Wednesday, June 10, 2009

Court hears NASA hacker 'at risk of psychosis'

Original article on ZDNet:

My view on this:

Of course NASA or the US army will never have to *prove* that it cost them that much money. They will probably never be asked to produce a report of work orders or insurance claims constituting the *actual* damage caused. They just need to say it, and thereby discredit someone with too much curiosity who happened to stumble accross a security hole that they didn't patch.

Let's think for a moment what this apparent $700k of damage might consist of. Some possibilities are:
1) man hours to reinstate the system critical files: $700k equates to 30 man-years of labor - somehow I don't think so.
2) physical damage to equipment - unless he wrote code to fire missiles or successfully burned out 1000s of video cards, I don't think so.
3) loss of data? If it cost that much, an organization like NASA should be sophisticated enough to use a non-volatile backup medium, and it would NOT cost $700k to restore from backup. Imagine if they lost all the deep space pictures that hubble has taken over the last 15 years, because they didn't back them up. I don't think so.
4) loss of software licences costing $700k? I'm sure that any software vendor dealing with NASA would have a relationship that allows them to reinstate licenses at little or no cost in such a situation.

Maybe they just thought that the public is getting tired of US government tarring everything with the same terrorism brush (the "cry wolf" effect), so they had to trump up their claims because other than that, the hacker was really just 'looking around'.

Finally, I would like to see a more precise definition of "hacking" in a legal context. Does it mean "attempting to gain unauthorized access", or "actually gaining unauthorized access", or "using unauthorized access to aquire unauthorized information and/or cause denial of services and/or data loss" ? It's like the terms of service on iTunes, which states you are allowed to "burn" your songs up to 7 times. Does copying it to my external hard drive or a USB memory stick constitute "burning"? Couldn't they say "make backups onto specific types of media which allow playback on musical devices"? What if I use a Re-Writable CD, erase it and burn it 7 times? What if I lose count? How can they ever hope to prove anything to enforce such a rule? Hey, Apple, you know that track I paid 99c for the other day? I just made 8 copies of it on my USB memory stick! Send 'round the feds! Haha!
Colloquialisms and jargon like "burning" and "hacking" in my opinion have no place in legal agreements or the court room.

2 comments:

Unknown said...

Very interesting what this caballo has written here.
Congratulations.

Unknown said...

Very interesting what this caballo has written here.
Congratulations.