'[Full-Disclosure] How *not* to point out a security problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] How *not* to point out a security problem
From:       "Richard M. Smith" <rms () computerbytesman ! com>
Date:       2003-09-30 19:48:05
[Download RAW message or body]

http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story  

Hacker Arrested in San Diego
The security specialist could face 30 years for 
downloading from the military and others. 
By Tony Perry, Times Staff Writer September 30, 2003

SAN DIEGO - A computer security specialist who claimed 
he hacked into top-secret military computers to show how 
vulnerable they were to snooping by terrorists was arrested 
and charged Monday with six felony counts that could bring 
a 30-year prison sentence.

Brett Edward O'Keefe, 36, president of ForensicTec Solutions, 
a start-up company here, is accused of hacking into computers 
of the Navy, the Army, the Department of Energy, the National 
Aeronautics and Space Administration and several private companies.

Before his arrest, O'Keefe told reporters that he had hacked 
into the computers to drum up business for his fledgling company 
and to show that the nation's top military secrets are not safe, 
despite pronouncements that security has been tightened since 
the terrorist attacks of Sept. 11, 2001.

....

http://www.washingtonpost.com/ac2/wp-dyn/A24191-2002Aug15?language=printer

Sleuths Invade Military PCs With Ease 
By Robert O'Harrow Jr.
Washington Post Staff Writer
Friday, August 16, 2002; Page A01 

SAN DIEGO, Aug. 15 -- Security consultants entered scores 
of confidential military and government computers without 
approval this summer, exposing vulnerabilities that specialists 
say open the networks to electronic attacks and spying.

The consultants, inexperienced but armed with free, widely 
available software, identified unprotected PCs and then 
roamed at will through sensitive files containing military 
procedures, personnel records and financial data.

One computer at Fort Hood in Texas held a copy of an air 
support squadron's "smart book" that details radio encryption 
techniques, the use of laser targeting systems and other field 
procedures. Another maintained hundreds of personnel records 
containing Social Security numbers, security clearance levels 
and credit card numbers. A NASA computer contained vendor 
records, including company bank account and financial routing numbers.

ForensicTec officials said they first stumbled upon the 
accessible military computers about two months ago, when 
they were checking network security for a private-sector 
client. They saw several of the computers' online identifiers, 
known as Internet protocol addresses. Through a simple Internet 
search, they found the computers were linked to networks at 
Fort Hood.

Former employees of a private investigation firm -- and 
relative newcomers to the security field -- the ForensicTec 
consultants said they continued examining the system because 
they were curious, as well as appalled by the ease of access. 
They made their findings public, said ForensicTec President 
Brett O'Keeffe, because they hoped to help the government 
identify the problem -- and to "get some positive exposure" 
for their company.

.....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic