.

Hactivism - Good or bad?

I think hactivism is:

Good.
1
13%
Bad.
4
50%
A useful tool sometimes.
2
25%
Haven't made up my mind.
1
13%
Choose not to answer on the grounds that I may incriminate myself.
0
No votes
 
Total votes : 8
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Feb 25, 2007 12:17 am

Hactivism - Good or bad?

The article below entitled "Vigilante Hacker's Evidence Puts Judge Behind Bars," made me think about where our readers stand on hactivism. Share your thoughts.

A so-called hacktivist's Trojan program that allowed him to infiltrate the judge's computer and find evidence of child pornography possession raises legal and ethical questions for some.

By Sharon Gaudin
InformationWeek

Feb 23, 2007 01:32 PM

A former California judge was sentenced this week for possession of child pornography, six years after a vigilante hacker infiltrated his computer with a Trojan horse computer program designed to weed out pedophiles.

Former Orange County Superior Court Judge Ronald C. Kline, 65, of Irvine, Calif., was sentenced Feb. 20 to 27 months in federal prison for possessing thousands of images of under-age boys engaged in sexually explicit conduct. He pleaded guilty in December 2005 to four counts of possession of child pornography, admitting that the images of child pornography were on his home computer, two floppy disks, and one portable disk drive, according to a written release from the U.S. Attorney's Office in the Central District of California.

The sentencing wrapped up nearly six years of legal wrangling over the admissibility of evidence obtained from Kline's computer.

Brad Willman, a Canadian known in hacker circles as Citizen Tipster, wrote the Trojan and embedded it in images of child pornography. He then planted the images on newsgroup sites frequented by pedophiles. Once users downloaded the images, their computers would be infected by the Trojan and Willman would have access to their machines so he could root around in them, looking for other child pornography or even molestation evidence.

Willman has not been charged for the computer break-ins or for writing and distributing the malware.

The vigilante hacker found other images of child pornography on Kline's computer, along with a personal diary recounting his "sexual interest" in young boys, according to Assistant U.S. Attorney Greg Staples, who worked on the case. Kline, who was a judge from 1995 to 2003, also was a Little League umpire in the town he lived in.

Staples says Willman passed the information on to a group that tracks pedophiles, and the information eventually made its way to California authorities, who began an investigation.

"We wouldn't have known about this without him," says Staples, who adds that a search of Kline's home revealed 1,500 images and 24 videos of child pornography. "It began the investigation ... he fancied himself a predator hunter." Staples also says a search of Kline's judicial chambers found he used his court computer to visit pedophile sites, as well.

The ethical difficulties with the investigation, which in itself was illegal, led to complications for the prosecution. The federal case took a major setback when U.S. District Court Judge Consuelo Marshall ruled in 2003 that the evidence Willman found on Kline's computer amounted to an illegal seizure, saying the man, who called himself a "hacktivist," was acting as an agent for law enforcement.

The Ninth Circuit Court of Appeals overruled that decision in 2004. The case never went to trial because Kline pleaded guilty in December 2005.

Staples says it was easy enough to prove that Willman had not been acting as an agent for the police because it took them upwards of six months just to track him down to verify his identity and what he found on Kline's computer. "The key issue, as far as this case goes, is whether the government had knowledge of what this person was doing," he adds. "Clearly, we did not. He did his search six months or more before we even knew who he was."

The question now is whether this case will spur more would-be vigilante hackers to take up arms against any number of groups or causes. While the prosecutor claims the state wouldn't have had a case against Kline without Willman's help, virus writing and accessing someone else's computer is a legal minefield. And if the malware or intrusion had caused more than $5,000 in damages to the computer, the hacktivist could have been facing federal charges.

"You don't want vigilante amateurs getting involved in this," says Graham Cluley, senior technology consultant for Sophos. "They are breaking the law. ... The danger here is taking the law into your own hands."

Keith Jones, a senior partner with Maryland-based Jones, Rose, Dykstra & Associates, a digital forensics company, says infecting machines with malware could damage evidence that law enforcement will need to make the case. It also could give the defense something to argue during court.

"A case without a Trojan is going to be a heck of a lot easier to prove," says Jones, who has done forensic investigations on more than 100 cases, including the UBS PaineWebber case last year. "If there's a Trojan on there, you're no longer examining a computer that only the owner has been able to touch. Now you have the added job of figuring out if this picture was downloaded by the person physically controlling the keyboard or by the person controlling the Trojan. ... It lets the defense argue that someone else had the ability to do it."

Assistant U.S. Attorney Elena Duarte did not work on the Kline case but as chief of the Cyber and Intellectual Property Crimes Section for the Los Angeles office, she warns would-be hacktivists that no matter the cause, hacking is still against the law.

"I would caution folks who think that just because there's a moral justification it makes it all right to violate any laws," she says. "Computer intrusion statues don't provide for a justification if you have a good motive. It's not a good thing and it certainly should be discouraged. ... It puts them in a position of a potential target for prosecution."

Duarte says anyone thinking of working as a vigilante should make sure they know the law, and consider if they want to run the risk of being criminally prosecuted.

"It's always good to see criminals brought to justice but the means of doing that are just as important," says Duarte. "If the means are not appropriate, then we certainly don't encourage them."


Original story:
http://www.informationweek.com/security ... =197008431

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Sun Feb 25, 2007 2:20 am

Re: Hactivism - Good or bad?

I don't mind law enforcement doing this type of thing.  In fact I think law enforcement should have more freedom in this direction as long as it is moderated and managed.  I do not, however, think that we should set a standard of letting anybody do this.  I am worried that all of a sudden it will become a defense for the criminals. "I was just looking to see if the owner of the system was a criminal."  We definitely need to avoid that scenario.
Go forth and do good things,
Cutaway
<<

Kev

Post Sun Feb 25, 2007 9:48 am

Re: Hactivism - Good or bad?

Good point Cutaway and I agree. I don’t feel comfortable at all allowing the average hacker gaining access to computers for supposed good causes. I will say that was a well done hack though.
Last edited by Kev on Sun Feb 25, 2007 9:50 am, edited 1 time in total.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Sun Feb 25, 2007 9:44 pm

Re: Hactivism - Good or bad?

Child Porn is very disgusting and I feel anyone caught involved in it should be shot on site! I also feel that breaking the law is breaking the law. Hactivism is criminal once it breaks the law and I do not believe in it. If you want to call yourself Ethical you have to have standards to live up too. The Law can be slow and may not always catch every criminal but once you become a criminal to catch one you have lost all the faith and morals of the system.

Brian
aka Slimjim100
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

CadillacGolfer

Newbie
Newbie

Posts: 36

Joined: Thu Dec 14, 2006 1:58 pm

Post Mon Feb 26, 2007 1:04 pm

Re: Hactivism - Good or bad?

When points like this are raised from time to time, I always relate it back to the physical world.  If this hackivist had broken into the judges home to look for evidence, he could have (and should have) been arrested for breaking and entering.  In my mind there is no differnce between the cyber world and the physical world when it comes to instrusion.  And i agree with the other points mentioned above about mucking with evidence and giving the defense atorneys ammunition.  The ends  do not justify the means. 

Where do you draw the line?  How would people feel if the RIAA was installing trojans to see who is downloading music illegally?  Granted its no where near the level crime of child pornography (not even in th same ballpark), but you see my point.

Also, under US laws, the hackivist himself could have been arrested.  The articel states "... wrote the Trojan and embedded it in images of child pornography. He then planted the images on newsgroup sites frequented by pedophiles...."  This implies he had the child porn images on his computer.  The child porn laws are quite clear and he should have been arrested for possession himself.
<<

LSOChris

Post Mon Feb 26, 2007 1:28 pm

Re: Hactivism - Good or bad?

I’m not a lawyer either but isn’t there something about obtaining or using evidence without probable cause.

If their probable cause to search that judge's computer came from illegally obtained evidence is that still a reasonable search and seizure?

I’m sure in this case because its KP, it won’t matter but what if it had been embezzlement or a white collar crime?
<<

Kev

Post Mon Feb 26, 2007 2:20 pm

Re: Hactivism - Good or bad?

  I am not a lawyer either (thank god) but I believe the police are not allowed to obtain evidence illegally, but can use what’s dumped into their lap. For instance if they catch a thief coming out a house and he had stolen cocaine from that house, they have probable cause to search that house, even though it was obtained illegally. Obviously the guy was a judge and felt like they had him and he confessed so I assume the police behaved correctly. Any rate, the entire thing is filled with “wrongness”!
<<

LSOChris

Post Mon Feb 26, 2007 3:37 pm

Re: Hactivism - Good or bad?

yeah i'll second that
<<

JobMatchNow

Newbie
Newbie

Posts: 24

Joined: Thu May 01, 2008 1:53 pm

Post Mon May 12, 2008 3:16 pm

Re: Hactivism - Good or bad?

Anyone know the actual, dictionary definition? Then i could answer having a better understanding on the topic.
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Mon May 12, 2008 5:59 pm

Re: Hactivism - Good or bad?

The biggest problem I see with this type of information gathering is that if the box was insecure enough that the Hackactivist could drop a Trojan and gather the information why couldn't someone have dropped the porn on the box the exact same way?  What better way for a hacker to get revenge on some judge who sentenced them to prison.  Compormise their PC, drop some really illegal and disgustging stuff, and later play the gray hat and "find" the stuff on the PC.  BTW JobMatchNow http://en.wikipedia.org/wiki/Hacktivism.
CISSP, CEH, GPEN, GCIH, GCFA
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue May 13, 2008 9:15 am

Re: Hactivism - Good or bad?

Geekyone,

I agree with your point, but at some point people have to be responsible for the security of their machine. I'm growing tired of the 'not me guv, must be one of them 1337 haxz0r type people' excuses. If you have anything on your machine then you should know how it got there. Until this is a basic requirement prosecuting this kind of thing is going to continue being a joke.

/rant
<<

Artful Dodger

Newbie
Newbie

Posts: 43

Joined: Tue Apr 29, 2008 8:58 am

Post Tue May 13, 2008 9:29 am

Re: Hactivism - Good or bad?

There are so many issues here.  I agree with Cadilac.  There is no difference between the virtual world and physical world.  I think many of you are right on target.  

The only thing I could add is that child porn is a low hanging fruit.  Everyone can agree that it is awful.  If they make it OK to be a hactivist to do this, they can also push the envelope closer to internet regulation and monitoring.  Breaking the law is breaking the law.  

I really quesiton what that guy is doing on CP sites posting CP.  What would happen if I went out and dealt crack or meth - but I I put a tracker in the bags.  I would still be a meth dealer and I would go to jail.  I imagine he is not posting inoceently...he has to be enticing people.  I have to go re-enact the crying game and go cry in my shower....ugh.
CISSP, C|HFI, Security+, Network+, XYZ...blah.
<<

Artful Dodger

Newbie
Newbie

Posts: 43

Joined: Tue Apr 29, 2008 8:58 am

Post Tue May 13, 2008 9:33 am

Re: Hactivism - Good or bad?

and oh yeah the fact that someone openly placed malicious data on a machine makes proving guilt in court very difficult.  You guys are dead on.  Forensics need to follow a strict set of rules.  What kind of rules did that guy follow?  probably none.  That comes up in almost every case I am part of. "how do we know someone else didnt put this here/edit this/post this...yadda yaddaa" 

Ok I will get off my soap box ;D 
CISSP, C|HFI, Security+, Network+, XYZ...blah.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Tue May 13, 2008 1:45 pm

Re: Hactivism - Good or bad?

Wow... now that's a good topic Don.  Geeze... where to start, where to stand.  On one hand... getting rid of a scum bag is always a good call.  I kind of like the show "Dexter" where it has a serial killer... who kills serial killers.  Kind of an interesting twist, and in some regards runs parallel to this; we have a person breaking the law, to get rid of a law breaker.  The obscenity of the crime on the judges part, to a degree, placating the feelings of wrong doing the hacker would generally garner.

I totally disagree with Cutaway on law-enforcement or government needing the 'right' or 'authority' to create their own anti porn trojans or whatever.  Or trojans in general... none of us liked Sony for their tricky little rootkit.  Honestly, the Orwellian times will come soon enough, without us forcing 1984 upon ourselves any sooner.  Hell, we're almost there in many ways.  We already have the RIAA hiring PI's to sit out infront of houses in vans and snoop wirelessly on what people are downloading.  (Talked with one).  I'm not a paranoid man... (though.. I may run certain programs in paranoid mode... perhaps I do use Gutmann wipe... was that a knock at my door?) but I do think Daniel J. Solove wrote a decent article when he wrote '"I've Got nothing to hide" and other misunderstandings of privacy.'

The loss of privacy and autonomy is a slippery slope, like the loss of freedoms and choice.  I'm a huge fan of harsh punishments... and in the case of the judge.. as soon as they found KP on his work computer, he was as good as hosed.  I'd say save the electric bill and drop a 9mm in his temple when it was obvious he was guilty.  Porno on removable media sitting around... multiple computers full... yeah.  Can't do all that remotely, which is why they were able to get him... and he confessed. 

So.. it's a bit of a hard call for me.  I love the romanticism of the good guy breaking the law for the better good.  Don't we all love Batman, or other heroes?  Of course we do.  They break laws, and perpetrate justice we wish would happen, and fullfill the fantasy of fairness generally.  Thing is, in the real world we have to rely on humans... real people.  And though there may be men of integrity, power and anonymity are with people corrupting influences often. 

Anti child porn trojans... that are made public that they are being used, and are employed by open/peer reviewed groups might be doable.  Perhaps something like.. "To Catch A Preditor".. that was a great series I thought.  But the question is where do the government oked trojans/rootkits stop?  Why not install a keylogger on everyones computer... I mean, they MIGHT type something about a terrorist attack, and that woudl save lives if we knew what EVERYONE typed right?  Still, a fully open/peer reviewed set up could be an ok thing I think, as long as used against horrific things such as KP.  I am done rambling.
"Bad.. Good?  I'm the guy with the gun"

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software