Hacking

Here is an interesting connundrum. Did he or did he not? …

According to accounts provided in court documents and a narrative taken from the 4chan website, Kernell accessed Palin's Yahoo email account by correctly guessing three password-reset questions using information that was readily available online.

"'Hacking,' which implies the use of sophisticated means or specialized computer skills, is not applicable to the alleged conduct," attorneys for Kernell wrote.

They aren't the first people to quibble with use of such terms in describing the acts Kernell allegedly carried out. Some seasoned security experts have also taken issue with use of the word "hack" to be synonymous with "electronic intrusion."

"It doesn't constitute what we would label as advanced hacking," Rob Graham, CEO of consultancy firm Errata Security, said of the acts alleged in the indictment. "It's something that a teen can figure out, rather than an advanced professional."

The document is one of three defense motions filed since Kernell was indicted in early October for intentionally accessing a protected computer without authorization. The barrage suggests attorneys for Kernell, the son of a a Democratic Tennessee state lawmaker, intend to mount a defense that is considerably more vigorous than many in computer crime cases.

One motion argues that prosecutors improperly charged Kernell with a felony instead of a misdemeanor, as the statute in the case calls for. Under the law, the unauthorized access of a protected computer should be classified as a misdemeanor except when it is used to further a separate crime. In Kernell's indictment, that other crime is the unauthorized access of Palin's email account.

The indictment "is very strangely pled and circular," said Jennifer Granick, a staff attorney for the Electronic Frontier Foundation. "It's not surprising given the nature of the charges and given the quality of the indictment that the defendant would see a real opportunity here to make some points in favor of the defendant."

The Register

First off, an hacker is not necessarily a bad person. The term means in compuspeak: A person who can hack a problem.

So Yahoo exposed, with weak security, the e-mails of a client whom, it turns out, was concealing by neglect if not criminally hiding US State and Federal records. Public records.

If the lad exposed a crime or an idiot (personally I'd go with idiot) he was engaged in public duty. Or is it not a public duty to report a crime or negligence from a public official?

But to know he had uncovered a crime, he had to commit intrusion -perhaps even trespass. Or is the readily available but indirect linkage he followed an intrusion?

The hacker found the necessary information about the subject that enable him to fill in the publicly available forms to gain access. How much of this is collusion with Yahoo and Governor Sarah Palin herself?

Or to put it this way, do you have an account protected by a password?
If so can it be reset using a question and answer routine that can be guessed easily?

For instance if the question required to identify you to the server is a family member or the name of a pet, a school you went to or your date of birth, how long would it be before the answer could be found by total strangers?

Again; I will put it another way:
Even if you were famously stupid, would you consider letting anyone gain access to secret correspondence you were trying to hide from the NSA etc, by using as security, information about yourself that is public knowledge widely known?

Moreover, if you were setting yourself up to be one of the world's most famous women, would you do your best to let the matter drop or would you, as a public servant and lawmaker, feel obliged to have the hacker prosecuted to the full limit of the law?

If the latter, would you endeavour to have the case kept simple? The prosecution of it straightforward?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s