[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Click for more| Home]

I got into my ISP's backbone infrastructure and sent a bug report

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 132
Thread images: 9

File: images.jpg (11KB, 247x204px) Image search: [iqdb] [SauceNao] [Google]
images.jpg
11KB, 247x204px
I got into my ISP's backbone infrastructure and sent a bug report to them, they sent me a court appearance request yesterday because I " Voided my access rights ". Any legal advice?
>>
>>40468468
Don't show up to court.
>>
>>40468491
But wont that stand as me pleading guilty?
>>
call a lawyer who specializes in this sort of things
>>
>>40468512
> Poor fag mode enabled
>>
Just don't hack across state lines. That's universally stupid
>>
>>40468504

You're not going to win anyway, you might as well be packing right now and moving to some tribe in the middle of the amazon rainforst.
>>
>>40468533
I live in Northern Ireland, its like that anyway.
>>
>>40468468
>notifying anyone of a vulnerability
>>
>>40468528
I hacked my ISP in the UK from Ireland, how does that leave me?
>>
>>40468528
You guys always think I should know everything, and you never tell me anything.
>>
>>40468565
> Didn't want my info being stolen from backbone systems
>>
Tell everyone about the exploit, have your CC info stolen, and sue them for negligence.
>>
Never tell people about their network security issues.
This is why.
>>
>>40468573
go to bed, joey.
>>
>>40468591
>>40468589
Yeah I figure, Section 2 Part D of the data protection act 1998 states

(d) appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction.
>>
>>40468591
This.

Sell the exploit instead. That way you'll be rewarded instead of punished.
>>
>>40468573
oh god this
>>
>>40468626
Bit late now
>>
>>40468468
If you were to make a case you could state that you were investigating the security and legitimacy of your ISP's security claims. Furthermore I doubt the judge would sentence you for informing them of a security flaw.
>>
I have no idea how things may work in other countries but here in the USA a company will try to shut you up any way legally possible if you disclose white-hat nature hacks. Now they have every reason to bar you from their service permanently, I'm sure sensibly you can understand. Its akin to the mail courier slipping your back door lock and leaving a message that you need to beef shit up.

I have no other advice but this: reiterate to whatever legal council you can get that your intentions were honest and your actions were to better secure both yourself, the company, and all of their customers.

Beyond this , good luck and godspeed.
>>
File: cereal.jpg (51KB, 852x480px) Image search: [iqdb] [SauceNao] [Google]
cereal.jpg
51KB, 852x480px
>>40468630
>>
File: computer criminals.jpg (381KB, 1200x838px) Image search: [iqdb] [SauceNao] [Google]
computer criminals.jpg
381KB, 1200x838px
>>40468567
The Computer Misuse Act is VERY broadly drafted and arguably technically makes it a crime to access a public website without getting permission first. Get a good lawyer that specialises in this area as others have said, in a sane world the fact you didn't have malicious intent and notified them ought to make this not a crime but the reality is that any "unauthorised access or modification" could be prosecuted.
>>
>>40468468
What was it like?
>>
>>40468671
Thanks very much for this
>>40468686
Yeah, that is true. I was looking at the data protection act 1998 as they are technically a data handler. Finding a lawyer in my area is a hassle enough without them having to specialize in the area.
>>
>>40468708
I felt like god.
>>
https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29

contact the EFF, they'll find you an attorney locally
>>
>>40468732
I had access to roughly 19 1GB/s lines. So tempted to try and NTP exploit them.
>>
>>40468745
Shit I never thought! Thanks man great call.
>>
>Broadly speaking, if the access to a system is authorised, the hacking is ethical and legal. If it isn't, there's an offence under the Computer Misuse Act. The unauthorised access offence covers everything from guessing the password, to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorised access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data", explains Struan Robertson, legal director at Pinsent Masons LLP, and editor of OUT-LAW.com.

>Unauthorised access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defence in our hacking laws that your behaviour is for the greater good. Even if it's what you believe."

TL;DR white hat hacking without permission is explicitly illegal, you're fucked OP
>>
>>40468823
In the US or in the UK?
>>
File: (1MB, px) Image search: [iqdb] [SauceNao] [Google]
1MB, px
>gain access to someone's infrastructure
>tell them about it
Were you expecting to get a medal?
>>
>>40468846
>If it isn't, there's an offence under the Computer Misuse Act
computer misuse act is a UK law....
>>
>>40468851
A job would be nice....
>>
>>40468686
>computer criminal works from home
>>
>>40468468
>Not selling that info

Holy fuck, you are one stupid nigger.
>>
>>40468862
only GCHQ does that, but you probably don't want to work for them...
>>
>>40468468
why the fuck didn't you use anonymous email and 8 proxies and VPN's located in iran and netherlands, then tell them to hire you otherwise they can keep their broken hardware/software.
>>
>>40468862
It sounds like you'd win in court. On the other hand, if you lose, you might get a nifty web article about your case a day before everyone forgets about it.
>>
How did you manage it?
>>
>>40468880
fucken this
OP you're dumb as fuck.
I know some faggots who would pay 3K USD for that info
>>
>>40468851
This sort of thing is hit and miss. Sometimes you get a reward or at least thanks for pointing out a flaw.

Most of the time they'd rather sue your ass.
>>
>>40468911
Ill give you one guess
>>
>>40468904
this and you could get money from the press because of the interview then the EFF would report that, that ISP has security issues and everyone of their subscribers could be a target
as far as i know, it's a win win
>>
>>40468934
Not seeming like that right now, considering im shit scared.
>>
>>40468920
Yeah, much easier and morr profitable to work black hat OP. You should have figured that out from recent cases like geohot and the rest.

>>40468932
They are retarded enough to leave the entire system wide open thinking that no one would bother?
>>
>>40468963
Close. Default Passwords. Cisco/Cisco
>>
>>40468980
Thats not even hacking. thats just pathetic at that point.
>>
>>40468980
Ahahahahahaha that's pretty much what I guessed. Thanks for the laugh, hope you find a way to get through this. I guess we'll be seeing you in the news.
>>
>>40468959
contact EFF see what they say.
Maybe the ISP had that as a trap for hackers.
They aren't that stupid, but still a security risk.
Get a layer appointed to you unless you have one.
If your lawyer is somewhat smart, he'll make you look like a "hero" and make you look like you should get hired because "their ISP employees are obviously not professional like enough to do their job."
Stay positive and don't act nervous in court.
I hope your using a VPN to view and reply in this thread as well.
>>
>>40469012
It is, hence why I said "I gained access"
>>40469013
Keep a lookout in the Northern Ireland News
>>
>>40468980
just make sure to say "Thanks /g/" in the news.
>>
>>40469016
Yes, VPN's in place
EFF Contacted
ISP confirmed it isnt a trap, I could control my own modem from the panel
Will get a layer tomorrow
Ill try
>>
>>40469030
Hell yeah!
Im worried that after this I will be never hired by a computer firm again. Except security testing
And possibly Defcon
>>
>>40469030
He shouldn't mention 4Chan at all in my opinion.

>>40469045
Don't mention 4Chan.
>>
>>40469066
nigger, if it turns into like a 3 month to a year trial type of shit then other ISP's will know it's serious shit and most likely hire you since the ISP taking you to court are a bunch of idiots.
>>
File: 1369197372222.gif (449KB, 500x281px) Image search: [iqdb] [SauceNao] [Google]
1369197372222.gif
449KB, 500x281px
>>40469077
alright, he should say "thanks reddit" unless ya'll don't wanna "credit" reddit.
>>
What is your name? I want to check the news later.
>>
>>40469077
He should give us a keyword then.
"happy hacking"

>>40469119
ISPs or people like this makes me lose hope in humanity
>>
>>40469134
Thanks reddit or thanks 9gag!
>>
>>40468528
>>
>>40469172
>>40469170
he better put that as his statement
>>
>>40469066
Nah, people don't give a fuck. Some guys get hired right out of prison.

Tons of guys in the computer world either were arrested for computer abuse or would have been arrested had they been caught. I stay on the straight and narrow, but I wouldn't be bothered by hiring someone who'd been arrested (or convicted) for computer crimes, as long as they didn't break trust or do something insanely stupid. You were naive, not stupid. Good luck, bro.

>>40469134
No, "Ebaums did it"
>>
>>40468585
So why not anonymously report it?
>>
File: 1392274636475.png (510KB, 459x488px) Image search: [iqdb] [SauceNao] [Google]
1392274636475.png
510KB, 459x488px
>>40468528
>universally stupid
Yeah kinda salty about that reference.
>>
>>40469134
I said that because of the rep we have due to /b/'s idiocy. You think the fact that he is associated with the image boards from where "anonymooze is lejun" is said to have come from is a good thing?
>>
>>40469202
screws up your chance to go to certain countries though
>>
>>40469227
True, i guess 98% of all cancer comes from the YouTube's and the media on TV because 15 y/o's think they can come here and learn to hack.
>>
>>40469233
In most commonwealth countries you can get a pardon from the queen after a few years, and you can travel anywhere, no restrictions or bullshit. I'd be surprised if OP was unable to get a pardon, based on him being a good Samaritan.
>>
A company threatened me after I told them they had a skiddy-tier vulnerability, I could get fucking root shell from a browser... running mysql/php as root, smart ones.

I called their legal after they sent the classic ursosued email and pointed out that if you make this a public case I'm going to use this info in court, and the whole world will know how to pwn them, you should at least fix your shit before trying to sue me for doing nothing.

They never fixed their shit, and never sued me... they went out of business and their domain hosts malware now.
>>
Alright the code word is

"Ebaums is my inspiration, I love their watermark"

I will say it if shit goes down
>>
>>40469077
I don't think they were serious.
>>
>>40468980
Well that's not even breaking in...

Is clapistan so fucking backwards people will sue you if you say "your combination lock is 00-00-00, you should change that".
>>
>>40469202
>Nah, people don't give a fuck. Some guys get hired right out of prison.
From what I've heard, this stopped being true in the late 90s. It used to be that skilled hackers were so rare that anyone who needed one for security would be willing to look past even baby rape to get one. Nowadays you have enough white hat guys coming out of masters/PhD programs that there's no need to take a risk on a felon.
>>
>>40469328
Neither do I but it is safer to establish things anyway.

>>40469287
Sweet, will look out for it.
>>
>>40469287
I wouldn't. Whatever you say will go against you as that can give the wrong idea. Try to be a bit more subtle
>>
how do i hack people?
>>
What county yr from, nirishfag reporting in
>>
>>40469429
Derry/Donegal Reporting.
>>
>>40469287
OP, as nice as it would be for all of us to know who you are, the reality is that giving away a key phrase will also give away your identity in this thread. Think about it:

>How many people are currently in legal trouble for breaking into their ISP's backbone infrastructure?
>You're using a VPN to post in this thread as you've stated in this thread. I assume you're using your home connection (ie the ISP you just hacked) to access your VPN that you're posting with. Thus, the ISP will be able to put two and two together if you use a key phrase mentioned in this thread.
>Even just using the key phrase will be enough to link you to this thread.

You already made a mistake by making this thread. I mean, I'm willing to bet that the number of people currently in deep shit for doing what you did is 1.
>>
>>40469452
Point taken, will not do
>>
>>40469023
BT, virgin, talk talk or sky? If it's BT you have the least chance of coming out of this unscathed as they might as well be a government body
>>
Fermanafag, i bet its some shit isp like talktalk
>>
>>40469367
>Is clapistan so fucking backwards people will sue you if you say "your combination lock is 00-00-00, you should change that".

As someone said before. Even accessing a public website without explicit permission is technically illegal.
>>
>>40469449
>>40469429

Holy shit there are even more norn iron people on this board than I though
>>
>>40469481
Local ISP. Wont disclose the name.
Using Peer to Peer Wireless then copper cable
.>>40469500
I have family in Fermana. Beliek to be specific.
>>
>>40469512

Clapistan confirmed full retard.
>>
>>40469515
Surprises me to lol, only seen a few Irish fags here.
>>
>>40469515
County Down represent
>>
>>40469512
And this isn't limited to america. I remember a french journalist was arrested for putting contents of a pdf he found on google in slides.

It was content available over http without a robots.txt.
>>
I have family in belleek too
>>
>>40469525
Is it that bluebox broadband crap?
>>
>>40469555
I spelt it wrong lol. Surname "O'Shea" mean anything to you?
>>
>>40469565
Possibly.....
>>
>>40469547
>>40469541

Derry here. It's seems NI fags congregate in the same threads because theres was eight or nine of us in a thread last time.
>>
>>40469539
>>40469512
OP is from Europe as stated multiple times.
>>
I know 2 or 3 o sheas, not been in belleek for years though
>>
>>40468468
>sent a bug report to them

You deserve every bit of this for being such a massive faggot.

Try complaining to some local news station that has nothing better to do.
>>
>>40469597
It does. What part of Derry. Creggan myself.
>>
>>40468756
What exactly did you do? And what's your ISP?
>>
>>40469616
Yeah, me neither
>>40469635
Wont say the ISP till this is over I just logged into Cisco switches with default passwords and found more infrastructure with default passwords
.
>>
>>40468468
>Any legal advice?
You're fucked. You gained access to restriced systems. It doesn't matter how you did it, and what you did with the info afterwards, the fact is you violated their infrastructure.

Seek out the media. Most grey hat hackers get a pass if it gets public they tried to help the "victim'.
>>
>>40469595

Holy shit I didn't think they were still going. Really don't know where you stand but arent they a tiny as fuck business? As most anons have said the law is vague as fuck so just get yourself any half decent solicitor and they'll get you off. I doubt they have the money to go after you
>>
>>40469665
You'd be surprised. I pay 500 a year for 10meg... No other ISP in the area.

Hopefully they fuck off after a while
>>
I havent even fucking heard of bluebox
>>
>>40469623
Lisnegelvin. Even more surprised that someone from Creggan is here. I only know two people that come on 4chan and one of them just shitposts on /v/
>>
>>40469696
Exactly, shit company
>>40469702
Lisnegelvin is a nice place. I dont know anyone else that even games online never mind comes on 4chan.
>>
>>40469665
Well the apparently don't have the money for respectable it admins who rotate passwords...
>>
>>40469727
They dont,
>>
Alright its 4:04 AM. Im tired and have to find a layer tomorrow.

Things I did in the thread
>Contacted EFF
>Found NIFags on 4chan
>Found out how fucked I am
>Calmed myself a but
>Made a start on a defense
>>
Tell them to eat a bag of dicks
>>
>>40469688
You serious? I remember dealing with them because they promised me that they had coverage in my area which was border/boonies before i moved back to derry. After a pile of excuses they told me I couldn't get it even though i was on the coverage map. I just went with o2 which was horrible and then 3 which isnt half bad and got 4mb speeds even in the ass end of nowhere.

Thank fuck I have BT now.

>>40469727

Yeah they really don't. Their sales people were horrific as I said before as well. The website design is even worse

>>40469718
Aye it's nice and quiet place. I play a lot of PC games but a load of my mates play consoles online. Most houses I wander into have at least an xbox. usually only fucking fifa though
>>
>>40469755
Oh and thanks everyone for the help. If you want to continue this convo I am in Teamspeak. ts3.lv-cnr.com and email me [email protected]
>>
>>40469755
Come back later and tell us how it is going. I'd be interested to see how much the EFF helps.
>>
>>40469777
www.cranfordss.net
>>40469791
I will.
>>
>>40469755
Mate youre not fucked. Just talk to a solicitor and don't worry about it. They're too fucking small and trying to scare you. Even BT doesn't give 2 shit's about the shit you do.
>>
In ireland fifas the only acceptable game, i wouldnt lift it out of a shop if they paid me though
>>
>>40469807

Nothing will beat the derry freemasons website I found one day
http://www.inch589.org.uk/
>>
File: hackingohrly.gif (743KB, 500x125px) Image search: [iqdb] [SauceNao] [Google]
hackingohrly.gif
743KB, 500x125px
>>40469187

I do what I want!
>>
If fermanagh heralds rodney edwards comes shoving his nose, tell him i still think hes a cunt
>>
>>40469857
I can imagine him using google on his own name and this post coming up
>>
Hes the kinda guy who probably does that anyway
>>
>>40469387
Can't believe I've never seen that image before. I've never really been to /mu/, do they really obsess over metal and piss on The Animal Collective? Sounds like a fucking hell hole.
>>
>>40469916
well you are on 4Chan...
>>
>>40468671
>it's akin to the mail courier slipping your back door lock and leaving a message that you need to beef shit up

In that case I beef shit up and thank him for notifying me of the vulnerability and feel thankful to the universe that he was a cool guy who told me instead of stealing my TV.
>>
>>40469916
I think they like Animal Collective, because they mentioned it with Neutral Milk Hotel.
>>
>>40469916
They really don't. Most of /mu/ likes Animal Collective and Neutral Milk Hotel, and any argument is either civilized or done as a joke.
>>
>>40468745
>eff
this, the Electronic Frontier Foundation
>>
>4archive.org/g/res/40468468
Archived this thread.
>>
>>40469958
>>>/b/
>>
>>40469958
>implying all /g/ threads aren't archived

Back to /b/ with you.
>>
>>40469954
Ah good, Animal Collective is legit. But yeah, did OP just give us his teamspeak server a second ago? WTF man
Thread posts: 132
Thread images: 9


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.