Exposing incompetence WRT online security, okay. Sending threatening calls and otherwise harassing public officials? Epic. Fail. Hope he had fun while it lasted.
Justin Liverman, arrested by the FBI for breaking into the AOL email account of CIA director John Brennan, has today signed a guilty plea deal in the face of what his lawyers described as "draconian penalties." Brennan's webmail inbox was hijacked in 2015 and his emails were subsequently published by WikiLeaks. Liverman is …
If I forget to lock my house when I go out, that doesn't make it okay for some thief to walk in and steal my property. It would have been fine to let the fed know about their poor security, possibly even to publicize the fact, but then to break into databases, publish the data and send threatening messages and phone calls? That's way over the line.
Federal laws here are generally horribly draconian, but most of the time they will offer a reasonable plea bargain. Personally, I think he does deserve some punishment for his actions, partly as a deterrent to others, but I hope they don't go overboard on it.
It's one thing to leave the door of your own house unlocked. If someone steals from you, that's really on you. The buffoons running the government leave the door to everyone's house unlocked, and then complain when we install our own deadbolt (i.e. encryption). Then they wonder why we the people consider them an enemy. What would you consider someone who--sometimes unlawfully--collects your private/personal data, and then potentially exposes it to any slacker with enough time on their hands?
The info that makes it to WikiLinks is just the stuff the hacking community thinks might make a difference. Imagine what gets sold off to the highest bidder instead on the dark web. Credit info, medical records, etc...
There's a place for them, sure. Someone who has committed a sexual assault, for instance, will be making life a tiny bit easier than it otherwise would be by sparing his victim from a trial; someone guilty of homicide will be similarly reducing the burden on friends and family of the victim. Perpetrators can get (relatively small) concessions in sentencing for cooperating in these instances.
What is the purpose of a plea bargain in crimes such as this? It just seems to me that the US approach is to present the defendant with a non-trivial % chance of (often amazingly severely) punishment if they plead not guilty so they just plead guilty to get a more certain bet of a realistic punishment.
I can't see how this is justice being seen to be done, which I believe is nearly as important as it being done. Can anyone enlighten me?
You have it wrong.
The problem with the system here is that for a single crime they they bring multiple charges. So you are sentenced on multiple charges for a single crime and the sentences often run consecutively. This can mean long stretches in prison for the multiple charges related to a single crime. It can be so draconian that even if you are not guilty you plea the case rather than take the chance with being found guilty. In this specific case by taking a plea on the Conspiracy case the guy avoided trial on multiple Felony charges that could see him being sentenced to decades in prison.
In most other developed countries sentences run concurrently so you really only serve the longest sentence even for unrelated charges. In fact I doubt there is anywhere in the world where prosecutors can spin as many charges for single crime as they do here.
For the rest of the developed world District Attorneys and judges are technocrats. Here they are elected officials, politicians. They want to appear tough on crime so justice gets shafted in most case in favor of bringing tough charges for the simplest or crimes and padding every possible charge you can find for each crime that is committed
«Sarah Harrison, the acting director of the Courage Foundation, which had raised emergency funds for Liverman, said: "Without CWA, the public would not know that the Director of the CIA did not take adequate precautions around his own security clearance questionnaire. There's barely any point talking about 'cyber attacks' from sophisticated nation state actors when the highest-level officials are leaving the front door wide open." Harrison continued:
If John Brennan will not face any penalty for his negligence, there's no good reason why anyone else should do. Justin Liverman's potential sentence is outrageous given the relative triviality of the Department of Justice's allegations. Courage's emergency appeal for Justin will remain open until he no longer needs our assistance.»
I think Ms Harrison nailed it. Mr Brennan's negligence, which in his position should certainly be regarded as criminal, goes unpunished ; Mr Liverman, however, who performed a service in revealing the above, faces being put away for a long, long time. I suppose that's «justice», in the «indispensable nation»....
Trump doesn't think much of Brennan. He'll get fired next week. If he has job security his job will start to suck big-time. If embarrassing him is Liverman's only crime, Trump can commute his sentence.
If Brennan's smart, he'll own up to his mistakes and resign.
The paid liars want people to believe that the punishment for a crime is suppose to be "equal" to the damages incurred. That is NOT what punishment is suppose to be under law. Punishment is meant to discourage the perp and other potential perps from committing crimes. The U.S. computer hacking laws are not draconian at all. Allowing this criminal to get off with just a 5 year prison sentence and repayment of $95,000 is an insult to the populace who is violated by these crims.
The paid liars will continue to dupe the gullible who think punishment is meant to be equal to the crime. To illustrate the point... If a person robs a bank, gets caught a week later and decides to give back the money he has left over from a buying spree, should this person just be able to repay the money and escape prison time? I don't think so. He probably endanger many people's lives and as such belongs in prison with the hackers.
Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms.
While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat.
Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident.
Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.
Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.
The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.
After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.
Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.
The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.
Analysis The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country's Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.
However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft.
Lapsus$ in February compromised Nvidia, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.
The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.
NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.
"Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."
BadgerDAO, maker of a decentralized finance (DeFi) protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen.
"As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals," the company wrote in a Twitter post. "Our investigation is ongoing and we will release further information as soon as possible."
PeckShield, a blockchain security firm, put the losses at $120.3 million, if translated to fiat currency.
A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm's share price – including allegedly planting fake press stories about the breaches.
US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his "access as a trusted insider" to steal data from his employer's AWS and GitHub instances before "posing as an anonymous hacker" to send a ransom demand of 50 Bitcoins.
The DoJ statement does not mention Sharp's employer by name, but a Linkedin account in Sharp's name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.
A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.
Check Point put out a report on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually leaked online in 2017.
The timeline basically seems to be, according to Check Point:
A young man caught hacking into Nintendo’s servers to steal secret Switch blueprints has been sentenced to three years in prison after ignoring an FBI warning to stop.
According to court documents [PDF] Ryan Hernandez of Palmdale, California, is now 21 though in 2016, while a minor, he requested help on a Nintendo forum. An engineer at the Japanese giant clicked on a link in that post and was taken to a malicious website that secretly obtained the staffer's login credentials for Nintendo's developer portal. These were then used to gain administrator access on the internal site.
From there, he stole reams of Nintendo's confidential information, some of it on the yet-to-be-announced Switch console, that he then posted online. This attracted the attention of the FBI, who turned up at his parents’ house in October 2017, and extracted a promise from Hernandez that he would stop his hacking activities.
A college graduate has admitted hacking into the email and online accounts of female students, stealing their nude photos and videos, and trading them with others.
Nicholas Faber, 25, on Tuesday pleaded guilty to one count of computer intrusion causing damage, and one count of aggravated identity theft. He is scheduled to be sentenced June 9, and faces up to 12 years behind bars, prosecution documents filed in a US federal court [PDF] reveal.
Faber graduated from SUNY Plattsburgh, in New York, in 2017. He and accomplice Michael Fish, also a former graduate, worked together for two years afterwards to break into dozens of students' accounts in the university's MyPlattsburgh portal and steal their data. Fish pleaded guilty last year to computer hacking and aggravated identity theft offenses as well as the possession of sexually explicit material of children, and is scheduled to be sentenced on March 19.
Biting the hand that feeds IT © 1998–2022