens the cash drawer or reads the credit card.
You may make your living fixing these problems... therefore experiences like mine is income to you.
For me, these problems are a big pain in the ass. And I believe most of them are the result of bad workmanship resulting from trying to be everything to everybody.
I know our computing infrastructure can be made way more elegant than what it is. Just as Copernicus knew Ptolemy was barking up the wrong tree. Things fell so neatly into place when we realized we weren't the center of the universe.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by urza9814 on Tuesday December 02 2014, @02:31PM
Right...so instead this clueless user will just do that to svchost.exe and explorer.exe and such? If that was the point, MS would hide system processes. If that was the point, they'd have a setting for advanced users to show them. Since they have done neither of those things, that is clearly not the point. Or they're massively incompetent. Take your pick.
(Score: 3, Interesting) by dlb on Sunday November 30 2014, @01:00PM
Salinas allegedly used a brute force SQL injection attack ... registering 14,000 attempts before unlocking it ... [that] compromised sensitive human resources and emergency alert data, caused slowness and latency for users, and left administrators unable to access or manage the website for most of the day
Sorry, but Salinas is the poster boy of the on-line "anonymous" punk.
He was staying with his girlfriend and her mother, and had the audacity to use the mother's computer to play at being a computer "genius", or "tough guy", or whatever it was...all the while being over his head:
Computer forensic investigators found hacking tools downloaded onto Salinas’s computer, an Acunetix Web Vulnerability Scanner, which had logged his 14,000 intrusion attempts, and a Hajiv SQL injection exploit discovery application ... Also found on his computer, in addition to Google search logs which featured Anonymous-related search terms, were six months of AntiSec IRC chat logs.
source [dailydot.com]
What an amateur.
The kid's no Aaron Swartz. The misdemeanor conviction and $10,000 restitution sounds about right. Justice was served. And I'm glad he was caught.
(Score: 1) by Anonymous Coward on Sunday November 30 2014, @06:26PM
I'm not glad.
Electrons are not bullets.
(Score: 0) by Anonymous Coward on Sunday November 30 2014, @07:28PM
so predator drone pilots aren't killers?
(Score: 0) by Anonymous Coward on Sunday November 30 2014, @07:49PM
Burma-Shave
(Score: 0) by Anonymous Coward on Monday December 01 2014, @04:50AM
Jails are also not bullets.
(Score: 2) by frojack on Sunday November 30 2014, @09:49PM
Agreed, the clown was not worthy of our sympathy.
Further, the prosecutor was NEVER asking for 440 years, simply charging every crime that he actually committed. It was the PRESS that dreamed up the 440 years nonsense. That's not the way these things ever play out.
In short the idiots at Wired just hyped the maximum penalty you could possibly get, (say if your hack caused a death or you made off with a million dollars of ill gotten gain) and rushed to judgement to assume that is what would have been handed down, and asserted, without a shred of evidence, that the prosecutor was actually asking for that.
Prosecutors don't set sentences. (Wired should know this). Prosecutors don't even ASK for specific penalties.
Judges and sometimes Juries do.
The whole nerd rage around this issue is based on the idea that someone who inflicts damage using only a computer should somehow not face any penalties because electrons aren't bullets.
No, you are mistaken. I've always had this sig.