Intel 'hacker' sentence expunged

A former Intel contractor has seen his conviction for hacking into the company's systems expunged, after a battle lasting more than a decade.

Randall Schwartz had his arrest and conviction for bypassing Intel security systems "set aside" at the beginning of February, legally giving him a clean slate.

Schwartz was arrested in 1993 after using a program called "Crack" to find out the passwords of various former colleagues in the Intel Supercomputer Systems Division (SSD). Schwartz had left SSD under a cloud, and told the court he decided to crack the Intel passwords to show that SSD's security had gone downhill since he had left, and to reestablish respect he said he had lost when he left SSD.

In late 1995, Schwartz was convicted of three counts of computer crime and ordered to pay Intel $68,000 restitution. His sentence also included five years of probation, 480 hours of community service and 90 days of deferred (cancelable) jail time. His legal bill exceeded $170,000 by the end of 1995.

Schwartz has argued that his conviction was unfair, as he had not intended to cause any malicious damage. After an appeal, the restitution was dropped in 1999.

In October 2006, Schwartz appealed for clemency from a Democratic governor who "had already granted a few pardons," Schwartz explained on the Yahoo Tech Groups site. At the beginning of February 2007, an Oregon court ordered an expungement of his conviction.

Schwartz said that it will take a while for him to absorb the result.

"Even a few weeks later, I'm still in a bit of shock that I've reached this point in this over-13-year journey," Schwartz said. "It probably won't fully sink in until the first time I travel freely into Canada, or fill out a contractor form that asks the question about criminal history, or apply for a Small Business Administration program that was formerly unavailable to me."

Tom Espiner reported from London for ZDNet UK.

[therealbean]

Misspelled name

His first name is Randal (with one L).

[scubajp]

Why does it matter?

Shouldn't matter, the hacker did bad stuff regardless of the reason. Oughta pay the price. Like a graffiti artist who has a great artistic talent, still is breaking the law. Do we like to look at our sound walls going to trash? Their excuse is that it is art, we meant no harm. Like the Intel hacker, I meant no harm! Go to Jail.

[Marcus Westrup]

Maybe not,

I know a guy who was paid to look for security holes in a satellite provider, and was threatened with a lawsuit when he found one! (The case was later dismissed by a judge).
The point is, these cases are often more complicated than simple right and wrong.

[katamari]

You need to read the full story.

Please read the full story before commenting like this. When I say full, I do mean FULL. Randall was a not a "hacker" or a "cracker".

There is a lot more to the story than what this CNet entry goes into. In fact, most people after reading the full details, are absolutely amazed Randall was charged at all. Bottom line is that some Intel higher-ups who had idiotic passwords decided to make themselves look even more idiotic by stirring up the ants in '93.

Like I said, read the story.

[DarrenBaker]

Nice to see hacking is now legal.

It's too bad that every person charged with a felony can't find a soft governor in order to get their records expunged, and freely travel to Canada. As far as I can tell, the man did an illegal thing, was prosecuted justly (though the sentence was probably a bit harsh) and now gets to walk free. Life is wonderful! The evil corporation has succumbed to the little man! What a joke...

[fastdodge]

You mean like every drug dealer?

So computer crime is worse than selling dope and not paying any
taxes. Most are back on the street the same day. Or does computer
crime scare you more? This country needs a real wake up call!

[DavidJW1234]

Why would someone want to come to Canada?

I guess its not bad here but there really aren't any reasons to come
here.

[boratebomber]

More like, if you work for Intel...

it's better to turn a blind eye to any security problem you notice, because if you do notify anyone within the company, you probably will get run through the wringer. Let the real hackers get in and do damage, then their IT department can run around and look heroic. But if you are a concerned citizen, you will pay with your reputation. Basically you don't want to be a contractor for them.

[clsgis]

more like whistleblowing is now a little more legal

Don't believe everything you read in the trade press. Some of it is distorted beyond all recognition in search of a sensational hook.

My understanding of Randal v Intel is Randal was a serious security guy surrounded by bozos. When he tried to get them to fix their broken security, he embarrassed some bozos and they started persecuting him through office politics. When he blew the whistle in-house, they chased him out. When he blew the whistle outside, they sued him as a "hacker." (Cracker.)

Crack is a standard utility for finding weak passwords in a unix encrypted password file. It doesn't break into anything. If Randal is guilty of something, it's general poor judgement and stealing a password file. He should have just left Intel with their lousy security, and let the criminals break in and embarrass the bozos. He wasn't a big enough stockholder to have a personal interest in Intel's network security, and it wasn't his job to reform an IT empire full of bozos.

[wone123]

that is worth $170,000?!

a lot of decisions that come out of courts are worthless...

its pretty sad that he can find a job now!

employers need to wake up

[zboot]

NO - You didn't read properly

It said his legal costs were in the $170k range, not the fine. His restitution, which was later dropped, was much less.

[michaelo1966]

Real hackers

I support very still penalties for real hackers: people who write and release viruses, spyware, steal private data, and the like...

Randall isn't one of these though. My memory is that he got into a lunchroom fight w/ some senior Intel guy about how easy it'd be to steal passwords. He was attempting to convince them to require stronger passwords.

In a fit he ran some type of common dictionary attach that hashed common words, compared to a password file, and when they matched showed the plain-text password. He gave them the list -- without logging in as anybody or giving it away (or threatening to do so) -- with a strong "told ya' so" 'tude.

Rather than admit to Intel senior managers that they'd configured their password policy poorly they called Randall some sort of unstable hacker and prosecuted him.

This was basically a case of office politics turned into trumped-up charges. There are plenty of "real" (and real-bad) computer criminals. Wasting time processing and prosecuting Randall was time that could and should have been better spent on them.

[DrKevorkian]

Yes, every person who has a temper tantrum ....

and potentially compromises the entire operations of a multi-billion dollar business because of their need to prove a point should just be laughed off.

I certainly would want to hire a person like that... not.

[CyberJedi25]

This article scared me

I really thought that this was Randal L. Schwartz (the co-author of Learning Perl) that got arrested. Phew! Thank God it's not. The spelling of the names is obviously different. Phew! :)

[realmerlyn]

can't tell if you're joking

But yes, one and the same. I'm famous for Perl, and Infamous for
being an ex-ex-con. :)

[wbenton]

Why not?

If they just slap the wrist of 18-year olds caught red handed for trying to bribe hundreds of thousands of dollars in an FBI sting operation after stealing passwords and threatening to release the info if the money was not paid...

I see why not let him go free. Only two things remaining. Why did his lawyer fees run up to $170,000 and who's going to refund that?

Averaged out, that comes up to approx $12,000/year for the past 14 years.

What ever happened to the right to a speedy trial?

FWIW