mitnick-digest Friday, September 25 1998 Volume 01 : Number 164 ---------------------------------------------------------------------- Date: Thu, 24 Sep 1998 20:36:24 -0400 From: kerry Subject: [mitnick] Articles Someone just sent me the url of an article in the Philadelphia Inquirer today, which didn't say a lot about Kevin, but did bring up -- yet again - -- that credit card number accusation thing. The fact is, Kevin was _never_charged_ with possessing these credit card numbers; and you've heard this before, but I'll say it again -- the list was publicly available on IRC for months before... This reporter could've looked at the Indictment; it's on www.kevinmitnick.com. Please watch the media in your area -- let us all know when they print something wrong so we can write them and try to force them to do a little fact-checking before they write their stories. Or let their sys-admins write their stories... http://www.phillynews.com/inquirer/98/Sep/24/tech.life/HACK24.htm - ------- Kevin Mitnick, the only hacker to make the FBI's Ten Most Wanted list, was arrested in 1995, accused of stealing 20,000 credit card numbers. He remains in prison. A film called TakeDown, about the electronic sleuthing that led to Mitnick's capture, is in the works. Comments protesting Mitnick's prosecution were left during the hack of the New York Times Web site. - ------- *********************************************************** FREE KEVIN bumperstickers http://www.mindspring.com/~jump0 *********************************************************** PO Box 17435 - Raleigh NC 27619 - email jump0@mindspring.com checks/money orders payable to "Free Kevin Publicity Fund" *********************************************************** Stickers are sold at cost plus postage - we make no profit from this effort - donations are split equally between Kevin's Defense Fund and the Free Kevin Publicity Fund. *********************************************************** F R E E K E V I N http://www.KevinMitnick.com ------------------------------ Date: Thu, 24 Sep 1998 17:39:47 -0700 From: Caliban Tiresias Darklock Subject: Re: [mitnick] The result from the HFG web page hack On 07:05 PM 9/24/98 -0400, I personally witnessed JAKade@aol.com jumping up to say: >In a message dated 9/24/98 5:25:34 PM Eastern Daylight Time, >caliban@darklock.com writes: > >> On 04:03 PM 9/24/98 -0400, I personally witnessed JAKade@aol.com jumping up >> to say: >> >The response from the letter I sent james@nashscene: >> [...] >> >He didn't try to refute any of the facts I pointed out, or explain his >> >beliefs. Shameful. >> >> But he has a valid point. Stealing people's resources and web space *is* a >> violation of their rights and freedoms, and if those people want to help >> Kevin Mitnick they *should* be doing so through appropriate and *legal* >> channels. Several of us on the list said effectively the same thing. > >But.....I never said it wasn't in my letter. I made a list of errors he had in >his column, and he pretty much ignored them. I don't think we're giving the guy enough credit. He was angry, and he went ballistic. He saw a fellow web site, a newspaper populated by fellow journalists, hacked. And he thought, "those are my people." Just like we did. He said "Hackers are losers," and we got indignant and angry and wanted to give him hell. But didn't HFG do that? They went out and stomped on the NYT, and those are his people, so he came to the NYT's defense *because* they were his people. A newspaperman, after all, is a newspaperman. He made a reckless generalisation, and that hurt. Just like the spoofed koolwip post, "I'm a lame nigger" -- it was outrageous and offensive and a lot of us knee-jerked in response. Well, someone slapped his friends, and he slapped back, and now we all want to go kick his ass in one way or another. But people are like that. They say things in haste, and they don't always mean exactly what they said. All of the letters I've seen people send say "you are wrong," and that's not strictly speaking true. The truth is, "we are hurt and offended." And we have a right to be. But it's important to recognise that he may just be thinking, "there but for the grace of God go I," and being just as righteously indignant. Just as hurt, just as offended, and just as angry. And he has that right! Pretending he doesn't will just compound the problem; understanding where he's coming from might help, provided we take the time to indicate to him that we are at the very least *trying* to understand. Understanding is two-way; if we want people to try and understand us, isn't it fair for them to expect us to try and understand them? - ----------------------------------------------------------------------- Caliban Tiresias Darklock | "I'm not sorry or Darklock Communications | ashamed of who I PGP Key AD21EE50 at | really am." FREE KEVIN MITNICK! | - Charles Manson ------------------------------ Date: Thu, 24 Sep 1998 21:03:12 -0400 (EDT) From: "Aaron D. Ball" Subject: Re: [mitnick] The result from the HFG web page hack On Thu, 24 Sep 1998, Caliban Tiresias Darklock wrote: % Wrong. Freedom of speech also encompasses freedom of *silence* -- my right % *not* to say what I *don't* want said. Your right to freedom of speech is a % right for *you* to say what you like, not a right to force *others* to say % what you like. The practice was made illegal because it forces others to % actively decide either to display your speech, or to spend time taking it % off. In fact, until they acquire and use the necessary tools to remove your % speech, they have to display it whether they want to or not. This is an % abridgement of freedom of speech, in that it denies the right to be silent. % As a result, putting a bumper sticker on someone else's car can land you in % jail. % % I think the parallel should be obvious enough. Yes and no. The difference, IMO, is that a *corporation* is not ethically equivalent to a person, even if it is legally equivalent. There is a huge de facto difference in power (for example, the New York Times can easily convince many millions of people of the truth of a thing in a single article, but I have to work one at a time, or perhaps a few thousand at a time in the age of the web page), but little or no de jure difference in responsibility (the Times might be legally obliged to print a small correction and perhaps to pay a relatively trivial monetary settlement *if* someone happens to prove to the court -- against the Times' million- dollar lawyers -- that the Times wronged him). I perceive this to be a tremendous injustice, and as a consequence find it hard to disapprove of *anything* that lessens the power of such an entity. % You're still not off the hook, though. You cost my advertisers the exposure % they purchased. You devalue the worth of my advertising space. ... [Below "I" am a hypothetical ethical hacker, and "you" are a hypothetical media giant whose web page I have hacked or plan to hack] None of these things are things that you have; they are things that you *might* have. By messing with your web page, I might deprive you of potential revenue. Forgive me if I am unmoved -- especially if my messing with your web page was a reaction to your abuse of tremendous media power in contributing to the mythology of the Evil Wizard Hacker. Yes, making a corporation look like a fool tends to produce paper losses. No, I don't think this is of ethical significance comparable to the gross manipulation committed by this particular corporation. When the lord's high horse slips on a planted banana peel and he takes a pratfall in the mud, I will be laughing with the rest of the peasants, and not care a whit what he loses in credibility and taxes from his vassals. As for your comment on security: if you're a clueful admin, you should be able to tell good instructions from bad. If I break into your system and tell you to fix it with "chmod 6555 /bin/bash" and you do so, you don't deserve to be in a position to do what I said in the first place. (Oversimplified, of course, but all it takes is a reasonably clueful examination of the proposed solution.) ["You" above means "person X", not Caliban Tiresias Darklock.] % >It's perhaps similar to standing in front of a Nike billboard or % >storefront with signs protesting their policies. % % No, it's similar to putting your own billboard in front of Nike's so nobody % can see it. Which is legal, on YOUR property, and *illegal* everywhere else % unless you have the owner's permission. Throughout the message I distinguished between "legal" and "ethical". "Legal" is relevant only to the person actually taking the risk of getting caught. "Ethical" is relevant to anyone deciding whether or not to support such a person when and if they are caught. Once again, I would lose no sleep and shed no tears if someone replaced a Nike billboard with one protesting their labor policies, or blocked the entrance to NikeTown, etc. Both of these things would cost Nike on paper; "big deal", sez li'l old me. [ SILLY ASIDE -- PLEASE DON'T REPLY TO THIS UNLESS YOU REPLY TO THE REST And I stipulate that there's little practical difference between a bunch of people standing in front of a billboard holding a giant sign of protest and actually replacing the billboard with said sign. Either way, you're subverting their ad space to your own, contrary ends. (We'll neglect for the moment the fact that people's arms get tired and you might be able to stick your head in between the signs and the billboards if you want...) ] % HFG has a *right* to get their own web site, on which they can say whatever % they want whenever they want. The NYT's right to have a web site does not % by any definition outweigh that. The NYT's right to have a web page on the % NYT web site, however, most definitely DOES outweigh anyone else's right to % have a web page on the NYT web site. Legalistically yes, but I've argued above that the ethical case is different. % >I, for one, cheer on general principle when % >the little guy coopts the big guy's name recognition and pokes a hole in % >the uniformity of the media. ... % HFG used a club. Negativland used a scalpel. Forgive me if I consider % HFG crude, primitive, and barbaric. I didn't find them admirable, I % found them offensive. Agreed: their implementation of the idea of protest was bad. Others should not do things the way they did. BUT that is not a case against web page hacks in general; just against ones that stroke someone's ego rather than getting the message out. I still maintain that humiliation of those who abuse power is a Good Thing regardless of the law, and that HFG's action in particular was simply a good idea poorly executed. ------------------------------ Date: Thu, 24 Sep 1998 20:34:34 -0500 From: "poiSiNous" Subject: Re: [mitnick] Scene article >According to James Hanback, Jr., the anti-hacker article has been pulled >from the Scene website due to "factual errors discovered by previous >readers". According to Mr. Hanback, the article will be corrected next >week--it's unclear whether this means another article will appear in the >paper, or whether they'll simply put the corrected article up on the >site. I live in Nashville and get the scene every week.... so i will definately let you all know how this next article turns out...well, IF this next article comes out :) ~poiSiNous ------------------------------ Date: Thu, 24 Sep 1998 21:39:27 -0400 From: koolwip Subject: [mitnick] The spoofer is a fuck head Ok just dont talk about or replay to these messages that look to be spoofed this fuck head is a person that likes being talked about hes proble a 12 year old ass hole that has no friends and wacks off ever 2 hours . If you have some info about this Fuck head e-mail me it DO NOT post it here hes on the mailing list reading what you say. - -- This is not a spoof this is realy Koolwip if this is not at the end of all posts delete it. FREE KEVIN http://www.kevinmitnick.com ------------------------------ Date: Thu, 24 Sep 1998 18:43:24 PDT From: "black sheep" Subject: Re: [mitnick] I'm As Mad As Hell, etc. i wonder what kind of new lies he will post heh >From: BadGirlnLA@aol.com >Date: Thu, 24 Sep 1998 17:59:21 EDT >To: mitnick@2600.com >Subject: [mitnick] I'm As Mad As Hell, etc. >Reply-To: mitnick@2600.com > >Sometimes you just don't feel like being nice to idiot reporters. >There are many really good ones in the world, but this Nashville >Scene "columnist" was just too stupid for me to give him any >respect. >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From: James Hanback >Message-Id: <199809241614.LAA05994@mail.nashscene.com> >Subject: Re: Generalizing bullshitter >To: BadGirlnLA@aol.com >Date: Thu, 24 Sep 1998 11:14:41 -0500 (CDT) > >Hello, Tawny. > >Thank you for your e-mail. A couple of people have called me >on that column. Certainly, you are welcome to talk to my editor. >And, you are absolutely correct that I am not a reporter. >I am a columnist. It is entirely my opinion that I put in that >piece, and it is entirely my opinion that is supposed to go >there. > >Also, you'll be happy to know that I have already written a >new column mentioning the hacking community's dissatisfaction >with a lack of fair trial for Mitnick (thanks to a much kinder >individual who happens to be a hacker and pointed it out >to me in a much calmer wayi--the way disagreements SHOULD be >settled). > >You will also recall that I did point out a difference between >the general term "hackers" and the group that infiltrated the >Times. It's in the second paragraph. > >As you have every right to your opinion, so have I to mine. > >Regards, >James > >> >> James, that is what you are. You are not a reporter. >> >> Nobody on the internet who knows 1+1=2, calls all hackers, >> "losers"! Only neophytes who do not do their research make such >> stupid blanket remarks. >> >> I plan to discuss this matter further with your editor because you >> are a disgrace to the reporters who do excellent writing. >> >> The New York Times has been steadily going downhill. Their have >> lost their credibility. Any newspaper who hires someone like John >> Markoff has to be second-rate. John Markoff was the main reason >> the Times got hacked. He is a liar and a fraud. He has crossed >> the line from responsible journalism to yellow-trash reporting, just >> like you. Could that be the reason you are putting down hackers? >> You see a strong resemblance between you and Markoff? >> >> Markoff spread lies about Kevin Mitnick. HFG was making a statement >> to show their support for a hacker who has been in custody going >> on four years without a bail hearing or a trial. And the chances are >> great that his trial scheduled for January 19, 1999 will be continued >> for the fourth or fifth time due to the fact that the government refuses >> to turn over discovery that could fill two libraries. >> >> I suggest you do some background checking on Kevin Mitnick, >> John Markoff, and HACKING, because you don't know what in the >> hell you are talking about. >> >> If your constitutional rights were being taken away from you, we >> would hear you screaming and yelling from coast to coast. Your >> style of irresponsible reporting is dangerous and appalling. >> >> a very disappointed citizen and internet user! >> tawny tracey >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Subj: You might be interested... >Date: 98-09-24 17:38:35 EDT >From: james@pulp-fiction.NashScene.com (James Hanback) >To: teknowh0re@hotmail.com >CC: BadGirlnLA@aol.com > >Hello. > >Because both of you expressed your concerns to me about the >way hackers/hacking/and the Kevin Mitnick situation were >portrayed in my column, I thought you might be interested to >know that I have written a "Byte" for next week that speaks >to those issues. > >I must admit that I made some factual errors (largely because >I got my information from CNN and MSNBC). So as a show of >good faith and because I believe both sides of an issue are >important, I am sending this message to you. > >First, I clarified the blanket-sounding statements I made >about hackers, their points of view, and their societal >status. This was largely inspired by a current editorial >at www.antionline.com. I pointed out that not all hackers >do what HFG did to the New York Times. I cannot bring myself >to condone the NYT defacing, but I apologize for the harsh >words I used to describe those who performed it. > >Second, I clarified that HFG and other hacker groups are >upset about Kevin Mitnick's lack of a fair trial to date (and, >in my opinion, you are absolutely right to be upset about it-- >no one should be denied due process). > >Third, I did not mention either of your e-mail addresses or >names in this piece, because neither of you expressed a desire >to be heard outside of the e-mails you sent me. > >Thanks again for both your comments. The column runs next >Wednesday if you'd like to take a look. > >Regards, > >James >Nashville Scene > > > > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com ------------------------------ Date: Thu, 24 Sep 1998 21:51:24 EDT From: JAKade@aol.com Subject: Re: [mitnick] Scene article In a message dated 9/24/98 8:43:16 PM Eastern Daylight Time, dsissman@albany.net writes: > According to James Hanback, Jr., the anti-hacker article has been pulled > from the Scene website due to "factual errors discovered by previous > readers".  According to Mr. Hanback, the article will be corrected next > week--it's unclear whether this means another article will appear in the > paper, or whether they'll simply put the corrected article up on the > site. Well, whadya know, we did make a difference. Great job, letterwriters! ------------------------------ Date: Thu, 24 Sep 1998 19:25:02 -0700 From: TheMan2 Subject: Re: [mitnick] Spoofing- just ignore it... koolwip wrote: > > I fuck sheep > ------------------------------------------------------------------- > "I will not eat any animal that has ever been a cartoon character." > --Dave Lister The best thing anyone can do to stop this is to ignore these posts. If the spoofer was smart and he wanted to really screw with our heads, he would write something more believable. Since it is obvious which letters are false, just ignore them. It would be much more of a concern if someone was sending believable messages in this way. All of these responses just encourage this childish behavior. theman2 ------------------------------ Date: Thu, 24 Sep 1998 22:49:40 -0400 From: kerry Subject: Re: [mitnick] Articles fyi, I neglected to point out that that article was written by a journalist from the Associated Press - you can also find it if you search http://wire.ap.org; you all may've seen it show up in other places too, since they are supposed to be a reliable media source.. kerry wrote: > Someone just sent me the url of an article in the Philadelphia Inquirer > today, which didn't say a lot about Kevin, but did bring up -- yet again > -- that credit card number accusation thing. The fact is, Kevin was > _never_charged_ with possessing these credit card numbers; and you've > heard this before, but I'll say it again -- the list was publicly > available on IRC for months before... This reporter could've looked at > the Indictment; it's on www.kevinmitnick.com. > > Please watch the media in your area -- let us all know when they print > something wrong so we can write them and try to force them to do a > little fact-checking before they write their stories. Or let their > sys-admins write their stories... > > http://www.phillynews.com/inquirer/98/Sep/24/tech.life/HACK24.htm > > ------- > Kevin Mitnick, the only hacker to make the FBI's Ten Most Wanted list, > was arrested in 1995, accused of > stealing 20,000 credit card numbers. He remains in prison. A film called > TakeDown, about the electronic sleuthing > that led to Mitnick's capture, is in the works. Comments protesting > Mitnick's prosecution were left during the hack > of the New York Times Web site. > ------- > > *********************************************************** > FREE KEVIN bumperstickers http://www.mindspring.com/~jump0 > *********************************************************** > PO Box 17435 - Raleigh NC 27619 - email jump0@mindspring.com > checks/money orders payable to "Free Kevin Publicity Fund" > *********************************************************** > Stickers are sold at cost plus postage - we make no profit > from this effort - donations are split equally between > Kevin's Defense Fund and the Free Kevin Publicity Fund. > *********************************************************** > F R E E K E V I N http://www.KevinMitnick.com - -- *********************************************************** FREE KEVIN bumperstickers http://www.mindspring.com/~jump0 *********************************************************** PO Box 17435 - Raleigh NC 27619 - email jump0@mindspring.com checks/money orders payable to "Free Kevin Publicity Fund" *********************************************************** Stickers are sold at cost plus postage - we make no profit from this effort - donations are split equally between Kevin's Defense Fund and the Free Kevin Publicity Fund. *********************************************************** F R E E K E V I N http://www.KevinMitnick.com ------------------------------ Date: Thu, 24 Sep 1998 23:20:46 -0400 From: "Bachrach" Subject: [mitnick] mitnick (among others) in philly inquirer The Philadelphia Inquirrer had an article in today's (thursday's) Tech.life section on hackers in general, with a focus on mudge and l0pht. (Why they picked mudge I dunno, maybe he has a cooler handle or something.) Anyway, about mid way through the article they mentioned mitnick. The whole article is at http://www.phillynews.com/inquirer/98/Sep/24/tech.life/HACK24.htm but since the part on mitnick is so small I'll just quote it. Incidentally, the article was much beter than I expected, by using l0pht as their focus the author (it was actually from the AP now that I think of it), painted a much more accurate picture of hackers as security experts who aren't malicious, but he still mentioned the "new generation" of hackers, (essentially script kiddies and carding/warez puppies), yet he still refered to them as hackers. Oh well, you can't have your cake and eat it to. Oh yeah, here's what they said about mitnick (they also had a big picture of him in handcuffs, biggest picture in the whole friggin section). Kevin Mitnick, the only hacker to make the FBI's Ten Most Wanted list, was arrested in 1995, accused of stealing 20,000 credit card numbers. He remains in prison. A film called TakeDown, about the electronic sleuthing that led to Mitnick's capture, is in the works. Comments protesting Mitnick's prosecution were left during the hack of the New York Times Web site. Well, they didn't cover everything, after all the article was about l0pht, not KM, but the takedown thing bugged me, even shimomura admitted that much of it is fiction (like the garbage can scene). Anyway, it was written by Chris Allbritton of the AP, and I don't think we should come down too hard on him for one minor thing, after all the article overall was much more open minded then any other hacker related article I've read in the mainstream media. If you care, you can contact them at tech.life@phillynews.com or tech.life@inquirer.com I can't remember and I really shouldn't be on-line anyway, I have a ton of work to do. - ----------------------------------- | are you helping distributed.net to crack RC-5 64 encryption? you should be. | are you on distributed.net and on team #39, cracking for kevin? you should be. - ----------------------------------- ------------------------------ Date: Thu, 24 Sep 1998 22:53:13 -0500 From: "Zach Miller" Subject: Re: [mitnick] i'm gay all right whoever is "spoofing" koolwhip's email would you SHUT THE HELL UP this is not amusing, and we are not trembling before your "31337 HaXoR skills" - ---------- > (NOT) From: koolwip > To: mitnick@2600.com > Subject: [mitnick] i'm gay > Date: Thursday, September 24, 1998 8:00 PM > > I fuck sheep > ------------------------------------------------------------------- > "I will not eat any animal that has ever been a cartoon character." > --Dave Lister ------------------------------ Date: Thu, 24 Sep 1998 21:40:20 -0700 From: Caliban Tiresias Darklock Subject: Re: [mitnick] The result from the HFG web page hack On 09:03 PM 9/24/98 -0400, I personally witnessed Aaron D. Ball jumping up to say: > >Yes and no. The difference, IMO, is that a *corporation* is not ethically >equivalent to a person, Ethics, incidentally, are the rules and standards that govern a person's conduct. I think it's reasonably obvious that the law qualifies, but that ethics are not limited to the law itself. It should also be obvious that a corporation by definition has no ethics, and thus the phrase "corporate ethics" must refer to the ethics of *people* in corporate environments -- not to the corporation itself. Furthermore, the whole of the corporation is greater than the sum of its parts, and thereby is subject to different and potentially *unrelated* rules and standards. So yeah, you're right. A corporation cannot possibly be ethically equivalent to a person unless that person has no ethics -- which, in the face of the law, every person does (arguable: by "govern", do we include external enforcement, or merely internal will and lack thereof?) -- it is therefore impossible to have no ethics if one is a person, and impossible to have any if one is not, and thus no non-person is ever under any circumstances ethically equivalent to any person. Semantics, semantics. I read over this and immediately poke several holes in the logic. Ethics does not lend itself well to precise and unambiguous definition; it's a very subjective term. Let's try to agree on one thing: there is a dichotomy in the definition of ethics as including but not being limited to the law. The law, since it is defined externally, may be excluded from one's *personal* ethics unless one has made a conscious choice to follow said law and has not thereafter rescinded that choice. However, under such circumstances, the term "ethics" becomes so subjective as to be irrelevant -- in other words, a moot point. If your definition of ethics does not span more than yourself, then there is no commonality on which to base a reasonable discussion. If you would like to discuss the ethics of a situation, then we need some agreement on what those ethics are -- and if I reject the proposed ethics as invalid or unrealistic or just plain wrong, then there's very little hope of having any sort of meaningful dialogue about them. Is that an acceptable proposal? >even if it is legally equivalent. It's not. Current law ascribes certain theoretical human qualities to corporate entities which it quite patently does not have; in short, the preponderance of legislation surrounding corporate rights and responsibilities makes the tremendous error of expecting the lifeless and faceless legal entity of a corporation to have something roughly analogous to a conscience. In other words, the corporation is *supposed* to be legally equivalent to a person, but lacks the qualities such as judgment and accountability which make a law apply reasonably to an actual human being. As a result, the corporation -- by virtue (or vice) of its diffusion of liability, and thus responsibility -- enjoys some degree of operations "beyond the law" by merely invoking the quite obvious fact that the corporate entity is not a human being and does not respond to or display human sentiment. The law assumes someone will take responsibility for the corporation's actions. The corporation, in turn, sees to it that no clear target is presented through organisation of its board members and executives -- so where we have the myth of victimless crime, we also have the corollary myth of criminal-less crime. >I perceive this to be a >tremendous injustice, and as a consequence find it hard to disapprove of >*anything* that lessens the power of such an entity. I perceive this to be a tremendous injustice, as well, but I also find it hard to approve of anything that takes basic human rights away from others. A corporation, after all, *can* be run effectively and appropriately -- and its owners and stockholders can choose to be accountable for their actions. Likewise, they can choose not to be; but in either case, the basic rights of the corporate entity must not be abridged, lest we set a dangerous precedent. >[Below "I" am a hypothetical ethical hacker, and "you" are a hypothetical >media giant whose web page I have hacked or plan to hack] (Don't you hate having to add those disclaimers? Any reasonable person would know this intuitively -- but not all people are reasonable, so even when we try to have reasonable discussions between hopefully intelligent people, we have to assume someone who knows nothing whatsoever is reading them and drawing erroneous conclusions.) >None of these things are things that you have; they are things that you >*might* have. By messing with your web page, I might deprive you of >potential revenue. No, you *do* deprive me of potential revenue, and you *might* deprive me of actual revenue. You may deprive me of a million dollars, but all I can *show* is that you deprived me of X hours of service, during which I would normally receive Y number of hits, and web-based revenue for the past Z number of months shows that we have had N hits and made S dollars. So, S/N is how much every hit is worth, on the average, and multiplying it by Y gives us a dollar figure -- assuming current trends remain the same, that dollar figure is what you have cost me in real physical funds. That's a very small assumption. It is arguable that I cannot prove the average would remain the norm, and therefore I may have made less or no money during that period. It is arguable that *you* cannot prove the average would remain the norm, and therefore I may have made *more* money during that period. Since both proposals are reasonably syntactically equivalent, it is reasonable to assume their statistical probability is likewise equivalent. As a result, the average based on that statistical norm is the only reasonable estimate of the damages. It may have been more; it may have been less; but the likelihood of it being more is roughly the same as the likelihood of it being less. To be more accurate, we should take into account current statistical trends, as well -- time of day, day of week, week of month, month of year - -- where possible. The defendant should demand the raw data for appropriate analysis and verification of the results displayed. For example, if no order has ever been received during the same general sort of time block that the site was down (say Saturday morning from three AM to eleven PM), it can be reasonably argued that no sales losses were incurred and their inclusion in the loss statistics is unwarranted. Furthermore, if orders *were* placed during that time period when the site was subverted, it is reasonable that the value of those orders should be subtracted from the loss statistics, and perhaps that such loss statistics are entirely invalid because traffic on the site was not substantially impeded. >Forgive me if I am unmoved -- especially if my messing >with your web page was a reaction to your abuse of tremendous media power Contrary to popular belief, people have no inherent right to power. Power must be acquired through effort, and if you lack such power, you may not demand that my own power be taken away because of your own lack. This is the basis of capitalism, really. Power is a commodity, and it is traded like everything else. You can buy it, sell it, barter it, give it away, steal it, destroy it, and even manufacture it out of whole cloth. It's very much like data, now that I think about it. Interesting corollaries arise. You may have it, and no one can see how much you have or what its quality is until you use it; when you do, it may not be observed directly, but only by considering its effects. As a result, it is easy to ascribe strength to it when a great effect arises, and weakness when a lesser or contradictory effect arises -- but it is never entirely clear whether the effect was caused only as a result of it, or that only that effect resulted. >As for your comment on security: if you're a clueful admin, you should be >able to tell good instructions from bad. There's a tremendous shortage of clueful admins, for three reasons I can immediately recognise. 1. Modern servers and networks take much less effort and skill to run on a daily basis. It is neither cost-effective nor necessary to employ a pack of seasoned systems experts to perform the day-to-day tasks of running a network, and it would be far better on an enterprise-wide scale to put those people into a position that generates revenue much more directly, like programming and R&D. 2. The managers hiring these admins generally don't know a network from a hole in the ground, and can be easily fooled. (Many of them can't tell a network from their ass, either, which leads to great consternation when they try to connect the RJ45 cable.) If you reflect on the people you've met who are corporate network administrators, you'll probably find a distressingly large number of idiots that no halfway intelligent technical manager should ever have hired. The first network I ever ran, I understood only on the most basic of levels; I told people so many things that were not only untrue but patently *impossible*, it continues to embarrass me to this day. 3. Network administration is one of the most mind-numbingly dull jobs on the planet, and most clueful people detest being bored. So the sort of people who would be good choices to run your network are exactly the kind of people who would absolutely hate doing it, and people who hate their jobs don't tend to perform their assigned duties very well. (There are people in the world who love network administration, but I don't understand them and suspect the cheese fell off their crackers a long time ago.) >["You" above means "person X", not Caliban Tiresias Darklock.] More disclaimers. Man, our society sucks. :) >Once again, I would lose no sleep and shed no tears if someone replaced a >Nike billboard with one protesting their labor policies, or blocked the >entrance to NikeTown, etc. Both of these things would cost Nike on paper; >"big deal", sez li'l old me. I wouldn't care either, to be honest, BUT if I paid for a billboard and some asshole in a hat blocked it, I would want my damn money back. And if it's okay for you to do it to Nike, then it would be okay to do it to me, and I don't accept that. The problem with freedom is that people are very happy to demand the right to do what they want to someone else, but are rarely happy to let someone else do it to them. If we allow one corporation to own another corporation, then we must allow any corporation to own another corporation. If we allow people to do something to one corporation, we must allow them to do it to any corporation. I have always firmly believed that fines and damages should be percentages and not absolutes. If breaking law X means a five thousand dollar fine, then Bob down the street won't do it, but some rich asshole in Palm Beach will just laugh. If it means a five percent fine, then Bob with his four thousand dollar net worth would get smacked with a pretty hefty 200 bucks and decide not to do it. The rich asshole in Palm Beach looks at his ten million dollars, and would get smacked with a half million dollar fine, so he doesn't do it either. Likewise, a small business with an average income of a hundred thousand bucks should be able to cry foul at someone who costs them two and a half grand. Microsoft, on the other hand, should be laughed out of court for whining about anything less than a couple million dollars. Loss is relative. >And I stipulate that there's little practical difference between a bunch >of people standing in front of a billboard holding a giant sign of protest >and actually replacing the billboard with said sign. Either way, you're >subverting their ad space to your own, contrary ends. Hmmmm. You know, that seems like it should be illegal, but I can't come up with any reasonable definition of why other than the matter of property and trespassing... and billboards tend to be along the sides of highways, so you could theoretically stay ON the highway and block the sign. Provided you aren't hitchhiking, chances are that comes under freedom of assembly. >% HFG has a *right* to get their own web site, on which they can say whatever >% they want whenever they want. The NYT's right to have a web site does not >% by any definition outweigh that. The NYT's right to have a web page on the >% NYT web site, however, most definitely DOES outweigh anyone else's right to >% have a web page on the NYT web site. > >Legalistically yes, but I've argued above that the ethical case is >different. You're arguing for community property and lack of personal ownership? I'm sorry, man, I can't get behind that. I have nice shit, and I like my nice shit, and I want that nice shit to stay mine. If you want nice shit, then you can go out and bust your ass like I did to make the kind of money you need to buy nice shit. I don't want to turn this into a capitalism/communism argument, because that's nonproductive. Both are extremes, neither works, you need to sit somewhere on the socialism continuum between the two. We're evidently pretty far apart on this, but that's okay. There's certainly room for that. What it really comes down to is that I want my stuff to be mine, and in order to expect that I have to let your stuff be yours. In fact, it's also important -- since I do have some nice stuff -- that I let some of *my* stuff be *ours*, too. That way, when *you* have some nice stuff, you'll probably be more inclined to share. Then there will be mine and yours and ours, and we all get along happily. Now, the corporate mindset is different. Corporations don't generally go in for that mine, yours, and ours thing. Corporations tend to take the position that there is MINE and NOT-MINE. MINE is good. NOT-MINE is bad. When something is NOT-MINE, that thing is bad, and it must be made good or else it must be destroyed. So when the corporation sees NOT-MINE, it tries to make it MINE, and failing that it attempts to destroy it. That's a hard thing to regulate. >Agreed: their implementation of the idea of protest was bad. Others >should not do things the way they did. BUT that is not a case against web >page hacks in general; just against ones that stroke someone's ego rather >than getting the message out. I don't care what they said or how they said it, what they *did* was stupid. No matter how brilliant my discourse, I should not deliver it in a public library with a megaphone; it annoys everyone else and will cause me nothing but trouble. >I still maintain that humiliation of those >who abuse power is a Good Thing regardless of the law, and that HFG's >action in particular was simply a good idea poorly executed. If the idea was to say something meaningful, then you're right. If the idea was to hack a web site, it was a *bad* idea poorly executed. - ----------------------------------------------------------------------- Caliban Tiresias Darklock | "I'm not sorry or Darklock Communications | ashamed of who I PGP Key AD21EE50 at | really am." FREE KEVIN MITNICK! | - Charles Manson ------------------------------ End of mitnick-digest V1 #164 *****************************