Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
The Courts Government News

2600 publishes FBI's inflated Mitnick money figures 124

Posted by Hemos from the blow-em-up dept.
Mike Schiraldi writes "2600 published some letters they have acquired which were originally sent to the FBI by companies whose systems Kevin Mitnick had compromised. In a nutshell, the FBI asks, "How much damage did he do?" and they say, "Well, it cost us $10,000,000 to develop this application, and he got a copy of the source code, so he did $10,000,000 worth of damage." Now the government is furious, and is trying to hold Mitnick's lawyer in contempt of court! But the information that was leaked is supposedly public information. " Yeah-compare contrast the two letters. OK-maybe government intelligence is a misnomer.
This discussion has been archived. No new comments can be posted.

2600 publishes FBI's inflated Mitnick money figures More

2600 publishes FBI's inflated Mitnick money figures

Comments Filter:

  • Where is all the source code? (Score:1)

    by Anonymous Coward
    Please forgive me for not being up to date on the Mitnick case, but I wonder what happened to the source code he stole. Did he ever release it to anyone?

  • Re:Funny part is.... (Score:1)

    by Anonymous Coward
    Sorry, but that is not how intellectual property theft works. When someone steels the knowledge of how something is developed (be it source code, the formula for coke, or the formula for a new drug) the valuation that is applied is the cost of development. The only other valuation available is the future revenue that the product would generate, but because that is speculative it is inadmissable in court.

    AFAIK, Kevin did not post the information he gathered, the actual loss was minimal and mostly PR based (companies don't want ppl to know that they have been compromised). The colataral damage from his snooping was minimal.

    If on the other hand, someone steels the formula for a new drug and posts it to usenet/slashdot/irc/whatever, then the company's valuation is damaged and must be reported to SEC and shareholders. Patten law might be the only thing to save them, but the corporate intelligence that company X is this close/far to a treatment could be devastating.

    Intellectual property law is very complex. Don't assume that the tidbits of information that we have gives the full picture of the situation.

  • Re:Funny part is.... (Score:1)

    by Anonymous Coward
    But even if it the value of the source doesn't show up on the balance sheet, the "loss" must have affected something. If it means that the company must use more money on R&D (for instance to maintain a lead that they had because of trade secrets in the source), then the theft will mean increased R&D costs, and thus a worse result, which means it WOULD affect the balance.

    If the theft causes reduced revenue, then the loss would again affect the balance.

    Any other kind of loss here would probably be related to time to market issues, or the cost of a review process to ensure that no changes had been made to the code etc. In those cases too, the cost would show up on the balance as a lot higher than without the cost.

    In any case, any "loss" resulting from the theft of the source will either be entirely ficticious, or show up on the balance sheet.

    So either these companies have lied to the FBI, or they have neglected to inform their shareholders about an issue with substantial impact on their revenues or results for the following quarter or quarters. In that case, I bet the SEC would love to talk to them...

  • There is no way in hell someone could get off break-and-enter charges by claiming "I was just curious to see what that guy living at 4 Holyrood Avenue in Oakville had in his house". If you break into any of my computers and I find out, I *WILL* charge you with whatever laws are applicable. My computers are **PRIVATE PROPERTY**. They aren't there for your amusement or your education.

    Just because you claim the sob story of not being able to afford Unix (which is BS too, where do you get the money to pay for the HARDWARE to run that proprietary Unix? Or do you steal that too?) does not give you the right to steal property from others or to break into their computers.

    And by the way, Oakville Ontario is not a "small town". It's got a significant population of generally very well off people. In fact the address you list in your resume appears to be a lakefront property in a VERY well to do neighborhood... probably worth a million or two. Something tells me you don't own this house yourself. The term "script kiddie" comes to mind...

    Yes, Mitnick has been treated badly by government and corporate assholes, but to make the claim that breaking into people's private computers is "OK" because you are poor or because you didn't do any damage is complete and utter bull. The notion that I am only mad because you outsmarted me is also complete BS for the very same reason. People shouldn't have to be experts at security in order to keep what they do on their computers safe from anti-social self-important geeks like you. Similarily people shouldn't have to be black belts in karate to keep thugs from mugging them in the street.

  • Sometimes it's just startling. (Score:5)

    by Anonymous Coward on Tuesday May 11, 1999 @05:43AM (#1897491)
    For a community (the "open source" community) that always guards vigorously against misuse of the word 'hacker' to pay so much attention to the plight of a 'cracker' like Kevin Mitnick is startling.

    The man is a cracker. If you look at 2600 magazine sometime, you will find that it's simply a stew of scripts and sub-literate schematic diagrams. Mitnick isn't a technical wizard by any stretch of the imagination. People like him have this technique called "human engineering" that they use- it's also known as "lie to people in any way necessary to get them to tell you their password." Think about what people like him represent next time you're nervous about paying for an online transaction with your credit card.

    The whole romantic notion of the 'electronic bandit' is badly in need of updating. I've looked at some of the virus newsletters and the supposed 'virus source code' they contain. Mostly I have found debug scripts (basically similar to UUencoding- hex dumps of the object code for virii). It's very unimpressive and makes it apparent that most virus distributors are simply the electronic equivalent of a snotty nosed 5 year old kid spreading a cold virus at kindergarten.

    The "true believers" in Mitnick will read this and just fume, or ignore it. The rest of you, think about it a bit and reflect on wether you want anything to do with the likes of Mitnick.

  • Re:Slashdot nutshell description is disingeneous (Score:5)

    by Anonymous Coward on Tuesday May 11, 1999 @06:27AM (#1897492)
    [devil's advocate mode: on]

    Both of the examples you gave were for physical things that were stolen. Money and a MP3 player. While the felony robbery for $20 would carry a high sentence (primarily for the "assualt with a deadly weapon" aspect) not much in material damages was done. Emotional distress may apply here, having a gun in your face would not be fun. The MP3 player you were going to market is a bit closer to what is claimed. However, to be really accurate make it the MP3 player DESIGN. The schematics and source code. And let's say they broke into your computer and downloaded your CAD and C files.

    Now we're close.

    OK. He had stolen property. That I will agree with. However, as you sated, the penality for that should relate to the damage caused by stealing that property. This really isn't "stealing" in the traditional sense. It is copying. The rightfull owner still has full use of the property in question (unless he deleted the files after downloading). So, the only damage caused is that there is now a copy of your source/designs/etc. out there running arround. Oh, and maybe the fact that a password has been comprimised. Change the passwords and add 5 minutes worth of time for each employee at thier respective hourly rate to the damages bill.

    Now. How is one person having a copy of your code damaging you? Can you prove monetary damage from that copy EXISTING? Remember, as the prosecution you must prove "beyond a reasonable doubt" that there was damage, and how much damage. Of course, given some of the stuff I've heard about how this guy has been treated by the government I wouldn't be surprised to see them ignore the law. There have been murders treated better in our criminal justice system.

    Now we must consider the distribution of the code in question. Was it distributed? To whom? Were they just friends of the accused? Competitors of the victim? Posted on the internet? Let's assume that the value of the code is basicly what it would go for in the stores as a binary. It's worth is the price of the compiled product on the store shelf. A bit simplistic, but for the sake of discussion... So anyone he gave a copy to has priated the program and as the distributor he is responsible. I doubt that figure is in the hundreds of millions. If it was a competitor, then there may be more to consider.

    [devil's advocate mode: off]

    I don't agree with what he did, but the figures quoted are rediculous if all he did was make a copy, which is what I've heard. I'm not following the case, so I may well be wrong. If all he did was copy some data, breaking and entering would be a better charge. And the bail should have been reasonable and available to him. I've heard he keeps firing lawyers and simply couldn't make bail, but that it was very high. If he's still in prison because he didn't/couldn't make a reasonable bail, he has no right to complain. If he keeps firing lawyers so the court has to keep moving his trial date back, he has no right to complain that he didn't get a speedy trial. As long as the court had set a reasonable date for the trial before the firing of the lawyer.

    This is all based on my basic understanding of the case and I've tried to present differing viewpoints for the reader to consider. As usuall, check the facts, I might be very wrong.

  • Kevin Mitnick made personal copies of a whole lot of closed source code without permission.

    Was this right, legal or ethical? of course not, but this does not mean that the damages are equal to the cost of the development, unless of course he had destroyed all the working copies of the source code or had sold it to an unscrupulous competitor who somehow managed to clone the software and release it without anybody realizing that it's identical.

    Personally I think the companies should have to pick one side or another. Either they took a major loss, which should be accountable to the SEC and be able to be listed in their financials, or they didn't.

    You can't be half pregnant.
  • Yeah, Mitnick is a criminal.

    Yup, he deserves to have the law land on him.

    What he doesn't deserve is to have the government
    make an "example" of him; nobody deserves to be
    treated differently under our justice system just
    because they happen to be one of the first to
    commit (or be caught for) a specific violation.

    Mitnick deserves to go to jail and pay a pretty
    big fine after recieving a speedy trial and being
    found guilty under the same system that would try
    his neighbor if they got caught stealing car
    stereos. That's not what's happening here.

    Our justice system isn't as blind as we like to
    pretend it is.

    ----

  • If someone steals your car today, you have a loss of the value of the car. If the police catch the guy the next week, and you get your car back, you now have a gain of the value of the car, and your actual damages should just be the costs of the inconvenience. Your bottom-line doesn't involve the value of the car at all. But the thief should be charged depending on the actual value of the car.

    In the case of the companies, their bottom line may not have been affected much, but Mitnick still stole objects valued at many millions of dollars. He should not be liable for the value -- he should be liable for the loss.
  • The slashdot description wasn't written by anyone at slashdot. Notice the quotes; they are just repeating the story that someone has sent in. Don't blame slashdot for spin they haven't even created.
  • Heh. If the Windows 2000 source code was actually stolen, it'd be invaluable to Bill. He'd have a decent excuse for the delays in NT5 other than "We can't program worth sh*t"...

    Just like Apple and Copland, this will set Microsoft back some, and they'd love to have something decent to blame besides themselves.

    In Mitnick's case, the government is still looking for a scapegoat. All of this already happened in The Hacker Crackdown of 1990, stupid public documents were overvalued then. Today, people don't understand what "stolen" means.

    Mitnick has always been an annoying dude, but never a 'dangerous hacker'... I just wish he'd grown out of it earlier for his sake, or at least learned not to get caught.

    All the really famous 'hackers' are famous because they got caught, which is pitiful. The only real hackers amongst them were probably RTM (since The Internet Worm was basically an accident) and maybe some of the real virus writers like The Dark Avenger, but they never got really famous.

    However, I still have much sympathy for Mitnick. No matter how stupid he acted, he still hasn't acted stupider than our government has in handling this. They were so paranoid about giving him *anything* electronic, thinking that he was MacGuyver or something. He should be recompensed for the stupidity he had to endure. :)
  • Give me a break. I don't advocate cracking, but for one thing, if he's been held in jail without trial, that's just plain illegal. Check the Constititution and Bill of Rights. Also, it sounds like the doors to get into the source repositories, which should've been tighly locked (proverbially) were left standing half-open. He shouldn't have done it, but the companies in question shouldn't have been moronic enough to make it that easy. If you care about your "trade secrets", no one else is gonna take care of them but YOU. If you don't, then obviously you're making it easy, so it's partly your own fault.

  • The actual value of the source code is not in question. The question is did the company actually loose the entire value of the software as a result of Mitnick, and if so, why didn't they feel the need to share that information with their stockholders.

    The more likely scenario is that the companies ACTUALLY regarded Mitnick's actions as effective theft of a single source license (which costs considerably less than the development cost) and thus were not required to report it to their stockholders. The problem is, they cannot then re-valuate the loss for the purpose of Mitnick's trial. That would amount to fraud.

    An equivilant situation would be I allow a business associate to use time on my computer as a professional courtesy and value it as a $50 rental (for accounting purposes), but then write off the entire cost of the computer on my taxes. Guess who would be in for an audit?

  • Sure, and the companies would be within their rights to claim that, and the greater loss it implies, but then they are obligated to report the loss to their stockholders. They reported no such loss. Either way, there's a problem.

  • I have no romantic notions of some sort of digital Robin Hood or such. Mitnick was a cracker pure and simple. What he did was a crime and he should be punished for it.

    HOWEVER, criminals in the US are supposedly guarenteed a fair, public trail by a jury of their peers. Part of that fairness usually includes charges that fit the magnitude of the crime. That's why we have petty theft and grand theft as distinct charges. By inflating the damages, this criminal is being deprived of a fair trial and fair punishment. I object to that in the case of any criminal.

    So, no, I don't want anything to do with Mitnick. I DO want him to recieve a fair trial and punishment to fit the crime.

  • OK, so we know that companies report losses/gains in financial reports under GAAP rules, but do those rules apply as a standard in our (US) criminal or civil litigation system?

    Everyone is all over the board with the Mitnik thing, and I'm not sure I've gotten enough reliable information to make a personal judgement on it, but I hope the parties involved all realize this kind of accounting as relatively useless for establishing damages. As far as 2600 using it as a reason for his being held without bail seems kind of silly though. *shrug*
  • If I crashed into my boss' car, coming to work today, would I have been sued for the cost of the damage (and any loss of time), or for the sum total of the costs to develop the cars, the tarmac on the road, the litter bin in the corner or any of this other stuff

    Of course not! So why should anyone else!

  • This government-sponsored scapegoating is ridiculous. Fine, all you self-righteous people think cracking systems is the worst thing any hacker can do. Well, for myself, and a great deal of my friends, it was crucial. Living in a small town, you're not exactly handed copies of UNIX to learn from, and you won't see a network, that's for sure. Cracking is a learning tool. Few of us ever did any damage. So get off it. As for the 'damages', considering that the stolen source code wasn't exactly STOLEN, seeing as the companies still had their copy, it was more like a photocopy, which is hardly 10,000,000 dollars worth of theft. You guys can discount cracking, and condemn in a holier-than-thou fashion, but we're not criminals, we're just curious parties. And lest we forget, Mitnick's greatest crime, and the one they'll never forgive him for, is the fact that he outsmarted people. Read the Manifesto (1986) [iit.edu]
  • Oh please. You'll have to forgive me for weeding through all the knee-jerk nonsense, and get to the point.

    First and foremost, I didn't break into banks, phone companies, and certainly not private individuals. I went into universities, just so I could see a shell. I never deleted anything, caused any damage whatsoever. The 'rules' of ethical hacking do mean something.

    As for the flaming insults you're throwing at me. I was a kid when I did this stuff... I've graduated from University, and I don't exactly spend a lot of time breaking the law. And that's the point. You learn when you're a kid, and sometimes people put limits on what you can learn, some of us didn't want to limit ourselves.

    You're right, people shouldn't have to worry about being hacked. And you know what, that's what I've learned, is how to PREVENT the malicious hackers. I never hurt anyone's system, but there are people who do, who used the same techniques we were using 7-8 years ago. (The guy who hacked the Pentagon used ideas that are as old as they get) But if they had the sense to hire people who KNEW how these things worked, perhaps they'd be better off.

    I don't condone malicious hacking, or vandalism, whether virtual or physical. However, I do understand that the pursuit of knowledge sometimes clashes with the law. It happens. You can yell at me, accuse me of things I'd never do, and generally throw a tantrum, but I don't break the law, I don't hack people's systems, and I definitely don't like so-called "script kiddies"


  • I guess if I steal a Ford Escort from the production lines of one of thier factories, I'd owe them a few hundred million for the development costs. This is absurd. If he had sold the source to a commpetitor, they might be able to claim damages, but all he did was created a copy. Most of these companies grant licences for the source code, which while expensive, it's definitely NOT a loss of the dev. cost.

    Lawyers don't know squat about software. They just know how to twist the right analogies to impress judges.
  • Crackers or Mitnick? Did Mitnick create sub-literate schematic diagrams? Does Mitnick contribute poorly written scripts to 2600? Does Mitnick have anything to do with 2600 at all? Turning "guilt by association" into "guilt by no association" is kind of stretching it if you ask me.
  • Kevin Mitnick the crybaby? He hasn't said much more than "Hi" in recent memory. I hate 2600 too, but once again: KEVIN MITNICK IS NOT 2600. KEVIN MITNICK HAS NOTHING TO DO WITH 2600.
  • That is what the question should be. Not 'What could have happened', not 'What might he have done with the source', not 'I potentially lost millions', not 'My source code is so secret and important to me that I would be out of business without it, so he owes me BILLIONS.'

    You have to distinguish between actual damages and potential damages. That's why there's a big difference between driving irresponsibly and getting a traffic citation, and driving irresponsibly, causing a major accident, and killing several innocent victims. One is a misdemeanor, and the other gets you hard time in the slammer.

    Fuck the lawyers. Well, maybe not.

    BTW, I have that Dilbert cartoon, framed and hanging on the wall of my cell^H^H^Hubicle.

  • There is no middle ground here. Companies are being asked by the government "how much damage did Mitnick do?", they reply "The development costs were $xx Million."

    I don't think it is the company's fault that the government can't tell the difference between development costs and damages.

    2600 does have a point. The damages held against Mitnick should at least be reflected by losses presented at shareholder's meetings. I don't know this for a fact, but from what is presented, it seems as though Mitnick's damages only exist in the minds of management. The accountants don't seem to even know that $xx Million somehow dissapeared.

    If Mitnick sold the information to a competing company, or posted the soruce code publicly... clearly comprimising the company's ability to turn a profit from its intellectual property, then I could understand the dollar figures.

    I don't believe he ever did anything of the sort though.

    If those figures -- loss of uninsured and poorly guarded intellectual property -- were made public, I know I would take my money out of the company.

    It seems as though these are all potential losses. By the time Mitnick is out of prison, the IP will only be worth a tiny fraction of these numbers.

    This too applies to Nokia. If they did not report the losses, they should not be reporting the 'property' as lost or stolen.

  • If Windows 2000 source code was stolen today, how much would it be worth?

    Seriously, pretty close to nothing. Do you really think somebody who would have bought a copy of Windoze would not because they can now get a "free copy compiled from the source". They can get a free copy now (just copy it off another Windoze machine), and much better and more reliable than some source compilation that may not exactly match MS's distribution, and certainly does not contain any bug fixes made since the code was stolen.

    And the code can be looked at by people writing WINE, but that is illegal, the code was stolen. Nobody legit would dare go near it, in fact it is possible to see the source code now (many universities and companies have it under NDL) and using that for products is illegal as well, so there is not loss right now.

    My conclusion is that stolen source code is worth almost exactly zero.

  • As someone stated, they aren't losses - they are the value of the goods stolen.

    Like if someone steels your car and then returns it intact. Losses zero, value of stolen stuff potentially huge.

    Bah.. too many stupid comments for one thread.
    --
    Pirkka

  • There's a problem with your hypothetical MP3 player example. The hypothetical thief stole the player, yes. But he then SOLD it.

    As far as I recollect, Kevin Mitnick never sold ANYTHING to ANYBODY. So how can product standards be compromised?

    The companies knew that someone out there had copies of the code and important documents. The hole has been sealed nigh-on FOUR YEARS now. Ask Mitnick himself. He never sold any of it.

    Ask the government! All Mitnick really did was horde information to get his own jollies.

    Since industrial espionage (stealing the code with intent to use it or redistribute it for gain of any sort) did NOT take place, Mitnick should be charged in the same manner as if he'd stolen one of these phones off the shelf at a store, or stolen a copy of Solaris off a shelf somewhere.

    Until I see Mitnick Unix 2.whatever that's 100% Solaris 2.whatever compatible, I will hold this opinion.


    Chas - The one, the only.
    THANK GOD!!!

  • One problem. The US doesn't sell nukes to the Chinese!

    You also are taking the argument off on an irrelvant tangent.

    Source code is valuable to the writer because:

    • It allows them to perform bug tracking.
    • It allows them to develop their code base further by refinement of current code.
    • It shows that they actually wrote the code, as opposed to copying it from someone else (mostly irrelevant in an open source environment).

    Source code is also valuable to the user for the first two reasons as well.

    If Mitnick had actually sold/distributed the information. Then there might be some way to justify PART of the development cost being compromised.

    But since they STILL had copies of their own source code, what actual damage did they accrue? They're still able to utilize the code, bugtrack, and refine it.


    Chas - The one, the only.
    THANK GOD!!!

  • But here I think you may have missed a valuable point: we must defend to the death the rights of our citizens. Period. We have to stand up for every dirtbag, every sKript kiddie, and every wannabe who thinks he can 'hack the planet'. We cannot allow unpopular people to be persecuted or have their rights taken away, no matter what we feel about being associated with them. We will lose our freedoms bit by bit and piece by piece to a large faceless all-powerful government if we dare not.

    When all computer experts are viewed with suspicion, when false evidence is arrayed against us, and ludicrous false trials are held to condemn us, who will stand up for our rights? I'm not saying that these things are necessarily happening to Kevin Mitnick, or that they aren't, but as Americans, we must, absolutely must defend his rights as vigorously as we would defend, o say, Linus Torvalds.


    You cannot arbitrarily decide who deserves justice and who does not. We all have a right to fair judgement under the law, and must all be judged equally.

  • I have not seen on 2600 that he had priors, but I have seen them say the delay was at the request of the lawyers. However, the government was late in delivering the evidence, and the judge would not allow for another continuance...

    The major thing that is going one though, is that he gets put in solitary for supposedly trying to create a communication device from an AM radio, and then has to aggree to waive a bail hearing to get out.

    He is also the victim of misleading testimony from a guard or something at the prison and is getting only VERY limited access to a computer to review the evidence against him.

    Another one of the other things that apparently happened is that the government has encrypted files that they can't crack, but won't give them to the defense.

    And then there is the whole thing about the book deal and movie thing that paints Mitnick an Evil Super-hacker that blows things way out of proportion and all kinds includes all kinds of stuff he didn't do...
  • But if he stole it, he can't do anything legal with it anyway. It seems the same as breaking the license terms to me, except that you would go about prosecution differently...
  • Now this is priceless:

    > Additionally, attached is a worksheet showing what it would (will) cost
    > FNTS to recall the PCX phones in the marketplace if the source code has
    > been compromised or is not safe.
    > GRAND TOTAL $5,517,389.61
    (Melanie W. Scofield, Corporate Counsel Fujitsu)

    In other words, "since our code sucks so bad that anyone who sees it will
    instantly see blatant exploitable security holes, and since this is of course
    not *our* responsibility but that of the irresponsible person who looked at
    the code, we would like that person to pay us to recall all phones we have sold
    so far."
  • You Write: "I'm sure most of the field agents are dedicated, hard working individuals". Thats not my take. From personal experience where FBI was contacted in am attempt to find a missing person, the Agents has below par IQ and couldn't find their behind with both hands.
  • It seems pretty interesting that all of these companies are so quick to share how much their "losses" amount to. Personally, I think they're a bit overstated. While I don't think what Mitnick did was pretty smart, but just as major corporations usually do, they're going to try to squeeze some cash out of this situation. Granted, they're not going to get all of what they want out of Mitnick, but they are certainly going to try.

    From the Nokia Letter:
    A rough estimate of the development costs of stolen software and tools, including testing is US$ 7.5 Million.
    ....[and] a further US $120 Million in lost revenue due to new developments being delayed in reaching the market.

    From the Novell Letter:
    the cost associated with the development of the source code is well in excess of $75,000,000.

    From the Fujitsu Letter:
    Software development expenses... $1,100,000.00
    Research & development expenses.. 1,000,000.00
    Total... $2,100,000.00

    You are not going to convince me that because some software tools and development models were copied, that it is going to cost Nokia 7.5 Million dollars. And you are DEFINITELY not going to make me believe that Nokia lost $120 Million in lost revenue because of "new developments being delayed." PISH. Nokia makes a ton of cash, as does Novell and Fujitsu.

    -- Give him Head? Be a Beacon?

  • Somebody correct me if I am wrong, but I believe that the US constitution ensures that _every_ criminal trial can be made a jury trial if the defendant so desires... I forget which ammendment.

    Now if he is cutting a deal, then there will be no jury, but he would only be doing that because he believes it will turn out better then a jury trial would end up.

  • In the slashdot description for this story, it stated the "damage" estimates were in the millions. It is setting up a straw man argument here.

    If you actually go read the response letters, it seems pretty clear that government requested figures for the "value" of the stolen material, as well as the damages done. The large dollar values were for the "value" of the source code stolen, not the "damages" as indicated by the slashdot blurb. Is slashdot trying to arbitrarily stir people up, or to report the news?

    Mitnick was in possesion of stolen property. Period. The normal metric fo determining value is what price the product would get on the free market. If the product is not available on the free market (proprietary code), then the costs for development is as good a metric as any to try to determine value.

    If we don't think access to source code is important and valuable, then why do we get so rightously indignant about proprietary software under Linux? If having the source code means little or nothing, then why is OpenSource software so important?

    Kevin Mitnick was in possession of stolen property, and I believe he had no illusions about the legality of his actions.

    The court has asked the owners of the stolen property for their best guess at it's value. They have provided it. This is why we have jury trials folks, it will be the jury's job to decide to sentence relative to actual damages, or relative to the value of the stolen property. Whats wrong with that?

    If somebody holds up a liquor store at gunpoint and gets $20 bucks, then later gets caught, the individual is properly charged with a felony, not a $20 misdemeanor.

    If somebody breaks into your car and steals a linux MP3 player that you spent a year developing and plan to market, then sells it to his buddy for $15, do you want them charged with a $15 crime? Do you want them only charged with a $200 crime because that's all the hardware parts were worth?

    These companies just answered a question that was asked them, and the question was a reasonable one to be asked for an upcoming criminal trial.
  • I bet they weren't asked "how much damage did Mitnick do?". I'll bet they were asked "How much did it cost to develop the software which Mitnick stole copies of?"

    Look at the letters - "A rough estimate of the development costs of stolen software and tools...", "..the cost associated with the development of the source code...", "Software development expenses.. Research & development expenses.."

    They're just answering the question they were asked, and that question was designed to throw up answers of millions of dollars.

    I don't think there's any doubt that the prosecution in the Mitnick case went all out to make an example of him. There is sooo much dodgy stuff about the case, from John Markoff portraying him as some hugely significant darkside evil hacker, through his alleged hacks on Shimomura's systems (and they remain alleged - he was never charged with any attacks on Shimomura), through the way in which Markoff and Shimomura made a bucketload of money from Takedown, to the way he was held without bail for so long and refused access to the evidence against him...

    Yeah, sure, Mitnick broke the law, he broke into computers that he wasn't allowed access to, and he took source code, but there is no way he intended to profit from it in any way. He never tried to sell the source code on to anyone - he just wanted it so that he could look for bugs to exploit.

    I think even Mitnick would agree that, if you do the crime, you do the time, but the only crimes he's guilty of are hacking. They're just out to make an example of him by putting him away for as long as possible. They did something TPTB didn't like, so they've decided that they're going to make sure that they send a message to everyone else - hey, it's okay to assault people, steal cars, carry out money laundering, forgery or counterfeiting, commit burglay or even manslaughter, but if you hack, we'll put you away for longer than the average sentence for any of these crimes - and that's BEFORE you get to trial!

    America's meant to be the Land of the Free and you guys are always rabbitting on about how the Consitution, the First Amendment and all your freedom, but I'll tell you this - when your Government tramples all over someone like they've done with Kevin Mitnick and you all stand idly by and say "But he's a nasty hacker! We don't care if he gets imprisoned without trial, on trumped-up charges for over four years!?", it makes me realise that you've only got as much freedom as the Government over there wants you to have.

    Talk about sheep. You guys take the biscuit. I'm disgusted, and I'm glad I don't live in your country. The only difference between Mitnick and political prisoners in the former Soviet Union, is that someone's able to speak out or Mitnick. It's just a pity they're reduced to being forced to query why these losses weren't reported to the shareholders, SEC, etc. If you Americans valued your constitutional rights as much as you claim to, you'd be beating down the doors of your local Senators, demanding to know why this guy's rights are being violated.


    The Dodger
  • So, you're saying that Windows source code is worth something?!

    I beg to differ, old chap - I don't think it's worth warm spit! If I got my hands on it, I wouldn't even attempt to sell it to anyone - I'd feel too guilty about ripping them off. I'd just post it online. :)


    The Big D.
  • He never released it, but other people did. Tar'd and gzip'd, the Solaris 2.5 source code takes up ninety-odd megabytes - perfect size for a Zip disk. If each copy of the source code represents millions of lost revenue for Sun, then Sun should have gone under years ago.

    The funny thing is that, eventually, Sun themselves released the source code to educational institutions for free.


    Dodger
  • Where someone can be imprisoned, without bail or trial for over four years, and without being allowed access to the evidence against him.

    I'd always know that the American legal system was a little strange, but at the same time, I'd always kind of admired the US Constitution, with it's 1st and 5th Amendments, and it's insistence upon a speedy trial and freedom of information, et cetera.

    Now I realise that it's all just a sham - the Government can do what they like. They can trample all over a man's rights, treat a man who's crime was nothing more than hacking into computers and stealing source code (he didn't even try to sell it!) worse than they treat rapists, drug dealers and the rest of the scum they release on bail and give suspecnded sentences to.

    And what do you all do? You say "So what! He's a criminal. He can hang for all we care." Wonder how long it'll be before someone who loses control of their car whilst speeding and crashes into something, causing more than $5k of damage is imprisoned without trial for over four years, under charges of speeding.

    Sooner or later, you guys are going to wake up and discover that you Constitution is no more than a piece of paper. They'll keep taking more and more of your rights until you have to get a licence to fart.

    Dodger
  • > you have a loss of the value of the car.

    And that's the current, bluebook value. Not the cost when it was new. You don't get to claim a loss on what has already been depreciated. And you can't claim that all research that has taken place since the invention of the wheel is part of the "value" of your car.
  • Well, I I was to steal a £30,000 car then I would be charged with stealing a £30,000 car, not with stealing a car that cost £18,000,000,000 to develop. Mitnick did not deprive his 'victims' of there goods, so there losses should be limited to the notional value of the disclosure - given that solaris is not exactly bleeding edge tech and that they will sell you the source for $100 I would see the value of the damage to be $100.
    Or are they now claiming that all the development they put into the products is now worthless ? I don't think so.
  • After talking to the FBI about an infamous break-in I was a victim of, the first question out of their mouths was, "What is the value of the stolen property?" It turns out that how you answer this question decides how they prioritize (whether they get to it) the investigation. I think the FBI knows that it's not easy to value software, which is why they ask it, even though they know the answer is hard to enumerate. They just want to filter out cases to reduce their alreaday overwhelming workload. You've just been hacked. It was an incredibly humiliating and frustrating experience, and I didn't even pride myself on my security skills. I just wanted the bastard caught. Pure vengeance. That's all. Didn't want him to get away with it. I can just imagine what it's like for Novell or Sun to be hacked. You have plenty of motivation to bring out the big numbers. They're going to improve the odds that the FBI gets off their ass. Even if it's not going to make them any money, these companies are probably crying for blood. Malicious hacking is wrong. If you want to be a hacker and you want to do something for the hacker community, then do the hack, find an elegant, charming, but DISCRETE way to bring the security hole to the attention of the sysadmin, and move on to the next challenge. I think these kinds of "Chaotic Good Hackers" are a benefit to society, but they are depressingly few and far between. =-ddt-> PS. Please don't give me any crap about the semantics of "hack" and "crack". I grew up with "hack" having the same double-meaning it has for most peeps, but "crack" specifically meant defeating software piracy systems.
  • hmmmm, a $120 million for lost revenues because they had to shut down their network for a few weeks?
    Actually, that's not entirely unreasonable. I know that if the internal network where I work were shut down... well, we'd be screwed.

    Remember that to a company developing software, the most costly expense is usually time, for the simple reason that greedy computer geeks like us occasionally expect paychecks. The thing that makes most of these figures ridiculous is that in most cases, the time wasn't wasted: the source code wasn't gone, just copied, and there's little to suggest that any of these "victims" lost a sale because someone else snagged it using the stolen code. But to have your network shut down for a week... I don't know the details of Nokia's claim here, but that's bad juju.

  • Throwing into public domain? Er, there's no chance of that. The asshole may have stolen the code, but he never stole the copyright. Anyone who tried to sell products derived from the stolen source, would have received the same legal treatment as someone who tried to sell copied binaries.

    Remember when the Quake source leaked? Binaries compiled from it were very popular on the platforms that Id didn't support -- but it was still considered piracy. Id didn't suddenly lose their rights just because pirates were spreading pirate-compiled binaries instead of pirate-copied binaries. Id still retained full ownership.

    Therefore, the damages from source theft are less than the development cost.

  • Put this into perspective. If you your free time developing, say, a webserver, and someone like Microsoft steals it from you, takes some features out of it and puts them into IIS and then makes millions off it, wont you want your cut?

    I'm not sure if Mitnick should be in jail, as I've read some pretty differing accounts on the case from both sides, but I dont think anyone is doubting that he stole stuff. Stealing is illegal, whether it's Civil Disobedience or not. You must be prepared to pay the price for your crimes.

    I dont want to argue hacking/cracking ideals or throw around accusations agaisnt the FBI or 2600 or whomever, I'd just like to know how many people here would be singing a different tune if they were on the other side of the fence. Most of /. are students and have not had crackers steal or attack the systems that put food on their respective tables. It will happen. Let's see who turns the other cheek in the name of hacker ideals then.

    -Rich
  • It looked like the Sun dollar figure ($80M USD) was the largest number, and that being for the source code for Solaris. Isn't the source code available to anyone who asks and signs a NDA?
  • They wouldn't have lost all of that money if they were Open Source....
  • Did Mitnick release the stolen source code? If he did, then the companies would definnnitely have taken a loss that needed reporting. If he didn't, then the loss was only ever potential, not actual, and doesn't need reporting. IANAL, though. The FBI asked for certain numbers, the companies gave it to them. If the FBI agent took this to mean actual, as opposed to potential, losses, that's her fault. It doesn't seem she took it that way.

    What about losses do to downtime, searching for security loopholes, etc.... At least one company mentions this, and the value of it is very high.

    Mitnick took the code. As he took it illegally, it came with no license, and he was free to do anything he wanted with it, including selling it. The companies have the right to determine how much their source code, with a licensing agreement equivalent in what it allows as Mitnick's was, will cost. They determined what it cost them, what it would cost another company to develop had they been hired to develop it royalty free for another company (ie. the development costs). This is how much Mitnick would have had to pay to get this legally, yet he didn't do it. In the real world, Mitnick would have had to pay alot more (profit margin), but these companies graciously limited the value to costs alone. If Mitnick never spread the merchandise (source) around, and was soon apprehended, the actual loss to the company would be nothing.

  • No, but you'd be charged the full price of the copy. Companies don't normally sell source cdoe that has absolutely no restrictions on it. They can value what they would sell said code.schematics for however they wish. Valuing it at costs alone is pretty nice of them. As they "got it back", there were no actual damages involved, but Mitnick, or any other criminal would be charged accordiing to the value of what was stolen. If you went and stole a $1000 bike from someone, but you were caught and they got it back, you would still be charged with a $1000 theft.

    Things get a little more screwy with ip, but this kind of ip can be seen to have some kind of material value. Code/schematics aren't books whose "source" is published, they are more similar to a bike that only one person owns (but can rent/lend to others). The damages aren't as severe as stealing a $100 Million jet, but is definitely more severe than stealing a DVD of a movie that grossed $100 Million. With the jet you get an actual product (can be disassembled with work), with the DVD/MOV, you only get a movie (though if you go on to burn and sell copies, it's a whole other matter).

  • If he used it for "his own jollies", then he did "gain" from it, and therefore took part in industrial espionage. ;)_

  • If someone tried, but didn't succeed, in stealing $20 from you, they would still be charged the same. So you're not "out $20", but the criminal still gets the same punishment.

  • But it's theft of a source license with absolutely no license terms. A lot more liberal than the rights a normal source license gives you.

  • The point is that Mitnick didn't sign an NDA, therefore faces none of the legal repercussions the NDA states. If you sign the NDA, then break it, Sun can do to you whatever the NDA states it can do to you. Since Mitnick didn't sign an NDA, they can't do anything the NDA states. The only way they can get him is through criminal IP law prosecution.

  • They didn't "leave the door open" (at least not all of them did), it's more like having one of those old fashioned locks that skeleton keys work in.

  • Just because Mitnick says that he didn't give (or sell) the code to anyone else doesn't mean its the truth.

    Hell I'm the King of Siam, do you believe me???

  • You're right. He is a criminal. He did break the law. He stole confidential information.

    However, that doesn't mean he deserves what he is getting. The biggest problem I have with the Mitnick case is that no one deserves to be held this long without having a trial. (As of this writing 4 years, 2 months, 24 days, 33 minutes xx seconds. [2600.com])

    Now if that doesn't make you feel the least bit outraged or nervous about the us government then I think you might have some mental problems.

    I am not condoning what he's done. I wouldn't say that he was even wrongfully accused, but come on. 4 years? If you accidentally hit a pedestrian while driving home from work one day, and were charged with manslaughter would you want to spend 4 years in jail, just to tell the judge that the stupid ass jumped out in front of your car?

    Bleah.
    -King_Ruin
  • That would all be fine, if this was a jury trial. He is being in front of a judge only(that is what is infered by what I have read) , no jury will ever hear his case unless he brings a civil suit against one of the plantiffs. And the wording in the letters, whether what we see is correct or edited, has calculated losses, which can be reasoned as physical removal.

    We all know he is guilty of theft, but the question lies in how the companies value their loss since to our knowledge Kevin was the only one with the copies. If I was to steal a copy of a Monet, for my own personal use, would I be charge the full price of the original if I'm caught?
  • You are probably right, but up to this point its just been a judge listening to testimony. And he probably is getting a better deal with the plea due to the stigma Hackers get in the general public now days.

  • Funny part is.... (Score:5)

    by MISplice ( 19058 ) on Tuesday May 11, 1999 @05:12AM (#1897547)
    If the companies claim their source as part of their intrinsic value(book value) then the losses they are saying happened need to be reported to share holders. Since nothing has been reported to share holders then either they don't consider their software a "valuable" part of their company or the SEC hasn't seen the letter yet.
  • Uhm, I think the previous poster was refering to some frustration a lot of us out here are feeling. People keep saying that Kevin M. is some kind of totally inoccent guy who was doing no harm and now has the full brunt of the US government procecuting him. But He's not. He broke into the systems illegally. No question. And he got caught. Spending time imprisoned without due process is a bit disturbing, but that doesn't mean he doesn't deserve to be in jail...
    Look at what he did. You can't say he didn't know breaking in to the Sun computers and copying the source to Solaris was illegal (not that ignorance is an excuse anyway), because he did. He made a consious effort to break the law, he got caught and now he is paying for it. Complain to high heaven that detention without trial is wrong, but "Free Kevin"?!? I don't think so.
    He broke the law, he got caught and he even admits it. The government's method of procecution may be wrong but who they are going after isn't. A lot of the people at 2600 and other places conveniently over look that. Thats what makes us up set. I'd love to see some coverage of this story thats not completely biases one way or the other...

  • Kevin Mitnick's and his lawyer are the only folks involved in this FUBAR-SNAFU that are "NOT" in contempt of justice and the US Constitution (this, justice stuff, could put you in contempt of a US Court)! In US Courts two wrongs can make it right, but only when justice is abridged or denied. We are known as a Nation of Laws, I hope one day, "and Justice" will be added and provided equal status in the US Courts.

    Neo-Fascist are the only bums I know in history that would be happy to bury a person "alive" in prison for years, and provide an economic and/or NatSec excuse and expect approval, by US, of US civil rights (to a speedy, impartial, peer jury trial) violations of Kevin or anyone.

    As I've always said:

  • Keep in mind that the companies were requested to provide detailed information about the 'total value of the software that Mitnick made copies of', not 'how much money did your company lose as a result of Mitnick copying your software'

    The costs of the software involved may be true, and the reason that no SEC filings were made is because the company was not claiming a loss... they were just responding to a straightforward question from the feds.
    HOW MUCH DID THAT SOFTWARE THAT MITNICK COPIED COST YOU TO CREATE.
  • Once the security surrounding a trade secret is breached, it is very difficult to prove or disprove where the information has gone.

    Yes, and this fact *should* fall in Mitnick's favor, based on the wonderful principle in US justice known as the presumption of innocence. He shouldn't have to prove that the code didn't fall into the wrong hands. It's supposed to be the government's responsibility to prove, beyond a reasonable doubt, that such a thing occurred.
  • Take this instance (as a possiblity): mitnick downloads the source for a program, A, at company A. He posts it (as folks like him are want to do), and someone at company B sees it, recognizes it, and grabs it.

    Yes, but can the government prove that something like this happened? It's not enough (or I hope to God it's not enough) to assert that he could have done it without a reasonable level of proof that he *did*. While there needs to be some formula for calculating damages, the worst-case scenario figures given by these companies is way out of whack without any proof that Mitnick enabled further distribution of the code.
  • Ok first he waived his right to a speedy trial is
    why the trail is taking so long.

    As for whether or not he distributed the source or
    what its valuation should be. What if you change it around and say it was another corporation that
    stole the code, and you still can't prove they did anything with it. Either distributing it or profiting by it. Do you still say theres no damage
    done?

    If someone is willing to pay 10 million dollars
    for binary X. Then someone stealing binary X will
    be charged with stealing a 10 mill item, whether
    or not it can be proved that he distributed or intended to distribute the code or not.

    If the code is actually worth 10 mill then he should be charged as such. Saying you can't prove
    he gave it away doesn't hold up. Whats to say he
    couldn't take said code and start a company himself.

    What is arguable is what the code should be valued
    at. What it comes down too is, the law must protect against people stealing code that _will_
    use it for profit, Ie other corporations.
    Considering a corporation could employ people to pose as "innocent" hackers to steal code from their enemies, the goverment must protect companies against this, and the government is trying to send a message to hackers that they will
    be prosecuted to the full extent etc. Joe hacker
    will have to realize this will be taken seriously.

    I'm sure Mitnick caused 0 dollars of damage, but
    I think they are trying to set a precedent, not
    that I'm on the governments side on this.

    The funny thing about hacking though is you break
    into a site, then you might consider the info on
    the site is safeguarded for a reason. I think when
    you hack you basically have to accept if your caught your screwed, its pretty indefensible activity.
  • Wait a sec! I agree that inadequate security is the company's own fault, but it's not because some
    loophole exists that you have to make use of it.
    If I leave my frontdoor unlocked , it's my fault that the security of my house is inadequate but it doesn't absolve the burglar from any blame.
    What Mitnick did was illegal and he should be punished for it. To describe him as a modern day Robin Hood or as a hero is nothing short of silly and stupid. However he has the right to a fair trial, which does not seem to happen. This whole thing turned into a witch hunt and THAT is what is wrong with this whole thing.
  • Sun was only intending on selling one copy of Solaris. *Prods your head, looking for brain activity* - how many copies have they sold? How much revenue? Now do you see why a figure of that amount is valid?
  • While you probably are correct, another interpretation that I thought of when I read that was that they may be worried that the source code was changed (which is not a bad thing for them to worry about).


  • A Lack of Accurate Info (Score:5)

    by maw ( 25860 ) on Tuesday May 11, 1999 @05:30AM (#1897557) Journal
    The frustrating thing about following the whole Mitnick case is that the various sources of information about him seem to be wildy at odds with each other.

    At one end of the spectrum, you have people like the 2600.com guys who probably gloss over some things that Mitnick may have done and probably also paint the US Gov in a worse light than perhaps is fair.

    On the other hand you have US Gov lawyers and their ilk painting Mitnick out to be the digital Anti-Christ.

    It's probably pretty safe to say that the truth lies somewhere in the grey area in between, but due to both biases and ignorant reporting in journalism, most people don't really know what's going on.

    Are there any unbiased people who know much of anything about this?

  • Phooey. Killbill starts out all right, by making the valid observation that the companies were simply asked the "value" of the stolen code, and so were not necessarily being dishonest with the enormous sums they reported.

    However, when he goes on to try to equate unauthorized copying of software with theft of material goods, he quickly drops into the absurd. What's the difference between your copying my sourcecode, and your stealing $20 from my liquor store? (no, I don't actually have a liquor store. Allow me my fantasies, please.) In the latter case, I don't have the 20 anymore!

    The notion that all the value of their software was gone once an unauthorized person had access to it is transparently ludicrous.

  • >- Chas said: "If Mitnick had actually sold/distributed the information. Then there might be some way to justify PART of the development cost being compromised. But since they STILL had copies of their own source code, what actual damage did they accrue? They're still able to utilize the code, bugtrack, and refine it." Their ABILIIY to use the code has not been compromised; what these companies are worried about are market values. Take this instance (as a possiblity): mitnick downloads the source for a program, A, at company A. He posts it (as folks like him are want to do), and someone at company B sees it, recognizes it, and grabs it. Now, you have a situation of Mitnick performing a common act, which may or may not be difficult to prove (probably is, if he is at all intelligent), but, if he knows the prosecution does not know about it, then there is no way in hell he will say anything. Company B will not say anything, cause it gives them a leg up on A by knowing what their product is going to be like, how it will work, and its various compatiblities and other aspects. In other words, Mitnick has unwittingly (or wittingly, depending on circumstances) committed industrial espionage without the feds knowing it. That is what companies like A are worried about; in the world or proprietary software and hardware, you have to worry about give your competition advanced knowledge of you designs, cause they might implement them sooner, otherwise, and this is not the friendly world of Linux. Now, whether or not they are correct in their estimates, whether or not the competitor actually has the code is another question. But the paranoia that must go with the closed-source economy requires them to think of this and compensate for it. As for the dollar amount, I will refrain from comment; I don't work there, I don't really know the value. -G.

  • From an accounting perspective, unless you bought the source code from someone else (like the Solaris 2.x software), the value of the code would not show up on the balance sheet as part of book value. So, there would be no need to report the "loss", because the value of the item doesn't actually appear anywhere on the balance sheet.

    The distinction is that there is a difference between R&D costs (which (except for software companies) are expensed as they are incurred) and a balance sheet asset. The comapnies (in general) aren't saying "this was what we value this asset on our balance sheet at", but rather "this is what we spent to develop this asset".

    In addition, even if the asset was on the balance sheet, I don't think that it would be necessary to reduce the value of that asset. The company still has the use of that asset, and can sell the asset to someone else. It is not really "impaired" in any way.

    Assuming that it is stealing to take source code from another computer without permission, I don't know any other way to attach a "value" to the software taken other than development costs. It seems pretty reasonable.

    (For anyone who cares, software companies can reflect some of the R&D costs on the balance sheet. But, I still believe that these assets would not be impacted by a crack, by the arguement that it is not impaired).

  • hmmmm, a $120 million for lost revenues because they had to shut down their network for a few weeks?

    just as well nokia don't make calculators!

    i just hope nokia are as liberal with those monetary figures when they're the subject of massive lawsuits as consumers finally figure at they're lugging around a lump of carcenogenic gadgetry and that brain tumour they just got diagnosed with on the right side of their head ain't no coincidence.
  • I think the reason so many /.ers are concerned with this whole Mitnik thing is not necessarily that they sympathize with crackers as much as they are infuriated at the idiotic way the government deals with technology.

    Has that every been a /. survey?
    (I would consider myself a
    a) Hacker
    b) Cracker
    c) Script K1dd13
    d) Software Engineer
    e) Programmer
    f) Pointy-Haired Boss
    g) None of the above. Sheesh, don't you geeks realize that there are other professions!?
    )
  • I share the same sentiment that he needs to be punished for his actions IF, he did them. But, we need to remember a few things...

    0. THIS IS THE USA, WE HAVE LAWS DEALING WITH THIS. The US got up in arms over the method of punishment in the Singapore. I don't see why because it is a soverign country with its own laws. Our laws do however provide for a few things...

    1. He has not been proven guilty in a court of law.

    2. He has been imprisioned for over 4 years without a trial. Normal holding time is ~1 year for all criminals before trial. Something about the US Constitution and the right to a speedy and fair trial.

    3. There has not been a gag order placed on this trial and therefore, (you lawyers in training help me out on this...) the trial transcripts are public record.

    4. The actions of the prosecutors have been reprehensible up till now. Denying access to files that can he needs to prepare a defense. Then slamming over a million pages of materials in his cell with a few weeks left before trial.


    Regarding the amount of damages, the companies have to report all gains and losses to the IRS, SEC, and the shareholders in that company. If, they reported this as a loss, they must legally report that loss to the court. If they report any other amount, then it is fraud, and the IRS sends an army of Auditors up to the top floor of your corporate suite with anal probes and adding machines. I forget what the SEC does but I think I remember a case where their right to trade shares was revoked. The Shareholders can sue the company for falsifying records and fraud. Whole lotta shit flying around for a few decimal places.

    RB
  • I believe that everyone has forgotten one of the big reasons 2600 has taken up the banner for Mitnick. Yes, he stole source code and credit card numbers; that's illegal, and there are punishments under law for that. The companies involved seem to be inflating numbers to make the case look "good". No one disputes that Mitnick has stolen anything or is guilty of something.

    The issue that troubles 2600 and Mitnick supporters is the fact that he's been held in prison for over four years without a trial. Habeas corpus, a legal right, has been tossed out the window. Yes, there were periods where Mitnick's lawyers requested a delay in the trial date so they could gather evidence. It certainly doesn't help the defendant when they're prevented from viewing the gigabytes upon gigabytes evidence against them until two weeks before the supposed trial date. And it's even worse when the judge tells the defense team bail will not be granted before the bail hearing even begins. A man's constitutional rights have been trampled on; even rapists and murderers get fair trials before this. Mitnick could likely get time served by now, yet he'll get the book thrown at him.

    His guilt on some charges isn't in question; he plead guilty to a few a long time ago. That the gov't held off for a couple more YEARS until he plead guilty to the rest is suspicious; that he never received a fair trial in a reasonable period of time is an infringement of his rights. I guess "innocent until proven guilty" means nothing when large companies are involved; Mitnick never even had a chance to prove his side in a court of law. What a joke.

    I can't wait for the SEC, or even the IRS to get involved; I'd love to see what they say about these supposed "losses".
  • It's about time that 2600 did something. For all Emanulelle's talk of kevin in the press, and on the air, this is one of the first envelope pushing acts done by 2600. I am at least glad to see the old spirit of 2600 is not entirley dead.

  • Next you'll be claiming... (Score:3)

    by coyote-san ( 38515 ) on Tuesday May 11, 1999 @05:41AM (#1897566)
    Next you'll be claiming that the FBI deliberately sat on the NTSB's early conclusions that the TWA 800 flight was destroyed by mechanical problems, not terrorists. Besides, we needed to tighten security at airports anyway and my presentation of my passport (and references to the internal passports required for travel within the old Soviet Union) instead of my driver's license is sheer hyperbole.

    Or that the FBI turned Waco from a major ATF screwup into a national disgrace.

    Or that J Edgar Hoover abused his position to collect blackmail material for political purposes while ignoring organized crime.

    I'm sure most of the field agents are dedicated, hard working individuals. But I'm getting damn tired of the way that the senior levels of the FBI seem to think that the ends justify the means.

    Hopefully the judge will hear the arguments and toss the lawyers into jail for a week for contempt and refer the matter to the federal bar for disbarment hearings. The government lawyers, since it's precisely this type of abuse of power that the First Amendment (press and speech) was intended to prevent.
  • i agree, after all what was his intention in stealing somebody else's source code? If he wasnt going to do anything with it, then why did he stealt it? if he was going to do something then those companies reported losses could be correct. My point is that he broke into other people's computers, he stole intellectual property in the form of source code, and he got caught. It seems that too many people are saying he is innocent these days, but it looks like he is pretty guilty. i kinda agree that he may not be getting a fair shot since he got caught, but then again it is a pretty stupid thing to get caught for in the first place, unless he was going to sell the source code to Russians for millions of dollars so he could retire tomorrow. i think he got what he deserved, just because a company has poor security doesnt mean that any poor fool can come in and terrorize it with any justification. i got a final to take so i have to cut this short.

  • They only need to have 5k in total damages
    each to qualify for a feloney. All the extra
    bucks are just to impress the judge and maybe
    bankrupt the guy in some future civil trial.

    I dont feel sorry for this CRACKER. He took his
    chances.. made a bunch of mistakes and got busted.
    NoOne is so smart that they cant get caught. There
    is always someone smater. In fact he wasnt even
    a really good cracker. He actually was more like
    an advanced script kiddie.

    Malice95
  • Just a thought: everybody seems to be pretty convinced that the figures the companies quote are disproportionate. But how would you value the worth of software?

    I expect it should involve something like the expected sales revenues. In that case, most figures seem to be roughly in the ballpark. If Windows 2000 source code was stolen today, how much would it be worth? Hopefully (for Bill :) even more than it cost to develop. The point is that commercial success in software design depends heavily on source code secrecy.

    I agree of course that stockholders should have been told. And I wouldn't have a clue about whether the fact that Mitnick did not publish the code makes any legal difference.
  • Odd that SUN gives away source code worth $80 mil., or sells it for $100.

    Sort of like that L0Pht trial, with a $14.xx manual being valued at some astronomical amount, just to make the case "worthwhile".

    Make sure to visit a Kevin demonstration near you, on June 4th. http://www.2600.com
  • and burn Kevin and beat Kevin and...

    One of the things Kevin is accused of is the posession of credit card numbers, from a wide open Netcom file, obtained in exactly the same way as the LA Times recently obtained credit card numbers from e-merchants.

    I do not see the DoJ (nor any of you Kevin bashers) crawling all over the Times for doing one of the things Kevin is being condemned for doing. I do read a lot about how the merchants were wrong for being careless. Where are the pyres for Sun, Netcom, etc.?

    Is the LA Times, or it's employees going to be charged with a crime or forced to pay for new firewall systems and system modifications for the merchant's that did not bother to use their software properly? Sure doesn't sound like it.

    So much for equal protection, enforcement, or whatever that BS was from US Government class.

    When YOU are vagely accused, then prohibited from reviewing the evidence, as well as the charges, against YOU (no matter how stupid your actions, no matter if it was really YOU in the first place), don't come crying to us.

    Fortunately, for YOU, we will still support YOUR rights, no matter how little YOU view the rights of others.

  • So, I guess "Equal Protection Under the Law" is per dollar anount and not per individual?
  • Then go to one of the demonstrations on June 4th and speak to people in person.

    Details: http://www.2600.com
  • The Washing, DC 2600 meeting will be broadcasting the June 4th Supreme Court demonstration live in streaming video.

    June 4, 1999 2:00 - 5:00 PM, http://www.SteveNet.net/2600/
    Other demonstrations world wide http://www.2600.com
  • The accountants are right by defenition;

    If the prosecution does not base their claim on whatever the accountants say that the damage is they will have to prove fraud on the accountants part first.

    If they don't prosecute the accountents, they will have to use their figures.

    Rob [mailto]
  • Yeah, he broke a few laws. I'd say he's served more than enough time for his crimes just waiting for a trial. People convicted of manslaughter get far less time.

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close