RE: [WISPA] A wisp who went a little too far.......
I don't even know where to start. I understand the malicious part - employee gone bad, fine. Punish him. But 2 years ? and 3 yrs after ? This is unlicensed stuff, can we really claim business interruption !? I would've hoped I had a defense attorney that could say Hey, they have to accept ALL interference from ANY source since it's unlicensed... No matter the source. Of course, this is my opinion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Rogato Sent: Saturday, December 16, 2006 11:52 AM To: WISPA General List Subject: [WISPA] A wisp who went a little too far... The malicious code also locked SBT out of its own network so the damage could not be repaired by the normal process of remotely reconfiguring the access points from the company's office. This forced SBT's executives to send technicians to the homes or businesses of every single subscriber. Some users were down for less than a day while others were out of service for up to three weeks, according to the indictment. Fisher's malicious code also was designed to force SBT's equipment to repeatedly broadcast radio signals that would interfere with the signals of UT1 Internet and its customers. http://news.yahoo.com/s/cmp/20061216/tc_cmp/196700266 A former IT consultant for a wireless Internet service provider was sentenced to two years in prison for breaking into the company's network and bringing down their service last year. ADVERTISEMENT Ryan Fisher, 24, of Vernal, Utah, received a sentence of 24 months in prison to be followed by 36 months of supervised release for intentionally damaging a protected computer. U.S. District Judge Paul G. Cassell also ordered Fisher to pay $65,000 in restitution. Fisher was charged on Feb. 15, 2006, in connection with the Feb. 28, 2005, attack that shut down Wi-Fi service to the customers of SBT Internet and UT1 Internet, which both provide service in and around Vernal, Utah. He pleaded guilty and was sentenced on Wednesday. The attack cut off service for one woman who was waiting for an e-mail notifying her about the availability of an organ transplant that she required, according to prosecutors. Because of her critical status, her provider gave her priority status and restored her access within 24 hours. Had her medical providers sent her an e-mail notifying her of a suitable organ donor and had she not responded because of her lost Internet access, she might have lost her priority for an organ, thus potentially extending the period she would have to wait for another donor, wrote prosecutors in the indictment. SBT Internet hired Fisher in the fall of 2004 as a contractor to help install and support wireless networks. The company trained Fisher and provided him administrator-level access to its networks. They also gave him passwords and encryption keys for customer's access points, as well as for the computer that controlled the company's radio towers that transmit Wi-Fi signals to its users. Fisher reportedly stopped working at SBT in February, 2005 because of a disagreement about some financial and business issues, according to the indictment. After he left SBT, he went to work for Internet Works, a competing service provider in the same area. He then bought the company and changed its name to East Basin Internet. According to the government, Fisher admitted he used an administrative password to break into SBT's network on Feb. 28, 2005. Once in the network, he plant malicious code that directed the radio tower computer to cut off Wi-Fi service to the company's users. The malicious code also locked SBT out of its own network so the damage could not be repaired by the normal process of remotely reconfiguring the access points from the company's office. This forced SBT's executives to send technicians to the homes or businesses of every single subscriber. Some users were down for less than a day while others were out of service for up to three weeks, according to the indictment. Fisher's malicious code also was designed to force SBT's equipment to repeatedly broadcast radio signals that would interfere with the signals of UT1 Internet and its customers. Both companies reported spending at least $5,000 each to discover what was causing the outages and get service back up. In total, more than 170 customers lost Internet service. The attack reportedly caused more than $65,000 in damages. -- George Rogato Welcome to WISPA www.wispa.org http://signup.wispa.org/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] A wisp who went a little too far.......
The really interesting part of this: The attack cut off service for one woman who was waiting for an e-mail notifying her about the availability of an organ transplant that she required, according to prosecutors. Because of her critical status, her provider gave her priority status and restored her access within 24 hours. Had her medical providers sent her an e-mail notifying her of a suitable organ donor and had she not responded because of her lost Internet access, she might have lost her priority for an organ, thus potentially extending the period she would have to wait for another donor, wrote prosecutors in the indictment. People are starting to believe their email is guaranteed and that their computers can be entrusted with life saving information. Worse yet, it appears these prosecutors would have trumped this up and made hay out of it had her mail not gotten there. So in another context - what if the stock pump and dump scammers started using wrapper text that mentioned organ donations to the point of poisoning the Bayesian databases of all spamassassin enabled mail servers? What if the mail has been blocked outright due to other spam filtering already in place? Or put into a quarantine and she didn't look in her quarantine box in time? Or if the sending server of the mail was on an RBL due to some other user at the site sending spam to spamcop spamtraps for example? Drama is drama. I think what this guy did was reprehensible and he certainly deserves the clink, but what he did is not any kind of threat or risk to health and safety - the stupidity of using email and computers for life saving communications IS. $0.02 Mike- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] A wisp who went a little too far.......
Why in the world, I want to know, are organ availability notifications going out via email???!!! Seriously. How fun will it be when they start serving subpeonas and such that way - What I never got that email?? ~fred On 12/16/06, Mike Ireton [EMAIL PROTECTED] wrote: The really interesting part of this: The attack cut off service for one woman who was waiting for an e-mail notifying her about the availability of an organ transplant that she required, according to prosecutors. Because of her critical status, her provider gave her priority status and restored her access within 24 hours. Had her medical providers sent her an e-mail notifying her of a suitable organ donor and had she not responded because of her lost Internet access, she might have lost her priority for an organ, thus potentially extending the period she would have to wait for another donor, wrote prosecutors in the indictment. People are starting to believe their email is guaranteed and that their computers can be entrusted with life saving information. Worse yet, it appears these prosecutors would have trumped this up and made hay out of it had her mail not gotten there. So in another context - what if the stock pump and dump scammers started using wrapper text that mentioned organ donations to the point of poisoning the Bayesian databases of all spamassassin enabled mail servers? What if the mail has been blocked outright due to other spam filtering already in place? Or put into a quarantine and she didn't look in her quarantine box in time? Or if the sending server of the mail was on an RBL due to some other user at the site sending spam to spamcop spamtraps for example? Drama is drama. I think what this guy did was reprehensible and he certainly deserves the clink, but what he did is not any kind of threat or risk to health and safety - the stupidity of using email and computers for life saving communications IS. $0.02 Mike- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] A wisp who went a little too far.......
George Rogato wrote: According to the government, Fisher admitted he used an administrative password to break into SBT's network on Feb. 28, 2005. Once in the network, he plant malicious code that directed the radio tower computer to cut off Wi-Fi service to the company's users. Remember, be kind to your sysop, for he is subtle and quick to anger. :) I'm curious as to what kind of attack would require running a service call to every end-user. * If he just changed the tower's SSID, fine, change it back. :) * If he had some automatic way of changing every customer's SSID, just change the tower's SSID to match. The only thing I can think of would be if he had some automated way to not only reconfigure every customer's radio, but also to change every single one of them to different random settings. That's certainly possible, but ouch. David Smith MVN.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] A wisp who went a little too far.......
fred wrote: Why in the world, I want to know, are organ availability notifications going out via email???!!! Seriously. How fun will it be when they start serving subpeonas and such that way - What I never got that email?? I don't think subpoenas will get there for a while (if ever), because those require positive proof of service. There's no email equivalent to registered mail, that requires a signature. (Some email clients do support return receipt, but that's nowhere near universal. I always turn it off because it bugs me, and my office's Webmail interface doesn't even support it.) Though it's already possible, and in some jurisdictions preferred, to file routine legal stuff through email or through a Web interface of some sort. David Smith MVN.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] A wisp who went a little too far.......
This has more to do with malicious behavior than whether unlicensed has protections. I have argued with others over the years that if you intentionally do harm then you are liable even if that intentional behavior to cause harm is with unlicensed frequencies. Looks like that hypothesis holds true in this case. If someone is simply building their business and not trying to do malicious harm then that is tough, people get interference and have no grounds for criminal or civil action. If someone is breaking into systems, causing system failures, etc. and admit to such behavior then the status of the rights of use of the band space has little to do with the liable or criminal issues. Scriv Rick Smith wrote: I don't even know where to start. I understand the malicious part - employee gone bad, fine. Punish him. But 2 years ? and 3 yrs after ? This is unlicensed stuff, can we really claim business interruption !? I would've hoped I had a defense attorney that could say Hey, they have to accept ALL interference from ANY source since it's unlicensed... No matter the source. Of course, this is my opinion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Rogato Sent: Saturday, December 16, 2006 11:52 AM To: WISPA General List Subject: [WISPA] A wisp who went a little too far... The malicious code also locked SBT out of its own network so the damage could not be repaired by the normal process of remotely reconfiguring the access points from the company's office. This forced SBT's executives to send technicians to the homes or businesses of every single subscriber. Some users were down for less than a day while others were out of service for up to three weeks, according to the indictment. Fisher's malicious code also was designed to force SBT's equipment to repeatedly broadcast radio signals that would interfere with the signals of UT1 Internet and its customers. http://news.yahoo.com/s/cmp/20061216/tc_cmp/196700266 A former IT consultant for a wireless Internet service provider was sentenced to two years in prison for breaking into the company's network and bringing down their service last year. ADVERTISEMENT Ryan Fisher, 24, of Vernal, Utah, received a sentence of 24 months in prison to be followed by 36 months of supervised release for intentionally damaging a protected computer. U.S. District Judge Paul G. Cassell also ordered Fisher to pay $65,000 in restitution. Fisher was charged on Feb. 15, 2006, in connection with the Feb. 28, 2005, attack that shut down Wi-Fi service to the customers of SBT Internet and UT1 Internet, which both provide service in and around Vernal, Utah. He pleaded guilty and was sentenced on Wednesday. The attack cut off service for one woman who was waiting for an e-mail notifying her about the availability of an organ transplant that she required, according to prosecutors. Because of her critical status, her provider gave her priority status and restored her access within 24 hours. Had her medical providers sent her an e-mail notifying her of a suitable organ donor and had she not responded because of her lost Internet access, she might have lost her priority for an organ, thus potentially extending the period she would have to wait for another donor, wrote prosecutors in the indictment. SBT Internet hired Fisher in the fall of 2004 as a contractor to help install and support wireless networks. The company trained Fisher and provided him administrator-level access to its networks. They also gave him passwords and encryption keys for customer's access points, as well as for the computer that controlled the company's radio towers that transmit Wi-Fi signals to its users. Fisher reportedly stopped working at SBT in February, 2005 because of a disagreement about some financial and business issues, according to the indictment. After he left SBT, he went to work for Internet Works, a competing service provider in the same area. He then bought the company and changed its name to East Basin Internet. According to the government, Fisher admitted he used an administrative password to break into SBT's network on Feb. 28, 2005. Once in the network, he plant malicious code that directed the radio tower computer to cut off Wi-Fi service to the company's users. The malicious code also locked SBT out of its own network so the damage could not be repaired by the normal process of remotely reconfiguring the access points from the company's office. This forced SBT's executives to send technicians to the homes or businesses of every single subscriber. Some users were down for less than a day while others were out of service for up to three weeks, according to the indictment. Fisher's malicious code also was designed to force SBT's equipment to repeatedly broadcast radio signals that would interfere with the signals of UT1 Internet and its customers. Both companies reported spending at least $5,000 each to discover
Re: [WISPA] A wisp who went a little too far.......
Just as clarification, I am not at all giving pass to this guy's actions or anyone who intentionally or knowingly disrupts any service of any kind. I certainly hope though that I'm not going to be held liable if someone comes suing me because literally their life depending on the delivery of an email. I don't care how good of system for email handling one has, there are too many failure points and places where things can go wrong, many of which are totally out of my control. I also truly hope I nor any one close to me needs an organ transplant if email is how vitally important notifications are sent. I'm sorry sir, you do not qualify for a transplant because you indicated on your application you have neither a computer nor an email address. ~fred -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] A wisp who went a little too far.......
oh yeah, that organ donor email thing is a bunch of crap. If you were in that situation, you'd be given a pager and a cell phone. They ring the pager, call the cell, call your house, and will have someone come to your house and PICK YOU UP IN AN ANBULANCE if it's that life threatening. THAT claim, I believe, is reprehensible. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Ireton Sent: Saturday, December 16, 2006 1:19 PM To: wireless@wispa.org Subject: Re: [WISPA] A wisp who went a little too far... The really interesting part of this: The attack cut off service for one woman who was waiting for an e-mail notifying her about the availability of an organ transplant that she required, according to prosecutors. Because of her critical status, her provider gave her priority status and restored her access within 24 hours. Had her medical providers sent her an e-mail notifying her of a suitable organ donor and had she not responded because of her lost Internet access, she might have lost her priority for an organ, thus potentially extending the period she would have to wait for another donor, wrote prosecutors in the indictment. People are starting to believe their email is guaranteed and that their computers can be entrusted with life saving information. Worse yet, it appears these prosecutors would have trumped this up and made hay out of it had her mail not gotten there. So in another context - what if the stock pump and dump scammers started using wrapper text that mentioned organ donations to the point of poisoning the Bayesian databases of all spamassassin enabled mail servers? What if the mail has been blocked outright due to other spam filtering already in place? Or put into a quarantine and she didn't look in her quarantine box in time? Or if the sending server of the mail was on an RBL due to some other user at the site sending spam to spamcop spamtraps for example? Drama is drama. I think what this guy did was reprehensible and he certainly deserves the clink, but what he did is not any kind of threat or risk to health and safety - the stupidity of using email and computers for life saving communications IS. $0.02 Mike- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
