$60k fine for using the host command

[Corny]

Well .. ok there is more to the story. but in a short summary:

some guy was trying to prove that a certain provider is engaging in shady spammer activities. he tries some portscans, connects to their mail servers and other things.
later he discovers that their nameserver does not prevent zone transfers. so he executes the host -l command which asks the DNS for a domain transfer - and he does get it. all the hosts inside their network that are registered at it. he publishes this information at the usenet, since it supports his claim about them being spammers.

and now comes the court.

his crime:

The afore-mentioned commands are not commonly known to the average computer user.[..]
Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and by accessing the servers via a Unix operating system and using a shell accounts, among other methods. He also disguised himself as a mail server.
[..]
In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system.[..]
The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."

quite a "hack" - if you ask the lady at the entrance in a big companies office for a list of all their rooms and whatever, and she happily hands it out to you although it's only meant for higher executives - you are doing something illegal.
or more in tech terms: their stupid admin did enable zonetransfers for not authorized user (which is disabled per default afaik), and now claims that the anti-spam guy hacked their servers since he used "commands not known to the average user" and microsoft said that "host -l" is only for admins. well apparently you didn't need to be an admin to perform that command ..

full article here:
http://www.spamsuite.com/node/351

 

[star-warrior]

That's a dumb defence. They had their system open, and blamed the person who pointed out their error?

It's like having a shop and leaving the keys under the welcome mat, and since not many people know its there, the person gets blamed for finding the keys there.

I bet the case proceeds to a ridiculous end, because the judge and the jury aren't tech savvy at all.

 

[davy]

That's a dumb defence. They had their system open, and blamed the person who pointed out their error?

It's like having a shop and leaving the keys under the welcome mat, and since not many people know its there, the person gets blamed for finding the keys there.

I bet the case proceeds to a ridiculous end, because the judge and the jury aren't tech savvy at all.

it already has, the judge in the case and ruled against the defendant.

if someone doesn't overturn that stupid ruling, it's going to set a VERY bad precedent.

 

[AdmiraalW238]

I am probably going to get shot down in flames but from my perspective...if you 'hack' a system then you deserve to be fined.

He is lucky that they did not file criminal charges and only took him to civil court.

This person

was trying to prove that a certain provider is engaging in shady spammer activities. he tries some portscans, connects to their mail servers and other things.

and then

later he discovers that their nameserver does not prevent zone transfers. so he executes the host -l command which asks the DNS for a domain transfer - and he does get it. all the hosts inside their network that are registered at it. he publishes this information at the usenet, since it supports his claim about them being spammers.

My question would be, if he was not 'snooping' by doing port scans then he would not have 'discovered' information that he then publishing on a usenet site...and he expected NOT to get rapped over the knuckles...did he expect that they would come along and say "Oh, thank you for hacking in to our system and publishing it on a usenet."

If this person had a suspicion that the ISP was engaging in spamming activities then I am sure there are authorities in the US that he could have reported his suspicions to and then they could have dealt with.

I am not now, nor ever will be a fan of hacker.

 

[Corny]

I am probably going to get shot down in flames but from my perspective...if you 'hack' a system then you deserve to be fined.

He is lucky that they did not file criminal charges and only took him to civil court.

he did not HACK the system. that's the point. it might sound like that if you don't know what he was doing. and the judge obviously didn't know what he did either.
a nameserver is like a companies automatic telephone book. you ask it "how can i reach your office in memphis?" and it says "just dial 127.123.4.7" there you go. now he asked the nameserver "please tell me all the numbers that you know". and the server answered his question by sending him a complete copy - including all the secret offices and numbers among the public numbers. why did the server do that? because their admin forgot (or didn't know how ) to disable that.

My question would be, if he was not 'snooping' by doing port scans then he would not have 'discovered' information that he then publishing on a usenet site...and he expected NOT to get rapped over the knuckles...did he expect that they would come along and say "Oh, thank you for hacking in to our system and publishing it on a usenet."

as far as i understand it, the port scanning was totally disconnect from the nameserver query. i am not sure how the us laws are, but portscanning is not illegal per se.

If this person had a suspicion that the ISP was engaging in spamming activities then I am sure there are authorities in the US that he could have reported his suspicions to and then they could have dealt with.

most likely - not. most of the authorities are as tech-savy as the judge in question. if you want that something happens you have to present proof so that it gets passed to the experts.

I am not now, nor ever will be a fan of hacker.

i guess/hope you are confusing hackers with crackers here. without hackers you most likely would not sit here and post.

 

[AdmiraalW238]

...without hackers you most likely would not sit here and post.

What in heavens name does that mean? Are you trying to say that if it were not for hackers I would not be here on JUB? Surely not.

Strange as this may seem I have read the entire judgement and all the comments that were posted on the link you so kindly provided and it did make interesting reading.

The defendant deliberate did what he did and then breached an injunction that ordered him not to 'access' other sites associated with the ISP. The defendant called for an UDP on the plaintiff.

The defendant was being totally malicious and he got stung.

 

[Corny]

What in heavens name does that mean? Are you trying to say that if it were not for hackers I would not be here on JUB? Surely not.

surely i did mean exactly that. just for start - jub is mainly php based, which was created by a "hacker". what the mass medias call a hacker most of the time isn't a hacker at all

The defendant deliberate did what he did and then breached an injunction that ordered him not to 'access' other sites associated with the ISP. The defendant called for an UDP on the plaintiff.

i agree that this was plain stupid from him. but as far as i got it, that was not in connection with the DNS query he made. furthermore - technically a dns query does not mean accessing any "site" at all and it still doesn't change a thing about the courts total missunderstanding of what he really did, and that there was nothing illegal to it.