[Full-Disclosure] How *not* to point out a security problem
From: Richard M. Smith (rms_at_computerbytesman.com)
Date: 09/30/03
- Previous message: Daniel Ahlberg: "GLSA: teapop (200309-18)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Tue, 30 Sep 2003 15:48:05 -0400
http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story
Hacker Arrested in San Diego
The security specialist could face 30 years for
downloading from the military and others.
By Tony Perry, Times Staff Writer September 30, 2003
SAN DIEGO - A computer security specialist who claimed
he hacked into top-secret military computers to show how
vulnerable they were to snooping by terrorists was arrested
and charged Monday with six felony counts that could bring
a 30-year prison sentence.
Brett Edward O'Keefe, 36, president of ForensicTec Solutions,
a start-up company here, is accused of hacking into computers
of the Navy, the Army, the Department of Energy, the National
Aeronautics and Space Administration and several private companies.
Before his arrest, O'Keefe told reporters that he had hacked
into the computers to drum up business for his fledgling company
and to show that the nation's top military secrets are not safe,
despite pronouncements that security has been tightened since
the terrorist attacks of Sept. 11, 2001.
....
http://www.washingtonpost.com/ac2/wp-dyn/A24191-2002Aug15?language=printer
Sleuths Invade Military PCs With Ease
By Robert O'Harrow Jr.
Washington Post Staff Writer
Friday, August 16, 2002; Page A01
SAN DIEGO, Aug. 15 -- Security consultants entered scores
of confidential military and government computers without
approval this summer, exposing vulnerabilities that specialists
say open the networks to electronic attacks and spying.
The consultants, inexperienced but armed with free, widely
available software, identified unprotected PCs and then
roamed at will through sensitive files containing military
procedures, personnel records and financial data.
One computer at Fort Hood in Texas held a copy of an air
support squadron's "smart book" that details radio encryption
techniques, the use of laser targeting systems and other field
procedures. Another maintained hundreds of personnel records
containing Social Security numbers, security clearance levels
and credit card numbers. A NASA computer contained vendor
records, including company bank account and financial routing numbers.
ForensicTec officials said they first stumbled upon the
accessible military computers about two months ago, when
they were checking network security for a private-sector
client. They saw several of the computers' online identifiers,
known as Internet protocol addresses. Through a simple Internet
search, they found the computers were linked to networks at
Fort Hood.
Former employees of a private investigation firm -- and
relative newcomers to the security field -- the ForensicTec
consultants said they continued examining the system because
they were curious, as well as appalled by the ease of access.
They made their findings public, said ForensicTec President
Brett O'Keeffe, because they hoped to help the government
identify the problem -- and to "get some positive exposure"
for their company.
.....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Daniel Ahlberg: "GLSA: teapop (200309-18)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
