laws broken

Status
Not open for further replies.

brokenlaw

New Member
I'm not a lawyer, nor do I play one on TV.

While there are not any charges currently pending, there is concern that there may be in the near future. With that in mind, I am hoping that some more versed in the area of cyber law can provide some best guesses as to what charges may appear.

For full background, I am providing the history up until this point.

A single person ("Walter Web") runs a company offering web site hosting ("WWhost"). "Walter Web" leases a single dedicated server to host the web sites. Walter is not a server administrator, and frequently employs the service of another company ("TechCo") to handle routine tasks on an as-needed basis. These services include applying security updates, rotating log files, etc. An employee of TechCo, "Ben", regularly performs the work for WWhost, as such, "Ben", has root access to the server.

TechCo subsequently goes out of business, and "Ben" moves on. Ben occasionally logs into the WWhost server. Ben rotates log files, applies security updates, shuffles personal backups to/from the WWhost server, and runs a few personal background processes.

After a few years, Bens new company moves him overseas. Ben creates several accounts on the WWhost server, so that persons back in the United States may login to the WWhost server via FTP, and send Ben large files. Due to the uncharacteristic traffic patterns, the datacenter hosting the WWhost server sends Walter an email notifying him that there is an unusual traffic pattern on his server. WWhost is well under it's allotted bandwidth, and is not being billed extra. It's simply a notice that there may be some suspicious activity. Walter logs into the WWhost server, and sees a number of files he does not recognize, all recently added.

Walter hires a former TechCo employee familiar with the server to perform a clean up. The former TechCo employee removes the new files, removes the new ftp logins, changes the root password, saves a copy of all the system logs, and stops and deletes Bens background processes. Because the former TechCo employee is familiar with Ben, it's no mystery as to who is responsible.

Walter emails Ben:
I am contacting you to give you the opportunity to make restitution for theft of services and illegal access to my web server. I have had significant down time and have identified backend programs that you have installed and run on my server without permission. I have server logs that trace this activity back to you. If you do not contact me with how you plan to make financial restitution, I will be pressing charges through local law enforcement.

Ben responds:
As your server logs no doubt indicate, I have indeed had "root" level access to your server , during which time I have very quietly performed normal maintenance tasks (rotating bloated logs, killing stuck processes, applying security fixes, the like). Recently I made an egregious mistake which has brought us to this point.

Please accept my full apology for any inconvenience this may have caused you. I realize that you do not maintain your own administrative support and instead contract services for this type of task. If you forward me the bill for the "cleanup" I will be more than happy to cover the expenses.

Again, I do apologize for this.

E-mail is the best way to contact me, as I now reside over seas.


At this point it should be noted that WWhost had no downtime related to the incident, and has not notified WWhost customers of the incident. At no point during Bens use of WWhost did Ben access any email, customer directories or databases.

It may also be relevant to note that the "banner" (or MOTD) that appears for SSH and FTP sessions is simply "Welcome to WWhost".

With all of this in mind, if the issue is carried forth legally, what laws has Ben broken?
 
Status
Not open for further replies.
Back
Top