MUSKOGEE, OKLAHOMA - BRIAN KEITH WEST, age 24, of Stigler, Oklahoma,
pled guilty today to intentionally accessing and obtaining information
from a protected computer without authorization through the use of an
interstate communication in violation of Title 18, United States Code,
Section 1030(a)(2)(C). United States Magistrate-Judge James H. Payne accepted
defendant's plea of guilty, found defendant guilty of the misdemeanor
charge, and ordered a presentence investigation report.
Defendant was released pending sentencing, pursuant to the agreement of
the prosecutor and defendant, on an unsecured promise to return for sentencing.
Pursuant to a written plea agreement which was filed in open court, defendant
"agree[d] to the following statement of facts: On February 1,
2000, defendant was viewing the Poteau Daily News and Sun (PDNS) website
using MS Front Page and a web browser, MS Internet Explorer. Using MS
Front Page, defendant discovered a common security flaw between MS Front
Page and MS Internet Information Server (IIS), the server software being
run by PDNS. Defendant recognized the security flaw and continued to
probe the website following the discovery. Computer logs from the PDNS
web server confirm this. While probing the site, defendant made copies
of six proprietary Practical Extraction Report Language (PERL) scripts
that were part of the source code running the PDNS webpage. Defendant
also obtained password files from PDNS and used those passwords to access
other parts of the PDNS webpage. Defendant electronically shared the
scripts and the password files for the PDNS website with another individual.
Defendant's access to the webpage involved interstate communications.
On February 2, 2000, defendant contacted PDNS and alerted them concerning
the security flaw.
On February 11, 2000, agents of the FBI executed a federal search warrant
at the CWIS Internet Services office in Stigler, Oklahoma. During the
search, FBI Computer Analysis Response Team (CART) members made image
copies of computers used by defendant. On February 11, 2000, defendant
was interviewed by FBI agents. During that interview, defendant indicated
that he found the security hole in the PDNS website, and copied the
PERL scripts. Defendant further stated that he was re-writing the scripts
in another computer programming language. Following the interview, defendant
provided the FBI with written consent to search his laptop computer
and all the computers he controlled inside CWIS. Defendant indicated
previously to other individuals that he could use the PDNS PERL script
to produce and market his own version.
A review of the electronic evidence obtained from defendant's computers
show that he saved the PERL script in several places and created separate
directories called "/home/PDNS/" and "/home/pdns2".
These two directories were substantially the same directories and contained
substantially the same files. One of the directories was a "shortcut"
to the other. In these directories files were found indicating that
defendant was rewriting a part of the PDNS program in another computer
language. The files written by defendant were in the PHP computer programming
language and the file extensions of those files ended in .inc and .asp.
These files were not in the PERL programming language."
WEST penetrated a security hole in the website of the Poteau Daily News
and Sun, employed a user ID and password, and downloaded computer files
of value. WEST reported to the newspaper editor that he had penetrated
the website, accessed the site using a username and password, and downloaded
several files. West told the newspaper editor that his intrusion accidental.
The website owner reported the unauthorized access to law enforcement
authorities.
Pursuant to an application for search warrant, a United States Magistrate-Judge
ordered a search of WEST's employer's place of business. Files which WEST
had downloaded from the website were found on WEST's laptop. A copy of
the search warrant was left with WEST's employer as provided by law. WEST
was not arrested nor charged at the time. Subsequent investigation revealed
that WEST had downloaded the computer files, was in the process of rewriting
the files, and intended to market the revised software program.
At the plea hearing before United States Magistrate-Judge James H. Payne,
WEST waived the right to proceed before a district judge and entered a
plea of guilty to the misdemeanor Information. The defendant was represented
by Cherie Chappel, of Edmond, Oklahoma, and Kenneth Poland, of Cleveland,
Texas. WEST said he was satisfied with the performance of his attorney
and believed they had done all that they could do to counsel and assist
him with regard to this matter.
"In the context of recent events, even as before, we don't prioritize
unauthorized computer access where there is no consequence," noted
United States Attorney Sheldon J. Sperling. "This matter was pursued
because the defendant downloaded files and intended to derive a financial
benefit from the unauthorized access. Of course, hacking with attendant
web site damage would be taken much more seriously."
"This case generated a very substantial amount of e-mailed correspondence
to our office and across the world, Sperling said. "The wide
range of opinion was instructive. In this case, the defendant rewrote
the files he downloaded, planned to distribute his rewrite, added another
page to the website, modified the password file, and misled sympathizers
and others as to both the character and scope of what he had done."
"It is important that web sites are secure from unauthorized access
and that intellectual property is protected. Cyberspace will be a better
place for all if such privacy and property rights are respected,"
stated Assistant United States Attorney Jeff Gallant.
The offense to which WEST pled guilty is a misdemeanor which is punishable
by a term of imprisonment not to exceed one year. Prosecutors expect that,
under the United States Sentencing Guidelines, WEST will eligible for
probation.
The Information to which defendant pled guilty is as follows:
COUNT ONE
[18 U.S.C. § 1030(a)(2)(C)]
(Accessing a Computer without Authorization)
On or about February 1, 2000, in the Eastern District of Oklahoma, and
elsewhere, the defendant, BRIAN KEITH WEST, did intentionally access
a protected computer without authorization through the use of an interstate
communication, and did thereby obtain information from a protected computer;
to wit: the defendant, BRIAN KEITH WEST downloaded proprietary
Practical Extraction Report Language scripts and password files from the
protected computer.
In violation of Title 18, United States Code, Section 1030(a)(2)(C).
###
|