San Francisco = Pwned
Filed in archive Security by Scott Wilson on July 17, 2008
A San Francisco computer engineer
has been accused of creating a private backdoor in their new FiberWAN system and jailed with $5 million bail.
The city is still assessing the damage and determining whether the actions resulted in any further security breach and how to fix the hole.
It's a nightmare trying to validate a network which someone has planted a backdoor in and so, should the accusation prove true, I certainly understand the City's motivation in throwing the book at the engineer, but at the same time I feel that the elevation of the status of these sorts of crimes by slapping huge bail amounts (murder charges, according to the man's attorney at least, only generally result in million dollar bail amounts) and over-the-top sentences serves to paint them larger than they really are. "Hacking" is a pejorative now which didn't always conjure up such negative connotations, and in technical circles it can still describe any number of not necessarily illegal activities. Even with something as apparently cut and dried as this accusation, the motivation matters considerably; many backdoors are not inserted for nefarious purposes of any sort, but rather to ensure access for support and troubleshooting purposes. They are certainly a security vulnerability, but there was a time when a hidden backdoor was de rigeur for software and systems where the users could easily lock themselves out.
It's inappropriate to insert a backdoor without the knowledge of superiors, and it's entirely possible that the engineer's motives were nefarious, but it's equally possible that a socially inept engineer was simply puttering about on his own, as many techs do, and decided to make his life easier in the future by dropping a shortcut into the system. While not technically right, it isn't necessarily the makings of a multi-million dollar Hollywood techno-thriller, either.
I'd be interested in hearing more of the details of this case if anyone out there happens to be a little closer to the situation.
has been accused of creating a private backdoor in their new FiberWAN system and jailed with $5 million bail.The city is still assessing the damage and determining whether the actions resulted in any further security breach and how to fix the hole.
It's a nightmare trying to validate a network which someone has planted a backdoor in and so, should the accusation prove true, I certainly understand the City's motivation in throwing the book at the engineer, but at the same time I feel that the elevation of the status of these sorts of crimes by slapping huge bail amounts (murder charges, according to the man's attorney at least, only generally result in million dollar bail amounts) and over-the-top sentences serves to paint them larger than they really are. "Hacking" is a pejorative now which didn't always conjure up such negative connotations, and in technical circles it can still describe any number of not necessarily illegal activities. Even with something as apparently cut and dried as this accusation, the motivation matters considerably; many backdoors are not inserted for nefarious purposes of any sort, but rather to ensure access for support and troubleshooting purposes. They are certainly a security vulnerability, but there was a time when a hidden backdoor was de rigeur for software and systems where the users could easily lock themselves out.
It's inappropriate to insert a backdoor without the knowledge of superiors, and it's entirely possible that the engineer's motives were nefarious, but it's equally possible that a socially inept engineer was simply puttering about on his own, as many techs do, and decided to make his life easier in the future by dropping a shortcut into the system. While not technically right, it isn't necessarily the makings of a multi-million dollar Hollywood techno-thriller, either.
I'd be interested in hearing more of the details of this case if anyone out there happens to be a little closer to the situation.
Permalink: San Francisco = Pwned
Tags:
backdoor security breach 2007 2008 francisco+pwned security+breach yours+here
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/129156
