In 2003, a University of Texas student, Christopher Phillips, hacked into a university computer system and stole the Social Security numbers of some 45,000 students, staff and faculty, and two years later, he was convicted and sentenced to five years' probation and 500 hours of community service, and ordered to pay about $170,000 in restitution to the university. Phillips appealed the decision, but a court last month upheld the conviction, not buying into Phillips' defense that he didn't really access the system without authorization. The system in question required only a Social Security number for access, so Phillips set up a program that simply used the formula for creating SSNs, and entered them into the system one after another, up to 40,000 times per hour. When it found a valid one, the program entered the system and extracted personal information from the account attached to it. Phillips argued, though, that since the site was publicly accessible from the internet, he -- and any other internet user -- was inherently authorized to access it. That's sort of a bizarre argument -- basically saying that it's okay to hack any site or system that's online, as long as some part of it is publicly accessible -- and one that's inherently problematic. By using that logic, it would be okay for Phillips to hack into a credit-card site and steal people's card numbers, a viewpoint that few people would share. It should also be noted, though, that the system he hacked featured pretty weak security measures: all that was needed for access was a Social Security number, and no other information. It would seem pretty obvious that such a set up is a ridiculously juicy, and easy, target for a hacker.
If you liked this post, you may also be interested in...
- Feds Insist It Must Be Kept Secret Whether Or Not Plaintiff In No Fly List Trial Is Actually On The No Fly List
- Documents Show LA Sheriff's Department Hired Thieves, Statutory Rapists And Bad Cops
- Unarmed Man Charged With Assault Because NYC Police Shot At Him And Hit Random Pedestrians
- Judge In No Fly Case Explains To DOJ That It Can't Claim Publicly Released Info Is Secret
- German Court Says CEO Of Open Source Company Liable For 'Illegal' Functions Submitted By Community