Criminal Hacker or Whistle Blower?
A university student faces criminal charges for exposing a school security flaw:
“A Carleton University student is facing criminal charges, accused of stealing user names, passwords, financial information and other data from 32 other students to expose security flaws in the university’s student card system.
Mansour Moufid, 20, is charged with mischief to data and unauthorized use of a computer, Ottawa police said Thursday in a release.”
link: Alleged Carleton hacker faces criminal charges
The means by which the security flaws were exposed are characteristic of a sophisticated hack. There is the malicious software - and the keystroke recordings. The argument is that the data gathered were not used in an exploitive manner. The security issue was revealed to the university and the victims by the hacker.
It is the ‘means-justify-the end’ argument. Is this hacker a criminal?
Catherine Forsythe
Tags: Carleton University, criminal, hacker, keystroke logger, malware, Mansour Moufid, security
Get SkypePro for free local calls
Here are some other related posted by this author...
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
September 13th, 2008 at 10:19 am
If the person in question wanted to demonstrate the flaw, then he/she should get permission BEFORE demonstration of that flaw.
Also, it says he did install cardlogging software on a card reader. He also didn’t tell the university about it.
As far as I’m concerned, that’s just as bad as a keylogger… and he should be punished.
Just my 2 cents from a former “Security auditor” of my school district… some friends and I found a LOT of teacher passwords and student passwords because the sysadmins had left a school roster WITH PASSWORDS ON THE PUBLIC WEBSERVER!!!. The difference is, we asked FIRST for permission to demonstrate flaw(s) before we ever tried anything.
So in a word, Yes.
Billy3
September 13th, 2008 at 11:40 pm
First of all the student is not a hacker, not in a classical sense of the word — a keylogger is hardly a sophisticated attack.
Now it’s well within a student’s right to _research_ a security system. It’s not always possible to obtain consent for such kind of research (people are touchy about their security), but it might be in public’s best interest to allow such research anyway.
And while the student’s execution about demonstrating the vulnerability is questionable; criminal charges are not a solution to any of the problems brought up by this event.
September 21st, 2008 at 6:15 am
Last year a female student has been raped in a computer Lab and the rapist has never been arrested.
Ottawa Police and Carleton safety should concentrate their effort on arresting the rapist,they want to kill the messenger instead.
He sent them a report about how to fix the problem, when he did not see any improvement he contacted the students themselves.
September 24th, 2008 at 11:22 am
There almost certainly no link between a student being raped in a computer lab and this incident. To bring it up is really just an attempt to divert attention from the true issue, namely that the student broke the law by what he did and is going to have to face the consequences as a result.
September 25th, 2008 at 1:45 am
what Williams wanted to point out is that the Carleton campus is unsafe,people in charge of safety are really incompetents.
I think Carleton should improve the safety of the students by firing the director of the campus safety Mr.Boudreault and replacing him by a more skilled and more competent director.
Paying him hundreds of thousands a year make no sens.
It’s sad to see that Students are contracting lawns in order to pay high salaries to incompetents people like Mr.Boudreault.