Security threats Toolkit

In association with Network Liberation Movement

Post a comment

Story: The NASA hacker: Scapegoat or public enemy?

Posted by: Anonymous (Thursday 13 April 2006, 8:39 PM)

This sounds very familiar, stories such as Kevin Mitnick, North California University, Cisco, and NASA.

I can't tell you how easy it is to confuse what is openly seen with an attempted possible threat, I remember the days of monitoring firewall log's and finding automated zombied computer inbound intrusion attempts via other computers close by on the ISP's network from comprimised machine's that displayed a legit IP but not from the actual persons machine, just harmless victims that had a high possibility of being accussed of something way above their understanding by those which have no idea what they are talking about to begin with.

It's easy to point the finger and internet security is still not fully established but it's getting there, the concept of gaining access back then and breaching security was as simple as clicking on a hyperlink that came up in a search engine result not even related to whatever you were really looking for that took you somewhere to a website or webpage you didn't neccesarily totally understand, you just kept clicking and reading then move onto the next subject as there was no total password protection, this wasn't due to hacker intelligently comprimising a website that had the ultimate security via a well known company that falsely and openly qouted protection it didn't really offer like other companies that was only in theory at that time, it was due to poor website design, poor search engine results, and accidentily walking into Dillards instead of JCPenny's.

Imagine back then you type in AOL to bring up the main AOL website in a search engine only to find nothing but a secret project deemed "The new and improved AOL, click here to access the new/current website featuring the latest information and news", then you click on the link and it takes you to a link related to an investigation of Charlie's Chicken and KFC, you click a link on KFC and it takes you straight to UFO investigation website and something related to JFK, you click on another link and it takes you to a University such as Polytech University, click another link it sends you back to NASA, that same week you see on TV someone illegally accessed Polytech University and KFC and they are still wondering who shot JFK.

Not only that, often when you hear of a person charged with hacking you hear of how much money was lost, and it's usually some very high figure estimation, this along with a very high prison term, now when I hear something like that I begin to wonder what it was they were really hiding to give such high figures, maybe it's just to scare teens into not wanting to become hackers, dunno, but one thing's for sure, these days, actual losses from hacking unless dealing with deep financial or identity theft would be minimal at best, I mean most things are solved with a restore and a reboot these days, and dataloss is becoming rare.

My biggest point is, if they can gain access to a secure system, the person that's at fault is the person that didn't configure the system correctly or the person that designed the security didn't properly design it, for example, let's say a parent has a gun, the parent, the gun needs to be locked up securely so kid doesn't get ahold of it, the parent doesn't use a lock and one day the kid get's ahold of gun and there's an accident the kid was playing with the gun, well, who's fault is it? You think if the parent locked the gun cabnit the kid might not have gotten ahold of it? If the kid got 70 years for the parents mistake that would be shocking.

In this case, the kid admitted to possibly doing damage to atleast 1 machine, this doesn't mean he deserves a life sentence or the death penalty and I can understand why the British would let the kid go in this case, hopefully, there was a lesson learned by everyone on this.