Why are we cheering for this? I'm strongly in favor of EFF, Doctorow, and others to shed light on what they did, but this the electronic equivalent of covering a building with paint of a group you don't like.
The people left to fix it/clean it up had nothing to do with it, and it does nothing to help those trying to break the system via legitimate means.
Come on HN, stop cheering for these events.
If they have backup (it's MIT.. I don't doubt they do have backup) it's probably clean in less than 15 minutes.
Now they also need to fix the security issue. It's more like I know your door is broken but I use that problem to talk about another problem. Will that make you work more? Maybe yeah because you will have to fix that door NOW but in the same time, the same is true if I told only you, you would still need to fix it now because it can be a HUGE danger for you.
An adult (Aaron) who was NOT affiliated with the University, broke the law using MIT's network. MIT suffered damages because of his actions (temporary loss of access to JSTOR), and moved to stop his activity. Because his activity was criminal, he was arrested.
Now his father blames MIT and the prosecuting attorney apparently almost entirely for the death of his son. How about when he, as a father, understood the fragility of his son's condition and didn't do more to encourage him to perform his activism without breaking as many laws? You know, so as not to put himself in a position where he might be faced with jail time? How about the father getting him serious psych help so that he could understand that 3 months in jail wouldn't be the end of the world, even for someone with Crohn's disease, and if anything, serving time would add to his status as a hacker activist?
NOPE, never a mention of that, only slinging hate and blame at MIT for not assuming the position of legal defender of someone who was never a student.
I genuinely wish that MIT had done more for Aaron, but blaming the University for Aaron's suicide is ludicrous. Absolutely ridiculous.
One final thought. The dad says "Bob reasons that MIT chose not to cross Heymann so as not to alienate the New England Electronic Crimes Task Force—or endanger its federal grants".
WELL! How dare MIT not endanger it's lifeblood of federal grants by intervening on an unaffiliated adult's behalf!
MIT's behavior was fine in foresight. In hindsight they may have had better options. The DOJ charges were not ridiculous. Again, in hindsight, had they known they were dealing with an unusually fragile person with a defective personal support network, they should have toned things down a little.
See Orin Kerr's detailed look at the charges and the possible sentences at .
If he opted for a plea bargain, he was looking at 3 months.
I myself found that a server I managed had been exploited via Roundcube a few years ago and saw that the domain http://esi.mit.edu/, running on Drupal or something then, had been hacked by the same people (tracked back the source via the Apache HTTP logs, came from a Drupal instance that had been hacked) - links to bad websites could be found hidden in the source code to presumably improve their Google ranking. I notified ESI and they took it down.
I can't imagine that with the number of subdomains MIT has that this could have been all that difficult or noteworthy.
This is the same domain that Anonymous hacked last year.