

Boston College Campus Police: "Using Prompt Commands" May Be a Sign of Criminal Activity - vang3lis
http://www.eff.org/deeplinks/2009/04/boston-college-prompt-commands-are-suspicious

======
frisco
Has anyone actually read the warrant application? The allegations were made by
a close acquaintance of the accused who directly observed him changing grades
for students and cracking into other systems; the emails in question were
traced back to the accused's hostname.

The EFF article completely mischaracterizes a 90% legitimate warrant.

<http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-A.pdf>

~~~
mindslight
Changing grades is basically the _only_ possible crime listed in that warrant,
everything else listed is a civil matter at best, and mostly scaremongering
due to his technical abilities.

>> _he has "fixed" computers so that they cannot be scanned by any system for
detection of illegal downloads and illegal internet use, "jail breaks" cell
phones, possibly stolen ones, for people so that the phones can be used on
networks other than they are meant for_

He expects full control over his property and doesn't just do what he's told?
We're obviously dealing with a loose cannon here!

~~~
CaptainMorgan
Indeed.. but if grades were actually changed, I think the IT Director of
Security at BC (mentioned in the warrant) would've stated or advised that they
were changed. Yet, he only advises and assists the detective with regard to
the subject of mass emailing. And even this I question- it appears as if they
don't understand the point of a mailing-list... like they don't understand the
reasoning behind email propagation to a list- duh, this is how it happens.
That's the purpose of a mailing list- so that those that are subscribed
receive the content therein (content to be argued about separately) What's
shady is that given this is a warrant application, a number is not even
approximated at for the amount of emails supposedly sent - they only use the
term "mass email" and in some cases they use the singular version, "the email"
referring to originate from his machine. All they prove is that they can trace
an email- big whoop, nothing a log file can't show them.

LOL - saw your edit; how dare he want to actually own his property! :) I'd
argue that the governing body that wishes to achieve the goal of nothing else
(where a crime was not committed) but scanning his computer, is conducting an
illegal act!

------
chaosmachine
I learned the hard way back in high school: Don't let anyone see you using a
command prompt because the next time something gets hacked, you will be
suspect number one.

It's sad to see nothing has changed since the 90s.

~~~
warfangle
Back in college, we were required to take an introduction to computers course
- no way to test out of it. It involved labs like, "create a folder with two
text files in it." I spent the time configuring a new debian server via ssh.

When the teacher caught a glimpse of PuTTY: "OH! You know DOS??!"

------
blahblahblah
"In his application, the investigating officer asked that he be permitted to
seize the student's computers and other personal AFFECTS because they might
yield evidence of the crimes"

Wow! In addition to his computers, the police also seized the student's
emotional states (presumably to search for evidence of thoughtcrime).

------
CaptainMorgan
This warrant almost seems like a disguise for something bigger, something to
use to make an example of this kid. There's talk about illegally downloaded
content; movies, music, etc. But even copyright is still a touchy subject in
the eyes of the law... and, the basis of the case is around "Fraud".

We all know the state of affairs with copyright and stealing things like
movies and holding a cache of them... But ultimately, peer to peer sharing is
not much different than going to your friends house, popping in a DVD you
brought(and bought) so that you all could enjoy the entertainment experience.
None of this should give the police the right to seize your TV, DVD player,
entertainment system, detain you and your parties, couches, and popcorn since
you were hacking with your microwave. The significant difference is that you
cross the line when you make copies of your content and then try to sell it
for a profit.

Later, it states that the suspect was traced back to the origins of the emails
sent from the BC server and elaborates further about how uncommon Ubuntu Linux
is in Gabelli hall and not to mention, the BC network. In the way it was
mentioned, it implies that Linux was used as the foundation for an attack-
Since the police have based their case on accusations, maybe those at Ubuntu
should sue for defamation of character. I'm sure Mac users are feeling left
out right about now.

------
pg
It's kind of odd to see the EFF using such linkbait tactics. The comments on
this thread are much more informative than the article.

~~~
CaptainMorgan
Hmm.. maybe this is what greendestiny was getting at and for that I completely
agree, on both accounts.

------
jrockway
Two words for this guy: encrypted filesystem. If you don't want to testify
against youself in court, you shouldn't let your computers do it either.

~~~
ecuzzillo
What happens if the court subpoenas the contents of the filesystem? If you
don't supply the key, don't you go to jail?

~~~
CaptainMorgan
There are some filesystem/full-disk encryption programs that claim they can
get around this. Apparently (I've never used it), if one is required to
provide the adversary or authorities with the passphrase, they only get so far
- into the virtual disk, which then presents the illusion that there is
nothing else on the disk, further claiming their product makes it literally
impossible for them to detect the real contents of the partition... I'd name
one of the programs here but I'm generally uncomfortable with listing links to
products in forums like this- it's almost spammy like (it's a popular utility
and came up when searched for hard drive encryption).

~~~
eru
Yes, plausible deniability is possible. Look at Off-the-record messaging
(<http://en.wikipedia.org/wiki/Off-the-Record_Messaging>) for an example.
Cipher texts is these system can be decrypted to anything you like --- not
only the real plain text.

------
Anon84
_Driving a car in the vicinity of a Bank may be a sign of criminal activity_

Fortunately, that is not the case in 99.99% of times.

~~~
tokenadult
I actually had a police car drive up to my car when my wife and I were resting
during an evening cross-country road trip in what happened to be a bank
parking lot. The local police did think it was suspicious for a car with out-
of-state plates to be be parked near a bank after banking hours. But we just
explained that we had been driving for a long time on the nearby Interstate in
very bad weather, and were too tired to drive farther until we rested for a
while. No big deal, but an illustration of one kind of innocent behavior that
can look suspicious.

~~~
something
let's also point out that in this example, the police did exactly their job.

had they seized your car and belongings...

~~~
ja27
Well, if the bank robbers had left a note with their name and address on it,
they would have been justified.

D-bag kid's forged emails were traced back to his IP address, which then led
to his SMB name and MAC address. It'll be hard to get out of that.

Plus, unless I'm mixing up the censor squares, it's his roommate that made the
accusation in the first place.

So it's not really like they just picked on a random kid with bash skills.

~~~
spoondan
Is sending a forged e-mail accusing your roommate of being gay illegal? It
sounds juvenile and malicious. But I don't see how it's a crime.

Anyway, you've misread the warrant application. The forged e-mails were
tracked to a dynamic IP address. They searched for anyone else using the same
computer name ("bootleg-laptop"), and found that the accused had used the same
computer name _but NOT the same MAC address_ six months earlier. They
connected the accused to the e-mail by saying that he accessed the same gay
social networking site referenced in the forged e-mail before the e-mail was
sent, and that the accused and the person who sent the forged e-mails both use
Linux.

Anyway, the accused was only targeted because he got into a fight with his
roommate, and his overbearing roommate ran off and made crazy accusations
about this guy hacking into the grading system. They evidently didn't find
anything to support that accusation, so they went after him for this stunt.

~~~
kragen
_Is sending a forged e-mail accusing your roommate of being gay illegal? It
sounds juvenile and malicious. But I don't see how it's a crime._

Yes, given that we live in a society where many people think homosexual
behavior is grossly immoral, that's prima facie defamation.

~~~
billswift
No it is not illegal. Defamation, even if it exists, which in this case looks
pretty doubtful, is a civil tort.

~~~
kragen
You're right that defamation is generally a civil tort and not a crime
(generally, that is, in the US; I don't know about the jurisdiction in
question), and so the police should not have been involved. Thanks!

------
dagobart
We should have an incompetency-of-the-day world map. Just to point out the
more numb places. Or where not to go to.

~~~
jdale27
Yeah, like Boston, "the intellectual capital of the US and probably the
world."

\-- <http://www.paulgraham.com/revolution.html>

------
hotshothenry
BC is my alumamater, good thing they didn't have this policy when I was there

------
tlrobinson
Just like using a kitchen knife may be a sign that you're about to stab
someone?

------
sown
I hate this planet.

------
tiffani_
This stinks of the stereotypical hacker image people get overdoses of on tv.
Pretttttty sad. :\

------
_pius
Wow, not too bright are they?

