Friday, September 30, 2005
One of those days
I got sad news before dawn today. The thing is, I do not have the liberty to tell...yet. That's the hard part. Unlike having to keep good news first, sad news brings you further down. I find myself just staring blankly at walls, ceilings or wherever my eyes seem to just rest on. It sucks.Anyway, since I cannot divulge yet, on to other things to keep the mind from straying again on depressing turfs. Get a hold of this news item: Court grants Filipino hacker probation after guilty plea. This is about Filipino hacker JJ Maria Giner who defaced a number of websites of the government portal gov.ph. This is considered a landmark case since Giner is the first local hacker to be convicted under section 33a of the E-Commerce Law or Republic Act 8792. Giner was convicted and sentenced to one to two years of imprisonment and to pay a fine of 100,000 pesos. He immediately applied for probation though, which the State did not not object to.
The e-Commerce Law was passed after Onel De Guzman's ILOVEYOU virus caused computer systems worldwide to crash. Yet it really didn't have much sting then. I remember two years ago when the Department of Trade and Industry (then under Max Roxas, one of the proponents of the said Law) was defaced while we were on softlaunch. It made fun of the DTI Secretary. I remember we had to scramble for information on what to do immediately after the defacing was done (with the hacker even leaving his mark). When we finally decided on what to do, we found ourselves in a situation where the ISP apparently hosted the site in a temporary server that had no firewall because of some technical issue. This gave the hacker the ideal (though not a bit challenging) environment to do his thing. Although they went as far as identifying that the hacker used a Bayantel line and is most likely in Bulacan, I doubt if much action had been done to address this issue.
Giner claimed he had emailed a warning to the National Economic and Development Authority (NEDA), informing the agency about the vulnerability of its website to hackers. Although it is true that most hackers can give very important information on system vulnerabilities, hacking is still hacking and is a violation. We do not need a law to tell us that. Unless the company or agency commissioned you to search for loopholes in its system, hacking cannot be justified. Only a handful really intend to show the weakness of the system. Most are just challenged to succeed in a malicious act. How can you justify destroying sites that people behind it have worked hard on or causing PCs of innocent people (most of which were bought using hard-earned money) to crash? Having to watch out for this and that virus doesn't make me a better person. Nor does it increase my productivity. Geez!
Sigh. I need a dose of good vibes today. It's one of those days...
