Randal Schwartz's Charges Expunged 219
After 13 years, Randal Schwartz has had his conviction expunged. In effect, legally it never happened.
If you haven't heard about this one before, my take is that as a contractor at Intel, Randal did some over-zealous white-hat cracking free-of-charge; this embarrassed some people in management (he pointed out that their passwords were terrible) and management then chose to embarrass themselves further by having him convicted of a felony under an 'anti-hacking' law. More info can be had from the Friends of Randal Schwartz.
Congratulations (Score:5, Insightful)
Its about damned time this was cleared. (Score:5, Insightful)
--
Cheers Gene
Legally Never Happened (Score:5, Insightful)
And all the effects can never be erased.
For example any "lists" he's been added to over the last 13 years will not be updated to reflect his new 'never was a criminal' status. Be it terrorist watch lists, no fly lists, FBI persons of interest list, or whatever else, not to mention his prints will remain in the system, etc, etc.
Re:Congratulations (Score:5, Insightful)
Moral Of Story: CYA (Score:4, Insightful)
The independent contractor shall...
The in-house employee shall...
May not seem a good use of time, unless you consider the value of staying out of the criminal legal system.
Re:Legally Never Happened (Score:5, Insightful)
Uh, actually, this program doesn't do the right thing. Surely the right thing to do is not to delete the files but to remove Randall's name from them. Some people deserve to be on those lists.
Re:Whither $68k? (Score:5, Insightful)
Most of the 'controversial' pardons are granted the last day of office, so there is not enough data to compare the current president and former. Report back in 2008 when there is more data.
Re:Whither $68k? (Score:2, Insightful)
Re:Its about damned time this was cleared. (Score:5, Insightful)
How's that for revisionist history? (Score:5, Insightful)
- His position at Intel was not involved in security, intrusion detection, or other areas that might actually call for "white hat hacking" as part of the job function. He was a contractor, not an Intel employee, which I'm sure made Intel even more concerned about his security violations.
- He had installed backdoors on Intel machines, which allowed him to access the Intel network from outside the company.
- He took passwd files and ran cracking tools against them to break other users passwords.
- Not only was he cracking password files from Intel organizations, he was using Intel systems to crack password files from other companies, including O'Reilly and Associates.
See this writeup [mit.edu] for information from the person involved in shutting him down.
Whether this was "white hat" hacking could be debated. In any case, it was fucking stupid. Bypassing network security for an inbound back door?!? Cracking password files from other companies on Intel computers?!? These are just stupid moves, which anyone should expect to get fired for doing.
Re:Moral Of Story: CYA (Score:4, Insightful)
No, the real moral of this story, and others like it, is simple:
The bottom line is that corporate management doesn't give a shit about the actual security of their system. They only care about the illusion of security, and they'll bring their full wrath against anyone who dares shatter that illusion.
Let them have their illusion. If they ever get seriously 0wn3d, as is likely (it's only a matter of time), you can laugh your ass off at them, because it'll be evil people getting the shaft from other evil people. But today there is nothing but a whole lot of pain for the good guys in the world. Welcome to the real world, where evil usually wins in the end thanks to the world's inherent tendency towards chaos. You can try to fight it if you want, but you'll probably lose, so why bother? You're probably better off just keeping your own affairs in order and letting the others get fucked up the ass for their stupidity.
Re:Ditto; FBI can still see it (Score:5, Insightful)
As someone who has gone through a security background check, worked at Intel and read the decision of the appeals court: I would be fairly surprised if Randal was able to get a security clearance even even if no conviction had occurred. The undisputed portions of the case suggest that Randal lacked an ethical barrier between him and either his curiosity about things for which he did not have access or his desire to gain respect by demonstrating his skill. This was 13 years ago maybe he has changed, I don't know.
Whether his intentions at the time were noble or not: he logged onto a system for which he knew his account should have been deleted; he ran a gate program on the system (after previously being told to stop running a gate on other systems); he cracked one of the passwords to someone with higher access on the system; he then logged on to the system using the cracked user's account; he transferred the password file to another machine; he ran crack on this other machine; he turned up 35 weak passwords; he said nothing; he left for a while to teach a class; he came back; he still said nothing; he re-ran crack on another faster machine (this is apparently what eventually got him caught).
Randal claims he did all this to re-gain respect at Intel's supercomputer division. I have no reason to doubt this is honest. The fact that he so freely gave so much information to the police suggests to me that he was trying to convey that he had no intention of harming Intel's business. However it is very, very bad judgment. Now if you were the agent assigned to his security background check, looking to see if his character demonstrates a likelihood of compromising sensitive information, even unintentionally, what would you think?
Re:Ditto; FBI can still see it (Score:5, Insightful)
I was once working as an engineer at a secure facility, where one of my friends explained to me that he had never actually planned on working there. He figured he'd let them pay them while the background check was in progress, but never expected to actually be cleared (the interview with the Feds went something like Q: "So what about all these hits of acid they found in your refrigerator?", A: "Well, they were there.")
But they did indeed give him a clearence, I would infer because they concluded he wasn't vulnerable to blackmail on the point, and so on.
And I have to say that the opinion of "someone who has gone through a security check" isn't terribly authoritative, unless you were turned down for having a similar background to Randal's.
Re:i just have one question for mr. schwartz (Score:3, Insightful)
Re:Congratulations (Score:3, Insightful)
Try to understand that when you know that you intend no harm, it's easy to see your actions as harmless. I think those were different times, when companies were still trying to understand and come to grips with the threat of hackers - and Intel was a soulless mega-corporation. They still are, but I doubt they would take the same action today. They'd just terminate his contract with prejudice and move on.
After what he's been through, I'd say he deserves to put this behind him and have a beer with his friends. Cheers.
Re:Legally Never Happened (Score:4, Insightful)
Having personally sufferred through a miscarraige of justice, you still don't don't see the point of the jury.
And people wonder what's wrong with the legal system these days.
Depends on the check - and why they need you (Score:5, Insightful)
Re:Congratulations (Score:5, Insightful)
Re:How's that for revisionist history? (Score:3, Insightful)
You'd already been reprimanded for a security violation of the SSD facility after your contract there had expired. You were using resources (on a machine you had been told not to use) to crack the passwords of not only an Intel facility you no longer worked at, but also another company. You installed a backdoor that while you may argue it was secure, allowed external access to the Intel network without having approval to do so. Every employer I have worked at would look on these unauthorised actions as gross misconduct, and I would be surprised if they didn't pursue legal action against the violator. The only reason anyone defends your actions are ignorance of the details of what you did and a blinkered willingness to support anyone that is seen as part of the "geek herd".
Re:How's that for revisionist history? (Score:4, Insightful)
I mean just look at the fine to revenue ratios. And who got a criminal record because they were involved in the sony rootkit thing?