Cisco, US DOJ Fire Another Salvo At Peter Adekeye 94
theodp writes "Citing the widespread practice of sharing passwords for expediency's sake, Cisco's Chief Security Officer proclaimed in 2007 that people 'need to be held accountable for their risk-taking,' noting that CEO John Chambers drives home the point that 'information security is everybody's responsibility' at Cisco. But instead of accepting responsibility after a Cisco employee provided his ID and password to ex-Cisco engineer Peter Alfred-Adekeye, the networking giant sic'ed the Feds on Adekeye, who was slapped with a five-count indictment by a Federal grand jury last week. Adekeye's crime, according to the Court filing, was using the login credentials the Cisco employee provided him with 'in excess of the specific use granted by the Cisco employee.' For his five downloads of different versions of Cisco IOS — four of which were launched within a 15-minute period in 2006 — the government is seeking a penalty of 5 years imprisonment for Adekeye, a $250K fine, and 3 years supervised release. It's the latest salvo fired in the war Cisco and US prosecutors have waged against Adekeye since he filed an antitrust suit against Cisco in December 2008."
Way to save money Cisco! (Score:2)
With all the recent layoffs [informationweek.com] that Cisco has had recently, you'd think they'd find a better way to continue to save money rather than axing employees and then taking the saved salaries and redirecting it to the lawyers.
Re: (Score:2)
Re: (Score:2)
Actually, they're planning on shipping most of the remaining jobs overseas. While simultaneously leading the lobbying charge to lower corporate tax rates.
Nobody held Wall street accountable, nobody holds Congress accountable, surely, no one will hold the banksters accountable, corporate america will not be held accountable, only the American people will be held accountable and they will pay the price while the fat cat bastards take the money and run.
Re:Way to save money Cisco! (Score:5, Informative)
That's logic and reasoning. We'll have none of that and neither will Cisco.
It is plain for all who have been following this story that "Cisco" (or more likely, one or a few people within Cisco) really have it in for this guy who is an ex-employee (with much inside knowledge) and has sued the company for its actions and policies.
When the employee [who in my opinion, effectively represents the company] gave credentials to Adekeye for the purpose of access to download "whatever" then that is not unauthorized access. I find it easy to believe a grand jury delivered an indictment, however -- they are just juries and the prosecution always does its level best to pick the least brilliant people they can find to parrot the prosecution's position.
Also, I don't believe Adekeye will be stupid enough to enter the US after all the crap he has gone through so far because of Cisco. And even if he did come to the US to win his case and his defense, no one at Cisco will be held accountable for this ridiculous set of charges and no one at the DoJ will be either. It's beyond ridiculous and yet they are persuing this with a completely straight face.
Re: (Score:3)
I find it easy to believe a grand jury delivered an indictment, however -- they are just juries and the prosecution always does its level best to pick the least brilliant people they can find to parrot the prosecution's position.
It's also worth noting the difference between a Grand Jury and a Petit (Trial) Jury. A Grand Jury only hears the prosecutors side and only decides if there's enough evidence to proceed with a trial. It's not until a defendant is before the Petit Jury that he can offer evidence or attack the prosecution's evidence.
thanks for the excellent point. juries (Score:2)
in a case like this will agree with user erroneous IMHO.
its sort of like the Drake case. the government is full of shit, but its really heavy sounding shit that makes you think Adekeye did something horrible.
then when you dig into the details, you find out, well, the government was just full of shit. and all of that heavy sounding tone was just some DOJ moron grandstanding and doing bullshit PR work to try to influence media coverage of the case.
Re: (Score:2)
Also, grand juries are not screened for bias. The prosecutor does not have an opportunity to "pick the least brilliant people they can find".
Re: (Score:1)
It's beyond ridiculous and yet they are persuing this with a completely straight face.
Think about it from a different perspective- Among the people I know, Cisco is believed to be near the bottom of the list when it comes to ethical business practices, in spite of their loud proclamations otherwise. Assuming this to be the case, the same management team that perpetuates this culture is sure to apply the same kind of ethics as they make an example of Adekeye, to discourage others from exposing their behavior as he did. From their point of view, it's probably money well invested- and besides
Re: (Score:2)
Actually, as far as I understand it, the civil trial between them has been over for a while now (unless Adakeye decides to sue Cisco for their abusive behavior while he was in Canada, but Cisco has no control over that). I'm pretty sure that this is all just a criminal case which means that the U.S. government gets to foot the bill for it.
Re: (Score:2)
It's the lawyers who are making these decisions. If you get rid of all the lawyers, these types of abuses go away, and the business can get back to doing what they do best.
Re: (Score:2)
It's the lawyers who are making these decisions. If you get rid of all the lawyers, these types of abuses go away, and the business can get back to doing what they do best.
And what businesses do best in the absence of law and lawyers is screw customers, wreck the environment, and exploit their workforce.
Re: (Score:2)
Spoken like a true lawyer!
Re: (Score:1)
I think you can replace businesses with human beings and the statement will still hold.
The moral is... (Score:2)
At least that's what I'll remember of this story.
Re: (Score:1)
I think a better analogy is "The Monkees are like the mafia. You're in for life. Nobody gets out".
Followed by: "You wanna fuck with me? Okay. You wanna play rough? Okay. Say hello to my little friend!" with a side of "If you can’t win by fighting fair, fight foul. Or have a third party do your fighting."
Probably the best explanation of this incident: "Ours is a government of checks and balances. The Mafia and crooked businessmen make out checks, and the politicians and other compromised officials impr
WTF ... (Score:2)
So, an actual Cisco employee gave him his credentials, he logged into pull down the stuff he needed (and fairly quickly from the looks of it) and someone thinks that's worth 5 years in jail?
Charge the Cisco employee who gave him the password ... from the sou
google 18 USC 1030 (Score:2)
behold the stupidity that is the federal computer law
Re: (Score:2)
CAR ANALOGY: (stop reading if you hate them(
If I give you the key to my car and you drive away with it and even leave the state, the MOST you are guilty of is a misdemeanor.
And tend to think the notion of "exceeding the purpose" is a matter of speculation at the very least and more likely a wild stretch of the imagination.
I can't even consider what was done, even if it were true, to be a criminal offence in the slightest. It may be a violation for the employee who is probably long since terminated, but tha
you also said he couldnt use the toilet (Score:2)
'hey dude could you watch my house and my dog?'
'sure dude. gimme the key'
'ok bro'
two weeks pass...
'dude you took a shit in my toilet!'
'uhmm yeah? so what?'
'so! you violated the toilet fraud and abuse act! im gonna sue you! im gonna sue you in england!'
Re: (Score:3)
If i trick (not saying it was the case here) an employee into giving me access to something then its still me who commits the crime.
Re: (Score:2)
He's set up a competing consulting business, which is why Cisco hates him. He did not grab these versions because Cisco allowed him too and this was clearly unauthorized access (getting a key from an employee doesn't grant authorization to take whatever you want). So Adekeye seems in the wrong. But the Feds seems to be going nuts here and treating a minor infraction into a major felony. Some people at DOJ are clearly on Cisco's payroll.
Re: (Score:1)
Last I checked, any CCIE or similarly qualified professional can access IOS images. I haven't seen anything about him downloading any file that is private / confidential to Cisco. These are files that they publish to use with their equipment, which is actually the heart of his anti-trust lawsuit.
Re: (Score:1)
Bleh, I just re-read my comment and let me clarify.
The heart of his lawsuit is that you need to be one of these professionals or have a contract with them for access to the IOS images. And as someone who uses Cisco equipment, it is far from uncommon for a username / password to be issued on a per case basis to allow you to access a software image that can be tried to see if it solves your issue.
Re: (Score:2)
Yea, one of the things that the Canadian judge pointed to as being so absurd about the whole thing is their insistence on calling what any rational person would consider one offense (if it even qualifies as an offense at all) multiple separate offenses because accomplishing the "crime" took multiple attempts. It would be like charging someone with a separate count of breaking and entering for each, individual, swing of the axe it took to break the door down.
Re: (Score:2)
same bullshit law used against Drake and Manning (Score:5, Insightful)
this is the Computer Fraud and Abuse Act, which basically makes it a Federal Crime to 'do anything we dont like, with a computer'.
it is overly broad and probably unconstitutional.
that is, if someone would challenge it's constitutionality in court.
if you dont know about the Thomas Drake case, google it
same for the specific counts against Manning (i.e. the 'collateral murder' video, well, they are trying to get him on the exact same paragraph here, 18 usc 1030 a 2)
Re: (Score:2)
this is the Computer Fraud and Abuse Act, which basically makes it a Federal Crime to 'do anything we dont like, with a computer'.
Fair enough, but there is no way anyone can say Cisco is being hypocritical and "not taking responsibility" for the leak, when anyone who works security will say authentication credentials have to be secure or no matter what system is used. That's the purpose of credentials, after all; to allow access.
anyone who works in a cube (Score:2)
has been told by their boss "oh just use my password... we applied to get you access 4 weeks ago but they still havent gotten back to us. and its off hours so nobody is there who can do it. and this has to be out by tonight"
and they dont get 5 years in prison for it
Re: (Score:2)
read the charge sheets (Score:2)
there are a large number of counts against him that are CFAA, or the military equivalent (my favorite: "using a computer for other than its intended purpose")
imho, the CFAA charges against manning are not the tip of the iceberg - they are the iceberg.
Aiding the Enemy is the shiny barber pole sticking in the top of the iceberg, that everybody notices. Those other charges are there for bullshit reasons, one of which is apparently to set a precedent where nobody is allowed to blog about taking a shit without b
Read related links (Score:5, Informative)
Anyone reading this should also read how Cisco lied and got him arrested in Canada ... there's a link right below the description but I'm posting it again here as well:
http://www.techdirt.com/articles/20110722/02351315202/how-cisco-justice-department-conspired-to-try-to-destroy-one-mans-life-daring-to-sue-cisco.shtml [techdirt.com]
http://arstechnica.com/tech-policy/news/2011/07/a-pound-of-flesh-how-ciscos-unmitigated-gall-derailed-one-mans-life.ars/1 [arstechnica.com]
Re: (Score:2)
Having read the Ars Technica story, I'm disturbed and maybe even a little frightened by the DOJ's actions against Mr. Adekeye. They're determined to take away his freedom and his money while acting as the muscle for Cisco's legal department.
This, along with other recent ridiculous cases, like the trumped-up charges against Aaron Swartz [slashdot.org], have left me wondering, what can a US citizen do to change this situation?
Re: (Score:3)
You can leave the country. Its getting to the point where the most patriotic thing you can do is find a country that more aptly fits American ideals than the US does.
Re: (Score:2)
I wasn't really considering extradition issues, which I probably should have considering the topic.
Re: (Score:2)
But if you leave the country, they'll just arrest you and bring you back.
Joking...
(only sort of)...
It's really depressing hearing about cases like this.
Re: (Score:2)
what can a US citizen do to change this situation?
Join Cisco's legal team - this will change the situation, at least for himself.
Re: (Score:2)
what can a US citizen do to change this situation?
Thanks to the Constitution, aren't you legally entitled to shoot all the lawyers and politicians and create paradise on earth?
Re: (Score:2)
That's not what they're saying. They're saying that the person who shared the password should be responsible. Did you even read TFS?
Re: (Score:2)
Who says they didn't punish that employee? Secondly, how does that change the fact that this guy did something he was not authorized to do? So if you give me a key to your house to bring in your mail I can steal your TV without any consequences since you gave me the key to the front door?
Re: (Score:2)
He was authorized. A representative of Cisco gave him credentials to use for that purpose. That Cisco representative may not have been authorized to grant said permission, but that is not Peter Alfred-Adekeye's fault.
Re: (Score:2)
Go back to Gamilus.
I would say that on the surface, the employee who gave him the credentials to log in and download whatever those credentials allow was a representative of Cisco and that the access Adekeye enjoyed was both authorized and legal. And if that's not the case, then NO access granted by any employee of a company short of the CEO or President of the company and signed by the company's attorney is subject to being considered unauthorized and illegal.
Re: (Score:3)
Private citizens cannot file antitrust suits.
So we'll just ignore everything else you wrote, since that's likely made up too.
http://dockets.justia.com/docket/california/candce/5:2008cv05391/209307/ [justia.com]
Re: (Score:2)
im not clear on these points also. Is it true that every time i log in to my slashdot account I have penetrated a corporate network?
Re: (Score:2)
im not clear on these points also. Is it true that every time i log in to my slashdot account I have penetrated a corporate network?
Yes, and that's the only time you hear the words "slashdot account" and "penetrated" in the same sentence.
*rimshot*
Re: (Score:3, Insightful)
Summary: Man penetrates corporate network with hot credentials, man copies software from illegally penetrated network, man complains when law enforcement gets involved.
Not only that, but he was let into the network to recommend his company become a preferred partner of Cisco. Why he decided to d/l software he was not authorized to possess is beyond me, but you would think he would realize that was likely to piss off Cisco.
There is more to this story than meets the eye; Cisco would not bother to do this unless there was something else at stake. My guess is there was some concern about how he planned to use the information he had gotten; or over the initial establishment o
Re: (Score:2)
Re: (Score:2)
Because "corporate personhood" is a terrible idea? Because a corporation by definition must behave as a sociopath? Maybe that's why.
You do know that corporations are only collections of actual human beings?
Re: (Score:2)
Money is the motivation. Very likely in the form of Multiven [multiven.com]. Mr. Alfred-Adekeye the founder and CEO of Multiven.
Don't trust one word from Cisco (Score:5, Informative)
Normally I would, but Cisco has been proven to be complicit in lying and subterfuge in this case.
Check out the note above about what they did in Canada. They fed a boatload of lies to the DoJ which were then parroted to the Canadians to get him extradited here. The Canadian judge was PISSED when this was found out.
It was seriously evil and twisted. How's this: He is a British citizen traveling on a valid British passport. He sues Cisco. He lives in Switzerland and can't get back into the US legally until he resolves some immigration issues, which he has documentation he's been actively trying to do. So he can't come to the US to make a deposition in the case. Cisco doesn't want to go to Switzerland, so they arrange for Canada. Cisco/DoJ has him arrested and held for extradition in the middle of the deposition.
Here's a fun lie: The justification for this was that he refused to come into the US, so he had to be nabbed in Canada. But there is documentation showing he had been continually trying to come back to the US to run his company. A quick check with DHS would have shown the DoJ that Cisco was lying, but they didn't even bother. The judge in the antitrust case knew about the situation and had approved the Canadian deposition.
If they wanted him that badly, they could have just granted the visa, he would have entered the US, and he could have been arrested.
He's Nigerian by birth, but he had been a British citizen for years, and a successful executive with IBM, AT&T and then Cisco. Cisco brought him to the US on his British passport. Cisco then fed the DoJ a big story about this shady Nigerian who could flee at any moment if not nabbed in Canada and held there. Without checking, the DoJ passed this false story onto the Canadians.
I've read the Canadian court decision. It is downright scary what happened, Cisco colluding with the DoJ and lying to a sovereign country's courts in order to strongarm a person into giving up his antitrust suit.
More to the story (Score:2)
It is the antitrust suit he had going against Cisco. Cisco had locked out any other company that might want to provide maintenance for Cisco products, and that was the business his company was in, so he sued. He had been gathering evidence to use in the case against Cisco, and of course Cisco didn't want that.
Re: (Score:3)
It is the antitrust suit he had going against Cisco. Cisco had locked out any other company that might want to provide maintenance for Cisco products, and that was the business his company was in, so he sued. He had been gathering evidence to use in the case against Cisco, and of course Cisco didn't want that.
Separate from the supposed anti-trust actions of Cisco, why would anyone do something that could be used against them by someone they were suing? You're basically giving them the club to beat you with; if you really need that information you should try to get it through the legal process. I have no idea what his motivations were, it just strikes me as odd to expose yourself the way he apparently did knowing your opponent is a very large company who can buy boatloads of legal advice.
I didn't say it was a smart move (Score:2)
He probably thought that a Cisco employee letting him in gave him some protection. It's not like he hacked or was even dishonest, basically asking a Cisco employee up front "can I use your account to see what I can get?" You don't do that if you have illegal purposes.
Sounds like he was playing private detective to discover what access engineers had, probably worried Cisco would switch around permissions if the info were asked for in the suit. Given that he would have had this type of access as a Cisco emplo
Re: (Score:2)
He probably thought that a Cisco employee letting him in gave him some protection. It's not like he hacked or was even dishonest, basically asking a Cisco employee up front "can I use your account to see what I can get?" You don't do that if you have illegal purposes.
The problem is doing that and then accessing the network is illegal in and of itself. He was not authorized to use it once he left (an assumption since if he was he'd still have a id and pword) and then used someone else's login who probably was not authorized to allow him to use his login credentials. Unfortunately, in the end, he was no different than any social engineer who uses his or her skills to gain access by acquiring a legitimate set of login credentials by asking for it.
Sounds like he was playing private detective to discover what access engineers had, probably worried Cisco would switch around permissions if the info were asked for in the suit. Given that he would have had this type of access as a Cisco employee, I'm betting that he was checking to see if such access still existed for engineers, probably in response to Cisco saying engineers didn't have that kind of access.
If Cisco did that they wo
Re: (Score:2)
A social engineer has an element of deception. He flat-out asked for it.
That's not all far-fetched given Cisco's abuse of the legal system in this fiasco. I'm betting Cisco had to swear
Re: (Score:2)
A social engineer has an element of deception. He flat-out asked for it.
I disagree that social engineering necessarily involves deception - it's simply using social skills to connect with the person who has the information you are seeking and convincing them to give it to you. Deception is not need to do that - you can often get what you seek simply by asking for it in a straightforward manner with, if asked, an honest explanation of why you want it. That said, he asked for it but then, according to TFA, used the information in a way that was not how he explained he planned to
Re: (Score:2)
You should see the decision from the Canadian judge about Cisco's conduct and the complicity of the US government. Royally pissed off may adequately describe it.
proportionality (Score:2)
because people do this all the time, (sharing passwords) at every company in america.
and 99.99999% of them dont get any jail time, and the federales dont care. they have better things to do, like going after Mara Salvatrucha and mexican drug lords.
it just is a bizarre coincidence when the one guy they do choose to go after just so happens to have been a small business man in competition with a behemoth that some would argue is guilty of violating the anti monopoly laws.
on the other hand i do agree with the
Re: (Score:2)
Surely the purpose is to deflect responsibility from the investors, not the people who make the decisions directly..?
Better summary (Score:2)
Cisco employee with valid credentials let's Adekeye log on for a few minutes to get what he needs. IMHO, firing the employee for a violation of policy is about the extent of the redress here.
Check out USC 15, Chapter 1, Section 15.
Re: (Score:1)
Re: (Score:1)
Cisco employee with valid credentials let's Adekeye log on for a few minutes to get what he needs. IMHO, firing the employee for a violation of policy is about the extent of the redress here.
And why should the guy who used those credentials to do something he had no authorization for go unpunished? Sure, what Cisco is doing is definitely over the top, but the guy had no permission to be downloading the software he did. Do you find it okay for people you ask to come over to take things from your house and leave?
Re: (Score:2)
Re: (Score:2)
He WAS authorized. The only way he had of verifying that the employee wasn't authorized to give him what he needed.
If someone with the key to my house lets a stranger into my house and says, "take this stuff" - the stranger isn't criminally at fault, because he has every reason to believe the person with a key to my house is authorized to be in there and tell him to take stuff.
This is what a Canadian judge had to say (Score:3)
After reviewing all of the facts of the case:
"Here we have a man who has no criminal record, who made every possible effort to comply with US immigration laws and procedures, but who dared to take on a multinational giant, rewarded with criminal charges that have been so grotesquely inflated as to make the average well-informed member of the public blanche at the audacity of it all"
Re: (Score:2)
Is this for real? (Score:2)
I got to the second page, when I saw they made a claim:
Did they even bother proof-reading it if they can't get the name of the company's domain name correct? This sort of sloppy work makes me wonder if the lawyers are incompetent, or if this is a joke.
Re: (Score:2)
This sort of sloppy work makes me wonder if the lawyers are incompetent, or if this is a joke.
Both maybe?
Whose wife did this guy fuck? (Score:2)
Re: (Score:2)
Everyone at Cisco and the DOJ? They seem to be lining him up for a pretty good ass reaming as it is.
Re: (Score:2)
Everyone at Cisco and the DOJ? They seem to be lining him up for a pretty good ass reaming as it is.
By whom? The best you could possibly hope for is a sound written thrashing by a pissed off judge. And if that doesn't work, well, the judge will have to write another letter.
Oh, that and a few people on the Internet will get upset.
Re: (Score:2)
Re: (Score:2)
You just press the button on the device and hold it to the scanner.
And the info sent by the scanner can't be intercepted? The device can't be stolen or cloned? It's just a fancy-dancy password.
It can't be intercepted if they do the protocol right - your device should sign their (unique) authentication request with your private key, then they verify the request with your public key. Someone can intercept the transaction, but they can't replay it because each authentication request is unique, they'd need your private key to impersonate you.
The device could be stolen, but would presumably be protected with a password and the user would soon notice and report it stolen so it would have a limited life
Re: (Score:2)
Do this and you've 1) assigned ultimate control of all passwords to the government, and 2) assigned everyone a bar code. Sounds like a great idea, Stalin.
How about this (policy at my company since we can't afford a decent auth token solution) - share your password, lose your job. Period. IT occasionally conducts "stings" (i.e., social engineering pen tests) to find out if anyone will do it, thereby keeping awareness and paranoia at a healthy high.
Otherwise, let's not ge
I wonder (Score:1)
Who benefits? Who will pay? (Score:1)
The Canadian Judge destroyed the Fed's argument .. (Score:3)
and Cisco's as well, and revealed that the DOJ was nothing less than armed thugs working at Cisco's direction.
I saw the video of the deposition in Canada. It was in Canada because the US wouldn't let Adekeye into the US. Both the Feds and Cisco knew that Adekeye had applied for permission to enter the US and was denied, but they didn't inform the Canadian police of that, leaving them with the impression that he was a fugitive from Justice. IF he were a fugitive they could have let him in and then captured him at the boarder. But, what they really wanted to do was further soil his reputation unjustly. So, they lied to Canada about his status. While he was being questioned by attorneys at the deposition a Canadian constable, uninformed of the situation, barged in and served a warrant for his arrest, interrupting the legal proceeding, which was itself unprecedented. Attorneys for Adekeye wanted to shut off the cameras, but attorneys for Cisco wanted them to run so they was have video "proof" of Adekeye's "guilt", as if being accused is the same as being guilty.
The judges ruling was a very strongly worded condemnation of Cisco and the DOJ, accusing them of collusion in the abuse of power. But, in a country where the government now does the bidding of its corporate overlords, the Canadian ruling bears no weight. It only stands as a moral indictment of both our judicial system and the corrupt corporate environment.