Again with the sensitive information
Another stupid luser keeping unencrypted sensitive information on a publicly accessible site. While I'm opposed to the "blame the victim" defense strategy, these people (generic, not just this case) are fools.
The boss of a British website design firm has received a suspended jail sentence after pleading guilty to hacking into a competitor's website. Mark Hopkins, 31, of Bromsgrove in the West Midlands pleaded guilty in July to unauthorised access to computer systems, offences contrary to Section One of the Computer Misuse Act. He …
Doesn't seem like any hacking was required
here web designers don't just turn hacker
just like interior designers don't just turn
structural engineer it's a steep learning
curve and this is simple fishing for documents
which if they hadn't been there would never have
been found.
I assume that Mark Hopkins' lawyers did try the defence that the information was available by simple 'tree jumping' around the site directory structure, if this was indeed the case.
There is insufficient information in this article for a Reg reader to make a judgement about what he did and didn't do, though the evidence presented in court should be available I believe.
I myself have often tree jumped into website areas that I was never intended to get into and this was often possible in the early days before website designers (I mean technical designers, not wordsmiths and artists) took care about access permissions on directories.
Is there any statute law or case law in this area, perhaps El Reg has legally experienced people who can advise since I for one would be open to a charge of opening doors without locks on them.
As Dillon says, what the heck were they doing storing 'confidential' information on a website??
Another thick Bennie. Sadly, people from that neck of the woods - Birmingham and the southern crescent underneath it - are woefully lacking in gorms. You should see their writing; punctuation and grammar AWOL, no idea what they're going on about, sad really.
Sounds a lot like Alan Donaly........
Here is the difference. One helps the other doesn't, simple. >.<
A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Hackers are most often programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They might discover holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never intentionally damage data.
A cracker is one who breaks into or otherwise violates the system integrity of remote machines with malicious intent. Having gained unauthorized access, crackers destroy vital data, deny legitimate users service, or cause problems for their targets. Crackers can easily be identified because their actions are malicious.
The thing that concerns me is the recent trend for quite tough sentencing for relatively minor breaches of the computer misuse act. When your dealing with an act that's so widely worded, that almost any action on a computer could be interpreted as a criminal act, it seem a bit harsh to be handing down custodial sentences.
I've spent a fair amount of time in court rooms, and the average Saturday night thug that gets drunk and puts some poor soul in hospital for a while gets a much better deal from the magistrates than someone who's committed a "white collar" crime.
I very much have the impression that sentencing guidlines have been sent around with the intent to make high profile examples of people.
Regardless of whether this was "easy" to do through tree hopping, URL crafting or any other method, there's absolutely no way this guy would have found any substantial amount of information by accident. Anything after an initial happy accident was surely done with malicious intent to steal data and in the knowledge that this was not something he should be doing.
As for the severity of the sentence, it seems reasonable to me that if he was stealing your personal information you would be likely to be upset about it being abused. I am pretty sure the judge is more addressing the value of the data he took than about the fact that he broke in to a computer system to get it (ie he would treat it just as if he had taken printed files after a break in).