Teen Nearly Killed us All

[NiteFox]

http://www.smh.com.au/articles/2004/02/03/...5776065349.html

Or, to sum it up in one line:

"McElroy wanted to use the advanced network's power to download and store films and music from the internet."

[Roland]

I chuckled the whole way through.

Anyone else reminded of "War Games"?

[TaiDaishar]

That must be one of the dumbest kids in the world...

It also makes you think how EASY it is to cause so much damage, one hacker could possibly launch a nuclear missile to where he wants...

[Yrrek]

The terrorists might hear! :ph34r:

EDIT:typos *grumble grumble*

[Cryptic]

Just what we need, hackers of all stripes and colors finagling their way into top-secret networks to use them for their own trite, ridiculous ends.

[Nervous NORAD Lieutenant]: Sir! We're intercepting some kind of text string from an outside source ... someone is trying to hack into the missile control system!

[NORAD Commander]: Johnson, report! What does it say!

[Lieutenant]: Decoding now, sir ...

[Commander]: Dammit Johnson, speak to me, lives are on the line here ...

[Lieutenant]: Got it! It reads ... "Itamz ... plz give ... hlp ... Occy Cham? plz hlp ... baba plz ..."

:P

[channel1]

The biggest idiots are the ones who still connect systems that require security to an open WAN (i.e. Internet).

Then, to top it off, those same idiots spend millions or even billions of dollars trying to secure an inherently insecure system.

Here's my billion dollar advice:

1- Most secure system: No system at all.
2- Next most secure: Non-networked system
3- Most practical, secure option: Closed, dedicated network
4- The way they will probably go: Internet2 (dedicated government/research/educational WAN)

-rcv-

[JustAGuy]

So, a 16 year old kid writes a program that leeches MP3s and "pr0n", as they say, using the big networks' bandwidth and storage capability. I used to do this at college all the time, funny though, I could never find enough goodies to download back then.

So, 16 year old (and his friends) slows down a big network. It just happens that this particular bandwidth was in use by some top-secret U.S. weapons "research" facility as well, and when they notice a drop in network performance, they automatically assume it's a terrorist attack. Tsk tsk. Last time I checked, the terrorists were living in caves?

My favourite part of the article is the judge. He wants to make an example of the kid, but then realizes the poor kid was only trying to download music and porn. What kid doesn't want these things? And don't get it twisted; "McElroy wanted to use the advanced network's power to download and store films and music from the internet." -- "films" = porn.

You know, if there wasn't a "top secret United States weapons laboratory" in the first place, people like the poor 16 year old (now 18 year old) kid wouldn't have to worry about being arrested for downloading porn and MP3s. If downloading porn and MP3s is a crime, take me to jail! I mean, uh ... well... music and "films" that I already own or have paid for electronically... *cough* :)

This kind of reminds me when my friend was working on a networking assignment in MS-DOS. The packet software he wrote was basically a sniffer, a buggy one at that. His sniffer listened to all the packets on the network, and for the DNS server's packets in particular, it would magically re-write and re-route them, causing the Internet for the whole college to magically stop working. This was not intended operation. He didn't know there was a bug in it, but yet he was almost kicked out of our Computer Engineering course because of the panic he caused. A professor had to step in and assure the higher-ups that his student had simply made a mistake in his code and wasn't maliciously attacking the network. I guess people don't like it when their networks stop networking...

[Roland]

"I guess people don't like it when their networks stop networking..."

Maybe because it can cost upwards of billions of dollars in damages via lost time, productivity, repairs, etc.? Imagine if someone kicked NASA off the airwaves, blocking them from recieving any data from their numerous space ventures (photos, data transmissions, etc.), all because said someone wanted to download "films and music"? Or imagine someone taking down an entire neighborhood's bandwith / ISP connection so that they could do the same?

Gee, I can't for the life of me see why taking down a network would be seen as a bad thing. Nope, not a single reason is dawning on me.

<_<

[Roland]

Stupid double posts.

[MongoJerry]

This story reminds me of a vagely related incident at my previous job. I was working for a small company with about 35 employees that used a business dsl line to connect to the outside world (I think something on the order of 500kps both ways). The employees could be divided up into roughly four groups -- Research and Delopment (four programmers of which I was one), Graphic Arts (5-6 people), Video production and editing (4-5 people), and Sales and Management. Serving these groups was Lynda, our System Administrator who became a good friend of mine, and a half-time assistant. Since she built and maintained Windows, Macintosh, and Unix systems, built and maintained the entire network, and was able to get everything to talk to each other, she was an overworked miracle worker.

Now which group do you think Lynda had the most trouble with? She got along well with the R&D group, because we actually knew what we were doing, understood her system, and were willing to ask for help when we ran into something we didn't understand. The Sales & Management group rarely did anything to mess up Lynda's work, because they were afraid of computers. As long as they could surf the web and read their e-mail, they didn't bother her. The video people mostly stuck to using their own fancy video editing equipment and rarely interacted with the network. That leaves the Graphic Arts deparment.

Ah, graphic artists. It seems to be a general trait among graphic artists that they think that because they can work miracles in Photoshop, they must know everything about computers. So you have the most frightening situation for a SysAdmin: a group of people who know just enough about computers to mess everything up.

The tales of her dealings with the Graphics Art department were many and varied. But the tale that partially relate to this thread comes in two parts. First, one day, the head of the GA dept came up to Lynda, upset that the graphics files he's been trying to send to a client hadn't been getting through. It turned out that the graphic artists were trying to e-mail their images to the client, despite the fact that these files were 10-20 megabytes in size. Lynda had to explain to the department manager that e-mail wasn't designed to handle such large file sizes, that binary files get UU encoded and therefore double in size, and that many companies and ISP's have a roughly 1 megabyte limit on the size of any incoming e-mail message. It took about a half hour to convince the manager that the Lynda didn't have some sort of established and arbitrary limit placed on outgoing file sizes and that there was nothing we could do on our end about this. (This was understandable, since Lynda was known to be subversively vindictive -- such as placing a half second delay on packets going to a computer used by a person who upset her, slowing the person's web browsing to a crawl). Only when I backed Lynda up on everything she was saying did the manager back down. So Lynda set up an easy-to-use annonymous ftp server from which clients could download their files. Everything worked smoothly for a couple of months.

Then, one morning, Lynda got an angry call from the CEO. He wasn't able to get his Yahoo and wanted to know why. Lynda quickly got dressed and went into work. Sure enough, the whole network had slowed to a crawl. She sniffed the network packets and found a ton of activity coming out of the ftp server she had set up for the graphic arts department. She went down there and asked the graphic artists what was going on, and they told her innocently that they had placed a file on the ftp server and told the client to download it. She asked what kind of file it was, and they told her it was a digitized video with some animations they had created spliced in. Her eyes went wide, and she asked them how big the file was. Puzzled, they said that they didn't know and clicked on the file to view its properties.

I forget what the exact number was, but I think it was on the order of 10 gigabytes -- all being transfered over a small DSL connection. I remember calculating how much time the transfer would take if the company's entire bandwidth was dedicated to that one file and that the transfer happened consistently at the fastest possible rate. It came out to something like three and a half days. Lynda just about broke down an wept. She stopped the file transfer, had the graphic arts department burn a DVD, and had them FedEx the movie to the client. The movie got there faster than the ftp transfer would've taken.

[CelticHound]

Reminds me of getting into OS arguments with a friend who is a Mac fanatic.

"The real problem with the Macintosh is that it gives people the illusion that they are computer literate."

BTW, my issue with the Mac is that I believe Apple didn't provide the same broad support to developers as Microsoft. (They got greedy - not that MS isn't, too.) As a result I'd classed the PC vs Mac as "Hard to use/easy to develop for vs. easy to use/difficult to develop for."

On the other hand, at a previous job, I once got under the skin of a new sys-admin. He needed to do some emergency maintenance of our Netware server, so he sent a message that everyone had to log out of the network. That was okay, but at the end of the message he said he'd send an email to let everyone know when it was okay to log in again. Naturally, I asked how would this would work, since you had to be on the network to get the email that let you know you could be on the network again.

-- CH

[JustAGuy]

Maybe because it can cost upwards of billions of dollars in damages via lost time, productivity, repairs, etc.? Imagine if someone kicked NASA off the airwaves, blocking them from recieving any data from their numerous space ventures (photos, data transmissions, etc.), all because said someone wanted to download "films and music"? Or imagine someone taking down an entire neighborhood's bandwith / ISP connection so that they could do the same?

Gee, I can't for the life of me see why taking down a network would be seen as a bad thing. Nope, not a single reason is dawning on me.

<_<

I agree that any network downtime is bad, and the kid shouldn't have been downloading music and films on other people's bandwidth (or at all for that matter), but the reaction is what I was questioning.

It was not a terrorist threat, as that is what they thought it originally was, so their reaction was improper.

Just because a few "crazy muslims" want to kill America, doesn't mean that everything little thing that happens has to do with terrorists.

"Uh oh, my computer is infected with a virus! Musta been terrorists!"

Give me a break.

[LochnarITB]

at the end of the message he said he'd send an email to let everyone know when it was okay to log in again.&nbsp; Naturally, I asked how would this would work, since you had to be on the network to get the email that let you know you could be on the network again.

Hehe, sounds like something I would point out. It just goes to show how ubiquitous email is these days. It no longer feels like a function tied to our computers. It is kind of like saying "call me". There is no thought of it possibly not being available, it is just there much like the phone. I wonder what will be the next means of communication that achieves this status. "What do you mean you don't have DNC (Direct Neural Communications)? They've been implanting them for a week now. Everybody has it!" B)

[jahcs]

But so many of his fellow hackers also accessed the system at the Fermi National Accelerator Laboratory in Illinois that it began to slow down. Technicians discovered the breach and "pressed the panic button". Fearing a terrorist attack, the computer was closed down for three days and the US Department of Energy sounded a full-scale alert.

Officers at Scotland Yard's computer crimes unit were contacted and quickly traced the then-16-year-old student to his east London home.

JustAGuy Posted on Feb 5 2004, 10:07 PM
It was not a terrorist threat, as that is what they thought it originally was, so their reaction was improper.

Just because a few "crazy muslims" want to kill America, doesn't mean that everything little thing that happens has to do with terrorists.

"Uh oh, my computer is infected with a virus! Musta been terrorists!"

Give me a break.

They feared it was a terrorist attack. If your system is under attack (regardless if it is terrorist or not) the easiest and fastest way to protect your system and its assets is to sever your connection with the outside and/or shut down the system.

On a footnote:
From all the definitions I've seen, terrorism is directed against civilians and this was a government installation. Although in recent history the definition of terrorism has been expanded quite a bit.

And to be a terrorist you don't have to wear a turban.

[kandrathe]

He was most likely very intelligent, but had zero common sense. Like me and my hacker friends when we were 16.

The truth about network security is that it mostly keeps the honest and ignorant out. A dedicated programmer who is very familiar with networks can pretty easily break into most commercial networks. It really takes good encryption and a dedication to keep your network clear of everything else to make things safer, and then in order to communicate at all you need to have a way to undo anything you encrypt. Even many network security people have no idea how vulnerable they really are. I would tell you of some stories about my work with various agencies if I could. When I was still consulting a few years ago, one of the services my team offered were security assessments.

Some stuff you just don't want to know. You'll sleep better not knowing.

[kandrathe]

The real question to ask ourselves is how do we know any network(or computing environment) is secure? Is it really safe, or are we just too ignorant to know how it can be compromised? All to often I think the later is the real answer, but the people in charge of the security would have to admit ignorance. I think most people would like to believe they are smarter than they actually are, especially in their chosen profession. In a recent publication by CERT, they highlight some of that risk in a neat graph. The available tools are getting more sophisticated such that the attackers need to be less so, even to where a 16 year old kid can get himself into some big trouble by having just enough knowledge to be dangerous.

[JustAGuy]

They feared it was a terrorist attack. If your system is under attack (regardless if it is terrorist or not) the easiest and fastest way to protect your system and its assets is to sever your connection with the outside and/or shut down the system.

That sounds fine; if your computer is being attacked, turn it off, no more attack. But the origin of the attack -- terrorists? Come on now, how many terrorist attacks have been executed in "cyber-space" in recent memory? If the research facility was so top-secret, how would some terrorists know about it? Why would they immediately fear that a network slowdown was a terrorist attack?

It's like the big black-out last year (was it last year?). Lots of people thought it was a terrorist attack right away, when really, it was just a bunch of people turning on their air conditioning units all at once (not really, but you get the picture).

And to be a terrorist you don't have to wear a turban.

Nor did I say that you had to wear one. I'm just saying that terrorism in the public eye is closely related to the terror attacks of 9/11, attacks that were perpetrated by Muslim Extremists. It's not my fault that there is a stigma surrounding the Mulsim Extremists. No one said you had to wear a turban to be crazy, or to be a freedom fighter. Take your pick at which one they really are. All I know is that the winners of this "war" will write the history books. Terrorists today could turn out to be heroes of the "revolution" in 100 years.

The people who are the real "terrorists" are the American government and the American media. If you define terrorism as being directed towards civilians, all these damn terror alerts, and "be ready" messages from the government sound like terrorizing the people to me. What a scared, fat herd the American population has become. Who's fault is it? Sure isn't mine, and it sure isn't that 16 year old hacker.

[Rhydderch Hael]

Bear in mind: the deadliest terrorist attack on American soil was done by foreign extremists, yes. But the second-place event (and topped first right up until the 11th of September) was planned, prepared, and executed wholly at the hands of American citizens.

Assumption is dangerous, and a folly given to any hand in an argument.

...Come on now, how many terrorist attacks have been executed in "cyber-space" in recent memory? If the research facility was so top-secret, how would some terrorists know about it? Why would they immediately fear that a network slowdown was a terrorist attack?...

"Top Secret" was a moniker placed by the article, recklessly at that, I may add. Fermi is well known as a nuclear research lab. It's the fearmongering perspective of the alarmist media that calls it a super-secret weapons lab with all the implications that the facility will make the world go *boom*.

Comprehension and cognizance of real-world mechanics will aid you in identifying the ever important (and sadly, ever more pertinent) fact that the media: A> is not an ascribed expert in any esoteric field and must report from the perspective of a generality; B> not going to sell much by saying "everything's fine, people..."

[Vandiablo]

"Nuclear panic"???

YES! NUCLEAR MISSILES ARE CONTROLLED BY SCIENTISTS AT THE ACCELERATOR!!

Duh.

Stupid article.

The only overreaction I see here is the exaggeration by the reporter. "Sounded the alarm" or "went on full alert" I'm sure refers to notifying the FBI and warning other networks. Sheesh.

And if the kid is out to steal other people's processing and bandwidth, then he deserves the punishment he got. Stealing is stealing, whether you think you're smarter than your victim or not.

Regarding somebody's post, that was defining terrorism as attacking civilians, not governments. Since when are scientists considered fair game for attacks? Just because their work is top secret doesn't mean they are military, heck, they might not even be government. Bah.

-V
... hmmm... I wonder what Ally Sheedy is up to these days....

[JustAGuy]

"Top Secret" was a moniker placed by the article, recklessly at that, I may add. Fermi is well known as a nuclear research lab. It's the fearmongering perspective of the alarmist media that calls it a super-secret weapons lab with all the implications that the facility will make the world go *boom*.

Hey, I was just going by what I read in the article. I wasn't trying to pick at or dwell on the details, rather the reason why an article like that uses alarmist buzz-words in the first place.

Comprehension and cognizance of real-world mechanics will aid you in identifying the ever important (and sadly, ever more pertinent) fact that the media: A> is not an ascribed expert in any esoteric field and must report from the perspective of a generality; B> not going to sell much by saying "everything's fine, people..."

I'm quite aware of what the media does, and how and why it does what it does. That's a wonderful by-product of Captialism and "vested interests", be they the interests of the "news source" or others. It must be noted that it is primarily the American media that perpetuates the fear-mongering. I'm not saying Canada (ah, the frozen lands of the north) is free from the "bad news" (e.g. "computer attack believed to be perpetrated by terrorists!!"), it just doesn't focus on it as much. Canadian news is actually pretty funny sometimes.

What ticks me off is that your second statement is so very true. I don't disagree with you one bit, it's just distressing and irritating. I'm aware of it, but a lot of people aren't.