Feeds

back to article Press exposure of Federal data security hole leads to legal threats

An investigation into a security slip that left the identity information for over 170,000 users of a US federal government program publicly available online has led to accusations of hacking and legal threats. The Scripps News investigative team spent the last month studying companies running Lifeline, a federal program to …

COMMENTS

This topic is closed for new posts.
Bronze badge

Is anybody surprised at this turn of events given the effort they put into extraditing McKinnon? Really?

10
0

Methinks they do protest too much

The truth is that wget isn't at all hard to use and is no more intrusive than a web browser. It can't retrieve anything you can't see with said web browser. In fact, arguably its less intrusive because it takes note of robots.txt files and, as a result, is prevented from retrieving some documents that any web browser would display.

10
0

Re: Methinks they do protest too much

You obviously have a minimal understanding of what a robots.txt file does. It is aimed at the web crawlers that (for example) search engines such as Google, Yahoo and Bing use to locate and index the web, and is used to specify what information a web crawler is (or isn't) allowed to see. Web browsers do not pay any attention to this file, so you can still retrieve content even if Google has no idea that it is there.

0
4
Bronze badge
FAIL

Re: Methinks they do protest too much

If you actually read what MG posted you'd find that he said exactly that - browsers don't pay any attention to robots.txt files. He also made the point, correctly, that wget does play nice and respects robots.txt entries.

1
0
Bronze badge

Re: Methinks they do protest too much

Quite true.

If I were leading the team, I'd have countered with a letter threatening prosecution for violation of the Privacy Act of 1974.

A tactic known as, if I go, I'm taking you with me and you'll serve longer than me.

For, in not protecting federally acquired data, the companies involved did violate the Privacy Act of 1974.

And "Whoopsie" is not a legal defense.

0
0
Big Brother

clarke@cilia.org

Auernheimer just got 41 months for doing the same thing. Here's a link:

http://en.wikipedia.org/wiki/Weev

3
0
Silver badge

Beware Sophistication

I'm always wary when someone says something is sophisticated; It is such a relative term. I think editorial guidelines are pretty sophisticated but at the same time high temperature compressibility of Ti-6Al-4V in a chlorine rich environment is stuff I deal with everyday. For the purposes of this story the journalists using a basically off the shelf tool to derive publicly available URL's isn't very sophisticated for them. Not making sensitive personal data openly available is not very sophisticated either...

3
0
Silver badge
Joke

Re: Beware Sophistication

Maybe the spellchecker fixed the original input:

slopphistication

0
0
Bronze badge

Re: Beware Sophistication

Of greater import is that the letter threatening prosecution essentially admits that the companies violated federal law themselves. The Privacy Act of 1974.

0
0
Silver badge
WTF?

wget is just a file transfer program that uses http, FFS.

It's just like using an Internet Browser.

3
0
Silver badge
Happy

If you think that will keep you safe then Good Luck.

0
0
Silver badge
Trollface

trolling

Besides real geeks use curl.

1
0
Facepalm

But you use wget on the command line! Command line == hacking. Have you learned nothing from Hollywood movies?

3
0
Silver badge

What? Type curl at the command line on any modern *nix system and see what it says. Its like wget on steroids.

0
0
Bronze badge

Can't remember *who* it was, but someone *was* prosecuted for simply using a web browser and browsing directories on a poorly set up webserver some time back. :/

Interestingly enough, the prosecutor called it hacking.

Next week: Using Google is called hacking by prosecutors.

0
0
Anonymous Coward

The important lesson here is that responsible disclosure is too risky (at least in America). Next time just anonymously dump it on pastebin.

12
0
Megaphone

What's the Streisand effect variant called ...

where you are screaming "stop looking at me, start aiming at me."

"... simply by searching Terracom's site on Google for a particular file type."

Which means that any charges must include Google, which means any defense must include Google. (When *all* the lawyers are grinning you should worry)

Or, you know, if a public utility like Google search can see your data freely, and has for months, then it ain't protected at all, my exhibitionistic sleep-walking friend!

4
0
Bronze badge
WTF?

"Sophisticated"....

"A digital forensics investigation by TerraCom has revealed that the news service used sophisticated computer techniques and non-public information to view and download the personal information of applicants,"

For these TerraCom yutzes, I guess a Google search constitutes a "sophisticated computer technique".

2
0
Silver badge

Re: "Sophisticated"....

Well in all fairness I've heard there are some pretty sophisticated algorithms backing the Google search...

0
0
Silver badge
Big Brother

Once again...

... we see people trying to use the law to cover their arses...

0
0
Bronze badge

Actions speak louder than words

Well if you are going to be prosecuted for pointing out to Gov and companies that they are opening sharing peoples personal data online then obviously both the Gov and the companies doing it WANT peoples data openly available to be stolen. Their actions speak for themselves.

0
0
Silver badge
FAIL

Re: Actions speak louder than words

>companies doing it WANT peoples data openly available to be stolen.

"Never attribute to malice that which is adequately explained by stupidity." - Robert J Hanlon

Its obvious a crap web company owned by someone who has well connected buddies in government. Typical web developers who are developers only in their own heads and hack graphical designers in everyone else's. If they are going to copy javascript off the internet they should at least make sure its not example code meant only to teach.

2
0
Silver badge
FAIL

Government contractor embarrassed and uses law to CYA....

How about cancelling Terracom's contract for putting so much personal information stupidly at risk. And WGET is sophisticated in the same sense that downloading sports stat data using a web browser and then putting that data into Excel is "sophisticated"

2
0
Bronze badge
Terminator

Thou shalt not ...

This seems to be another variation on "shooting the messenger." To avoid pain of prosecution and the heartbreak of solitary confinement, pay heed:

Commandments for survival in America:

Thou shalt not embarrass a corporation;

Thou shalt not embarrass a politician;

Thou shalt not embarrass the government;

Thou shalt not blow the whistle.

If thee stand proud as a nail, thy government is a hammer.

4
0
Silver badge

Re: Thou shalt not ...

Sadly the rules apply no matter which of the two teams is running the show at the time. Obama surprisingly is right up there with Nixon in going after the messenger.

1
0
Silver badge

Re: Thou shalt not ...

It's also not confined to the US, the British Civil Service will happily threaten you to hide their embarrassment as well, and that's independent of who lives at No.10.

Official Secrets Act, anyone?

1
0
Silver badge

Re: Obama surprisingly is right up there

Nothing surprising about so long as you aren't one of the ones who was blind in the first place.

We told you these were the sorts of tactics he used to run unopposed in Chicago. You said we were just whining.

We told you he would do the same in the White House. You said we were racists.

We told you he lied in Fast and Furious. You said we were neanderthals and deserved no attention.

We told you he saw nothing wrong with Wright's "sermons." You said we were backwards Bible thumpers.

We told you he was using the IRS to harass his political opponents before the election. You said we were cry babies and should man up.

We told you he was covering up something in Benghazi. You said he did nothing of the sort and we were just trying to politicize something that ought not be politicized.

Open your eyes and smell the freezer burn for a change. Because there are two important differences between Nixon and The Big 0:

1) Nixon didn't cause someone to die as part of his coverup of the Watergate break in.

2) The press were trying to give him the boot from the day he was elected instead of cover for him because he was their messiah.

0
0
Silver badge

Re: Obama surprisingly is right up there

>Nixon didn't cause someone to die as part of his coverup of the Watergate break in.

No he only killed tens of thousands in Vietnam by delaying the inevitable.

Obama is no messiah but the majority of Americans concluded he was better than the two lame old white men the Republicans have ran lately. McCain was too crazy to be president and a worse flip flopper than Kerry. Romney is the Republican Walter Mondale, and even the base knew he was a settle for the least bat sh_t crazy candidate they had. Perhaps if the GOP would get candidates that represented America instead of the %1 they might win some elections. Obama was the definition of a vulnerable incumbent but because the GOP is incapable of any kind of moderation, Obama even being incompetent gets to look like the only choice due to being the only candidate anywhere near the center.

0
0

This post has been deleted by its author

Anonymous Coward

since when?

i'm still trying to figure out when wget became a script... it has always been a binary AFAIK... st00pid lawyers :eyeroll:

0
0
This topic is closed for new posts.