[LINK] Re: [ISN] Revealed: how MP's son used computer in hacking scandal

Grant Bayley gbayley@ausmac.net
Wed, 5 Sep 2001 17:21:06 +1000 (EST) 

On Wed, 5 Sep 2001, InfoSec News wrote:

> http://www.smh.com.au/news/0109/05/national/national7.html
>
> By Geesche Jacobsen
> September 5, 2001

[snip]

> But Mr Kelly said his son was merely trying to protect his computer
> from hacking.

[snip]

> There was little information to show if any of the other programs had
> been used, it said.
>
> Mr Kelly admitted yesterday that one of his sons had accessed the
> computer and loaded the software on July 20 from 9.33pm until 11.32pm,
> when the LANguard software was apparently being run on more than 250
> computers in Parliament.
>
> The report said the software could be used "aggressively" and appeared
> to have been used to scan various Internet addressees on the computer
> networks. It could also be used to identify security weaknesses,
> including weak passwords.
>
> But Mr Kelly said the software was used - without his knowledge or
> authorisation - because his son suspected the computer was insecure.
> "The purpose was to check the security of the system to make sure my
> computer was hackerproof," he said.

Note to Australian Commonwealth Attorney-General Daryl Williams:

This is a perfect example of the dual-use technology that a number of
submissions referred to in a recent Senate Inquiry.  It is this "dual use"
technology you wish to outlaw in the "Cybercrime Bill, 2001" (478.3,
specifically).

System administrators routinely rely on such technologies day-to-day to
probe their own networks for vulnerabilities.  Children of Members of
Parliament apparently used the same technology to confirm the poorly
designed network topology and file sharing policies on the NSW
Parliamentary network (see above).  And persons with criminal intent
might also use the same technologies in the commission of a crime.

But of course, the intent of the person must be proven before they are
charged with an offence under 478.3.  Or must it?  If the Explanatory
Memoranda circulated by Justice Minister Ellison is anything to go by
(these are typically used by Courts as an aid to interpretation), it might
not:

  "There will be many occasions where that intention will be evident
   from the content of the data."

For this reason and a long list of others that the Senate Inquiry heard
(and chose to ignore), the Cybercrime Bill 2001 is overbroad, misguided,
and largely ignores the benefits of a preventative approach to computer
security incidents in Australia.  At present, no such preventative
strategy exists.

Grant Bayley

-------------------------------------------------------
Grant Bayley                         gbayley@ausmac.net
-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia
 www.ausmac.net   www.wiretapped.net   www.2600.org.au
-------------------------------------------------------