lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <35723.130.94.123.164.1061847769.squirrel@web.axisamerica.com>
From: badpack3t at security-protocols.com (badpack3t)
Subject: CERT Employee Gets Owned

Computer expert faces sex charges

By Jennifer Reeger and Michael Hasch
TRIBUNE-REVIEW
Saturday, August 23, 2003

A Carnegie Mellon University computer security expert is accused of
using the Internet to arrange a sexual rendezvous with someone he
believed to be a naive 15-year-old Westmoreland County girl named
"Kelly."  Ian A. Finlay, of Spahr Street, Shadyside, didn't know that
Kelly was really a Greensburg policeman who decided to do a little
homework while taking a course on how to pose as a child to catch sexual
predators, state police said Friday.

Finlay, 26, an Internet system security analyst for the Computer
Emergency Response Team (CERT) Coordination Center, was arraigned on 10
counts of unlawful contact with a minor and single counts of attempted
involuntary deviate sexual intercourse and attempted statutory sexual
assault.

State police Lt. Robert Weaver said Finlay is accused of spending the
past six weeks sending sexually explicit e-mails to Kelly, telling her
he wanted to have sex with her and arranging a meeting that was to take
place yesterday morning at a fast-food restaurant in Hempfield.

When Finlay arrived for the rendezvous, he was taken into custody. He
was arraigned before District Justice Mark Mansour and jailed in lieu of
$150,000 to await a preliminary hearing.

Bill Pollak, manager of communications at the Software Engineering
Institute at CMU, said Finlay is not a faculty member but is on the
staff at the institute's CERT Coordination Center. He said CMU is
"cooperating fully" with police.

Pollak, who refused to say how long Finlay has been an employee, said
CMU officials are "reviewing" his employment status. According to an
affidavit:

Greensburg policeman Robert Jones was attending a computer crimes course
at Edinboro University in early July, learning how to pose as children
to catch sexual predators online.

Jones decided to do some homework by accessing a chat room and observing
conversations using the screen name "kelly_kellygirl2000."

Soon, "ian_pittsburgh" sent her an instant message, saying he was 26 and
from Pittsburgh. Police later identified him as Finlay.

Jones responded as "Kelly" and said "she" was 15 and from Latrobe.

Immediately, Finlay's end of the conversation turned sexual.

"What are you wearing?" he asked. "Do you ever wear thongs? ... Are you
a virgin?"

Kelly repeatedly reminded Finlay that she was only 15.

"If you had the chance to have sex with an older guy, would you consider
it?" he asked.

Finlay started giving Kelly personal information about himself,
including his e-mail address and his work phone number. He told her he
worked at CMU and was from Chicago.

Jones began sharing the information with state police computer experts.

More than 50 sexually graphic e-mails came from Finlay. Police were able
to find out that Finlay was the owner of that e-mail account.

Finlay continued to provide Kelly with personal details about himself,
revealing his wife's name and sending Kelly pictures and newspaper
articles about himself.

"The officers were pretending that they were naive and were very scared
about this situation," Weaver said.

Finlay kept asking Kelly to meet him to have sex. She agreed to meet him
yesterday morning at the restaurant at Hempfield Plaza. Finlay asked her
to bring condoms but she refused. Finlay said he could buy them at a
store in the plaza.

Yesterday morning, Finlay talked on the cell phone to an undercover
state policewoman pretending to be Kelly. But as he pulled into the
restaurant and got out of his car, he was stunned to be surrounded by
police.

After he was taken into custody, police in Allegheny County served
search warrants on Finlay's home and office at CMU. His home and work
computers were seized.

A woman who answered the telephone at Finlay's residence said she had no
comment.

When Finlay participated in an advance software engineering program for
Korea last year, a Carnegie Mellon Web site said:

"As a member of the vulnerability handling team, Finlay analyzes reports
of vulnerabilities that threaten computer security. He identifies the
potential impact of the vulnerabilities and publishes information about
them in technical documents such as vulnerability notes and advisories.

"During the process of handling vulnerability reports, Finlay
communicates with affected vendors, technology producers and other
technical experts. He also interacts with media and has been interviewed
about computer security issues."

Source:
http://www.pittsburghlive.com/x/tribune-review/news/s_151471.html

---------------------------
badpack3t
founder
www.security-protocols.com
---------------------------




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ