Re: Interesting conviction

From: Stu Thomas (stuart.thomas@mac.com)
Date: Sun Oct 09 2005 - 14:23:39 EDT


Yes, there is a little more detail to the issue:

http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/

<quote>District Judge Mr Quentin Purdy said: "For whatever reason Mr
Cuthbert intended to secure access, in an unauthorised way, to that
computer...it is with some considerable regret...I find the case
proved against Mr Cuthbert." He was fined £400 for the offence and
must pay a further £600 in costs.</quote>

Under UK Law it was proven that he (Cuthbert) had broken the Computer
Misuse Act (UK) [http://www.opsi.gov.uk/acts/acts1990/
Ukpga_19900018_en_1.htm]. By attempting and gaining unauthorised
access he broke the law.
The ethics and intent were taken into account by the Judge.

<quote>Mr Purdy, speaking to Cuthbert in the dock, said: "I
appreciate the consequences of this conviction for you are
considerably graver than any I can impose. But you crossed an
inappropriate line, time and expense was expended and anxiety caused.
That aside, the price may be a heavy one for you to pay." Cuthbert
lost his job as security consultant at ABN Amro as a result of his
arrest and has only recently been able to find work.</quote>

Personally (and not having the full detail other than news articles),
I don't think he should have done it, no matter what his personal
feelings and emotions were at the time, perhaps I conjecture he had a
tipple or two over new years eve? and felt he had a moral right?. He
should have reported his concerns and his evidence to the police, or
some other regulatory body, not take the law into his own hands. The
other side of this is the punishment, the judicial decision, was made
by the judges interpretations of the act. We are in the business so
we know how trivial certain kinds of "back-ground-noise" can be, and
how malicious others can be. The judge cannot (Even the though a
professional witness was present) hope to understand how common this
type of act (port scan) is across the Internet (The world). Now it's
common-law. It would be interesting to see the detail of what he
actually did, it must have been more than a port scan - we can only
conjecture...

Cheers.

On 9 Oct 2005, at 16:40, Rogan Dawes wrote:

> Mike Messick wrote:
>
>> You're quite right! ;-)
>> Here's mine:
>> I think the article's editorial comments about causing problems for
>> security professional and penetration testing are pure crap.
>>
> [snip]
>
>
>> Most laws are written with intent in mind. That Mr. Cutbert
>> didn't intend
>> to do anything bad once he got in is really immaterial - that he
>> *intended
>> to gain entry in an unauthorized fashion* is what constituted the
>> violation and his subsequent conviction.
>>
>
> [snip]
>
>> Just because you don't steal the TV after you crowbar the front
>> door open
>> doesn't mean you won't go to prison for unlawful entry. Or not
>> get shot
>> by the owner (in some states). The fact that you don't have
>> permission to
>> be there in the first place is what matters (at least under
>> current law).
>>
>
> Mr Cuthbert was simply attempting to verify the security of an
> institution that he had decided to entrust his credit card details to.
>
> Granted, one should not try to break into the vault of a bank to
> check their security, but I think that his intent was somewhat
> closer to rattling the lock on the safety deposit box after
> dropping your money in, to make sure that someone else can't just
> come along and help themself.
>
> Rogan
>
> ----------------------------------------------------------------------
> --------
> Audit your website security with Acunetix Web Vulnerability Scanner:
> Hackers are concentrating their efforts on attacking applications
> on your website. Up to 75% of cyber attacks are launched on
> shopping carts, forms, login pages, dynamic content etc. Firewalls,
> SSL and locked-down servers are futile against web application
> hacking. Check your website for vulnerabilities to SQL injection,
> Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------
>
>

--
Stu Thomas
Web:  http://www.stuartspictures.com
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:03 EDT