From: fc@all.net (Dr. Frederick B. Cohen)
To: cypherpunks@toad.com
Message Hash: 0da72004126ad7637082e42c8348d5209a225dfbedd95665e5dccd25cd8d8b73
Message ID: <9510091116.AA15078@all.net>
Reply To: <199510090843.SAA29314@suburbia.net>
UTC Datetime: 1995-10-09 11:18:49 UTC
Raw Date: Mon, 9 Oct 95 04:18:49 PDT
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Mon, 9 Oct 95 04:18:49 PDT
To: cypherpunks@toad.com
Subject: Re: LACC: Account sharing leads to false imprisonment
In-Reply-To: <199510090843.SAA29314@suburbia.net>
Message-ID: <9510091116.AA15078@all.net>
MIME-Version: 1.0
Content-Type: text
Thought you might like another perspective:
...
> A GORRIE STORY
>
> Here's the background: in October of 1994, Hirsh's stepbrother, a U of
> T grad student, said Hirsh could use his school-provided net account.
Almost certainly unauthorized use. The us of another person's account
is almost always against school policy, and hence is likely to be a
voilation of the law.
> Hirsh used it to read news. He thought the net fascinating so began
> uploading copies of The Anarchives. Hirsh never tried to hide who he
> was -- he even included his home phone number, which is how the Super-
> Sleuth Sysadmins "found" him. Hirsh made similar use of an account
> belonging to "Ms X" -- a female Ph.D. student and friend of Stepbro's.
Ignorance of the law is no excuse, and being easy to catch doesn't make
you innocent of a crime.
> This would have been a happy and otherwise normal arrangement except
> that in January, 1995, U of T engineering prof Jack Gorrie
> (gorrie@ecf.utoronto.ca), bossman of U of T's engineering computing
> facility computer, received a complaint from someone at the University
> of British Columbia about The Anarchives being posted to net news. The
> person wanted it stopped.
Interstate transport of stolen (presumably copyrighted) property, possible
violation of national laws of both nations. Unauthorized use of the
computers at the University of British Columbia.
> Gorrie came to notice Ms X wasn't signing these documents, a Jesse
> Hirsch was. He also noticed Hirsh and another U of T student (the
> stepbro) exchanged email about the accounts. As Hirsh and his stepbro
> have different last names, Gorrie concluded a larger hacker conspiracy
> was afoot.
Reasonable assumption. The only way to find out different would be to
violate the users' privacy by reading their mail, etc.
> Gorrie launched into his Canadian rendition of Cliff Stoll, author of
> compu-crime-thriller _The Cuckoo's Egg_ -- in Gorrie's case, _The
> Loonie's Egg_. He "tracked" Hirsh for two months, recording every
> keystroke -- even though he had all three students' phone numbers.
Collected possible evidence. A good idea. Allerting potential criminals
is a poor way to catch them and potentially dangerous. May not stand up
in court as it is heresay - not exempt under the normal business record
exception.
> On March 8, 1995, he asked the cops to intervene. "I checked and found
> that the account was indeed being used to broadcast information on
> behalf of The Anarchist Organization," he wrote Detective Hugh
> Ferguson.
Sounds wise.
> Thus it came to be that Jesse Hirsh was forced to model nude for
> Toronto's finest, with the blessing of U of T.
If he turned out to be a terrorist who was planning to blow up a
building, you would have called this a tremendous piece of police work,
they could have written a million-selling book, and you would hail the
sysadmin as a computer age hero.
> Stepbro got his own taste of U of T six-gun justice. Off in a
> Washington, D.C., engineering lab, he came under FBI investigation.
> Naturally, the FBI found nothing wrong because there was nothing wrong
> -- except for an over-zealous sysadmin using a meat cleaver to scratch
> an itch.
Try again. I assume that they found this was not a "real" terrorist.
But to call it over-zealous is not right. S/he was doing the job and
should be commended for trying to do it as well as s/he could.
> CHARGES DROPPED
>
> On Sept. 7, minutes before the case was to go to court, the
> prosecution dropped all charges. Hirsh agreed to pay a token
> settlement of $400 for four months of university computer use. U of T
> first claimed it was owed $1,560. Hirsh places the real cost at $60.
So Hirsh agreed that he had been illegally using the computer system
and the case was settled with a monetary fine.
> Hirsh devoted an issue of The Anarchives to the case. It spread around
> cyberspace. In it, Hirsh includes Gorrie's email address and asks
> people to send him their opinions. Quite a few did. They were rather
> unpleasant. Gorrie, miffed, used the U of T pipeline to have the
> stepbro make Hirsh shut up.
So what's fair for Hirsh is not fair for the Sysadmin? Sounds to me like
you think it's OK for Hirsh to have people write nasty letters to the
admin but not OK for the admin to respond via the step-brother.
> After subjecting Hirsh to complete and devastating public humiliation,
> U of T was now pleading for discretion.
After Hirsh broke the law, he is trying to get even for being caught by
harassing the people who caught him.
...
> Hirsh wrote Gorrie privately, saying he was sorry Gorrie was getting nasty
> mail. Gorrie replied the whole affair was a "big misunderstanding." As
> they were _both_ misled, they were _both_ victims: Victim Hirsh was
> dragged down the street in handcuffs, fingerprinted, mugshotted,
> strip-searched and jailed for hours; Victim Gorrie received email that was
> mean to him.
Hirsh realized he was wrong to harass Gorrie and appologized for creating
the situation. Gorrie gracefully called it a "big misunderstanding" and
accepted the abuse as part of doing a tough job.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to October 1995
Return to “fc@all.net (Dr. Frederick B. Cohen)”
Unknown thread root