Hacker Tool Author Sentenced to 3 Years

[Gigus Fire]

How do you become a whistle-blower or report something being done wrong, when you were never cleared and approved to work on the program to begin with?

This is a vitally important thing to understand, just like William Binney, Edward Snowden was not ""Read ON" and approved to work on what he was complaining about, which means in order to make a complaint, you are actually admitting that you have been accessing information that you weren't authorized to work with. The stuff I worked with, I wasn't just briefed, they showed me multiple films explaining everything, how what, why, etc. I know without any doubt under what authority I was doing my job, I received training every year on what I could and couldn't do regarding information collected on US Persons, what the limits were, how to report problems or incidents. Even now as a contractor, even though I don't actually work with SIGINT information any more, I still have to go to the Theater every year with thousands of other people and get briefed again on these things. It's because this post is where the Army does most of it's SIGINT training for new people so they just assume that most offices need it, and better to get it and not need it then have someone miss it. You can't know how sick I am of hearing about EO12333 but I get paid, and my customer demands it so.

Classified Information at those levels are compartmented, Sensitive Compartmented Information. In order to be allowed to work within a compartment and have access to the information, you must have three things, the appropriate level of Security Clearance, A Signed NDA, and a "Need to know", meaning your duty is to work with information from that compartment. Part of the Reading On process includes being briefed on what information it is you are going to be working with, how that information is collected, under what authority it is collected, and what safe guards are in place regarding this collection process to protect people's rights when appropriate. If he wasn't read onto the program, then he didn't have these things explained to him and other people who are read on, aren't supposed to discuss these things with people who aren't read on. So how he he supposed to explain how he knows about this stuff when he isn't supposed to know about this stuff. The simple fact that he is complaining about it means he is doing something illegal. And if he had been read on and cleared to work with this information, then he would have known why, what was being done, wasn't illegal.

Now Ed can sit in Russia and tell people all kinds of things and make claims that he went to his superiors and tried to use his proper reporting chain, but exactly how does that make any sense? It's not believable, not even remotely. Nobody that works in this world of classified information would ever believe this was true because things just don't work the way Snowden is trying to make it sound like they work. Only people who are ignorant of these things would ever buy it.

You shouldn't be able to access information you're not authorized to do. That's computer security 101. That reinforced me idea that there's little to no oversight at the NSA.

I've never heard anyone try and discredit the information that snowden released to the media. It wasn't as simple as take my word for it, there was documentation he took with him.

I don't think you addressed the abuses of power which is my whole point. You can't treat an entire agency as central to national security then watch as they spend their time looking at naked pics of people gotten from their spying on the populace and make excuses or gloss over that.

I believe he had the emails in which he emailed his superiors about abuses and their responses.

 

[lcpiper]

You shouldn't be able to access information you're not authorized to do. That's computer security 101. That reinforced me idea that there's little to no oversight at the NSA.

I've never heard anyone try and discredit the information that snowden released to the media. It wasn't as simple as take my word for it, there was documentation he took with him.

I don't think you addressed the abuses of power which is my whole point. You can't treat an entire agency as central to national security then watch as they spend their time looking at naked pics of people gotten from their spying on the populace and make excuses or gloss over that.

I believe he had the emails in which he emailed his superiors about abuses and their responses.

So there were two times in his IT career where he had opportunity to access information. One was when he worked at the Army Field Station in Okinawa Japan, he worked for Dell, Dell guys sometimes work on site at places like that as hardware techs, replace motherboards and fans for server equipment, etc. Typically a guy doing that work wouldn't have been cleared or had an account for any information at all, but if someone brings in a server and forgets to remove the hard drives, well that would be tempting for a bored hardware tech. Wow, Secrets.

Much of the documents that were released were from 2010 and prior, when he worked for Dell, of course old files exist all the time on networks so that's not proof of much really.

The other was when he worked for Booz Allen Hamilton in Hawaii, he was a systems guy so root and admin level privileges, and this is ostensibly when he took most if not all the data. The average user would have a harder time doing such things, but a trusted Admin with time and motive working out of an Army Facility in Hawaii, much easier. Everyone thinks NSA and pictures those huge dark glassed buildings with scanners and guards and swipe badges. But when you get to the smaller facilities in places like Korea, Japan, Hawaii, Germany, etc, the security is not the same. Usually there is a guard booth where you present your ID to a guard, he gives you your Badge, the door usually has a code and you are in. An admin would usually have access to the server rooms, and a work area with more than enough ready equipment for drives, cables, etc. Plus the only reason things are more secure today, is because of Snowden and Manning. If not for those two, we would still all be using thumb drives and USB access and disk burning rights for everyone. Not so today, but still, an Admin with physical access, you can't keep them out if they really want in.

 

[doublejack]

And again, if the gun maker designs and markets his guns as murder weapons and someone uses one to commit murder, then you are correct.

The same would be true for baseball bats, if they were designed as murder weapons and marketed to murderers.

That's the logic that you are missing.

My logic is not flawed. You are making the false assumption that all uses for hacking tools are nefarious or illegal. That's not correct.

Also, unless we're talking about Nerf guns, they aren't marketed as harmless. Quite the opposite, in fact.

If the tool being available is a problem in one case, then it applies to the other equally.

 

[lcpiper]

My logic is not flawed. You are making the false assumption that all uses for hacking tools are nefarious or illegal. That's not correct.

Also, unless we're talking about Nerf guns, they aren't marketed as harmless. Quite the opposite, in fact.

If the tool being available is a problem in one case, then it applies to the other equally.

No I am not. In fact, I have specifically stated in this thread that the reason this guy got convicted of a crime is because his tools were not only used illegally, thereby a crime was committed, and he was complicit because he sold them for that purpose.

Another guy said the same should be true for the authors of SSH and I explained to him this very difference above in post #13.

Again, if you create a product and make it available for sale, and it's used in a crime, this alone won't make you complicit in the crime. But if you make the tool either specifically tailored for the target of a crime or if you market and sell it specifically for illegal purposes, you are complicit and like this guy, you'll go to jail if it's proven and a Jury agrees.

 

[doublejack]

No I am not. In fact, I have specifically stated in this thread that the reason this guy got convicted of a crime is because his tools were not only used illegally, thereby a crime was committed, and he was complicit because he sold them for that purpose.

Another guy said the same should be true for the authors of SSH and I explained to him this very difference above in post #13.

Again, if you create a product and make it available for sale, and it's used in a crime, this alone won't make you complicit in the crime. But if you make the tool either specifically tailored for the target of a crime or if you market and sell it specifically for illegal purposes, you are complicit and like this guy, you'll go to jail if it's proven and a Jury agrees.

Sure, gun manufacturers are so much more responsible with their intentions and advertising. I almost believe. Almost.

 

[lcpiper]

Sure, gun manufacturers are so much more responsible with their intentions and advertising. I almost believe. Almost.

If you have to resort to digging up information from when a handgun sold for $6, one that was no longer manufactured before the start of WW1, you never had an argument to begin with.

Neat though, you picked the first gun in history that had an actual trigger safety, 100 years before Glock reintroduced it and tried to claim it as revolutionary.

 

[doublejack]

If you have to resort to digging up information from when a handgun sold for $6, one that was no longer manufactured before the start of WW1, you never had an argument to begin with.

Neat though, you picked the first gun in history that had an actual trigger safety, 100 years before Glock reintroduced it and tried to claim it as revolutionary.

You are wrong, again. See the pattern here? I chose that ad to make a point. Gun makers are, and always have been, about making money. Literally nothing else. They do not, in fact, give a damn about how their guns are used or whether the person that buys them will be responsible. Here are some recent ads that are just as flagrant, but in other ways of course.

 

[lcpiper]

And you still do not get the difference so you can't be helped, you don't want to know the truth, you only want to prove your false beliefs.

Nothing about those adds are marketing weapons as murder weapons or for the purpose of murder. One Shot One Kill, that's a Military Sniper, the Remington 700, although it's been used as a sniper rifle the one picture is for killing game, it's a hunting rifle. The handgun add you showed earlier was for a pocket gun in a day when carrying a gun was at least as common a thing as it is today and the add was referencing how safe it was, so safe that children and mothers shouldn't be afraid that Daddy carries his gun in his pocket.

Every company is in the business of business, of course they are in it for money. Sure, there are the odd rich guy who has more money then he needs or can spend who instead of using his money to accrue power over others, instead does really noble things with his wealth and may start businesses as a public service and not a money making scheme, but frequently even these businesses at least try to break even so their employees are secure.

You are making a lot of noise that you think means something when it actually doesn't mean what you claim it does at all. There is nothing at all damning about those adds or that businesses are in business to profit. Nor have you in any way at all shown that anything I have said is inaccurate or false. But please, keep trying, you're too easy.

******************************************************************************************

Exploiting children for a buck

P.S. Actually these diapers are for adults, but don't spoil it by letting him know ssshhhh

 

[SomeoneElse]

Blame everyone but the guy who did the crime or made money selling his tools for the purpose of criminal activity.

This isn't about blame this is about the making someone a hero versus making someone the villain. A double standard if you will.

 

[lcpiper]

This isn't about blame this is about the making someone a hero versus making someone the villain. A double standard if you will.

There is no double standard in this because A. He didn't work for the NSA and although he created a hacking tool that could be used for non-criminal purposes, he marketed and sold it for criminal purposes and they were used as such. He's complicit in the crime and his peers found him guilty, you know, those people we refer to as a Jury. The NSA didn't find him guilty, the Judge didn't find him guilty, 12 or so citizens pulled out of their daily lives to serve, usually at personal loss, listened to the evidence and the arguments and decided that this man was guilty. Then the Judge determined the punishment and levied sentence on him for his crime.

As for heroes, if you want to be a hero, don't go work for the NSA cause you will never do anything heroic as part of your job with them, that's not normally what the NSA is about. Thought Military people working at the NSA may have done something heroic, or go on to do something heroic in the future. Still, I doubt writing any code is ever going to be thought of as heroic.

 

[SomeoneElse]

There is no double standard in this because A. He didn't work for the NSA and although he created a hacking tool that could be used for non-criminal purposes, he marketed and sold it for criminal purposes and they were used as such. He's complicit in the crime and his peers found him guilty, you know, those people we refer to as a Jury. The NSA didn't find him guilty, the Judge didn't find him guilty, 12 or so citizens pulled out of their daily lives to serve, usually at personal loss, listened to the evidence and the arguments and decided that this man was guilty. Then the Judge determined the punishment and levied sentence on him for his crime.

As for heroes, if you want to be a hero, don't go work for the NSA cause you will never do anything heroic as part of your job with them, that's not normally what the NSA is about. Thought Military people working at the NSA may have done something heroic, or go on to do something heroic in the future. Still, I doubt writing any code is ever going to be thought of as heroic.

It is a double standard, just because "I work for the government" doesn't make it right to create tools for breaking security. I think in both cases its wrong but that's just me. The NSA/CIA and the hacker individuals/groups, they are breaking into things they shouldn't have access to.