Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Call yourself a 'hacker', watch your ex-boss seize your PC without warning
The Register ^ | 10/23/2013 | John Leyden

Posted on 10/24/2013 6:14:50 PM PDT by markomalley

A US district court has ruled that self-confessed "hackers" have all the skills needed to swiftly destroy evidence, allowing anyone suing them to seize their equipment without warning.

The court in Idaho decided that a software developer’s computer could be confiscated without prior notice primarily because his website stated: “We like hacking things and don’t want to stop.”

The ruling [PDF] came down in a case brought by Battelle Energy Alliance against ex-employee Corey Thuen and his company Southfork Security.

Thuen, while working for Battelle, helped develop an application today known as Sophia, which fires off alerts if it detects industrial control equipment coming under electronic attack. Battelle – which was tasked with beefing up the computer security of US electricity plants, energy sources and other critical sites – wanted to license this technology, but Thuen hoped to open source the code, according to the plaintiffs.

Sophia, which had been in development since 2009, underwent testing in 2012 and attracted the attention of power companies.

Thuen left Battelle before setting up Southfork Security. According to Battelle, Southfork Security competed against other firms to license Sophia from Battelle before withdrawing in April 2013, a month before an outfit called NexDefense was awarded the right to negotiate an exclusive commercial licence.

Around the same time, in May 2013, Southfork Security began marketing a “situational awareness” program called Visdom that Battelle alleges is a knockoff of Sophia.

Battelle Energy Alliance sued Thuen, claiming that Visdom was based on stolen code, and accused Southfork and Thuen of copyright infringement, trade secret misappropriation and breach of contract, among other allegations, according to legal filings seen by The Register.

What elevates the case from a run-of-the-mill intellectual property dispute is that Battelle persuaded the court to allow it to seize Thuen's computer to copy its files. The district court ruled that the programmer has the skills, as a "hacker", to release the contested code publicly, cover his tracks and destroy any evidence, if he knew a seizure was imminent:

The court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy... The tipping point for the court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen’s computer. For these reasons, the court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.

The plaintiff also obtained a temporary restraining order against Thuen and Southfork Security without prior notice primarily because, again, the Southfork website declared “we like hacking things and we don’t want to stop".

This statement was used to prop up the claimants' argument that Thuen and Southfork "have the technical ability to wipe out a hard drive [and] will do precisely that when faced with allegations of wrongdoing". That would seem to fall short of the usual legal test for granting a restraining order, that the defendants have “a history of disposing of evidence or violating court orders”, but the district court granted the restraining order nonetheless.

The order prevents Thuen and his company from releasing any of the contested source code.

Battelle’s lawyers also raised national security concerns by arguing that releasing the Sophia utility as open-source code would hand strategic and vital information to wannabe power-plant hackers. Thuen and Southfork were not given the opportunity to appear before the court and contest this argument before the seizures were carried out and the restraining order on the business imposed.

A good overview of the whole contentious case so far can be found in a blog post by control system security consultancy Digital Bond. ®

Updated to add

There is a debate over whether the court's ruling ran roughshod over a person's rights against unreasonable seizures, enshrined in the US Constitution's Fourth Amendment: some have argued that such protections do not extend to discovery requests in private civil cases.


TOPICS: Business/Economy; Computers/Internet
KEYWORDS:

1 posted on 10/24/2013 6:14:50 PM PDT by markomalley
[ Post Reply | Private Reply | View Replies]

To: markomalley
Do you suspect as I do...that a butcher would want to be very very careful about using the word Hacking....or the word hack for that matter when discussing his profession with anyone on the net....?




2 posted on 10/24/2013 6:19:22 PM PDT by MeshugeMikey ( Un-Documented Journalist / Block Captain..Tyranny Response Team)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

If it’s the company’s computer, that is their right.


3 posted on 10/24/2013 6:19:47 PM PDT by Jonty30 (What Islam and secularism have in common is that they are both death cults)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

It sounds like they are confusing Hacking with Cracking.

http://www.geek.com/forums/topic/hacking-and-cracking/


4 posted on 10/24/2013 6:21:00 PM PDT by posterchild
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

you do not need special skills to destroy evidence quickly. just a screw driver and a hammer.

software is a black art to most of society. hell, most of them are mystified by the mouse

meanwhile, it would make sense to never be w-2 with any company... just subcontract and be done with it


5 posted on 10/24/2013 6:21:09 PM PDT by sten (fighting tyranny never goes out of style)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley
WE'RE THE GOPe AND WE'RE HERE TO...WELL...WE'RE THE GOPe...


6 posted on 10/24/2013 6:28:44 PM PDT by Caipirabob (Communists... Socialists... Democrats...Traitors... Who can tell the difference?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Caipirabob

LOL...wrong thread...


7 posted on 10/24/2013 6:29:01 PM PDT by Caipirabob (Communists... Socialists... Democrats...Traitors... Who can tell the difference?)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Jonty30

Well, it wasn’t their computer so it isn’t their right.

But they got an ignorant judge to sign off on it so there you go.


8 posted on 10/24/2013 6:39:33 PM PDT by Nik Naym (It's not my fault... I have compulsive smartass disorder.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Caipirabob

Is that Lindsey Graham in the very back?


9 posted on 10/24/2013 6:39:49 PM PDT by posterchild
[ Post Reply | Private Reply | To 6 | View Replies]

To: sten

You don’t even really need those tools if you have a rare earth magnet to throw on your drive.


10 posted on 10/24/2013 6:47:45 PM PDT by Jonty30 (What Islam and secularism have in common is that they are both death cults)
[ Post Reply | Private Reply | To 5 | View Replies]

To: markomalley

A$$holes. The word “Hacker” means a person who spends a lot of time at the computer, working to get a program to work. When the media first heard the word several years ago, naturally it didn’t understand it, and gave it the meaning of “person trying to break into a computer.”
They still are a$$holes.


11 posted on 10/24/2013 6:48:20 PM PDT by I want the USA back (Media: completely irresponsible traitors. Complicit in the destruction of our country.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: posterchild

In this context, I’m not sure there is a functional difference between a cracker and a hacker.

The person is publicly declaring he has the necessary skill set to do either, and that’s what the argument came down to: Did he have the ability, and was he likely to do more damage to the company with what was on his computer, then cover the tracks? He says he did and he was, so it was reasonable to take him at his word.

This case covers some novel ground because, as the article states, it doesn’t meet the legal test for a restraining order. Maybe the Judge thought that a declaration of “being a hacker” was sufficient historical behavior?


12 posted on 10/24/2013 6:51:33 PM PDT by Cyber Liberty (We're At That Awkward Stage: It's too late to vote them out, too early to shoot the bastards.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: posterchild; Caipirabob
Is that Lindsey Graham in the very back?


Not sure, but Obama is driving.

13 posted on 10/24/2013 6:52:49 PM PDT by MaxMax (Pay Attention and you'll be pissed off too! FIRE BOEHNER, NOW!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Jonty30

I’ve got an old hard drive here on the shelf that I took out of the computer when it went to hell and I dumped the computer at an electronics store.


14 posted on 10/24/2013 6:54:18 PM PDT by cripplecreek (REMEMBER THE RIVER RAISIN!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Nik Naym
Well, it wasn’t their computer so it isn’t their right.

Doesn't have to be if it's their Intellectual Property on it.

15 posted on 10/24/2013 6:54:52 PM PDT by Cyber Liberty (We're At That Awkward Stage: It's too late to vote them out, too early to shoot the bastards.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: I want the USA back

Fully automatic assault computer Hacker.


16 posted on 10/24/2013 6:55:16 PM PDT by MaxMax (Pay Attention and you'll be pissed off too! FIRE BOEHNER, NOW!)
[ Post Reply | Private Reply | To 11 | View Replies]

To: cripplecreek

I have a couple, too. I ordered an adapter so I can copy their images through a USB port. I suppose I’ll get on that project this weekend...


17 posted on 10/24/2013 6:57:10 PM PDT by Cyber Liberty (We're At That Awkward Stage: It's too late to vote them out, too early to shoot the bastards.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Cyber Liberty

“Doesn’t have to be if it’s their Intellectual Property on it. “

But how do they know/prove that it is their intellectual property on it?

You need probable cause for a search. They can’t just go fishing around someone’s hard drive to see what they can find.

But apparently bragging that one is a skilled computer programmer is enough probable cause for an ill informed judge.


18 posted on 10/24/2013 7:02:08 PM PDT by Nik Naym (It's not my fault... I have compulsive smartass disorder.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: markomalley

so anyone can spoof an email from you with you saying you’re a hacker and there goes your cmputers. great.


19 posted on 10/24/2013 7:07:05 PM PDT by Secret Agent Man (Gone Galt; Not averse to Going Bronson.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Caipirabob

LMAO! No, it applies to each and every thread!


20 posted on 10/24/2013 7:08:58 PM PDT by SgtHooper (If at first you don't succeed, skydiving is not for you.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Secret Agent Man

...and based on the new definition of mentally deficient, or terrorist, there go your guns, too.


21 posted on 10/24/2013 7:10:15 PM PDT by SgtHooper (If at first you don't succeed, skydiving is not for you.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Nik Naym

The Judge decided to err on the side of evidence preservation, which I’m not sure is a good idea. The act of “erring” might be evidence of the Judge being an idiot, so we’ll see. I bet most Judges are not learned in the ways of “hacking” vs “cracking.”


22 posted on 10/24/2013 7:15:26 PM PDT by Cyber Liberty (We're At That Awkward Stage: It's too late to vote them out, too early to shoot the bastards.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: markomalley

Solution is propose an independent 3rd party analyze the drive. Obviously the defendant is in a like business and it would be bad if his competitor (plaintiff) had a look at his future work, or even past work non-related.

They cannot fish around like that. Shame on the judge, but even more shame on the defendant and his lawyer for not putting up an adequate defense. What was this guy, a $60 an hour attorney?


23 posted on 10/24/2013 7:18:40 PM PDT by Usagi_yo
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Luckily Obama nullifies the Constitution. So they can seize anything anytime.


24 posted on 10/24/2013 7:25:59 PM PDT by gitmo ( If your theology doesn't become your biography it's useless.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cyber Liberty

Everybody is forgetting ..... What did the defense lawyer do?

This is not new territory for this type of civil action. I’ve been on all 3 sides of this type of problem. As the ‘company’, as the ‘consultant’ and as an employee.


25 posted on 10/24/2013 7:29:20 PM PDT by Usagi_yo
[ Post Reply | Private Reply | To 22 | View Replies]

To: Usagi_yo

Apparently the Defense did not do much of anything. The novelty of this seems to be, “Does declaring oneself a ‘hacker’ impute a likelihood of malfeasance, even in the absence of a history of behavior?” I have a feeling this is going to be shredded on appeal.


26 posted on 10/24/2013 7:52:25 PM PDT by Cyber Liberty (We're At That Awkward Stage: It's too late to vote them out, too early to shoot the bastards.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: markomalley

Read this story carefully and then reflect on the fact that these are civilian companies writing code for security of electricity plants.

Makes one all warm & fuzzy, don’t it? /s


27 posted on 10/24/2013 8:43:56 PM PDT by logi_cal869
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley
A US district court has ruled that self-confessed "hackers" have all the skills needed to swiftly destroy evidence, allowing anyone suing them to seize their equipment without warning.


28 posted on 10/24/2013 9:47:39 PM PDT by Dr.Deth
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cyber Liberty

Besides, if he was a real Hacker, Molten Thermite would have been burning thru those disks as they entered the premises.


29 posted on 10/24/2013 10:12:28 PM PDT by Usagi_yo
[ Post Reply | Private Reply | To 26 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson