“ I just did WHAT!?”

Or

“Ignorance & Embarrassment: an explorers guide to 18 USC 1030”

Act one; scene one

• Amateur techie...and wannabe VebMeister

• 250 academic & 60 admin/prof systems

• No “real” web site• We “need one”• “But I thought he was

good at this?”

Cruisin’…

• The “Wild, Wild Web”

• Some good ideas: – What to avoid

– Some ideas to borrow

• “Ooooh – there’s a good ‘un”

Neat stuff

http://www.ncts.navy.mil/nol/

Is this really the place to play?

HOW are we playing?

Heck, let’s see what else is here…

More cool sites!

• “Hey, what’s FieWik?”– Just an acronym

– Just squids

– Hey, it’s our gov’t so it’s our stuff…right?

• Info is about computers, so they’ll have a good site to check out!

Alphabetical Listing | Category Listing | Title Keyword Search | NavyOnLine

[A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] You can click on any capital letter to return to the top of this page. To add your commands link to this site please fill out the NOL Link Request Template.

•Fleet Area Control and Survelliance Facility •Fleet Aviation Specialized Operational Training Group, Altantic Fleet •Fleet Aviation Specialized Operational Training Group, Pacific, Detachment Atsugi Japan

•Fleet Aviation Specialized Operational Training Group, Pacific, Detachment Lemoore

•Fleet Aviation Specialized Operational Training Group, Pacific, Detachment Miramar

•Fleet Aviation Specialized Operational Training Group, Pacific, Detachment Whidbey Island

•Fleet Aviation Specialized Operational Training Group, Pacific, NAS North Island, San Diego, CA

•Fleet Combat System Operational Sequencing System Development and Implementation Team (FCDIT)

•Fleet Combat Training Center, Alantic, Dam neck, VA •Fleet Combat Training Center, Pacific •Fleet Information Warfare Center •Fleet Logistic Support Squadron FOUR-EIGHT •Fleet Material Support Office (FMSO) •Fleet Numerical Meteorology and Oceanography Center •Fleet PSD Ingleside •Fleet Support Training Unit 1208

…now for some background

• 18 U.S.C. § 1030.  Fraud and Related Activity in Connection with Computers

• (5) • (A) knowingly causes the

transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

• (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage;

“Knowingly…?”

• Knows or should know• As ignorance of the

law may not be an excuse, ignorance of the details of a program…?

• It’s why they call what lawyers do “arguing”

How do you know…?

• What I meant to do?– (b) Whoever attempts to

commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.

• Is “view source” the first step in plagiarism?

Act one; scene 2

• FrontPage…• Server based data

– Inside & outside web content

• Firewalls & logs• “good guys” on alert

Beyond notepad…

• Fleet Info Warfare center has view source “open”

• “peeling gifs”• Tech wants to know

how, not content• Problem – only links

are on outside web server

Front Page “Friendly”

• Clicking on link accesses content through firewall– Known server to

known server

• BUT: drag & drop to FrontPage & it starts something different

Who’s calling?

• FP accesses remote source– Now it’s from YOUR IP,

not known server

• Firewall sees “hostile” computer (untrusted)

• Log/alarm

• Investigated

• I get phone call from a “Special Agent” of as lettered Federal agency…

Sanity prevails…

• Incredulity & fast action ARE BELIEVABLE

• FIWC doesn’t use FP extensions

• WARNING:– FP ext. may have caused

systems crash

– FIWC may have gone to court to determine “intent”

– “I didn’t mean to” might not have been enough…

Epilogue…

• DON’T even show source• Don’t swipe ideas…

– Check help files– Ask colleagues– Ask on the web– Ask THAT webmaster to share

• Do train people, take the time• Do talk to law enforcement – in

advance– The relationship is VERY

informative– Will help if someone tries to “do

unto you..”

• Do learn the arcana of “smart programs”