This article can also be found in the Premium Editorial Download "Information Security magazine: Negative exposure: Web scanners reveal unknown holes."
Download it now to read this article plus other related content.
Ah, for our would-be digital outlaws, there may be a fate worst than the gulags and gallows. Norwegian prosecutors aren't recommending jail time for a teen convicted of distributing a DVD decryption script. Rather, they want him stripped of his computer.
Jon Lech Johansen, 19, who wrote the DeCSS program that allows Linux users to play DVDs by cracking their security protections, may temporarily lose the privilege of surfing the highways and byways of the Internet until his probation passes. Prosecutors say such a sentence, and a hefty fine, is punishment enough.
The prosecutors may have a point. Take away a hacker's computer and you essentially cut him off from his community. He'll have plenty of time to contemplate his black hat actions and, perhaps, reform his malicious ways.
I guess we'll have to wait and see how Johansen turns out. Maybe he'll send us an e-mail when they allow him to plug back in.
DMCA Fails Test
If Shakespeare were writing about the Digital Millennium Copyright Act (DMCA) and the ElcomSoft trial, he would probably describe it as "sound and fury, signifying nothing."
In the first test of the controversial 1998 law, U.S. prosecutors failed to make their case that Russian software company ElcomSoft intentionally created and marketed a program designed to crack the security protections of Adobe's eBook.
Although the legal eagles are still dissecting the trial transcripts, it appears a person's intent will weigh heavily in future DMCA cases. That's good news for all those security researchers who stopped publishing their work out of fear that they could be prosecuted like ElcomSoft programmer Dmitry Sklyarov.
And what about the whiz-kid whose arrest at Def Con 9 started this whole thing? Well, his 12-month probation ended with the trial, so he walks away virtually scot-free, too.
One Smart Kid
Reid Ellison is one smart kid, maybe too smart. He's the kind of kid who makes script-kiddies look even more pathetic. Unlike most hackers his age, who crack their school computers to raise their grades, this ingenious straight-A prodigy lowered his GPA.
That's right, he lowered his GPA from a perfect 4.0 to a dismal 1.9-and he had good reason for doing it.
Like all students at Anzar High School in San Juan Bautista, Calif., Ellison is required to complete a series of six projects to graduate. To knock out three at once, he asked for permission to test the security of his school's computers. Intrigued, school administrators agreed.
In less time than it takes to say "L0phtcrack," Ellison smashed through the weak network security. But how to demonstrate that he was indeed there? Easy, he lowered his grades.
Ellison earned an A for his paper, "The History of Hacking." Of course, he made sure his GPA was corrected. Like I said, one smart kid.
And We Paid for This?
Government has a wonderful way of spending taxpayer money on reports that state the obvious. The latest example: The Gilmore Commission's review on the National Strategy to Secure Cyberspace.
Chaired by former Virginia governor James Gilmore, the commission says the Bush administration's hopes for voluntary adoption of its cybersecurity plan won't work, and that the government has failed to use persuasion or market forces to compel private-sector compliance with security needs.
I'm glad we had a government panel to tell us that!
Stand Up to Saddam
Saddam Hussein's recent apology for Iraq's 1990 invasion of Kuwait failed in two respects: It didn't diffuse tensions with the United States and, more immediately, it angered at least one Kuwaiti hacker.
Known as "Koko," the teenage Kuwaiti hacker last month planted a virus on the Iraqi Ministry of Information Web site in protest of Saddam's apologetic remarks to the Kuwaiti people.
"I did it because what Saddam said was lies, and someone had to show that Kuwait was not going to put up with his threats anymore," Koko told a Kuwaiti newspaper.
Way to go, Koko!
About the author:
Lawrence M. Walsh is managing editor of Information Security.
This was first published in April 2011