Has anyone actually read the warrant application? The allegations were made by a close acquaintance of the accused who directly observed him changing grades for students and cracking into other systems; the emails in question were traced back to the accused's hostname.
The EFF article completely mischaracterizes a 90% legitimate warrant.
Changing grades is basically the only possible crime listed in that warrant, everything else listed is a civil matter at best, and mostly scaremongering due to his technical abilities.
>> he has "fixed" computers so that they cannot be scanned by any system for detection of illegal downloads and illegal internet use, "jail breaks" cell phones, possibly stolen ones, for people so that the phones can be used on networks other than they are meant for
He expects full control over his property and doesn't just do what he's told? We're obviously dealing with a loose cannon here!
Indeed.. but if grades were actually changed, I think the IT Director of Security at BC (mentioned in the warrant) would've stated or advised that they were changed. Yet, he only advises and assists the detective with regard to the subject of mass emailing. And even this I question- it appears as if they don't understand the point of a mailing-list... like they don't understand the reasoning behind email propagation to a list- duh, this is how it happens. That's the purpose of a mailing list- so that those that are subscribed receive the content therein (content to be argued about separately) What's shady is that given this is a warrant application, a number is not even approximated at for the amount of emails supposedly sent - they only use the term "mass email" and in some cases they use the singular version, "the email" referring to originate from his machine. All they prove is that they can trace an email- big whoop, nothing a log file can't show them.
LOL - saw your edit; how dare he want to actually own his property! :) I'd argue that the governing body that wishes to achieve the goal of nothing else (where a crime was not committed) but scanning his computer, is conducting an illegal act!
Yes. Though, allegations are allegations and what weight do they hold, especially in this case? I argue they don't hold much- it looks more like a civil dispute between two former friends. Plus, keep in mind, 10% is more than enough reasonable doubt- especially in a case where the law and the police are still considered noobs to the game.
But this part kills me:
"Mr. Calixte has access into ""'s computer as he set it up for him when they were friends and he knows the password. The computer has been looked at by several experts and none of them can resolve the problem."
WOW- maybe Mr. Calixte is the ultimate cryptographer and completely disguised his activity so stealthy that the so-called 'experts' cannot find the problem! NO. The problem is that there is no problem. And what the hell is wrong with the computer owner? Someone needs a lesson in password management 101.
This is a dead topic I think, so not sure this will post, but I'll try to answer.
About 20 years ago, I was driving home from work (Atlanta). I was still in college and was a co-op student at "big blue". Great job, I worked 7 days a week and actually slept under my desk at times. This one night I was driving home around 2am. I think it was a Thursday, could have been Friday. A cop in Decatur (That's home to Emory) pulls me over in front of the courthouse for a having a broken headlight. Fair enough, I was a poor college student, but I'll take the ticket. Not good enough for him, he was trolling for drunk drivers. He spent a lot of time asking me questions and after shining a flashlight throughout my car asked me if he could search my trunk. I told him "no sir, I don't think that has anything to do with a broken headlight". The next words from him were "get out of the car, boy". It went downhill from there. It was a very abusive next 30 minutes...he was careful to tell me it was only him and me out there, no witnesses, until he finally searched my trunk anyway (which he could do now that I was arrested)...in the end, the judge sent me home knowing full well what happened and didn't so much as admonish the police.
Since this happened to me, I've been careful to notice the stories of others. There are some great police officers throughout America; they deserve our respect. Unfortunately, the "brotherhood" protects the bad ones as well.
rather than "proof beyond a reasonable doubt" (which is what is needed for a criminal conviction) and definitely is at a level such that sometimes places are searched or items are seized that never end up resulting in a criminal prosecution. The case mentioned in this thread involved a search warrant affidavit mentioning facts that made reasonable a belief that the items seized should be looked at as possibly related to a crime.
I think the popularity of this article has more in common with the popularity of the "how to care for your introvert" article. Basically the group is trying to define itself, and persecution is one of those very common rallying points. People with beautiful and misunderstood introverted abilities are being singled out by the man. If you enjoy this kind of thing there are sites like reddit which are perfect for expressing it.
It may be true that they're trying to define themselves, but if so I'd say it's because they're exploiting an opportunity they've found with regard to so many holes in the investigation. But more importantly, I disagree that this is more suited for Reddit discussion (if that was your point). Here at HN as I'm sure you're aware, we have a record of intelligent, coherent and stimulating debate about a wide range of important topics and being that the warrant and the topic are in fact hacker related it was a good choice to post it here.
Its not that I think it doesn't belong here, the reception the article has gotten worries me a little. These rallying articles that provoke this strong sense of identity in a community can actually swamp the real character of the site. The mutual outrage and sense of purpose is compelling but its superficial. Legal action, especially at the initial stages when police are involved, is particularly inflammatory because everyone jumps to conclusions. The justice system takes time to process, but this sense of mutual outrage has no patience.
Yup, the short summary is: a guy behaves like an ass and a former friend notifies the police of his illegal activities. In these days, you'd better not fuck your friends over, because they may alert the police to your stack of pirated movies.
I learned the hard way back in high school: Don't let anyone see you using a command prompt because the next time something gets hacked, you will be suspect number one.
It's sad to see nothing has changed since the 90s.
Back in college, we were required to take an introduction to computers course - no way to test out of it. It involved labs like, "create a folder with two text files in it." I spent the time configuring a new debian server via ssh.
When the teacher caught a glimpse of PuTTY: "OH! You know DOS??!"
I used to flaunt my computer skills back in school, because I knew if/when something got hacked I could explain exactly how it was done, and remind them that I'd warned them it could happen months earlier. (This exact thing did end up happening.) The authorities at my school seemed less prone to complete lapses of logic (as demonstrated by the police in this article) so I wasn't so afraid of being unable to defend myself in the face of unjust accusations. (Logic and reason sufficed, thankfully.)
I wouldn't agree with this completely. In the university I attended, I told the IT staff about security issues with their wifi network. I even gave demonstrations to the other computer science students (via the cs club) on breaking into/decrypting said type of wireless networks. The IT staff was friendly and helpful and updated their security mechanisms. The problems happen at times like this when people with no clue and don't know what is being said get involved. After all, big words I don't understand are scary to me when lawyers talk too.
"In his application, the investigating officer asked that he be permitted to seize the student's computers and other personal AFFECTS because they might yield evidence of the crimes"
Wow! In addition to his computers, the police also seized the student's emotional states (presumably to search for evidence of thoughtcrime).
This warrant almost seems like a disguise for something bigger, something to use to make an example of this kid. There's talk about illegally downloaded content; movies, music, etc. But even copyright is still a touchy subject in the eyes of the law... and, the basis of the case is around "Fraud".
We all know the state of affairs with copyright and stealing things like movies and holding a cache of them... But ultimately, peer to peer sharing is not much different than going to your friends house, popping in a DVD you brought(and bought) so that you all could enjoy the entertainment experience. None of this should give the police the right to seize your TV, DVD player, entertainment system, detain you and your parties, couches, and popcorn since you were hacking with your microwave. The significant difference is that you cross the line when you make copies of your content and then try to sell it for a profit.
Later, it states that the suspect was traced back to the origins of the emails sent from the BC server and elaborates further about how uncommon Ubuntu Linux is in Gabelli hall and not to mention, the BC network. In the way it was mentioned, it implies that Linux was used as the foundation for an attack- Since the police have based their case on accusations, maybe those at Ubuntu should sue for defamation of character. I'm sure Mac users are feeling left out right about now.
"On Nov. 29, Magistrate Judge Jerome J. Niedermeier ruled that compelling Sebastien Boucher, a 30-year-old drywall installer who lives in Vermont, to enter his password into his laptop would violate his Fifth Amendment right against self-incrimination. "If Boucher does know the password, he would be faced with the forbidden trilemma: incriminate himself, lie under oath, or find himself in contempt of court," the judge said.
The government has appealed, and the case is being investigated by a grand jury, said Boucher's attorney, James Boudreau of Boston. He said it would be "inappropriate" to comment while the case is pending. Justice Department officials also declined to comment. "
There are some filesystem/full-disk encryption programs that claim they can get around this. Apparently (I've never used it), if one is required to provide the adversary or authorities with the passphrase, they only get so far - into the virtual disk, which then presents the illusion that there is nothing else on the disk, further claiming their product makes it literally impossible for them to detect the real contents of the partition... I'd name one of the programs here but I'm generally uncomfortable with listing links to products in forums like this- it's almost spammy like (it's a popular utility and came up when searched for hard drive encryption).
Yes, plausible deniability is possible. Look at Off-the-record messaging (http://en.wikipedia.org/wiki/Off-the-Record_Messaging) for an example. Cipher texts is these system can be decrypted to anything you like --- not only the real plain text.
I actually had a police car drive up to my car when my wife and I were resting during an evening cross-country road trip in what happened to be a bank parking lot. The local police did think it was suspicious for a car with out-of-state plates to be be parked near a bank after banking hours. But we just explained that we had been driving for a long time on the nearby Interstate in very bad weather, and were too tired to drive farther until we rested for a while. No big deal, but an illustration of one kind of innocent behavior that can look suspicious.
Is sending a forged e-mail accusing your roommate of being gay illegal? It sounds juvenile and malicious. But I don't see how it's a crime.
Anyway, you've misread the warrant application. The forged e-mails were tracked to a dynamic IP address. They searched for anyone else using the same computer name ("bootleg-laptop"), and found that the accused had used the same computer name but NOT the same MAC address six months earlier. They connected the accused to the e-mail by saying that he accessed the same gay social networking site referenced in the forged e-mail before the e-mail was sent, and that the accused and the person who sent the forged e-mails both use Linux.
Anyway, the accused was only targeted because he got into a fight with his roommate, and his overbearing roommate ran off and made crazy accusations about this guy hacking into the grading system. They evidently didn't find anything to support that accusation, so they went after him for this stunt.
You're right that defamation is generally a civil tort and not a crime (generally, that is, in the US; I don't know about the jurisdiction in question), and so the police should not have been involved. Thanks!
I couldn't follow that part of the document, but it sounded like he accessed the email account of his roommate (or someone else). That can be held to be illegal. In fact, if they can claim a $5,000 damage amount, it's a federal crime.
As for MAC address, they can be changed. Mine's been DE:AD:BE:EF:CA:FE for years. Not that I think the kid sounds like he'd bother to do that. He could easily swap NICs though.
It seems everyone overlooks the fact that the warrant was also after an undefined number of pirated movies. If found, that alone can cause the suspect serious grief. I wonder if the roommate will regret his testimony later on...
Glad to see I'm not the only one who read the document. I don't see how the police really screwed this one up that much outside of one poorly-worded section of the warrant.
Poorly worded probable cause would be, "I saw him go into a room that was his with a gun and it was hidden," instead of, "I saw him hide a gun in his room."
I think including "Mr. Calixte uses two different operating systems" under the section "Basis of Probable Cause" for search goes beyond poor wording.
My point was more that there was plenty of other valid probable cause claims in the warrant.
If a judge had rejected this warrant on the basis of that paragraph, the police could have just removed it and we and the judge wouldn't have anything to complain about.
The grounds for the seizure were plenty strong - the email traces and network authentication would be enough to get any laptop involved in a crime seized.
And as for people claiming it wasn't a crime - there is no possible way that there was no malicious intent in sending a personal-attack email anonymously to a large group of people. (edit)In this case(/edit), the free-speech argument kind of loses its luster when you send something without your name attached.
The free-speech argument kind of loses its luster when you send something without your name attached.
Maybe you're not from the US, but the US has a legal tradition of strong protections for anonymous and pseudonymous speech. The Federalist Papers, which were a key part of the political discourse leading to the existence of the US, were published anonymously. So maybe what you say is true in Ukraine or China or Myanmar or wherever you're from, but it's certainly not true in the US.
I am from the United States - anonymous and pseudonymous protections wouldn't apply to this case of slander/libel and/or criminal harassment. Anonymously outing someone against their will does not fall under the same protections that critiquing an unfair government does.
I didn't mean to imply that all anonymous talk is without protection, just that in this specific case, the defendant in question would probably have a very difficult time making a successful free speech argument.
The issue is not how (or whether) the police "screwed up". The issue is whether a warrant of seizure should be issued on such flimsy grounds. That is quite orthogonal from the guilt or innocence of the suspect.
We actually are an "interracial" couple, but I get what you mean. I'm trying to do my part to bring about a world in which we all just look at one another as our fellow human beings, without invidious assumptions.
Later on I actually did what I should have done in the first place -- actually read the thingy the police filed to get approved to search the guy's place. As others have pointed out before me, the police indeed _has_ a point here. The guy fiddled with the students' marks system of the school, and that imho really is something the police should deal with.
On the other hand, the quuotes on the eff.org page didn't state that issue at all and instead preferred to point out some exaggerately abstruse line of argue, like: the guy was using a shell and therefore he got searched.
I think, the intend of that indeed was to manipulate the readers of that "report", and to get that "report" re-told.
So, for me the lesson learned from this incident are actually two:
1) If there's a report of an obviously abstruse reasoning, have a second look and dig into it yourself (unless you're really not interested in it).
2) Never trust a press release, not even if it gets released by some of the good guys, i.e. not even the eff.
I think, by accidents like this one, even "the good ones" of organizations loose credibility.
The EFF article completely mischaracterizes a 90% legitimate warrant.
http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-A.pdf