Randal Schwartz's Charges Expunged

After 13 years, Randal Schwartz has had his conviction expunged. In effect, legally it never happened. If you haven't heard about this one before, my take is that as a contractor at Intel, Randal did some over-zealous white-hat cracking free-of-charge; this embarrassed some people in management (he pointed out that their passwords were terrible) and management then chose to embarrass themselves further by having him convicted of a felony under an 'anti-hacking' law. More info can be had from the Friends of Randal Schwartz.

Congratulations

[Ron Harwood]

Congratulations to Randal - it's nice to actually read a good news story with regards to the legal system.

Re:Congratulations

[A beautiful mind]

13 years of fighting doesn't sound especially pleasant. I can't imagine what Randall had to go through to get his name cleared.

Re:Congratulations

[Mikkeles]

Justice delayed is justice denied. This is not a feather in the cap for the justice system.

Re:

[smittyoneeach]

Indeed. Justice would be seeing the Intel PHBs get Nifonged.

Re:

[grantsellis]

IANAL, but I work for a defense lawyer who handles expungements.

The whole point about expungement is that the court thinks you were guilty but is letting you off anyway because you've filled certain statutory criteria.

The most usual criterion (other than turning 18) is the passage of time.

This isn't justice delayed. The delay is the whole point. The court still thinks he's guilty but is letting him off anyway.

This means he can stop fighting REGARDLESS on whether or not the justice system thinks he was gui

Re:

[ShaunC]

Seconded... Congrats Merlyn. It sucks that all of this happened in the first place, but you're proof that if you keep fighting, eventually justice can work for "the little guy."

Re:Congratulations

[jc42]

... if you keep fighting, eventually justice can work for "the little guy."

Well, maybe, but what I always find interesting in cases like this is: How much money did it cost?

All too often, when the "little guy" wins, he's also bankrupt.

Anyone know what the bill was for all this legal action?

Similar to SCO vs IBM

[Anonymous Coward]

SCO is being drained to death by the unfair legal assault by IBM. I hope that SCO wins $2-3 billions in the end. They certainly deserve it.

Re:

[Lesrahpem]

I have had a felony expunged before, and in my experience, it wasn't a big deal at all. My conviction was computer-related as well, and all I had to do was wait a certain amount of time and then apply at the county court house to have it expunged. I had a hearing with just a magistrate to explain why I wanted it expunged (all I had to say was that I felt it would effect my employment opportunities), and paid something like 20.00 in court costs. That was all it took.

Re:

[Basehart]

"My conviction was computer-related as well"

What did you do, beat someone to death with a laptop?

Re:Congratulations

[merlyn]

"He installed backdoors at 3 companies"

Objection! Assumes facts not in evidence, your honor!

Sustained.

Re:

[Anonymous Coward]

> > "He installed backdoors at 3 companies"
> Objection! Assumes facts not in evidence, your honor!
Ok sorry, just Intel [mit.edu].
Sorry for implying you're an asshat, but that linked document made you sound like one. Guess i should read more about it [lightlink.com] from your perspective before passing judgement.
Glad your legal battle is finally over.

Re:Congratulations

[merlyn]

I'll never claim that I wasn't stupid. It's not my job to get you to like me. The point of my case is to pay attention to the mistakes I made, because a lot of people have told me that they either have or could have made similar mistakes. Maybe some of you are so perfect that you wouldn't. Good for you. But don't be so quick to judge that nobody would be that stupid then. Please.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ptomblin]

Forgive me if I'm mis-remembering, but I seem to recall when the case was first discussed, Intel discovered his cracking program and told him to stop what he was doing, and so all he did was move it to a different set of computers, still within Intel. Now *that* is more than just stupid, it's criminally stupid.

I can't blame Intel for what they did.

Re:

[Bretai]

I agree that his actions are not anywhere close to "perfect", but the punishment given under this ridiculous law, is not in the neighborhood of justice either. I can only assume that the government thought it would be too hard to prove damages once someone hacked into computer systems, so they simply criminalized the attempt. I don't think a felony conviction, 5 years of probation, 60 days of full-time community service, 90 days in jail, $68K in restitution, and more than $100K in legal bills fits this crim

Its about damned time this was cleared.

[Almost-Retired]

Congratulations Randall, its great news to hear that the legal system actually works once in a while.

--
Cheers Gene

Re:Its about damned time this was cleared.

[1010110010]

Are you fucking serious? After 13 years? You call that working?

Re:

[Almost-Retired]

Well, TBT, not no, but HELL NO! It should have been laughed out of court in the first place, 13 years ago. Now I'm serious, this was a miss-carriage if there ever was one. And if it weren't for the adverse publicity, I believe he should have plenty of grounds for a civil action for damages.

But thats just me, an honest old fart & cynic that still thinks whats right is whats right, and whats wrong should be quickly punished, a bit like Willy N. and "Whiskey for my men, beer for my horses" song. Sometim

Re:

[psykocrime]

Its ALL a matter of responsibility for ones own actions at the end of the trip.

Are you kidding? Responsibility? What kind of nut are you, anyway... why should anybody take responsibility
for their actions? Didn't you know that everybody is a victim, and everything bad that happens is the fault of
the evil capitalists? And furthermore, didn't you realize that we're all entitled to live in a world where everybody
gets the fairy-tale ending (and a pony) no matter how lazy, incompetent, or untalented they might

Re:

[Almost-Retired]

And where the hell is the smiley? Methinks you forgot that little detail.

Where the hell does /. find these folks anyway. Inquiring minds would like to know.

Or are you just new here?

--
Cheers, Gene & this time I'll paste my usual sig in. Enjoy.
"There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)

Re:

[killjoe]

Personal responsibility is for suckers and fools.

The smart form corporations.

Re:

[killjoe]

In the days you are pining for Randall would have been shot or hanged when he was accused. He would have been railroaded by the sheriff who was owned by the railroad or the bank.

Ah the good old days when people were hanged the same day they were charged.

Actually come to think of it in the old days the copper barons and the railroads would have just killed the guy themselves if they thought he was stealing from them.

Re:

[funwithBSD]

Yeah, I bet it was a real in his life...

The most important thing about this

[Zontar_Thing_From_Ve]

From the article:
I don't have my gun possession rights restored yet, but apparently that's
merely a formality with the BATF, and I'll be taking care of that soon.

(sarcasm on)
Well Thank God because it's a miracle that you survived these past 13 years without a gun. Certainly this is the most important part of getting your name cleared.
(sarcasm off)

Re:

[Almost-Retired]

Please go and read the Bill of Rights, the 2nd one in particular. Without it, you wouldn't have the ability to write that, because that is supposedly guaranteed by the first. But without the 2nd, we would not now have the first, it would have been nibbled to death by ducks.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)

the terrible thing about character assassination

[twitter]

The terrible thing about character assassination is that the event never had to happen. All you have to do is start a rumor about travel expenses and the victim is as good as blacklisted at big dumb companies where lip service is given to leadership but obedience and conformity are valued above all else.

Legally Never Happened

[vux984]

Except that it did.

And all the effects can never be erased.

For example any "lists" he's been added to over the last 13 years will not be updated to reflect his new 'never was a criminal' status. Be it terrorist watch lists, no fly lists, FBI persons of interest list, or whatever else, not to mention his prints will remain in the system, etc, etc.

Re:Legally Never Happened

[hansamurai]

perl will take care of this...

@files = ("terrorist_watch_list.txt", "no_fly.doc", "fbi_persons_of_interest_list.ppt");
foreach $file (@files) {
        unlink($file);
}

Re:Legally Never Happened

[belmolis]

Uh, actually, this program doesn't do the right thing. Surely the right thing to do is not to delete the files but to remove Randall's name from them. Some people deserve to be on those lists.

Re:

[Matt Perry]

Uh, actually, this program doesn't do the right thing.

If anyone knows how to fix it (and turn it into a one-liner in the process) Randal Schwartz does. ;-)

Re:

[TommydCat]

If anyone knows how to fix it (and turn it into a one-liner in the process) Randal Schwartz does. ;-)

...using map [perl.com], no doubt. Congrats on a significant victory, Randall!

Re:

[Tmack]

If anyone knows how to fix it (and turn it into a one-liner in the process) Randal Schwartz does. ;-)

...using map [perl.com], no doubt. Congrats on a significant victory, Randall!

something like

map({open IN, "<$_";open OUT, ">$_.tmp";foreach $line(<IN>){ $line=~s/Randal Schwartz/Bill Gates/i; print OUT $line; }close IN; close OUT;rename($_.tmp,$_)},["terrorist_watch_list.txt" , "no_fly.doc", "fbi_persons_of_interest_list.ppt"]);

Assuming of course, his name is in plaintext in the doc and ppt files... otherwise, just need to pass it to something that can filter those to text and back.

Tm

Re:

[Fulcrum of Evil]

I'll fix up the script as soon as you point to a senior FBI guy who can be trusted with it.

Re:

[hyfe]

Some people deserve to be on those lists.

.. and they're most likely not anyways.

Re:

[Jah-Wren Ryel]

Uh, actually, this program doesn't do the right thing. Surely the right thing to do is not to delete the files but to remove Randall's name from them. Some people deserve to be on those lists.

Yeah, because that no-fly is full of people so dangerous that it is just not safe to let them ride in an airplane, yet so innocent that we can't even arrest them.

Re:

[KlausBreuer]

>Some people deserve to be on those lists.

Well, approximately 95% of them don't. And I can accept a 5% failure rate.

Re:

[geekoid]

not enough to bother and have no fly lists handle by the government. The airliners can have one if they want, but there is no reason we should be paying for this list.

Ditto; FBI can still see it

[mekkab]

and Randall still can't get a clearance without being upfront about it.
Basically it means he can tell a police officer he's never been arrested and doesn't need to disclose it on a non-clearance employment application or any "low grade" background check like rentin an apartment.

With that out of the way, Randal has helped me out on comp.lang.perl (right before it went moderated) so ... Good on ya, Randall!

Re:Ditto; FBI can still see it

[Anonymous Coward]

There was a PDF file linked on the http://www.lightlink.com/spacenka/fors/ [lightlink.com]Friends of Randal Schwartz site states:

IT IS FURTHER ORDERED that the clerk of the Court shall forward a certified copy of this Order to all law enforcement agencies mentioned in the Court's file, including the following:
A. The Federal Bureau of Investigation, and
B. The Oregon State Police, and
C. The Oregon State Corrections Division, and
D. The Arresting Agency, Portland Police Bureau.

So the FBI can't use it against him. The PDF file is a copy of the expungement order from the court.

Re:

[bladesjester]

A lot of the time, agencies (and even the courts) don't follow expunge orders. They conviniently "forget", so you have to hire a lawyer to follow up and make sure the court order was actually followed.

Re:

[vux984]

Yeah, so a copy of the order was issued. Then what? They're all going to meticulously remove their records on him. Hardly, this will just get added to those records. So, yeah, when they pull up his file which will still exist, they'll see his past, and the fact that they won't be allowed to use it.

Sort of like instructing a jury to disregard testimony. They might be able to try, and I'm sure they do their level best, but its never really gone.

Re:Ditto; FBI can still see it

[Wavicle]

and Randall still can't get a clearance without being upfront about it.

As someone who has gone through a security background check, worked at Intel and read the decision of the appeals court: I would be fairly surprised if Randal was able to get a security clearance even even if no conviction had occurred. The undisputed portions of the case suggest that Randal lacked an ethical barrier between him and either his curiosity about things for which he did not have access or his desire to gain respect by demonstrating his skill. This was 13 years ago maybe he has changed, I don't know.

Whether his intentions at the time were noble or not: he logged onto a system for which he knew his account should have been deleted; he ran a gate program on the system (after previously being told to stop running a gate on other systems); he cracked one of the passwords to someone with higher access on the system; he then logged on to the system using the cracked user's account; he transferred the password file to another machine; he ran crack on this other machine; he turned up 35 weak passwords; he said nothing; he left for a while to teach a class; he came back; he still said nothing; he re-ran crack on another faster machine (this is apparently what eventually got him caught).

Randal claims he did all this to re-gain respect at Intel's supercomputer division. I have no reason to doubt this is honest. The fact that he so freely gave so much information to the police suggests to me that he was trying to convey that he had no intention of harming Intel's business. However it is very, very bad judgment. Now if you were the agent assigned to his security background check, looking to see if his character demonstrates a likelihood of compromising sensitive information, even unintentionally, what would you think?

Re:Ditto; FBI can still see it

[doom]

I would be fairly surprised if Randal was able to get a security clearance

I was once working as an engineer at a secure facility, where one of my friends explained to me that he had never actually planned on working there. He figured he'd let them pay them while the background check was in progress, but never expected to actually be cleared (the interview with the Feds went something like Q: "So what about all these hits of acid they found in your refrigerator?", A: "Well, they were there.")

But they did indeed give him a clearence, I would infer because they concluded he wasn't vulnerable to blackmail on the point, and so on.

And I have to say that the opinion of "someone who has gone through a security check" isn't terribly authoritative, unless you were turned down for having a similar background to Randal's.

Depends on the check - and why they need you

[cheros]

At a sufficiently high level, a security check is not something you 'fail' or 'pass' - it's simply a risk assessment that clarifies to those that are planning to use your services which areas of risk they need to manage. It's not a tick box process that HR does over lunch - it takes months of investigative work. There is a simple way to get through that: do. not. lie.

Re:

[eggboard]

The expungement order requires that the FBI and other authorities be notified that the felonies are expunged. Now, I don't want to pretend that the system works, and thus his records won't show up in the wrong place in the wrong way.

But I'm very happy for Randal. I exchanged some email with him after I was made aware of the news, and wrote up an account at TidBITS [tidbits.com]. I had written a letter supporting a pardon to the Oregon governor a few years ago, and was delighted that his day out of court has finally arriv

Re:

[scruffy]

Don't forget the big data brokers like Experian with their own criminal databases.

Re:

[kalirion]

Also, what about the $68,000 fine he was forced to pay (according to wikipedia) for something that "never happened"? Can he report it as a robbery and get his money back?

Re:Legally Never Happened

[merlyn]

I never lost my right to vote. Only four states do that, not Oregon.

I can probably still get out of jury duty, since I now have a bias about criminal convictions. {grin}

I can't possess firearms yet. I have to apply to the BATF separately. I plan on doing that, but it's not yet in progress.

Re:Legally Never Happened

[ObsessiveMathsFreak]

I can probably still get out of jury duty, since I now have a bias about criminal convictions. {grin}

Having personally sufferred through a miscarraige of justice, you still don't don't see the point of the jury.

And people wonder what's wrong with the legal system these days.

Re:

[drawfour]

One of the many things that's wrong with the legal system w.r.t. jury duty is that people are forced to serve on a jury, receiving no realistic salary compensation for the amount of time they lose at their job. While a person cannot have their employment terminated because of jury duty, there are no legal requirements that said person be continually paid by his employer for the entire duration of the jury service. Some companies have a certain amount of paid leave they will give for jury service -- howeve

an unfortunate encounter

[Anonymous Coward]

The former CEO of aforementioned computer company actually wrote a business book with the word "paranoid" in its title. A bad match for top shelf Perl hackers, who are some of the quickest, wittiest, and down-to-earth people in our business.

Congratulations Mr. Schwartz.

Re:

[LarryLong]

Well there you go. I've been trying for years to become more witty and improve my mental processes, and all I had to do was go out and learn Perl. Thanks for the tip. :)

Whither $68k?

[Andrew Sterian]

...did he get his $68,000 back from Intel?

Re:

[Score Whore]

No. He got his record cleared. Ie. he can apply for jobs of a sensitive nature. They haven't declared him innocent. Jesus people, get a clue. He was convicted of a crime. He was punished. Now he's received a pardon after his sentence was fulfilled. It's fairly common at the state level. At the federal level, it depends on the president. Clinton was fairly liberal with his pardons. Bush is tight with his. Whoop dee do.

Re:Whither $68k?

[krbvroc1]

At the federal level, it depends on the president. Clinton was fairly liberal with his pardons. Bush is tight with his. Whoop dee do.

Most of the 'controversial' pardons are granted the last day of office, so there is not enough data to compare the current president and former. Report back in 2008 when there is more data.

Re:

[jomegat]

Here's how W's list will start:

• Lewis "Scooter" Libby
• Donald "Rummy" Rumsfeld
• Richard "Dick" Cheney

Note that like most mobsters, W's friends have nicknames. And yes, I know none of these people have been convicted for anything, but there's still time.

Re:

[dave420]

When Hitler, Megatron and the Stay-Puft Marshmallow Man will all be made honorary US citizens by Bush, when he's half-way out the door...

Re:

[quanticle]

It says here (http://www.lightlink.com/spacenka/fors/):
>>Schwartz appealed the conviction. A decision by the State of Oregon Court of Appeals in April 2001 upheld the convictions on all counts, but reversed the restitution order and sent this issue back to the original court for reconsideration.<<

So it looks like the restitution was either reduced or eliminated, as the original restitution order was overturned on appeal.

Re:Whither $68k?

[merlyn]

First, the amount in dispute was less than $5K. Second, the lower court just reaffirmed what they said before. In other words, no net change. So yes, I still paid roughly $68K in restitution, at the end of the day.

Re:

[quanticle]

Ouch. That sucks that the lower court didn't reverse its decision after the appeals court sent the ruling back for reconsideration.

If you're going to blow the whistle

[Profane MuthaFucka]

The best way to pass out embarassing information is anonymously. Burn some CD's with the info and leave them around randomly, in places untraceable to you.

Don't touch the CD's with your fingers.
Destroy the CD burner when you're done.
Buy the CD burner secondhand at a garage sale. Pay cash.
Steal the CDs from a college student.
Don't leave the CD in a place where there's a camera.

What else. Help me out here.

Rely on someone else to find the data and spread it around. No need to get yourself into trouble. Have some Common Sense. Do you know what I am speaking of?

Re:

[cloricus]

I didn't realise this was blowing the whistle; I thought it was part of any good IT department employees job. That is to ensure all passwords, more so management passwords, are as secure as possible.
 
Getting in trouble for improving corporate security is absolutely insane.

Re:If you're going to blow the whistle

[Matt Perry]

I didn't realise this was blowing the whistle; I thought it was part of any good IT department employees job. That is to ensure all passwords, more so management passwords, are as secure as possible.

He wasn't an employee of Intel. He was a contractor hired to do a specific job which wasn't checking for password security.

Re:

[mark3748]

Intel is not, and never has been a fun company to be a contractor at... If you're an employee, it's great, but there's definately an "us vs. them" feel if you're a contractor, and Intel is the only company I've been at that is like that. You seriously don't want to piss off the wrong people there.

Re:

[cloricus]

Indeed I am from Australia where we think using 'z' in that fashion is just weird. Either way I see your point and I didn't realise he was a contractor. If you are a contractor you do specifically what you are being paid to do and get out - I had assumed he was an employee.

Also, as MishgoDog pointed out, 's' is normal to me and strangely enough that makes your post out right confusing and I find it hard to see your logic. Odd how language works isn't it.

Re:

[TommydCat]

What's with the British insistence of misspelling common English words?

Re:

[albalbo]

I don't see where he claimed the British spelling is better.

Perhaps his point is just that as it's our native tongue it's bizarre to claim we misspell words. That would imply that American spelling is more correct than ours, which is exactly what you appear to be railing against.

Re:

[ShaunC]

Give the CDs to nugget. He talks to everyone and loves free CDs.

Re:

[DamnStupidElf]

Leave the CDs to be found by office secretaries & receptionists. They talk to everyone and love gossip.

They're also security experts, every last one of them. They'll know *exactly* what that zero day exploit with example code is.

Re:

[cptgrudge]

Steal the CDs from a college student...Steal the CD burner from a college student.

But how will that starving college student make his illegal CD mixes now? Think of the consequences! Do the ends justify the means?

In other news...

[FlyByPC]

Breaking news:White-hat hacker's conviction "never happened."

In other news:

• Hell freezes over; Devil announces installation of HVAC units.
• Islam and Judaism to merge; Pope named as new high official.
• Coca-Cola to license soda formula as GPL; KFC to follow suit
• George W. Bush awarded Nobel Peace Prize
• Bill Clinton and Gary Hart take vow of chastity

Re:

[networkBoy]

George W. Bush awarded Nobel Peace Prize

I call shenanigans!

-nB

Laugh, it's a joke (and I voted for the other, other guy anyway!)

Re:

[psykocrime]

George W. Bush awarded Nobel Peace Prize

Now that's just silly...

Expungement is the sealing of a criminal record

[viking80]

Expungement is the sealing of a criminal record so it is not publicly available. The consequence might be that you can deny you have a criminal record, but it is quite different from a pardon, which is forgiveness of a crime and the penalty associated with it.

Re:Expungement is the sealing of a criminal record

[humphrm]

but it is quite different from a pardon, which is forgiveness of a crime and the penalty associated with it.

Indeed, a pardon cannot become effective unless you admit to wrongdoing - then you are "forgiven" and the penalty is dropped.

In this case, he could argue that he never broke the law to begin with, because he was (albeit overzealeously) exposing security issues to his own employer. So accepting a pardon would be saying, "Yeah, I did break the law, sorry." In this case, he does not have to admit wrongdoing. In this case, Randall is instead being told, "Yeah, you didn't break the law, sorry."

Honestly every one who knows Randall probably knows about this legal blemish, and probably don't care about it.

Re:

[jdavidb]

Indeed, a pardon cannot become effective unless you admit to wrongdoing

So how was Gerald Ford able to pardon Richard Nixon for "any and all crimes he may have committed"?

Re:

[TheGreek]

So how was Gerald Ford able to pardon Richard Nixon for "any and all crimes he may have committed"?

Because accepting a pardon implies an acceptance of guilt [findlaw.com].

Re:

[bryan1945]

Not quite- it is removed, ie. expunged, so there is no record left. Except for federal agencies which never seem to comply with an expungement order.

Moral Of Story: CYA

[cmholm]

It shouldn't have been necessary, but it was Randal's misfortune to show us the way to live with catch-all computer crime laws. To wit:

The independent contractor shall...

• Put all proposed activities in the contract/statement of work in as great a detail as possible, then...
  
• Get written approval from the customer (your immediate POC and their boss) for any additional activities that occur to you after work commences.
  

The in-house employee shall...

• Review company computer use policies yearly, if not already required to do so.
  
• Before attempting activities that may even conceivably be considered against company policy, get approval from lead in writing, hard copy signature if possible.
  

May not seem a good use of time, unless you consider the value of staying out of the criminal legal system.

Re:Moral Of Story: CYA

[kcbrown]

No, the real moral of this story, and others like it, is simple:

• Don't bother testing the security of a system unless you're forced to use that system to store, in unencrypted form, information you care about.
• If you are forced to use such a system (and thus to test its security), perform all your tests in such a way that there's no way they can be traced back to you.
• If you find security holes, the only action you should take is to minimize your use of the system. Under no circumstances should you actually tell management about the security holes unless you have, signed and in writing, authorization to perform the security testing. If you have such authorization, make sure you store copies of it in safe places. Even so, with today's fucked up legal environment, it's entirely possible that their lawyers would be able to get said document stricken from the evidence record on some sort of legal technicality, which means that even if you have ironclad proof that you were authorized to perform the security testing in question, you might not be able to use it.
• If you absolutely must tell someone, make sure it's someone you can absolutely, positively trust with your life. Because that may be what's on the line (well, at least part of it, because we're talking about jail time here, and inmates love fresh nerd meat).

The bottom line is that corporate management doesn't give a shit about the actual security of their system. They only care about the illusion of security, and they'll bring their full wrath against anyone who dares shatter that illusion.

Let them have their illusion. If they ever get seriously 0wn3d, as is likely (it's only a matter of time), you can laugh your ass off at them, because it'll be evil people getting the shaft from other evil people. But today there is nothing but a whole lot of pain for the good guys in the world. Welcome to the real world, where evil usually wins in the end thanks to the world's inherent tendency towards chaos. You can try to fight it if you want, but you'll probably lose, so why bother? You're probably better off just keeping your own affairs in order and letting the others get fucked up the ass for their stupidity.

Education

[Alchemar]

Dear Upper Management:

Would you please give me written permission to read slashdot during my breaks, so that I can better understand the current issues with computer security and unauthorized use of company computers. And would you mind signing that with a blue pen and giving me the original and you can keep the photocopy.

Thank You.

What about Chip?

[nuzak]

Whatever happened to Chip Salzenberg [slashdot.org]? He seems to have pretty much vanished since mid-2006.

Re:

[bladesjester]

If this story is anything to judge by, we'll know in 12 or 13 years.

How's that for revisionist history?

[tji]

The slashdot crowd has a short memory.. This is not a simple issue of "embarassing the management", as the summary states. In fact, in all the original writeups, I don't remember ever hearing executive passwords being an issue. The issues were egregious violations of corporate security policy, and basic logic:

- His position at Intel was not involved in security, intrusion detection, or other areas that might actually call for "white hat hacking" as part of the job function. He was a contractor, not an Intel employee, which I'm sure made Intel even more concerned about his security violations.

- He had installed backdoors on Intel machines, which allowed him to access the Intel network from outside the company.

- He took passwd files and ran cracking tools against them to break other users passwords.

- Not only was he cracking password files from Intel organizations, he was using Intel systems to crack password files from other companies, including O'Reilly and Associates.

See this writeup [mit.edu] for information from the person involved in shutting him down.

Whether this was "white hat" hacking could be debated. In any case, it was fucking stupid. Bypassing network security for an inbound back door?!? Cracking password files from other companies on Intel computers?!? These are just stupid moves, which anyone should expect to get fired for doing.

Re:

[Secret Rabbit]

No shit. The first thing that I thought when I read the OP was, how the hell did (s)he get that summary?!?!?

Mr. Schwartz decided that he wanted far more computing power then what he legally had access to. He then found some, used it and got caught. Sheer stupidity and he's bloody lucky to this ruling.

Hopefully he's learned his lesson.

Oh, and for those that think what Mr. Schwartz did was "white hat", it in no way shape or form is that. Hell, it's not even Grey. Yah, installing backdoors. That's soooo

Re:How's that for revisionist history?

[merlyn]

"His position at Intel was not involved in security, intrusion detection, or other areas that might actually call for "white hat hacking" as part of the job function.".

Wrong, I was a systems and network administrator. According to job description, that's part of the job.

Re:

[Eivind Eklund]

Congratulations on getting your name cleared! :)

Eivind.

Re:

[LizardKing]

You'd already been reprimanded for a security violation of the SSD facility after your contract there had expired. You were using resources (on a machine you had been told not to use) to crack the passwords of not only an Intel facility you no longer worked at, but also another company. You installed a backdoor that while you may argue it was secure, allowed external access to the Intel network without having approval to do so. Every employer I have worked at would look on these unauthorised actions as gros

Re:

[e40]

Wrong, I was a systems and network administrator. According to job description, that's part of the job.

So, now we know all the other points made by the grandparent post are correct.

Re:How's that for revisionist history?

[TheLink]

What I'm curious about is why does Sony get away so easily with installing backdoors and you don't?

I mean just look at the fine to revenue ratios. And who got a criminal record because they were involved in the sony rootkit thing?

Re:

[Jtheletter]

The network administrator is responsible for any breach of security on the network.

By your own argument he was therefore absolutely responsible for the breach of security on the network that he himself caused. And yes, it was a breach, installing a backdoor for offsight access without permission - or at the very least notification to IT - is a breach of security.

Re:

[CFrankBernard]

State of Oregon v. Randal Schwartz [lightlink.com] Washington County Circuit Court C94-0322CR
Complaint brought by Mr. Schwartz's client, the Intel Corporation

Intel v. Randal Schwartz: Why Care? [eff.org] by Jeffrey Kegler, February 4, 1996

Re:

[doom]

tji wrote:

The slashdot crowd has a short memory.. This is not a simple issue of "embarassing the management", as the summary states. In fact, in all the original writeups, I don't remember ever hearing executive passwords being an issue.

I remember reading this in a column in a free weekly computer rag, shortly after it happened. The author of the column wasn't willing to mention "Intel" by name... but he was willing to mention that a vice-president of the company was using the password "vicepresident".

Re:How's that for revisionist history?

[merlyn]

The password was "pre$ident". Yes, president, with the s changed to a dollar sign. Which "crack" found.

Great news

[mgiuca]

That's great. Coincidentally enough, I just became aware of Randall Schwartz the other day when I listened to the FLOSS Weekly [www.twit.tv] podcast where they interviewed him. It was a good listen (as always) - he talks about this case if anyone's interested.

Re:

[calidoscope]

I just read 1984.

A good follow-up would be to read John M Barrie's The Great Influenza to find out how 1984 was in part inspired by the US under the administration of Woodrow Wilson.

Re:

[nacturation]

have you rehabilitated yourself?

That's something Mr. Schwartz has in common with Nelson Mandela. Since his release from prison, Mandela has not reoffended. So the justice system works!
 

Re:

[geekoid]

Woah there..back it up a notch.

Pretty much the same thing would happen. The onlt changte is that managment may not have done it at all.

and "un-person". sheesh. Less 1984, more Moby Dick for you.

Re:

[geekoid]

Funny, all the people I know at Intel, non of the developers seem to march to the same drum.

However, they do have a management culture problem. In that management doesn't understand that is is a good thing to see failure coming, and then say something to either adjust the project path or kill the project.

This is not a unique problem at Intel, but what is odd is that there is a lot of process and methods in place to do this, but people have become afraid.
What Intel really needs is for a manager who is about