Is This Hacker a Villain or Whistle Blower?
- 2
- Add a Comment
A university student faces criminal charges for exposing a school security flaw:
“A Carleton University student is facing criminal charges, accused of stealing user names, passwords, financial information and other data from 32 other students to expose security flaws in the university’s student card system.
Mansour Moufid, 20, is charged with mischief to data and unauthorized use of a computer, Ottawa police said Thursday in a release.”
link: Alleged Carleton hacker faces criminal charges
The means by which the security flaws were exposed are characteristic of a sophisticated hack. There is the malicious software - and the keystroke recordings. The argument is that the data gathered were not used in an exploitive manner. The security issue was revealed to the university and the victims by the hacker.
It is the ‘means-justify-the end’ argument. Is this hacker a criminal?
Catherine Forsythe
2 Comments
kevin
September 25th, 2008
at 3:52am
Let’s thank Carleton hacker
The Ottawa Citizen
Published: Sunday, September 21, 2008
Re: Neither friend nor foe, Sept. 13.
The Carleton University hacker demonstrated for administration and officials that there was at least one weakness in the security of its students’ information and use of its on-line campus cards.
The hacker could have chosen not to inform the students whose accounts he broke into: yet he did. He wrote letters to these students to notify each one of them of the vulnerability of their e-accounts.
Email to a friendEmail to a friendPrinter
The hacker could have chosen not to inform university officials of the ease with which he accessed electronic records: yet he did. He wrote a letter to alert them of this weakness. Would someone whose intent was malicious have notified the owners and users of these electronic systems of their potential misuse?
The hacker used a pseudonym when writing these letters, to protect himself from instant condemnation in a delicate situation. Yet he wrote letters of explication and a 16-page document to the university officials, to alert them to the flaws in their system.
A suspect has since been arrested and now faces a possible prison sentence if convicted. The case should be re-evaluated.
Wouldn’t any university officials rather have a hacker who works for them, lets them know how simple it was to break-in and also prepares a detailed document to outline and explain the flaws and process in order to correct the weakness? Or would they rather have a silent hacker who simply takes and abuses the desired goods or information for malicious intent?
If a system is weak and flawed, I would want to deter all or any good-willed de-coders from helping correct such a situation. The 20-year-old hacker is obviously a bright young man and adept with electronic technology.
Thank him, enlist his help in correcting the situation, and drop the charges.
Sylvia Parent, Gloucester
Hacker at Carleton University Leaves School ~ DogReader
September 26th, 2008
at 8:53am
[...] a consequence of exposing a flaw in the university security system, Mansour Moufid is leaving Carleton [...]