These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Is the guessing of a password on Eveboard illegal?

First post
Author
Previous Topic Next Topic
Alua Oresson
Aegis Ascending
Solyaris Chtonium
#21 - 2013-07-19 10:21:58 UTC
Tippia wrote:
Thorn Galen wrote:
There's nothing "meta' about it, it is illegal, plain and simple.
What law does it break?


Since the "crime" occured in Sweden, I would venture that Swedish law was broken. A little Googling results in the offence being laid out in Chapter 4 Section 9c of the Swedish penal code.

Quote:

Section 9c
A person who, in cases other than those defined in Sections 8 and 9, unlawfully obtains access to a recording for automatic data processing or unlawfully alters or erases or inserts such a recording in a register, shall be sentenced for breach of data secrecy to a fine or imprisonment for at most two years. A recording in this context includes even information that is being processed by electronic or similar means for use with automatic data processing. (Law
1998:206)


http://pvpwannabe.blogspot.com/
Anna Karhunen
Inoue INEXP
#22 - 2013-07-19 10:25:55 UTC
Figures. Our lawmakers just copied the Swedish law (again) and made some minor changes to hide the plagiarism.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#23 - 2013-07-19 10:26:02 UTC  |  Edited by: RoCkEt X
Nevyn Auscent wrote:
RoCkEt X wrote:


data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)

Stop whining, my ribs are hurting from the laughter :)


If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.


except for the fact he posted his PW in his application to PL. so the information is out there :)
Anna Karhunen
Inoue INEXP
#24 - 2013-07-19 10:28:16 UTC
RoCkEt X wrote:


except for the fact he posted his PW in his application to PL. so the information is out there :)

That is irrelevant point. What matters is that you did not have permission to use it.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#25 - 2013-07-19 10:31:09 UTC  |  Edited by: RoCkEt X
Anna Karhunen wrote:
RoCkEt X wrote:


except for the fact he posted his PW in his application to PL. so the information is out there :)

That is irrelevant point. What matters is that you did not have permission to use it.


So, if i post my API here, and select one person in this thread whom i allow to use it, anyone else using it is doing so illegally? i don't think so. If this was the case, half of eve's intel would have been obtained illegally, and for example - eveskunk would be illegal, and it's not. in any way, shape or form.
Anna Karhunen
Inoue INEXP
#26 - 2013-07-19 10:41:08 UTC
I am pretty sure lot of laws have been broken here in EVE and will be broken in the future. Now, in your case, you have broken the law, sure, but I am certain you will be safe because 1) the only person who can won't go hop through the hoops to get the issue moving in Sweden and 2) if police and DA do get the report, they probably decide not to do anything because the loss was an internet spaceship and they have better things to do with their time. At least here in Finland police has that right to decide what to investigate.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#27 - 2013-07-19 10:43:47 UTC
ofcourse, the irony of all this is that he logged in 3 days before his skill finished.

so as a fact, me having his eveboard info turned out to be irrelavent :)
Anna Karhunen
Inoue INEXP
#28 - 2013-07-19 10:51:08 UTC
Assuming that the claims made in the comment section of the article at themittani.com are true, the kill becomes even more ironic. They claim there that the titan was going to be PL titan. Go there, read the comments and judge for yourself.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
Gealbhan
School of Applied Knowledge
Caldari State
#29 - 2013-07-19 10:54:35 UTC
See, this is why you use an alpha-numeric password at least 16 characters long of upper and lower case letters with numbers sprinkled through it too.
It's not fool proof but it makes your password a hell of a lot harder to guess, also rotate it frequently. Arrow
Ritsum
Perkone
Caldari State
#30 - 2013-07-19 11:07:57 UTC
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Play EvE how you want to play it and do not let others dictate how you play. Evolve your playstyle to protect yourself from others! Even in "PVE", "PVP" is there, lurking in the shadows.
symolan
BamBam Inc.
#31 - 2013-07-19 11:08:12 UTC
I guess it's illegal in most western country to log into other peoples account without authorization.

And I can't imagine it being very good for the game if people start trying to NSA.
Fairren
HellrisCorp
#32 - 2013-07-19 11:09:31 UTC
Cannibal Kane wrote:
I dont think so..

The hundreds of chars using a combination of 123 to 12345 does not make it hard.

12345?
Kat Ayclism
Republic Military School
Minmatar Republic
#33 - 2013-07-19 11:16:23 UTC
Nevyn Auscent wrote:

Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

HEY GUYS I HAVE NO CLUE WHAT HACKING IS SO I'M GOING TO CALL THIS HACKING


Mhmmmm... I think you should probably just go sit in the corner for this brilliant logic. And don't speak on information security or really even anything remotely technological- I think it'd be fair to bar you from even talking about the wheel and axle as well.

Anna Karhunen wrote:
They claim there that the titan was going to be PL titan. Go there, read the comments and judge for yourself.

Waffles isn't PL, and from all I've heard of him he had no chance of getting into PL- even without that little "caught being criminally dumb with a titan" thing.
Kat Ayclism
Republic Military School
Minmatar Republic
#34 - 2013-07-19 11:23:12 UTC
Ritsum wrote:
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Except he didn't hack eveboard- this tells you nothing of the security of eveboard beyond the fact that it allows morons to use moronic passwords (as they're apt to do).
Chinwe Rhei
Syn Interstellar
#35 - 2013-07-19 11:24:30 UTC
It is most definetly illegal by EU law to access a restricted portion of a website, even by guessing an obvious password. It's not the password cracking that the law primarily targets, but the unauthorized access, so it really doesn't matter if you ran a password cracker for several days or guessed in 5 tries.

However it's up to the owner of the website to press charges if he thinks he was harmed by the intrusion, and clearly in this case Chribba isn't interested so there's no case. Access in this case is authrozied (or not) by the administrator not by the person who made the account.
Ritsum
Perkone
Caldari State
#36 - 2013-07-19 11:28:24 UTC  |  Edited by: Ritsum
Kat Ayclism wrote:
Ritsum wrote:
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Except he didn't hack eveboard- this tells you nothing of the security of eveboard beyond the fact that it allows morons to use moronic passwords (as they're apt to do).



He says he guessed the password, yes? That is considered bad. The fact that the password in question was weak does not take away from the point of him guessing the password and gaining access to PRIVATE data.

And since there was no punishment and the fact that the rules for setting a password is very weak it quite clearly points to eveboard not being secure.

Play EvE how you want to play it and do not let others dictate how you play. Evolve your playstyle to protect yourself from others! Even in "PVE", "PVP" is there, lurking in the shadows.
Crazey Monkey
Center for Advanced Studies
Gallente Federation
#37 - 2013-07-19 11:32:07 UTC  |  Edited by: Crazey Monkey
The information isn't private information though. Its property of CCP. Everything you do in game is not private and should not be considered private information since everything is logged and you do not ~own~ it.
You are responsible who you share this info too through apis, you are also responsible for its own security. If you do not keep the information secure, its your loss.

This isn't his bank card, social insurance number or email account. Its his info about internet spaceships which hold no monetary value.

+1 for Rocket bagging another idiot.
Kat Ayclism
Republic Military School
Minmatar Republic
#38 - 2013-07-19 11:38:58 UTC  |  Edited by: Kat Ayclism
Ritsum wrote:
Kat Ayclism wrote:
Ritsum wrote:
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Except he didn't hack eveboard- this tells you nothing of the security of eveboard beyond the fact that it allows morons to use moronic passwords (as they're apt to do).



He says he guessed the password, yes? That is considered bad. The fact that the password in question was weak does not take away from the point of him guessing the password and gaining access to PRIVATE data.


Social engineering and hacking are not the same thing, friend.

You said that the security of eveboard was compromised, which it was not. If you don't know about the subject you're going to blab on about it helps to just not say anything on it.

A single guess is not going to throw any anti-bruteforcing measures of the site. Even the requiring of rulesets that force people to use a seemingly more secure password are actually counter to the goal of securing the user's acount as the rulesets *limit* the keyspace one would have to use in a bruteforce attack. A reasonably open-ended password ruleset *allows* for both hilariously bad passwords such as this genius' and genuinely secure ones.

The responsibility is firmly in the hands of doofuses that pick such passwords, and it's wholly unfair to call Chribba's work insecure based on something like this.
Anna Karhunen
Inoue INEXP
#39 - 2013-07-19 11:41:54 UTC
The law is clear here, Kat. Rocket broke the Swedish law. You may blame the victim all you want, but it does not change the facts.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
The Spod
Center for Advanced Studies
Gallente Federation
#40 - 2013-07-19 11:43:51 UTC
Conclusion:

The titan belonged to CCP.
CCP stance on API usage on web is "user risk".
Rocket X was naughty to guess the EB password.