Bad raps for non-hacks
Article describes the misfortune of security professionals, who committed the one sin common amongst most security “professionals” — curiousity. A particular professional, Scott Mouten, contracted to protect and administrate the network for a county in Georgia got caught when a prospective customer to the County services wanted to attach to their network. He performed a port scan for vulnerabilities, and then reported those vulnerabilities to the city’s officials. The city officials closed the holes and “promptly contacted the Georgia Bureau of Investigation, which searched and seized his computer and arrested him for violating the Georgia computer crime laws. The statue in question made it a felony to use a computer with the intention of “obstructing, interrupting, or in any way interfering with the use of a computer program or data… regardless of how long the alteration, damage, or malfunction persists.”
What these events demonstrate is before you act for the betterment of others do a little CYA (Cover Your A**) first. All of Moulten’s problems could have prevented by stating a security scan will be conducted before allowing foreign networks to attach to the County’s network in the original contract. Get it in writing!! Curiousity and knowledge is a dangerous thing as the proverbial cat and Phil Windley certainly know.