Reuters Accused Of Hacking For Typing In URL

Aexia writes "Intentia International, a company in Sweden, is suing Reuters for publishing an earnings report posted on their website prior to its official release. The catch? The report couldn't be accessed through 'normal channels', you had to know, or guess, what address to type in order to retrieve it. The precedent this case sets will be interesting. If you don't use a hyperlink on a website, are you committing a crime? You can also read Intentia's take on the situation."

Oh, great!

[Troy H Parker]

Are we going to get "internet traffic tickets" now, instead of a 404 error?

Ridiculous!

[ChristW]

Oh wow! Deep-linking outlawed, URL-typing outlawed! How long until hyperlinking itself is outlawed? Oh wait, I should ask BT that, since they own the patent on hyperlinking...

Besides, isn't 'regulating access to private information on a public website' what httaccess was for?

mandatory pr0n reference

[stud9920]

Well I do it all the time when browsing pr0n. Suppose you have an url like this one : http://www.hotteenchick.com/free/tgp/melanie08/mel anie08.html,
it doens't take long to figure out where the other pics are.

Confidence

[Znork]

"The incident has severely damaged confidence in us as individuals and in Intentia as a company," says Björn Algkvist, CEO of Intentia International AB."

Um, yeah. If you cant tell the difference between 'storing confidential data in an access controlled place on your internal network' and 'storing confidential data on an open-for-all external site' it sure will damage my confidence in Intentia as a company. Incompetent is a fairly fitting description.

It's a bit /.'ed, here's the text

[SexyKellyOsbourne]

Stockholm, Sweden -Intentia International (publ.) announces the results of its internal investigation launched due to circumstances around the fact that Reuters published Intentia's fourth quarter results for 2002 prior to the scheduled publication on October 24th. "The investigation has been detailed and has included all relevant staff and processes that handle confidential information, as well as technical security," said Thomas Ahlerup, Head of Corporate and Investor relations of Intentia International AB.

The investigation has shown that there was an unauthorized entry via an IP-address belonging to Reuters using an exploit in the web server. The entry took place at 11:51 pm on October 24th 2002, prior to the publication of the interim report for the fourth quarter of 2002. At approximately 12:57 pm, Reuters published the first news flash giving information on Intentia's third quarter result, without prior confirmation from the Company. Intentia issued its earnings report ahead of schedule at 1:22 pm that same day. "The incident has severely damaged confidence in us as individuals and in Intentia as a company, and has cost millions of dollars worth of damages" says Björn Flänsost, CEO of Intentia International AB.

"We question the methods used by Reuters, and our judgement is that we have been the target of illegal actions. As a consequence we will file criminal charges regarding the incident, and will seek the maximum penalties for all those involved" says Björn Flänsost.

On Thursday, Intentia contacted the Stockholm Stock Exchange regarding an internal investigation of the incident. "We will disclose to the Stockholm Stock Exchange all technical details on how the intrusion was made, which will allow them to share this information with other listed companies, so that actions preventing similar events in the future can be made," concludes Björn Flänsost.

Like when the ATO was "hacked"

[bovril]

A few years back someone found they could get other people's details from the Australian Tax Office's site by manipulating the URL (that's the impression I got anyway). An ultra-quick googling turned this [abc.net.au] up. What happened to this guy? I can't remember. All I can remember is that he sounded really embarrassed when he was being interviewed and was referred to as a "hacker".

Re:mandatory pr0n reference

[Anonymous Coward]

Am I the only one who tried this URL?

Re:Confidence

[trezor]

From Intentia's homepage [intentia.com], as in -the- front page:

• Our mission is to pursue the perfect partnership, providing security in our customers' transformation to collaborative business models.

Did anyone say -security-? This is really hilariuos :)

Well....

[mshiltonj]

A small Swedish information technology company Monday filed criminal charges against news service Reuters PLC for obtaining an earnings report from a Web page it considered private.

What a bunch of dumbasses.

"The incident has severely damaged confidence in us as individuals and in Intentia as a company," says Björn Algkvist, CEO of Intentia International AB.

Translation: Now the whole world know we are a bunch of dumbasses. We have to blame someone.

www.intentia.cx

[The Smith]

Hello! We have been informed by our lawyers that we need to attach some sort of warning to this financial statemtent. So here you are: If you are under 18, are not an employee of Intentia, or are working for a major international news organization, please don't read it. Thanks!

Re:What the law says:

[mshiltonj]

So, it's quite straightforward really - if they can prove Reuters knew they weren't supposed to be looking at that material, then if the access was from the UK, a crime was committed.

You are not authorized to follow this hyperlink without first obtained written permission from me. [mshiltonj.com]

Company philosophy

[rovingeyes]

From their website :

Our vision is to become the leading global collaboration solutions vendor by supplying our customers with tomorrow's solutions today.

Well as I see it Reuters only kept in line with their philosophy. So why are they pissed?

Re:Ridiculous!

[Hast]

What, the founders of Paypal have gone to Norway now?

Nice sig!

[Corporate Troll]

Very appropriate sig on the topic by the way. And an addenum to the sig: "show a man slashdot and he is lost forever".

And in further news...

[Fex303]

...a script kiddie managed to hack into Hotmail's servers using a widely distributed hacking tool known as "Internet Explorer". The hacker typed the "URL" into the "Address Bar" and gained access to the site.

From here, the hacker sent emails to a number of associates which read: "| 4m teh 1337 |-|aX0R!!!!!1 j00 4LL ArE Cr4P!!!"

"Frankly, we're shocked," said one Hotmail employee. "Who would have thought that URL's would give access to sites on the interweb?" he continued before returning to his task of spamming Hotmail's users.

The FBI are investigating the hacker, rumoured to be in junior high, as well as the distributor of the hacking software, a small company known as MicroSoft, already known for flouting the law. Updates as they come to hand.

Another deep link to Intentia

[bobdotorg]

Here's another deep link to Intentia [rinkworks.com]

Re:mandatory pr0n reference

[Lev13than]

Looks like it's been /.'d already...

Re:Nothing to do with links.

[javahacker]

I disagree completely about the source of the URL being the issue. If it is in a folder the web server has been told to publish, anyone could call the information up, perhaps by mis-typing a URL that has been published, say when trying to look at the information for last year (which did have a published URL).

If your web server hands something out to the public, it is because you made it available. If I fat finger an entry into my browser, am I hacking, or just a bad typist? This all goes back to due diligence on the part of the company. If you are careless with your information, like not shredding it, and someone finds it in a dumpster, you are at fault. This is a key notion of trade secret law, and something similar should apply here. Security by obscurity doesn't work.

Re:Stupidity

[hosebee]

Haven't you heard? Following this, their robust IT department is looking into implementing packet-level EULAs!

Dear Mr. President

[dnoyeb]

Whitehouse
Washington D.C.
USA

May I please have the secret documents on taking over the world?

[Bush]Donald...You didn't actually send the documents did you?
[Rumsfield]Well...

Make Money Fast! (was Re:What the law says:)

[TheTick]

Unauthorized persons may not view the rest of this comment!

Please send your out-of-court settlement to: [suppressed]

Re:Related: what about referer logs

[Anonymous Coward]

Heh, I found a friend's sister's nude picture by poking around an image directory.

Sure, there was no link, but it was on a webserver. No password either.

In the Reuters case, how can something be 'unauthorized' where there is no autorization system?

They should have at least set no read permission on the file first, but they didn't.

The obvious conclusion...

[djtack]

From The Register article:

However Intentia isn't alone in its accusations. Three other Scandinavian companies Nordea, the region's biggest bank; Fortum, the Finnish energy group; and Sweco, a small Swedish consultancy also claim that their results were published by Reuters ahead of their official release, the FT reports.

The obvious conclusion from this... is that Reuters is in posession of a time machine.

If that's my picture

[Ayanami Rei]

I'm going to hunt you down...
::glowers::

Posting AC cannot save you.

Sue the dickens out of anything that moves.

[Blue23]

Intentia International, a company in Sweden, is suing Reuters for publishing an earnings report that they sent to Reuters with an accompany post-it note that said "please publish me". The catch? The report couldn't be accessed unless you understood an obscure and arcane code called "the English language". The precedent this case sets will be interesting. If you write a report in a language that has no native speakers that actually use it correctly, can it be considered public?