gordon.dewis.ca - Random musings from Gordon


Archive for September 11th, 2008

Kasper Holmberg unmasked

September 11, 2008 @ 17:19 By: gordon Category: Current affairs

A quick follow-up on my previous entry about Kasper Holmberg.

According to an Ottawa Police news release, Mansour Moufid, a second-year math major at Carleton, has been charged with “Mischief to data and Unauthorized use of a computer” in relation to the Kasper Holmberg Incident that took place at Carleton University.

He used Keylogger software and Magnetic stripe card reader software to acquire students’ information.  Moufid put together a 16-page document that first made it to the University Secretary’s office followed by emailing the document to 37 students of the University several days later.

Apparently, he is going to appear in court on October 15th.

Section 430 of the Criminal Code of Canada indicates that

(5) Every one who commits mischief in relation to data

(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or

(b) is guilty of an offence punishable on summary conviction.

Section 342.1 of the Criminal Code of Canada says

Unauthorized use of computer

342.1 (1) Every one who, fraudulently and without colour of right,

(a) obtains, directly or indirectly, any computer service,

(b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system,

(c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or

(d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction.

Doesn’t sound like it was worth it, does it?

Kasper Holmberg is not a hero

September 11, 2008 @ 13:04 By: gordon Category: Current affairs

You might be asking yourself is “Who is Kasper Holmberg?” and “What did he do?”.

Kasper Holmberg is the alias used by a Carleton University student who broke into a number of systems at Carleton.  He stole data from the campus identification cards of 32 students and then used this information to gain access to their email accounts and financial information.  He claims he did it to demonstrate that the cards are not secure and wrote a paper that he distributed “pretty widely” according to a university spokesman in a story on CBC’s website.  (And another story here.)

He has since been caught by campus security and is going to appear before a campus disciplinary committee who could do anything from assigning him community service to expelling him.  And the police are looking into whether criminal charges should be laid.

The student is by no means the first hacker to break into a computer system for altruistic purposes and he won’t be the last.  People have been breaking into computer systems to which they have no legitimate access to expose security holes for years.  In many cases, these individuals are glorified as “heroes” or likened to Robin Hood.  In rare instances, they have been hired by the companies whose computers they broke into as “security consultants”.  They then become role models for up and coming hackers who want their share of the fame, glory and prestige.

This is wrong.