City Settles Dispute with orbz.org

BATTLE CREEK, MI—City officials have agreed not to pursue charges against Ian Gulliver, a 20-year-old systems administrator from Ghent, New York and the administrator of orbz.org. Gulliver is an anti-spam activist that sent an email to the City and caused a major slowdown of its mail server.

Our investigation and conversations with Mr. Gulliver's attorney have led us to believe that there was no criminal intent to cause the City harm. However, there was no way for us to know when we received the hit that this was not intended as a malicious prank, said Michelle Reen, Assistant to the City Manager. Our Information Systems Department and Police Department took the situation seriously. The Detective had no reason not to believe he was pursuing a hacker when he issued a search warrant. The purpose of the search warrant was to determine the identity of the person who sent the email that caused our system to fail so we could then determine whether further investigation would be necessary.

According to Gulliver's attorney, the email sent by Gulliver was intended to test the City server to determine whether it was vulnerable to a spam attack. Spam refers to a computer prank that causes multiple duplicate emails, sometimes several hundred at once, to clog up the recipient's mail server.

The email test triggered a weakness in the version of Lotus Domino software used by the City and caused a major slowdown of the City's email network for about a day on February 25, 2002. The weakness has been fixed and there is no reason to believe at this time that the City's server is vulnerable to illicit use for spamming.

We are satisfied that Mr. Gulliver intends to provide a service by creating a blacklist of vulnerable servers. In fact, we recognize that he has done us a service. We are going to be taking a close look at our policies regarding Lotus security updates and how we can avoid the issue in general, said Reen. In turn, however, we have asked him to reconsider his policy of making unannounced tests on servers. In today's computerized world it is everyone's responsibility to maintain a secure system.

But, if I can draw the analogy that just because everyone should wear a computerized bulletproof vest doesn't mean that shooting people to find out who isn't wearing one is the best answer. If Mr. Gulliver chooses to do this, he perhaps shouldn't be surprised that he will occasionally be confused with the type of individual he is fighting against.

In this case, no one was injured. We have been tipped off by Mr. Gulliver and, we hope, we have also sent a message to hackers that we will pursue online activity that we feel may be maliciously intended, said Reen.

<End>