It's kind of ridiculous. He only posted a silly little phrase on their website.
I do not support crimes of any sort, but much like illegally downloading music, selecting particular people to make "examples" of with over-the-top punishments is immoral. The punishment does not fit the crime here at all.
On another note, as a GT alumni, I find his prank absolutely hilarious. There is also a tradition at Georgia Tech of stealing a "T" off the top of the main administration building. These "T"s are massive; I believe they weigh close to 200 pounds. How anyone manages to scale a building and pull one down is beyond me. Especially with all the pressure sensitive equipment they have up there nowadays. The tradition is supposedly banned since someone can get hurt, but a guy managed to pull it off last year, and the whole school thought it was fantastic.
Hell, as a Georgia Alumni, I think it's hilarious!
I'm surprised a GT student was so careless TBH. Tor + an anonymous proxy if you're gonna be futzing around in someone else's network, even if you don't intend to cause any tangible damage!
Interestingly enough, it may not even have been as complicated as that.
According to one Reddit commenter, the UGA calendar is left wide open for submissions - and in some cases, posts may be under minimal (if any) review. So it may be that he simply found the wide open URL, filled out a form, and hit 'submit'.
Seems like that would be fair game without using Tor or some other proxy - since there are no terms or conditions of use mentioned on the form, seems like it's open to anyone to post. But who's to say?
So use Tor from someplace that won't be able to tell that you were one of a few people accessing Tor at that moment. Just go to a coffee shop or something.
Technically it'd be fine, there wouldn't be any direct evidence... but using a VPN on campus at the same time a bomb threat comes in through Tor could be enough to draw some suspicion. For something like this though I don't think they'd dig that deep.
I sat next to a guy at a bar after that happened(worked for the company that was going to put it back up, I think) and he said the guy who got it down just unbolted it and used some rope to lower it down. Didn't seem very complex.
He then put it in his own truck and drove off, so he was pretty quickly caught.
I can't believe some of the comments I'm reading here on hacker news in response to this.
Yeah, society would have been much better off with the likes of Robert Morris Jr, Steve Wozniak, and Richard Feynman behind bars. We should not tolerate such criminals.
Be careful who you erase from history over something so damned ridiculous.
The definition of "computer trespass" isn't unreasonable. It should be illegal to break into a site and deface it, just as it should be illegal to walk into someone's house and put up a poster. People need to respect boundaries.
What's insane is that there's no gradations based on the seriousness of the conduct. Any crime punishable by a year or more in prison is a felony, and "computer trespass" is punishable by up to 15, even if the sentence is ultimately a slap on the wrist. In contrast, the meat-space equivalent of criminal trespass is a misdemeanor as long as any property damage is under $500: http://law.onecle.com/georgia/16/16-7-21.html. For more serious property damage, there is a separate statute, with different degrees of severity.
We'll have stupid laws as long as people who doesn't understand technology continue with those stupid analogy. Guess what, maybe defacing a calendar in the digital world is quite similar to, wait for it, defacing a calendar in the real world. No one is walking into anyone's home.
Tech people think the problem is analogizing to the real world, because they see computer crimes as less serious than meat-space ones. But ordinary people see computer crimes as worse than analogous meat-space ones. The analogizing helps, not hurts. If you walked into someone's office (and a server can easily be as sensitive as someone's office or someone's desk), and just defaced their calendar, you'd be hit with a misdemeanor, under the corresponding Georgia law.
His post on the UGA website did not endanger anyone, did not incite riots or violence. It inconvenienced whoever had to fix it and it poked fun at the football team.
This would be like charging someone with grand larceny if they found a quarter on campus and put it in their pocket.
This crime is about as serious as
1. walk into a building on campus that anyone could walk into since it's not a closed campus
2. write your message on a whiteboard calendar. Not even a permanent calendar, since the calendar is digital, it can be erased as easily as a whiteboard.
I remember when I was a kid, Caltech students would occasionally hack the scoreboard during The Rose Bowl to change the team names to "Caltech" and "MIT". People would laugh. The thought of an arrest never occurred to anyone.
One of my favorites, there once was a bank called Union Bank in Pasadena. It had a big neon sign that read "UNION BANK" at the top of their building. Apparently a Caltech student was up in one of the unlocked maintenance rooms and figured out the nine giant switches correlated to the letters and changed the sign to read "ION BAN". Nihilism in its purest form.
There are a lot of horrible, unthinking, authoritarian people out there who think folks need to be punished well out of proportion to their crime in order to "teach them a lesson".
I suppose this is the 21st century equivalent of TPing houses or stealing the mascot. Unfortunately for this dude it's also a felony, apparently. (Though I have to imagine they will let him plead to something lesser.)
> I suppose this is the 21st century equivalent of TPing houses or stealing the mascot.
Though, literally speaking, both of these require more cleanup than this "hack". TP-ing requires someone to clean up, and stealing the mascot requires investigation+recovery, or re-issuing.
This is e-graffiti prosecuted as cyber-war/terror/...
I'm reminded of this[1], that I dug up from my threads here on HN:
> This sad, sick notion that hackers are terrorist enemy #1 and this is the most important thing governments should be working on is, like this movie will probably be, shitty fiction, a self-fulfilling prophecy perpetuated by Hollywood in movies like War Games that make it look like we're all going to be nuked thousands of times if we don't stop the Hacker menace. Help me change the media's perception of hacking before we start throwing more whistleblowers and e-graffiti artists in prison.
"e-graffiti artists" resonated with me as a phrase, and I think this is exactly such a case.
I hope his prosecutors do their jobs within reason[2]...
>Elsewhere in UGA’s digital realm last week, the career center was hacked with fake Internet addresses. The Internet address walmartacademy.com directed people to the University of Georgia’s main website, and the address ugagrads.com directed people to McDonald’s online career page.
I couldn't find much other coverage of it, but from this other article[1], it really does look like the other "hack" consisted of buying some domain names and posting them to Twitter.
When I was a freshman at the Naval Academy, for Army-Navy week, we got access to the Pentagon and posted xeroxed Go Navy Beat Army signs all over the place. My buddy and I posted them square on the huge Army emblem outside the Chief of Staff's office. We slipped them under doors with big combo locks on them, which in retrospect probably led to quite a few SCIFs.
We probably walked every ring and level before we hailed a security guard to find our way out. His eyes were big as saucers and he said "The Secretary said you're not supposed to be here." Turns out we were the last ones out by quite a bit.
The Superintendent made it the centerpiece of the Pep rally the next night: "You know, admirals don't generally like to get phone calls from SecDef in the middle of the night, but what am I going to say? Go Navy, Sir!"
There is or was a patch on the University of Denver's University Hall, said to derive from a long-ago football rivalry with Colorado School of Mines. Students of mining engineering learn to handle dynamite, you see. Nobody was injured and nobody that I know of ever charged. Things were taken more calmly 100 years ago.
Every time I hear someone talk about hacking, I have to pause and remind myself that most people who use the term really don't know what they mean by it.
It's like of like asking if he "nebulously computer crimed" the server, which the police seem to think he did, and most unfortunately is about as specific as the laws on it get.
The difference to the victim between unlawful entry and B&E is the amount of work needed to make the property secure afterwards.
In theory a sysadmin could claim hours of work after someone sat down at a logged-in computer or someone "hacked" entry. That admin might want to check for privalidge escalation an back doors.
(I think this indictment is bullshit and I hope he is found not guilty or has a token punishment. A federal convictions seems weirdly harsh. Cruel and unusual -especially with the subsequent consequences- for the crime.)
I thought B&E was a bigger crime because of the intentional use of force? Demonstrating a greater criminal intent, or something like that. Popping a window lock with a credit card causes no damage, but it's still B&E.
Actually, you're both wrong. The real significant legal distinction is usually between criminal trespass and burglary (also known as "breaking and entering"), where the latter involves entry with intent to commit some other crime beyond illegal presence. At common law, the "breaking" of the "breaking and entering" element of burglary does not require actual use of force or damage to a physical object.
In UK law, simply opening an unlocked door and going inside is not a crime. You can come home to me sat on your sofa and all you can do is ask me to leave by the nearest exit (though if I refuse, you can use reasonable force to remove me).
Sitting at someone else's terminal makes it sound like a crime of opportunity, but why is stealing a password through spearphishing different from bypassing a poorly coded authentication token?
There is obviously a very large spectrum of how you could obtain a password, of varying degrees of "ethical". I have to ask you to be specific which you want to talk about.
I do not support crimes of any sort, but much like illegally downloading music, selecting particular people to make "examples" of with over-the-top punishments is immoral. The punishment does not fit the crime here at all.
On another note, as a GT alumni, I find his prank absolutely hilarious. There is also a tradition at Georgia Tech of stealing a "T" off the top of the main administration building. These "T"s are massive; I believe they weigh close to 200 pounds. How anyone manages to scale a building and pull one down is beyond me. Especially with all the pressure sensitive equipment they have up there nowadays. The tradition is supposedly banned since someone can get hurt, but a guy managed to pull it off last year, and the whole school thought it was fantastic.