Do 50 tys dolarów odszkodowania za "host -l" i grzywna za odwiedzanie strony

Zapadło rozstrzygnięcie w sporze Sierra Corporate Design, Inc., v. David Ritz. Rozstrzygnięcie wydał sąd w Północnej Dakocie - North Dakota District Court. Sprawa zaś dotyczyła w pewien sposób wykorzystania przez Davida Ritza komendy "host -l" (wykonanie tej komendy powinno dać efekt w postaci listy hostów w danej domenie, można ściągnąć w formacie named kompletną informacje o danej strefie (zone)). David Ritz rozpowszechniał informacje wynikowe dla działania tej komendy, a to walcząc w ten sposób ze spamem. Serwisy donoszą o "grzywnie w wysokości 60 tys dolarów" związanej z wykonaniem komendy "host -l". Robią to jednak nieprawidłowo, bo to była sprawa cywilna, a rozstrzygnięcie jest nieco bardziej skomplikowane...

Wedle informacji źródłowej, tj. wedle wpisu na stronie SpamSuite.com (zbierającej doniesienia na temat sądowych spraw związanych ze spamem), pt. Findings of Fact, Conclusions of Law, and Order for Judgment: sędzia miał uznać, że skorzystanie z komendy host z parametrem "-l" można uznać za hacking ("North Dakota District Court judge has declared that using the "host" command with the "-l" option constitutes computer hacking" - przy czym sąd ten nie rozstrzygał w sprawie karnej). Żeby wykonać komendę trzeba mieć stosowne uprawnienia, ale uprawnienia w systemie z którego wykonuje się tę komendę. Znaczy, że będąc administratorem domowego linuxa mogę sobie taką komendę wykonać i powinienem otrzymać odpowiedź. W sumie nie jest to żadna tajna informacja, skoro dostępna jest w manualu (host - DNS lookup utility; mój manual podpowiada na temat parametru "-l": "List mode is selected by the -l option. This makes host perform a zone transfer for zone name. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with -a all records will be printed"). Wynik działania komendy można - jak się zdaje - ograniczyć, ale w omawianym przypadku odpytanie o "zone" nie zostało zablokowane.

Sąd powołał się na prawo stanowe Północnej Dakoty (the North Dakota Computer Crime Law). W rozstrzygnięciu mowa o grzywnie w wysokości 10 tys dolarów, a to za złamanie wcześniejszego zarządzenia sądu (violating the injunction of this Court), by pozwany powstrzymał się od odwiedzania jakiejkolwiek witryny internetowej powoda (a pozwany odwiedził stronę newsfeeds.com, która administrowana jest przez powoda właśnie; złamał zatem zakaz sądu). Sąd uznał, że na podsawie N.D.C.C. § 32-032-11(5) przedsiębiorstwu Sierra Corporate Design przysługuje quasi "nawiązka" (exemplary damages) do wysokości 50 tysięcy dolarów, a aktualnie przedsiębiorstwo przedstawiło szkody w wysokości 2,930.00 dolarów, których naprawienie również zostało właśnie zasądzone. Cała sprawa, o której tu mowa, to sprawa cywilna (stąd właśnie kwestie odszkodowawcze, a grzywna dotyczy złamania zakazu sądu i ma luźny związek z komendą "host -l"). Dlatego nieprecyzyjne są doniesienia internetowe, w których mowa "o grzywnie w wysokości 60 tys dolarów". Sprawa karna toczy się równolegle, ale jeszcze nie została zakończona.

Serwis Heise-online.pl, powołując się na podane wyżej źródło, publikuje omówienie tego wydarzenia w tekście 60 000 dolarów kary za wywołanie serwera DNS. Czytamy tam:

David Ritz, aktywista antyspamowy, został skazany przez sąd stanu Dakota Północna na grzywnę w wysokości 60 000 dolarów. Przestępstwo popełnione przez Ritza polegało na tym, że używał uniksowej komendy host -l i w ten sposób doprowadzał do przekazywania informacji o strefach (transferu strefowego, zone transferu) z serwera DNS firmy Sierra Corporate Design, specjalizującej się w hostingu i usługach internetowych. W efekcie serwer przekazywał Ritzowi informacje dotyczące kompletnej struktury wewnętrznych adresów i nazw Sierry, które on podawał do publicznej wiadomości.

Na przywołanej wyżej stronie SpamSuite.com opublikowano "FINDINGS OF FACT, CONCLUSIONS OF LAW AND ORDER FOR JUDGMENT". Tam m.in. czytamy:

(...)
2. On February 27, 2005, David Ritz ("Ritz") connected to Sierra's DNS server. In the course of that connection, he issued a host -l command which requested a zone transfer from Sierra's DNS server. Sierra's server responded with a full zone transfer, providing Ritz with the network map showing all of Sierra's private domain names, private host names, and internal non-routable IP addresses.

3. At various other times, Ritz issued a variety of commands, including host -l, helo, and vrfy. The afore-mentioned commands are not commonly known to the average computer user.

4. Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and by accessing the servers via a Unix operating system and using a shell accounts, among other methods. He also disguised himself as a mail server.

5. In the late winter or spring of 2005, Ritz published the zone information he copied from Sierra's server in the form of a file he published by making it accessible to the Internet and which he named "zilla_queries" ("zilla queries file") That file contained the internal domain structure of Sierra.

6. Sierra's internal domain structure as copied by Ritz into the zilla queries file included private host names, private and non-routable IP addresses, and privately registered domain names. The non-mutable IP addresses were not directly accessible from the Internet and would not be known to Ritz had he not accomplished a zone transfer. The private host names could not be ascertained from any publicly available source and were only known to Ritz by virtue of the zone transfer.

7. Ritz, at all times material, acted intentionally and with the intent to gather as much DNS and other information as possible about Sierra and its principals, agents and related entities and persons. Ritz made the information he gathered available to several persons, including a competitor of Sierra, SuperNews and SuperNews accessed that information. Ritz has admitted that SuperNews personnel accessed the zilla queries file where it resided on his computer via http connection.

8. The intended purpose of a zone transfer is primarily one of redundancy. Zone transfers are the means by which a primary authoritative domain name server copies the domain structure to a secondary authoritative domain name server for the purpose of redundancy. Generally, both of those servers pertain to the same domain. In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system.

9. The evidence presented at trial produced no treatises or authoritative sources to suggest that any other intended purpose exists for a zone transfer. The academic and technical resources put in evidence at trial uniformly indicate that zone transfers have no intended purposes beyond those mentioned above.

10. The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."

11. Ritz accessed Sierra's computer, copied and disclosed information found on that computer beginning at least with the February 27, 2005 access and continuing thereafter through the summer of 2005. Ritz made several access attempts which were also unsuccessful after April 1, 2005.

12. Publication of the zilla queries file containing information about Sierra including its internal domain structure created a grave security risk for Sierra. That information, in the hands of outsiders with malicious intent. threatens the integrity of Sierra's computer system. Publication of that information also competitively injured Sierra since a competitor such as SuperNews can use the information to better evaluate and compete with Sierra.

13. Ritz has port scanned thousands of computed, including those of Sierra.

14. Ritz frequently attempted to access Sierra's computers from a variety of locations in case Sierra was blocking access from his known IP address. He also concealed the IP address of his point of origin in order to shield himself from blame or, as he put it, "taking the beat."

15. Ritz has participated in approximately eighteen UseNet death penalties ("UDP"). A UDP is an attempt to force a Usenet service provider to change its behavior by threatening to have peers cancel their relationships with the target of the UDP, canceling messages propagated from the target of the UDP and if that fails, to go to other providers to convince them to cease doing business with the target. Once he was armed with Sierra's internal domain structure and published that information. Ritz called for a UDP against Sierra.

16. Ritz has issued Internet mail bombs and undertaken efforts which resulted in disconnecting third parties from the Internet

17. Sierra incurred out-of-pocket costs, including consulting fees and the time spent by its oven personnel, of $2,930.00 in remapping and reconfiguring its internal domain structure and server. This is by no means a complete statement of the losses suffered by Sierra since it is difficult to put a dollar figure on the damage done to the integrity of Sierra's security. The potential for ongoing harm, however, continues.

18. Ritz was not an authoritative name server, a DNS server, nor any kind of computer at the time he accessed Sierra's computer. Ritz has never been an employee, agent, or network administrator for Sierra.

19.Sierra's computer is not public property. Sierra's computer is its private property, i.e. chattel.

20. When Ritz accessed Sierra's server, he interfered with Sierra's enjoyment in that chattel. By copying data during his access which he subsequently published, Ritz rendered the value of the network structure substantially less than it had been before publication.

21. The information which Ritz published was not public. Moreover, much of the information was not publicly accessible.

22. Without knowing the internal IP addresses specifically used by Sierra, there was noway for Ritz to determine all of the domain and host names used by Sierra through any other sort of lookup or publicly accessible database. While Ritz might be able to identify some domain names and host names if be knew the IP addresses assigned to them, he could not have ascertained both the IP address and the domain and private host names of many of Sierra's servers without having performed the zone transfer.

23. Ritz has hijacked computers, i.e. taken control without permission, of the computers of third parties such as Verizon. He admitted to hacking Verizon and further admitted to doing so without authorization.

24. Ritz has conducted port scans of Sierra's computers. Although Ritz denies having run any port scars on Sierra's computers, he admits to having run thousands of port scans on other computers that he suspected of being involved in spamming. In light of his testimony, at least at times, he has suspected Sierra of spamming, the Court finds that the direct and circumstantial evidence is sufficient for a finding that Ritz ran port scans on Sierra's computers. The circumstantial evidence relied upon includes the firewall access logs of Sierra, Ritz's habits, Ritz's doctored connection logs reflecting his port scans, and the scarcity of other persons who used geeks.org, which was the source of the port scanning attempts on Sierra.

25. Ritz accessed the salver for Newsfeeds.com. and other Sierra computers such as the one hosting Travisreynolds.com and the Rover's Playhouse site, after this Court issued an injunction prohibiting such access on August 4, 2005. Ritz has not even denied such activity. Ritz's behavior in visiting those sites violated the injunction. Ritz did so knowingly.

26. While this Court previously excused Rite's violation of the injunction when he made a renamed copy of the zilla queries file publicly available via http access, the Court cannot overlook yet another violation of its Order. Ritz is a highly sophisticated computer operator and fully appreciated what be was doing when he accessed the Newsfeeds.com server and website which be knew was owned and operated by Sierra. Similarly, Ritz violated the injunction when be accessed the websites operated by Sierra on behalf of Rover's Playhouse and Travis Reynolds, the son of Jerry Reynolds.

27. Ritz has participated in approximately 18 Usenet Death Penalties. A UDP is a process by which a Usenet ISP can be pressured by canceling messages posted through its service and convincing other providers to de-peer with it.

28. Ritz denied having even discussed any UDPs of Newsfeeds.com and Siesta. His testimony to that effect was false. He called for a UDP of Newsfeeds.com and Sierra.

29. Ritz received information in this case which Sierra had designated Attorneys Eyes Only ("AEO") for purposes of this litigation when it produced that information to Ritz's counsel.

30. Ritz received offers of assistance from the SuperNews team in this litigation. Ritz's sworn denials of such offers of help were false.

31. Ritz falsely stated in his interrogatory answers that his only name on the Internet was David Ritz, when be actually went by names including "s lewini" and "BOFH" ("Bastard Operator From Hell").

32. Ritz’s ongoing monitoring, tracking, and connection attempts with Sierra's computers is malicious. He admits to having ill will and malice towards Sierra and its principals. While Ritz maintains that the basis for his feelings are Suspicions of Spam activity by Sierra, those suspicions do not justify violations of the law nor trespass. Ritz's constant surveillance is sinister in nature and he continues to this day, to gather and maintain as much information as he can acquire on Sierra and its principals, including gathering information on the son of Sierra's owner. Historically, Ritz has published information including what he believed to be tax credit card number of Sierra's owner.

33. The Court finds by clear and convincing evidence that Ritz is guilty of actual malice. Sierra is entitled to an award of exemplary damages for the sake of example and by way of punishing Ritz.

34. The Court finds by clear and convincing evidence that $50,000.00 in exemplary damages is consistent with the principles and factors set forth under N.D.C.C. § 32-03.2-11(5). There is a reasonable relationship between this award and the harm likely to result from the Ritz's conduct as well as the harm that actually has occurred; the award is consistent with the degree of reprehensibility of Ritz's conduct and the duration of that conduct; and the award is consistent with Ritz's awareness of and concealment of the conduct.

Do 50 tys dolarów odszkodowania za "host -l" i grzywna za odwiedzanie strony
CONCLUSIONS OF LAW

1. Ritz's behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law. The zone transfer conducted on February 27, 2005 was a violation of the stance. His successful and unsuccessful attempts to access Sierra's server in the months that followed were additional violations of the Computer Crime Law. The zone transfers conducted and attempted by Ritz were far outside the intended use of zone transfers. Ritz was never given authorization or permission by Sierra for the zone transfers.

2. The Court need not determine whether a normal, single DNS query is authorized within the meaning of the statute. Even if there had been any authorization for a such a DNS query or lookup, Ritz exceeded that authorization in violation of the statute by conducting a zone transfer and attempting further access.

3. The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down. Any backer could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands utilized were well-formed.

4. Ritz violated the injunction of this Court when he accessed the newsfeeds.com website which he knew to be owned and operated by Sierra, after this Court enjoined him from visiting any Sierra website. He also violated that injunction by his repeated visits to the Rover's Playhouse websites and his visits to travisreynolds.com which he understood to be part of Sierra

5. Ritz is hereby held in contempt for violating the injunction of this Court. He is ordered to pay $10,000.00 as a penalty.

6. Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.

7. Clear and convincing evidence shows that Ritz acted with actual malice when he repeatedly access Sierra's computers without authorization. Sierra is entitled to an award of exemplary damages in the amount of $50,000.00. Clear and convincing evidence shows this amount is consistent with the principles and factors set forth under N.D.C.C. § 32-032-11(5).

8. Sierra has sustained actual damages in an amount of $2,930.00. Sierra has also suffered an ongoing security risk which cannot be accurately valued in money damages but which may continue to exist for years.

9. Sierra is entitled to recover reasonable attorneys' fees incurred in this action by statute.

10. Ritz trespassed Sierra's chattel by his intrusions into Sierra's computers.

11. Injunctive relief is warranted to prevent Ritz from causing Sierra further harm and to attempt to mitigate the injury caused by Ritz's unauthorized access, trespass to chattels and publication of information about Sierra taken from Sierra's computer.

ORDER FOR JUDGMENT

1. Judgment is GRANTED to Plaintiff on Count I of the Second Amended Complaint, under North Dakota's Computer Crime Law.

2. Judgment is GRANTED to Plaintiff on Count II of the Second Amended Complaint, for trespass to chattels.

3. Sierra is awarded actual damages of $2,930.00.

4. Sierra is awarded exemplary damages in the amount of $50,000.00.

5. Ritz shall pay $10,000.00 as a contempt sanction.

6. Sierra is awarded reasonable attorneys' fees incurred in this action. Sierra shall apply to this Court for a determination of the amount of those fees. Said application shall be made within thirty (30) days. The fee application may be made on a confidential basis within the terms of the protective order issued in this case.

7. Sierra's request for a Permanent Injunction is GRANTED.

8. Defendant Ritz is hereby restrained and permanently enjoined from directly or indirectly accessing Sierra Corporate Design, Inc.'s computers, websites, servers, networks, programs, computer systems or data contained in Sierra Corporate Design, Inc.'s computers, computer system or computer network at any time. This includes but is not limited to, computers and websites operated under the names Newsfeeds.com, Usenet.com, Nuthinbutnews.com. Binaries.net and Newsgroups.com (hereinafter “Sierra’s companies”) or any other server Sierra makes accessible via the Internet.

9. Defendant Ritz is hereby restrained and permanently enjoined from requesting or securing DNS zone transfers or otherwise copying, directly or indirectly, any information on Sierra's computers, websites, servers, networks, programs, computer systems or data contained in Sierra's computers, computer system or computer network at any time. This injunction also applies to DNS lookups on hostnames of Sierra that it does not publish on any of its websites.

10. Defendant Ritz is hereby restrained and permanently enjoined from port scanning. IP scanning or any other type of network scanning on any of Sierra's computers or networks.

11. Defendant Ritz is hereby restrained and permanently enjoined from directly or indirectly publishing, disclosing, sharing or common caring any information about Sierra's computers, websites, servers, networks, programs, computer systems or data contained in Sierra's computers, computer systems, or computer network. This injunction includes, but is not limited to, Ritz directly or indirectly publishing information about Sierra on any website, via hypertext transfer protocol (HTTP), Usenet message boards. through any chat protocols such as IRC or AOL, blogs, or any other Internet based communications protocol, but does not include communication by other parties about Sierra's computers, websites, servers, networks, programs or computer systems as expressly authorized by Sierra.

12. Defendant Ritz is directed to immediately destroy any and all copies of Sierra's computers, websites, servers, network, or computer systems and any information about Sierra that are in their possession, whether such copies and information are in digital, electronic or physical form.

13. Defendant Ritz is further enjoined from directly or indirectly (including through third parties acting on Ritz's request or behalf) publishing the preliminary or final transcript of the proceedings in this case and any filing of that transcript shall be done under confidential seal unless Sierra expressly stipulates to the open filing of the transcript or excerpts thereof.

14. All materials designated as Attorneys Eyes Only or Confidential in this case shall continue to enjoy the protections of those designations as outlined in this Court's order of September 28, 2005.

15. Plaintiff is awarded reasonable costs and disbursements.