posted on Jun, 20 2008 @ 06:58 PM
I agree that this is a rediculous sentence, although some form of punishment should be allowed, this is not the right answer.
When I was thirteen years old about, I was really into the black hat cracking scene. I was well versed in most distributions of UNIX, a solid
knowledge programming in C, perl, and some assembly, and found my way in and out of many high profile servers - sadly, I was caught scanning class B
addresses for OS detection and services before it was legal, but was too young to do anything about it and recieved a slap on the wrist. When I was in
secondary school after high school, I dusted off some old techniques for fun and to show a friend how easy it was. With a spoofed MAC/IP address and
some ARP poisioning, I setup a packet sniffer on my box that was spoofed to be recognized as the domain controller and collected logins and passwords
as they were typed in plain text, no encryption. Sadly, they knew something was up when the network was unresponsive due to traffic being routed to my
box instead of the actual domain controller, and I ate the consequences - another slap on the wrist. Although, it was serious enough that I could have
been kicked out if I wasnt so liked by the teachers and because I was actually using it to prove a point, not for negative reasons.
These days basically, you can give anyone the latest zero day and they dont even need any of that knowledge to crack a server, pretty much $ ./hack
and you end up with a sexy root shell from a remote connection. Anyone can do it. This could have been a kid who wasnt really thinking how serious
what he was doing really was, because when you are doing such things online, it seems very akin to a game - whereas I would never, ever break into a
house - I would break into hundreds of systems a week without a care in the world - you dont really notice the seriousness of the situation due to the
way its being carried out and the simplicity.
Sadly, he did what he did and I am sure he knew the risks. I do not think however he expected to get close to fourty years - probably expected just to
get failing grades, which he was getting anyway, so why not. He will probably get a minimal sentence and be barred from using the internet or any
capable device for a long time - If he had any interest in going into computer science, his dreams are gone now.
Cracking for malicious reasons is a very dangerous thing, and can cripple a network easilly if you type the wrong command, or enter a wrong argument
to a command. I really hope he doesnt get such a harsh sentence but I also hope he learned his lesson and from now on will use his knowledge to
benefit others. He could have told the network administrator about the security vulnerability and even though it diddnt change his grades, which he
gave himself, he could have shown some true character.
[edit on 20-6-2008 by deadline527]
[edit on 20-6-2008 by deadline527]