If you really want to make the Humans Are Bastards claim, you could do a lot better than this thread.
This "faculty lot" you speak of sounds like a place of great power...The hospital servers were not disabled by this process. They discovered it by someone noting that it was a bit slower than usual. I don't know why people keep assuming that the hospital servers were disabled. The potential threat of this attack would have been them stealing confidential documents, which as of the original article there was no evidence of them doing.
edited 17th Jan '11 9:53:40 AM by Clarste
^^Okay, you're right, but still.
@Nohbody, not arguing that they weren't trying to break anything, that's pretty obvious.
edited 17th Jan '11 9:52:50 AM by Tzetze
[1] This facsimile operated in part by synAC.@Clarste: No, they didn't actually break anything, but with the level of access required for permission to run executables, instead of a game server they could've installed a trojan or some other variety of digital nastiness.
That's why I said, a few of my posts back, the hospital IT department needs a massive collective Dope Slap, preferably with a hardback IT security book that could be used as a paperweight in a hurricane.
On a properly configured network, even if they did actually get in, they wouldn't have any authority to actually do something there instead of just taking a peek (an unwelcome possibility in and of itself, given the data on the network).
edited 19th Jan '11 4:48:14 AM by Nohbody
All your safe space are belong to TrumpBut when discussing their morality, there's really not much point in arguing what they could have done rather than what they did. They certainly did something very illegal, kind of rude, and also stupid, but they did not endanger anyone's life or steal anyone's identity (as far as we know). Obviously it's not a good thing for hospital servers to be hacked, but nothing bad actually happened in this case.
Until Dave Chappelle comes along and "whoops [that cancer patient's] monkey ass". Then it's not quite as funny anymore. :(
"It ain't about whether you win or lose, unless you got money on the game, because...damn. That's your money, son."Damn, I told some guys I know who love Black Ops, and they still find this to be crossing the Moral Event Horizon.
"Who wants to hear about good stuff when the bottom of the abyss of human failure that you know doesn't exist is so much greater?"-WraithIt's basically a "the slut was asking for it" for the digital age. Good old fashioned victim-blaming. People never change.
Out of Context Theater: Mike K "'Bloody Pussies' cracked me up"It's not a matter of fault, it's a matter of their being dangerously insecure.
[1] This facsimile operated in part by synAC.@Major Tom: Hindsight is perfect. If they had been allowed to keep their jobs (which I presume they have), they likely thought that their security was good enough for both themselves and the law; now that it's been hacked, it's a bit rich to be talking about how they failed to make good enough security,
Who cares? The analogy works. The slut server owners were asking for rape getting hacked by dressing too skimpily being lax on security so now everyone blames them instead of, you know, the actual people that did it.
You forget that hackers don't care, they just do what they do.
Come on, we live in an age where Anti-Virus and Spam-Blocker programs keep upping the ante to keep out virii and spam in a digital race/war. If you have to protect your data, then try to make sure that this doesn't happen. It's not entirely your fault if you get hacked, certainly, but there are steps you can take to avoid it from happening.
Keep in mind, this is coming from a person who has heard tales of Steam accounts getting compromised due to the owners clicking on suspicious links.
Plus, did anyone catch the perps responsible for the hacking?
edited 22nd Jan '11 1:27:21 PM by RocketDude
@Allan: There's a bit a of rule of thumb you need to know about computer security. Good enough for the law is not good enough in practice. The law is notoriously behind in terms of technology. If you do not make an effort to provide the best possible security you can do and I mean best possible as in no such thing as "good enough", then when a hacker comes calling if he breaks in you deserved it for leaving a way in.
Truly "good enough" security means the hackers in this case never should have gotten anywhere near as far as they did. Worse, there are a lot of security tools out there that cost nothing and they are very good at what they do. snort for instance (note the lowercase), is the best intrusion prevention/detection system in the entire computer industry by rating and it's open-source. Were the hospital running that, they likely could have stopped them in their tracks.
On reflection, we don't know if it was a zero-day attack or not, or whether some idiot employee accidentally opened a hole in a perfectly good security set up in order to do something rather than consulting the guys in charge to get it done and keep things secure (which is a possibility). Hell, someone could have picked up a flash drive that had a trojan on it someone had left in the parking lot, whereupon the guys in Scandanavia did their hacking, in which case it was an innocent mistake. There's not enough information there to go on.
Still think that they could have caught em had they had better security, but I'm hoping to go into that field and I think too highly of myself, so... >_>
That is a much better analogy then the one I had.
edited 22nd Jan '11 2:00:04 PM by TheInferno
"The fact that your food can be made into makeshift bombs alarms the Hell out of me, Scrye." - Charlatan@Woolie: The analogy doesn't really work, though. It's not just the target that could be compromised if its security is at risk. It's carrying other people's data, and those people could be harmed if their data falls into the wrong persons' hands.
A more accurate analogy would be a delivery boy carrying a shipment of vital medicines through the back alleys of a crime-ridden neighborhood on foot wearing a T-shirt with ROB ME printed on the back. Because that's about the amount of planning and funding that must have went into your web security if a bunch of bored gamers were able to host a server on your system without your permission.
edited 22nd Jan '11 1:58:28 PM by Eriksson

Humans are a miserable species.
Genkidama for Japan, even if you don't have money, you can help![1]