

NSA.gov Site Defacement - Prefect
http://praetorianprefect.com/archives/2009/10/nsa-gov-site-defacement/

======
3pt14159
Trivial SQL injections aside, the proper way to handle a hack/exploit/crack is
the way my very close friend handled it. He used a google hack back when they
were cool to take control of the CIA's video cameras for their parking lots.
(default password to the cameras was 4321 or something similar) He sent an
encrypted email to the CIA's public facing email address. He described how he
did what he did and described how they could rectify the problem. 1 or 2
months later an offer of employment (to a Canadian!) arrived at his doorstep.

Defacement of a public portion of the NSA's site is just going to land you in
a world of hurt, even if you are in a far off country.

~~~
tsally
_1 or 2 months later an offer of employment (to a Canadian!) arrived at his
doorstep._

This is a standard way to catch people who do this type of stuff. Once he sets
foot on American soil, he would be arrested. You actually have to be pretty
dense to fall for it. ~99% of employment at the CIA requires some form of
security clearance, which in turn requires you to be a US citizen.

~~~
viraptor
While I see the point, I'm not sure I believe you that easily. Not all
clearance forms require you to be a citizen (besides there must be some way to
cooperate with companies from other countries). Why are you sure he would get
arrested? Has there been a documented case of something like that happening
before? Isn't the offer of employment an official document that's legally
forcing to hire someone if they accept? (not sure how do those work in US)

What you wrote is just a bit unlikely. If US can force a UK citizen and a
"hacker" (NASA case) to be transported to US for the trial even after many
appeals, why would it be a problem with Canada?

~~~
tsally
Here's a case of Valve coordinating with the FBI, attempting to do what I
described: [http://gadgets.boingboing.net/2008/11/13/the-job-is-a-lie-
va...](http://gadgets.boingboing.net/2008/11/13/the-job-is-a-lie-val.html). As
for why extradition is not used, the lure is far quicker and much cheaper. The
hacker you mention is a perfect example. "The order to extradite McKinnon was
approved by the U.K. government in July 2006, but his legal team continued to
challenge the order, holding up his transfer." [1] That's over three years
ago. That's just when the approval went through mind you. He was _indicted_ in
the US in _2002_.

Also, I'm fairly certain you are incorrect about security clearances (at least
for Confidential, Secret, and Top Secret). Even dual citizens have to shred
their extra passport and renounce their additional citizenship. The FBI
website mentions that for Top Secret, citizenship is verified through
investigation: "For a Top Secret security clearance, the background
investigation includes additional record checks which can verify
citizenship...." [2] If you're working at an intelligence agency like the CIA,
Top Secret is pretty much required.

[1]
[http://www.pcworld.com/article/173397/uks_high_court_rejects...](http://www.pcworld.com/article/173397/uks_high_court_rejects_appeal_for_ufo_hacker.html)

[2] <http://www.fbi.gov/clearance/securityclearance.htm>

------
Shamiq
It happens.

~~~
bfung
It shouldn't.

