[Dailydave] Weev's collateral damage.

[Don Bailey]

It's a bit frustrating to have a security professional equate this case to peering in a window. 

As part of my research, I am googling for new SIM technology and the keywords that go along with it often. Results show spreadsheets and other files that may be relevant to me, but which clearly contain PII when browsed. This is not a case of me hunting for trouble, this is a case of trouble coming to me.

Andrew is a troll. He openly admits this. Andrew automated the retrieval of data from a publicly available website. He openly admits this. He did not go peeping in someone's window. 

Presenting such inaccurate allegories exacerbates the problem by further muddying the issue. If professionals don't stick to the facts, we risk disorienting the public further when presenting our case to the masses.

Best,
D

On Nov 21, 2012, at 9:20 AM, "J. Oquendo" <joquendo at e-fensive.net> wrote:

> On Wed, 21 Nov 2012, Dave Aitel wrote:
> 
>> http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/
>> 
>> So I'm no fan of Weev aka Andrew Auernheimer. The man is seriously
>> disturbed and it's odd to see people support him
>> <https://twitter.com/maradydd/status/271067146145107968> on Twitter.
>> Just as an example, here's some bizarre rape porn I'm fairly sure he and
>> his friends posted about my wife on full disclosure (and to DD before it
>> was moderated - in fact, Weev is the reason moderation is on this list
>> at all):
>> http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043638.html .
>> Here's a post about him torturing some kid "for the lulz":
>> http://crimint.files.wordpress.com/2011/01/deutschland-deutschland-uber-alles-encyclopc3a6dia-dramatica-forums_1294380601283-chrome.png
>> 
>> 
>> I think it's fair to say the likelihood of Weev having done something
>> that deserves some level of criminal liability is pretty high. That
>> said, this is not it. Keep in mind the data Weev collected was email
>> addresses and names. Nothing sensitive in the slightest. Everything they
>> collected was essentially sent in cleartext over the Internet at some point.
>> 
>> It's obvious to anyone with any technical background that the case the
>> FBI brought against him is a travesty, and the fact that they won is
>> even more insane. It's this sort of thing that makes it obvious the DHS
>> doesn't understand the Internet, and shouldn't be given more control
>> over it, which is what John McCain has been saying for the last year or
>> so. Cases like this make everyone look bad - and if they manage to make
>> it stick, the collateral damage is all of us.
>> 
>> -dave
> 
> 
> How many individuals here have either 1) Sat on a jury for
> a tech case 2) been involved in a tech case that went to
> trial? ... *crickets*
> 
> The reality behind going to a trial on the federal level is,
> no matter what the charges are, the jury's bias is and will
> always be: "well the FBI was involved, therefore it must be
> serious." Couple this with the fact that a jury of any kind
> of peer is and can never be expected. In fact, during the
> jury selection, you can expect the prosecution to seek to 
> dismiss anyone with any kind of technical background from
> the jump.
> 
> While I don't care for weev, the whole Goatse trolls, I now
> ask you this: "If I decided to keep walking by your house,
> looking in the window, then copying whatever information
> that was visible, then dumped your information somewhere,
> would you feel I did something criminal?" Even though YOU
> were the one that left your window open and data exposed,
> who the heck am I to walk around copying your information
> then pastebin'ing it, sending it to Gawker, etc. Its a dual
> edged sword. 
> 
> So while you see a portion of his case online, I am sure
> there was likely more that came into play that did not help
> weev. E.g., boasting on IRC about shorting AT&T's stock.
> Really?
> 
> Tech cases that go to trial are a rarity. Period. You could
> likely count all cases that went to trial in the past ten
> years on both your hands. Most times prosecutors are happy
> to throw out a month or two punishment if one cops out as
> opposed to someone blowing trial. I can tell you from my
> own experience... One CANNOT win trial against the gov.
> I could speak of "FBI Computer Experts" that stated they
> did not know what an IP address was and so forth, things
> that would make techies breathe a big WTF, but at the end
> of the day... Jury of 12 peers who 1) won't understand an
> iota of technology no matter how its explained 2) jury of
> 12 peers who would rather be rolling in broken glass than
> sitting in court 3) Skewed and distorted information as
> well as evidence that never sees the light of day.
> 
> If someone did nothing, they have ABSOLUTELY EVERY RIGHT
> to fight their case no matter what kind of deal is being
> offered. If someone DID DO SOMETHING, here is some advice:
> You will get pounded period. Don't be an idiot and try to
> fight any power. Weev and his lawyers can appeal until
> their faces turn blue, they will get nowhere. I go back to
> the analogy of me looking into your house. Sure you were
> pretty dumb for keeping your windows opened which exposed
> your data, but just because you did, does not give me the
> right to take a sharpie, poster board, write your info
> on that posterboard and plaster it all over the "hood"
> 
> 
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
> 
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
> 
> 42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave