
Georgia Tech Student Indicted in UGA Hack - dsugarman
http://www.nytimes.com/aponline/2014/12/30/us/ap-us-georgia-website-hack.html?_r=0
======
Xcelerate
It's kind of ridiculous. He only posted a silly little phrase on their
website.

I do not support crimes of any sort, but much like illegally downloading
music, selecting particular people to make "examples" of with over-the-top
punishments is immoral. The punishment does not fit the crime here at all.

On another note, as a GT alumni, I find his prank absolutely hilarious. There
is also a tradition at Georgia Tech of stealing a "T" off the top of the main
administration building. These "T"s are massive; I believe they weigh close to
200 pounds. How anyone manages to scale a building and pull one down is beyond
me. Especially with all the pressure sensitive equipment they have up there
nowadays. The tradition is supposedly banned since someone can get hurt, but a
guy managed to pull it off last year, and the whole school thought it was
fantastic.

~~~
rjbwork
Hell, as a Georgia Alumni, I think it's hilarious!

I'm surprised a GT student was so careless TBH. Tor + an anonymous proxy if
you're gonna be futzing around in someone else's network, even if you don't
intend to cause any tangible damage!

~~~
lloyddobbler
Interestingly enough, it may not even have been as complicated as that.

According to one Reddit commenter, the UGA calendar is left wide open for
submissions - and in some cases, posts may be under minimal (if any) review.
So it may be that he simply found the wide open URL, filled out a form, and
hit 'submit'.

[http://www.reddit.com/r/gatech/comments/2quflw/georgia_tech_...](http://www.reddit.com/r/gatech/comments/2quflw/georgia_tech_student_indicted_for_uga_website_hack/cna5jjz)

Seems like that would be fair game without using Tor or some other proxy -
since there are no terms or conditions of use mentioned on the form, seems
like it's open to anyone to post. But who's to say?

~~~
CodeWriter23
So UGA's theory is he was trespassing because that wide open system is only
intended for use by UGA Students, Faculty, etc? Seems flimsy to me.

------
lawnchair_larry
I can't believe some of the comments I'm reading here on _hacker news_ in
response to this.

Yeah, society would have been much better off with the likes of Robert Morris
Jr, Steve Wozniak, and Richard Feynman behind bars. We should not tolerate
such criminals.

Be careful who you erase from history over something so damned ridiculous.

Relevant: [http://paulgraham.com/gba.html](http://paulgraham.com/gba.html)

------
rayiner
Word of warning: Georgia has harsh and poorly-written criminal laws. I'm a
Georgia Tech alum, but I'm glad I got out of that state:
[http://law.justia.com/codes/georgia/2010/title-16/chapter-9/...](http://law.justia.com/codes/georgia/2010/title-16/chapter-9/article-6/part-1/16-9-93).

The definition of "computer trespass" isn't unreasonable. It should be illegal
to break into a site and deface it, just as it should be illegal to walk into
someone's house and put up a poster. People need to respect boundaries.

What's insane is that there's no gradations based on the seriousness of the
conduct. Any crime punishable by a year or more in prison is a felony, and
"computer trespass" is punishable by up to 15, even if the sentence is
ultimately a slap on the wrist. In contrast, the meat-space equivalent of
criminal trespass is a misdemeanor as long as any property damage is under
$500:
[http://law.onecle.com/georgia/16/16-7-21.html](http://law.onecle.com/georgia/16/16-7-21.html).
For more serious property damage, there is a separate statute, with different
degrees of severity.

~~~
boracay
We'll have stupid laws as long as people who doesn't understand technology
continue with those stupid analogy. Guess what, maybe defacing a calendar in
the digital world is quite similar to, wait for it, defacing a calendar in the
real world. No one is walking into anyone's home.

~~~
rayiner
Tech people think the problem is analogizing to the real world, because they
see computer crimes as less serious than meat-space ones. But ordinary people
see computer crimes as worse than analogous meat-space ones. The analogizing
helps, not hurts. If you walked into someone's office (and a server can easily
be as sensitive as someone's office or someone's desk), and just defaced their
calendar, you'd be hit with a misdemeanor, under the corresponding Georgia
law.

------
siegecraft
This crime is about as serious as 1\. walk into a building on campus that
anyone could walk into since it's not a closed campus 2\. write your message
on a whiteboard calendar. Not even a permanent calendar, since the calendar is
digital, it can be erased as easily as a whiteboard.

------
sciurus
Here's the coverage as the story developed over the last two months:

[http://onlineathens.com/sports/college-
sports/2014-11-28/uga...](http://onlineathens.com/sports/college-
sports/2014-11-28/uga-website-hacked-pro-georgia-tech-sentiments)

[http://onlineathens.com/local-news/2014-12-03/uga-
continuing...](http://onlineathens.com/local-news/2014-12-03/uga-continuing-
probe-hacking-schools-main-website)

[http://onlineathens.com/sports/college-
sports/2014-12-30/geo...](http://onlineathens.com/sports/college-
sports/2014-12-30/georgia-tech-student-indicted-uga-website-hack)

[http://onlineathens.com/uga/2015-01-02/crowdfunding-cover-
ug...](http://onlineathens.com/uga/2015-01-02/crowdfunding-cover-uga-hackers-
legal-fees)

------
CodeWriter23
I remember when I was a kid, Caltech students would occasionally hack the
scoreboard during The Rose Bowl to change the team names to "Caltech" and
"MIT". People would laugh. The thought of an arrest never occurred to anyone.

~~~
stdgy
The CalTech and MIT pranks are legendary, and generally go well above and
beyond what was demonstrated in this situation.

The prosecution of this 'offense' is simply absurd.

~~~
NickNameNick
There's a pretty good archive of MIT pranks at

[http://hacks.mit.edu/by_year/](http://hacks.mit.edu/by_year/)

------
ajju
Here is a defense fund for him:
[http://www.gofundme.com/ji4xh4](http://www.gofundme.com/ji4xh4)

All proceeds not used go to UGA and GT equally

(disclaimer: I went to GT and think this is a ridiculous indictment but am not
affiliated with the gofundme site or Ryan)

~~~
EpicDavi
Some of the comments on that gofundme are horrid. Some include laughing at and
taunting him, saying that he deserved it.

~~~
beedogs
There are a lot of horrible, unthinking, authoritarian people out there who
think folks need to be punished well out of proportion to their crime in order
to "teach them a lesson".

------
krambs
I suppose this is the 21st century equivalent of TPing houses or stealing the
mascot. Unfortunately for this dude it's also a felony, apparently. (Though I
have to imagine they will let him plead to something lesser.)

~~~
yourad_io
> I suppose this is the 21st century equivalent of TPing houses or stealing
> the mascot.

Though, literally speaking, both of these require more cleanup than this
"hack". TP-ing requires someone to clean up, and stealing the mascot requires
investigation+recovery, or re-issuing.

This is e-graffiti prosecuted as cyber-war/terror/...

------
yourad_io
I'm reminded of this[1], that I dug up from my threads here on HN:

 _> This sad, sick notion that hackers are terrorist enemy #1 and this is the
most important thing governments should be working on is, like this movie will
probably be, shitty fiction, a self-fulfilling prophecy perpetuated by
Hollywood in movies like War Games that make it look like we're all going to
be nuked thousands of times if we don't stop the Hacker menace. Help me change
the media's perception of hacking before we start throwing more whistleblowers
and e-graffiti artists in prison._

"e-graffiti artists" resonated with me as a phrase, and I think this is
exactly such a case.

I hope his prosecutors do their jobs within reason[2]...

[1]
[https://news.ycombinator.com/item?id=8776527](https://news.ycombinator.com/item?id=8776527)

[2] Unlike, say, Aaron's :/

------
j2kun
I suppose that's the priority as far as indictment goes in this country.

------
mcmancini
Is this actually only about the calendar entry, or is there more to the
complaint? From a separate article at Online Athens
([http://onlineathens.com/local-news/2014-12-03/uga-
continuing...](http://onlineathens.com/local-news/2014-12-03/uga-continuing-
probe-hacking-schools-main-website)):

>Elsewhere in UGA’s digital realm last week, the career center was hacked with
fake Internet addresses. The Internet address walmartacademy.com directed
people to the University of Georgia’s main website, and the address
ugagrads.com directed people to McDonald’s online career page.

~~~
aaronharnly
I couldn't find much other coverage of it, but from this other article[1], it
really does look like the other "hack" consisted of buying some domain names
and posting them to Twitter.

[1] [http://m.bleacherreport.com/articles/2282874-georgia-tech-
fa...](http://m.bleacherreport.com/articles/2282874-georgia-tech-fans-hack-
uga-website-update-team-schedule-with-a-kicking)

~~~
loarabia
Looking at the whois for ugagrads.com its not the same person and already
existed. So he didn't even buy them.

------
niels_olson
When I was a freshman at the Naval Academy, for Army-Navy week, we got access
to the Pentagon and posted xeroxed Go Navy Beat Army signs all over the place.
My buddy and I posted them square on the huge Army emblem outside the Chief of
Staff's office. We slipped them under doors with big combo locks on them,
which in retrospect probably led to quite a few SCIFs.

We probably walked every ring and level before we hailed a security guard to
find our way out. His eyes were big as saucers and he said "The Secretary said
you're not supposed to be here." Turns out we were the last ones out by quite
a bit.

The Superintendent made it the centerpiece of the Pep rally the next night:
"You know, admirals don't generally like to get phone calls from SecDef in the
middle of the night, but what am I going to say? Go Navy, Sir!"

I wonder what would happen today?

------
cafard
There is or was a patch on the University of Denver's University Hall, said to
derive from a long-ago football rivalry with Colorado School of Mines.
Students of mining engineering learn to handle dynamite, you see. Nobody was
injured and nobody that I know of ever charged. Things were taken more calmly
100 years ago.

------
brador
Did he simply log in with another users password he guessed/found/user failed
to log out or did he hack the server?

In my opinion, a) is not a serious crime, b) is.

~~~
eli
Why is hacking a server worse than stealing a password?

~~~
sliverstorm
We could try to draw parallels to physical law.

Hacking = breaking and entering

Sitting down at someone's logged-in computer = unlawful entry (not forceful
entry)

~~~
DanBC
The difference to the victim between unlawful entry and B&E is the amount of
work needed to make the property secure afterwards.

In theory a sysadmin could claim hours of work after someone sat down at a
logged-in computer or someone "hacked" entry. That admin might want to check
for privalidge escalation an back doors.

(I think this indictment is bullshit and I hope he is found not guilty or has
a token punishment. A federal convictions seems weirdly harsh. Cruel and
unusual -especially with the subsequent consequences- for the crime.)

~~~
sliverstorm
I thought B&E was a bigger crime because of the intentional use of force?
Demonstrating a greater criminal intent, or something like that. Popping a
window lock with a credit card causes no damage, but it's still B&E.

Also think the indictment is bullshit.

~~~
Karunamon
If I recall right, the "breaking" part can be interpreted as broadly as
pushing open a closed (but unlocked) door.

That's the letter of the law, but I sincerely doubt that was the spirit..

~~~
SixSigma
In UK law, simply opening an unlocked door and going inside is not a crime.
You can come home to me sat on your sofa and all you can do is ask me to leave
by the nearest exit (though if I refuse, you can use reasonable force to
remove me).

------
NN88
How'd he get caught?

------
iamcreasy
Is there any details about how he did it?

