back to article Press exposure of Federal data security hole leads to legal threats

An investigation into a security slip that left the identity information for over 170,000 users of a US federal government program publicly available online has led to accusations of hacking and legal threats. The Scripps News investigative team spent the last month studying companies running Lifeline, a federal program to …

COMMENTS

This topic is closed for new posts.
  1. Vimes

    Is anybody surprised at this turn of events given the effort they put into extraditing McKinnon? Really?

  2. Martin Gregorie

    Methinks they do protest too much

    The truth is that wget isn't at all hard to use and is no more intrusive than a web browser. It can't retrieve anything you can't see with said web browser. In fact, arguably its less intrusive because it takes note of robots.txt files and, as a result, is prevented from retrieving some documents that any web browser would display.

    1. Anonymous Coward
      Anonymous Coward

      Re: Methinks they do protest too much

      You obviously have a minimal understanding of what a robots.txt file does. It is aimed at the web crawlers that (for example) search engines such as Google, Yahoo and Bing use to locate and index the web, and is used to specify what information a web crawler is (or isn't) allowed to see. Web browsers do not pay any attention to this file, so you can still retrieve content even if Google has no idea that it is there.

      1. Anonymous Coward
        FAIL

        Re: Methinks they do protest too much

        If you actually read what MG posted you'd find that he said exactly that - browsers don't pay any attention to robots.txt files. He also made the point, correctly, that wget does play nice and respects robots.txt entries.

    2. Wzrd1 Silver badge

      Re: Methinks they do protest too much

      Quite true.

      If I were leading the team, I'd have countered with a letter threatening prosecution for violation of the Privacy Act of 1974.

      A tactic known as, if I go, I'm taking you with me and you'll serve longer than me.

      For, in not protecting federally acquired data, the companies involved did violate the Privacy Act of 1974.

      And "Whoopsie" is not a legal defense.

  3. Edward Clarke
    Big Brother

    clarke@cilia.org

    Auernheimer just got 41 months for doing the same thing. Here's a link:

    http://en.wikipedia.org/wiki/Weev

  4. Don Jefe

    Beware Sophistication

    I'm always wary when someone says something is sophisticated; It is such a relative term. I think editorial guidelines are pretty sophisticated but at the same time high temperature compressibility of Ti-6Al-4V in a chlorine rich environment is stuff I deal with everyday. For the purposes of this story the journalists using a basically off the shelf tool to derive publicly available URL's isn't very sophisticated for them. Not making sensitive personal data openly available is not very sophisticated either...

    1. Tom 13
      Joke

      Re: Beware Sophistication

      Maybe the spellchecker fixed the original input:

      slopphistication

    2. Wzrd1 Silver badge

      Re: Beware Sophistication

      Of greater import is that the letter threatening prosecution essentially admits that the companies violated federal law themselves. The Privacy Act of 1974.

  5. Anonymous Coward
    WTF?

    wget is just a file transfer program that uses http, FFS.

    It's just like using an Internet Browser.

    1. Version 1.0 Silver badge
      Happy

      If you think that will keep you safe then Good Luck.

    2. asdf
      Trollface

      trolling

      Besides real geeks use curl.

    3. ScottAS2
      Facepalm

      But you use wget on the command line! Command line == hacking. Have you learned nothing from Hollywood movies?

      1. asdf

        What? Type curl at the command line on any modern *nix system and see what it says. Its like wget on steroids.

    4. Wzrd1 Silver badge

      Can't remember *who* it was, but someone *was* prosecuted for simply using a web browser and browsing directories on a poorly set up webserver some time back. :/

      Interestingly enough, the prosecutor called it hacking.

      Next week: Using Google is called hacking by prosecutors.

  6. Anonymous Coward
    Anonymous Coward

    The important lesson here is that responsible disclosure is too risky (at least in America). Next time just anonymously dump it on pastebin.

  7. Notas Badoff
    Megaphone

    What's the Streisand effect variant called ...

    where you are screaming "stop looking at me, start aiming at me."

    "... simply by searching Terracom's site on Google for a particular file type."

    Which means that any charges must include Google, which means any defense must include Google. (When *all* the lawyers are grinning you should worry)

    Or, you know, if a public utility like Google search can see your data freely, and has for months, then it ain't protected at all, my exhibitionistic sleep-walking friend!

  8. Someone Else Silver badge
    WTF?

    "Sophisticated"....

    "A digital forensics investigation by TerraCom has revealed that the news service used sophisticated computer techniques and non-public information to view and download the personal information of applicants,"

    For these TerraCom yutzes, I guess a Google search constitutes a "sophisticated computer technique".

    1. Tom 13

      Re: "Sophisticated"....

      Well in all fairness I've heard there are some pretty sophisticated algorithms backing the Google search...

  9. Graham Marsden
    Big Brother

    Once again...

    ... we see people trying to use the law to cover their arses...

  10. tempemeaty

    Actions speak louder than words

    Well if you are going to be prosecuted for pointing out to Gov and companies that they are opening sharing peoples personal data online then obviously both the Gov and the companies doing it WANT peoples data openly available to be stolen. Their actions speak for themselves.

    1. asdf
      FAIL

      Re: Actions speak louder than words

      >companies doing it WANT peoples data openly available to be stolen.

      "Never attribute to malice that which is adequately explained by stupidity." - Robert J Hanlon

      Its obvious a crap web company owned by someone who has well connected buddies in government. Typical web developers who are developers only in their own heads and hack graphical designers in everyone else's. If they are going to copy javascript off the internet they should at least make sure its not example code meant only to teach.

  11. Anonymous Coward
    FAIL

    Government contractor embarrassed and uses law to CYA....

    How about cancelling Terracom's contract for putting so much personal information stupidly at risk. And WGET is sophisticated in the same sense that downloading sports stat data using a web browser and then putting that data into Excel is "sophisticated"

  12. Gray
    Terminator

    Thou shalt not ...

    This seems to be another variation on "shooting the messenger." To avoid pain of prosecution and the heartbreak of solitary confinement, pay heed:

    Commandments for survival in America:

    Thou shalt not embarrass a corporation;

    Thou shalt not embarrass a politician;

    Thou shalt not embarrass the government;

    Thou shalt not blow the whistle.

    If thee stand proud as a nail, thy government is a hammer.

    1. asdf

      Re: Thou shalt not ...

      Sadly the rules apply no matter which of the two teams is running the show at the time. Obama surprisingly is right up there with Nixon in going after the messenger.

      1. Number6

        Re: Thou shalt not ...

        It's also not confined to the US, the British Civil Service will happily threaten you to hide their embarrassment as well, and that's independent of who lives at No.10.

        Official Secrets Act, anyone?

      2. Tom 13

        Re: Obama surprisingly is right up there

        Nothing surprising about so long as you aren't one of the ones who was blind in the first place.

        We told you these were the sorts of tactics he used to run unopposed in Chicago. You said we were just whining.

        We told you he would do the same in the White House. You said we were racists.

        We told you he lied in Fast and Furious. You said we were neanderthals and deserved no attention.

        We told you he saw nothing wrong with Wright's "sermons." You said we were backwards Bible thumpers.

        We told you he was using the IRS to harass his political opponents before the election. You said we were cry babies and should man up.

        We told you he was covering up something in Benghazi. You said he did nothing of the sort and we were just trying to politicize something that ought not be politicized.

        Open your eyes and smell the freezer burn for a change. Because there are two important differences between Nixon and The Big 0:

        1) Nixon didn't cause someone to die as part of his coverup of the Watergate break in.

        2) The press were trying to give him the boot from the day he was elected instead of cover for him because he was their messiah.

        1. asdf

          Re: Obama surprisingly is right up there

          >Nixon didn't cause someone to die as part of his coverup of the Watergate break in.

          No he only killed tens of thousands in Vietnam by delaying the inevitable.

          Obama is no messiah but the majority of Americans concluded he was better than the two lame old white men the Republicans have ran lately. McCain was too crazy to be president and a worse flip flopper than Kerry. Romney is the Republican Walter Mondale, and even the base knew he was a settle for the least bat sh_t crazy candidate they had. Perhaps if the GOP would get candidates that represented America instead of the %1 they might win some elections. Obama was the definition of a vulnerable incumbent but because the GOP is incapable of any kind of moderation, Obama even being incompetent gets to look like the only choice due to being the only candidate anywhere near the center.

  13. This post has been deleted by its author

  14. Anonymous Coward
    Anonymous Coward

    since when?

    i'm still trying to figure out when wget became a script... it has always been a binary AFAIK... st00pid lawyers :eyeroll:

This topic is closed for new posts.

Other stories you might like