Feeds

Register story inspires FBI raid on student

Subversive literature, yikes

  • alert
  • submit to reddit

Top three mobile application threats

FBI agents raided the dormitory room of Rensselaer Polytechnic Institute computer science student Andres Salomon in Troy, New York on Saturday, after a Register story piqued his interest in the recent New York Yankees' Web site defacement. The agents searched his room and removed three computers, two books, and a collection of notes.

Salomon said he'd visited the defaced Yankees site after learning about it from a friend on line Friday morning. "During a conversation [in IRC] about Microsoft's break in, and how the stolen source code would affect things... a friend mentioned that Yankees.com had also just been hacked (I found out later that he got that information from The Register)," Salomon says in an essay posted at /dev/random.

"I went to the Web page, and discovered that it had, indeed, been cracked... I then began a post-mortem inspection," he explains.

After sniffing about for a while, "I returned to my IRC client, said 'Looks like a DNS hack....' and the conversation went elsewhere. The entire thing lasted possibly five minutes, and occupied no more than three or four lines on IRC."

It was because of this brief exploration, carried out to satisfy his curiosity, that the Feds became interested in him as a suspect.

Salomon had not merely viewed the Yankees.com site with a Web browser which would have connected him via port 80, as it would also have done for hundreds of other curious folks as soon as the story broke. He had connected to different ports, which the Feds interpreted as a possible return visit by the vandal.

"I did blind connects to, at most, five ports (meaning I just telnetted to them, without knowing if they were even open or not), and my session consisted of getting the banner, and possibly typing 'QUIT'. Far less than if I had gone to port 80 and done a couple of GETs... Either way, you're in the logs, and you're transferring data," he observes.

It's certainly not rational for the Feds to be interested in Salomon solely on the basis of his curiosity about the Yankees site defacement after it had become news. In the absence of any further evidence tying him to the site earlier, the FBI's urgent move against him smacks of overzealous law enforcement, and the incontinent issuing of search warrants by judges.

Salomon would hardly have been alone in sniffing around the Yankees' Web site this weekend past. "I bet the real cracker connected to port 80 and admired his work," he observes. "I bet people he told did as well. What about the ton of people that connected to the site after The Register posted the story? They trampled all OVER precious logs," he notes.

"Because I trampled over them in a different [manner], that somehow makes it akin to tampering with a murder scene?"

Salomon was clearly taken aback by the willingness of the US government in general, and Janet Reno's Justice Department in particular, to invade the lives of individuals on very scant evidence.

"The FBI managed to get a search warrant based on logs from a firewall, that showed my IP only connecting, not even logging in, hours after news of the cracking had appeared on news sites. If they can get a search warrant this easily, your data is not safe sitting on your hard drive," he warns. ®

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.