[Prev][Next][Index][Thread]
Re: Oregonian: Computer expert convicted in hacking [Randal Schwartz]
And, as I said before, this is not a topic for comp.lang.perl.*, but
rather misc.legal.computing, to which I've cross-posted this article
and redirected the followups.
For my "press release", and information about my legal defense fund,
send a message to fund@stonehenge.com (content unimportant).
[The press release goes into great details that were not available
before yesterday. If you requested this info before yesterday, please
get it again.]
>>>>> "Joshua" == Joshua R Poulson <jrp@plaza.ds.adp.com> writes:
Joshua> Judging by the email responses, my first posting on this subject has
Joshua> been treated with shock and surprise. Let's try again.
Joshua> [Reprinted without permission from the Oregonian, July 26, 1995, pages
Joshua> D1, D5 for the purposes of commentary] [No apologies for the tone of
Joshua> the article, I didn't write it, comments in brackets are my own.]
Joshua> By Fiona M. Ortiz, of the Oregonian Staff
Joshua> HILLSBORO -- Randal L. Schwartz has always known he was smart. What he
Joshua> has had trouble grasping is that a person can be too smart for his own
Joshua> good.
Joshua> Schwartz, 33, was earning $45 an hour as a contractor for Intel in
Joshua> October 1993 when he got caught cracking computer passwords in a
Joshua> system he was not authorized to access.
Joshua> Schwartz told jurors he was only trying to help point out security
Joshua> flaws. His lawyer insisted throughout the 2 1/2 week trial that
Joshua> Schwartz hacked because he could, not because he meant any harm.
Joshua> But after closing arguments Tuesday, the Washington County Circuit
Joshua> Court jury found the Cedar Hills consultant guilty of three charges of
Joshua> computer crime. [This is a felony offense in Oregon] He wept and left
Joshua> the courtroom facing a potential jail term and $60,000 in restitution
Joshua> to Intel.
Joshua> Schwartz's case was Washinton County's first computer-crime trial and
Joshua> meant a crash course in computerese for everyone in the courtroom. In
Joshua> the end, jurors were swayed more by the letter of Oregon's
Joshua> computer-crime law than the ``no harm, no foul'' defense of Schwartz's
Joshua> computer-hacker world.
Joshua> [Is this the same world where he's the author of two of the most
Joshua> popular reference books O'Reilly and Associates sells? I guess not.]
Joshua> Schwartz was a computer whiz kid and social misfit before he became
Joshua> part of the computer programming subculture.
Joshua> [The #2 industry in Oregon is a subculture now. Odd ain't it?]
Joshua> By age 9, at an elementary school in Gladstone, he knew he wanted to
Joshua> work with computers. By age 16, he was working full time for
Joshua> Tektronix. He set up his own consulting firm in 1985.
Joshua> His world was not the sensationalized subculture of young cyberpunks
Joshua> who use drugs and try to break into military computers. [Probably
Joshua> because it doesn't exist.] Schwartz's milieu was more of an academic
Joshua> subculture, where the computer cognoscenti talk of ``elegant
Joshua> solutions'' and wear their brains on their sleeves [So we're academic
Joshua> illuminati now, I see. I shouldn't have gotten my degree in Computer
Joshua> Science, obviously.]
Joshua> Even his defense lawyer, Marc A. Sussman, asked jurors not to judge
Joshua> Schwartz's sometimes ``irritating or arrogant'' personality. That
Joshua> arrogance, prosecutor Thomas J. Tintera told the jury, that flouting
Joshua> of rules, was what got him into trouble.
Joshua> [Being feloniously irritating or arrogant is indeed a national
Joshua> problem... yet both Newt and Clinton are free.]
Joshua> For more than a decade, thinkers on cyber ethics have debated how much
Joshua> leeway to give talented hackers whose pride is proving they can get
Joshua> into any system.
Joshua> [No, hackers pride themselves on their technical knowledge. CRACKERS
Joshua> pride themselves on being able to break into any system. It's a good
Joshua> thing that the media colors the mood of the people, and also sets the
Joshua> agenda.]
Joshua> Corporate policies make it clear they will not tolerate even
Joshua> ``harmless'' intrusions to their systems, but not all hackers agree.
Joshua> [True, some of us actually work on security... ;) and get paid well to
Joshua> make things better.]
Joshua> ``The idea that `if it's there, I can look at it' does permeate a lot
Joshua> of the hacker world,'' says Tom Schubert, a computer science professor
Joshua> at Portland State University.
Joshua> [It is the responsibility of the reader to apply this statement to
Joshua> Schwartz, despite the fact that he never professed it.]
Joshua> It's hard for outsiders, even managers of computer programmers, to
Joshua> understand people who are driven to expose, if not to exploit, bugs in
Joshua> computer programs, said Tom Christiansen, a Colorado computer
Joshua> programmer, and a collegaue of Schwartz.
Joshua> [Just how far out of context is that, Tom?]
Joshua> ``They're not going to understand what drives someone to play with a
Joshua> system,'' Christiansen said, ``not illegally, but to make it do
Joshua> tricks, to feel a sense of accomplishment, because you've created this
Joshua> very interesting thing.''
Joshua> [Ah, I see, it's about four miles out of context, since it's obvious
Joshua> to me you're describing why people do neat things with computers, not
Joshua> why they break into them.]
Joshua> Christiansen, as well as one of Schwartz's legal advisers, was
Joshua> concerned that Schwartz could not get a fair trial unless the jury was
Joshua> full of computer-philes.
Joshua> [Did you really use a word like that, Tom?]
Joshua> ``To me, `peer' means someone who understands what I'm doing,''
Joshua> Christiansen said. ``You are not granted a legitimate legal trial by
Joshua> your peers but by simpletons who do not understand the technical
Joshua> aspects of what's going on and consequently aren't able to judge
Joshua> you.''
Joshua> Even among fellow computer lovers, Schwartz likes to stand apart,
Joshua> especially by letting people know he was a hacker from way back.
Joshua> [Like, ``I was a hacker before the media made the term derogatory,''
Joshua> which I actually coined, but has been echoed by some others. Besides,
Joshua> who'd want to be close to other people that are called ``computer
Joshua> lovers'' anyway? That sounds mildly disgusting.]
Joshua> People familiar with Schwartz's postings in news groups on the
Joshua> Internet [sic] said he always signed off with words to the effect that
Joshua> he's been hacking around since before anyone else on the net was born.
Joshua> [You should read those postings, they typically refer to being on
Joshua> Usenet or Perl hacking, not breaking into computers.]
Joshua> Yet Schwartz is not a household word among programmers. Nationally he
Joshua> is well-known to people interested in Perl, a programming language,
Joshua> because he wrote and co-wrote two books about the language.
Joshua> [Even Rear Admiral Grace Murray Hopper is not a household word among
Joshua> programmers, nor do even most BASIC programmers know about Kemmeny and
Joshua> Kurtz at Dartmouth. What's your point?]
Joshua> He has generated some sympathy among some peers.
Joshua> [None of which were on the jury, obviously.]
Joshua> ``The general feeling in the community, not knowing all the legitimate
Joshua> facts, of course,'' Christiansen said, ``looks like he's probably
Joshua> guilty of bad judgement.''
Joshua> Darrell Fuhrman, a systems administrator at Teleport, an Internet
Joshua> subscriber service in Portland, said he's a security-conscious
Joshua> administrator, and he'd be mad if Schwartz tampered with his system.
Joshua> [Loaded question, all system administrators would be mad if ANYONE
Joshua> tampered with their systems.]
Joshua> ``But I think it's in a large way good to have people pokling and
Joshua> prodding and seeing if there's a hole here,'' Fuhrman said. ``It's not
Joshua> the good guysd you have to worry about and I consider Schwartz to be
Joshua> one of the good guys.''
Joshua> There was never a question in the courtroom of Schwartz removing data
Joshua> from Intel's system. But his offense was still serious, said Intel
Joshua> lawyer John H. Woodard, who observed much of the trial.
Joshua> [True, he copied data of a sensitive nature. There are three values to
Joshua> exposed data, it's value if changed, it's value if deleted, and it's
Joshua> value if exposed to someone else. However, Randal only exposed the
Joshua> data to himself, so it's pretty low on the spectrum.]
Joshua> ``If somebody break's into your home, do you feel OK just because you
Joshua> can't prove you took something?'' Woodard asked. ``Do you want people
Joshua> looking at your medical records and back account s even if they say
Joshua> they didn't change them?''
Joshua> [It would more like the case of your neighbor trying your door and
Joshua> seeing that it was open, than breaking and entering, except that
Joshua> Randal did use the password file of one box to get to another.]
Joshua> Woodard said Intel spent money and time making sure Schwartz had not
Joshua> installed unauthorized programs in their systems.
Joshua> [All sensitive systems should be regularly checked for such activity,
Joshua> whether or not a breakin had occured. It's a smart practice. Woodard
Joshua> is complaining that Randal provoked them into being a little safer,
Joshua> instead of having a safe program in the first place. Are you willing
Joshua> to accept that kind of reasoning from the cops?]
Joshua> ``We were the victim. We were not the prosecutors in this case,'' said
Joshua> Woodard, who is concerned that some people mistakenly see the case as
Joshua> Intel vs. Schwartz.
Joshua> [There is a large amount of politics here that I'll not try to
Joshua> address. Basically, Woodard is right in saying that it was the State
Joshua> of Oregon that prosecuted the case, but it is indeed Intel that's
Joshua> pressing charges. I think it is good that they pressed charges, as
Joshua> most companies tend to hide incidents like these because they are
Joshua> embarassing, however, there is some question as to whether Randal was
Joshua> encouraged into this practice, and also not properly warned not to.]
Joshua> ``I think it was good for all the high-tech companies moving into this
Joshua> area that the county is willing to pursue these types of crimes.''
Joshua> [Yes, it does get the attention off the zoning restrictions on strip
Joshua> joints.]
Joshua> ---
Joshua> Sidebar on Schwartz Verdict
Joshua> ---
Joshua> * COUNT 1: Guilty of knowingly and wiuthout authorization altering a
Joshua> computer network.
Joshua> * WHAT DID HE DO? Randal L. Schwartz flouted Intel policy when he
Joshua> installed so-called ``gateway'' programs on two computers so he could
Joshua> access Intel computers from a remote computer.
Joshua> [We don't know if this is a simple dial-in, SLIP, PPP, or what, let
Joshua> alone what kinds of machines these are. This was done while Randal was
Joshua> still working at Intel.]
Joshua> * HIS DEFENSE: Schwartz said he had previously installed such programs
Joshua> when Intel had made policy exceptions. He also said that he didn't
Joshua> compromise Intel security.
Joshua> [He installed a door, but it still had a lock on it.]
Joshua> * COUNTS 2 AND 3: Guilty of knowingly using a computer system to steal
Joshua> a password file from the Supercomputer Systems Division; stealing
Joshua> individual users' passwords.
Joshua> * WHAT DID HE DO? Schwartz did not have access to the division's main
Joshua> password file. [I guess this means he didn't have an account on the
Joshua> big box inside SSD.] He cracked passwords [he ran COPS] from a minor
Joshua> computer in the division where he did have access. He used one of
Joshua> those passwords to log on to the main cluster of division computers,
Joshua> where he copied the password file to his own computer [a baaaad idea,
Joshua> Randal] and ran a password-cracking program. He cracked, among others,
Joshua> the password of an Intel vice president. [It is unclear of whether he
Joshua> even looked at the output file of this particular run of COPS.]
Joshua> * HIS DEFENSE: Schwartz said it was a clumsy attempt to alert Intel to
Joshua> security problems and that he didn't use the passwords to peek at
Joshua> information. [Ouch, you should have told them in advance, and then
Joshua> there wouldn't have been a problem, Randal.]
Joshua> * PENALTIES: A sentencing hearing is set for Sept. 11. Because of his
Joshua> clean criminal record, jail time of 3-6 months [per count?] is likely.
Joshua> The prosecutor will ask for $60,000 restitution, the amount Intel says
Joshua> it spent fixing problems Schwartz caused. [Caused? You mean
Joshua> discovered. Or is this the money Intel spent tracking down what really
Joshua> happened?]
Joshua> ---
Joshua> I highly recommend getting copies of the Oregonian from this entire
Joshua> week if you want to really read up on this case. It's also helpful to
Joshua> the Oregonian to send in letters to the editor about the problems you
Joshua> might have about the articles, after you buy the paper. Don't send
Joshua> them comments based on this transcription, I'm only putting it here
Joshua> for commentary, and not to violate the Oregonian's right to charge for
Joshua> the words it prints.
Joshua> I have never worked for Intel, nor am I affiliated with Randal L.
Joshua> Schwartz, the Oregonian, O'Reilly and Associates, or anyone else. I am
Joshua> not posting as a mouthpiece of ADP or any other organization... I just
Joshua> happen to live in the area.
Joshua> --
Joshua> Joshua R. Poulson, Systems Engineering, ADP Dealer Services, Portland, OR
Joshua> PGP Public Key available upon request
print "Just another Perl hacker," # but not what the media calls "hacker!" :-)
# legal fund: $3411.03 collected, $72879.50 spent; email fund@stonehenge.com for details
--
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlyn@stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn@ora.com)
Web: <A HREF="http://www.teleport.com/~merlyn/">My Home Page!</A>
Follow-Ups:
References: