Accused Six Flags Web site hacker pleads guilty

Posted | Contributed by Chitown

Mark Daniel Kahn, 27, of San Francisco, pleaded guilty to intentionally causing damage to the computer system used by Six Flags. Kahn will be sentenced at a later time and faces a maximum of a $250,000 fine and 10 years in prison. Kahn allegedly inserted a malicious code into interactive job application forms that were then submitted to Six Flags.

Read more from The State.

Jeff's avatar
That's pretty amateurish on the part of Six Flags' developer. It's an old fashioned SQL injection vulnerability. I should know, one of my really old sites had such a vulnerability because when I got started I didn't know what I was doing. But I also wasn't getting paid by giant public companies to build a Web app.

The possible sentence seems a little extreme.

How about this scenario.

I park my car at the mall and leave all the windows down and doors unlocked and someone comes by and glues a note to my seat saying "You should close your windows". Are they responsible, or is it my fault for leaving my car open?

Same thing here. He didn't take anything, he didn't permanently damage anything, he just left a note telling them that their site was vulnerable.

I have to agree with Jeff, 250K and 10 years is way too steep for what he did.

What if he filled your car with thousands of such signs? Your car is your property and even if you leave it completely open with the keys in the ignition, no else has the right to touch it.

I'm tired of dealing with hackers and malware, spyware, viruses, and even spam. I say throw the book at him and let that be a lesson to everyone else who may be thinking of screwing around with someone else's computer.

Yea def seems like a bug... Oh wait its not a bug, just a new feature...

Welcome to post 911 penalties when our govt. pushed hacking as an act of terrorism and the penalties with them. And because its electronic and could easily cross state lines (router hops take many paths and its not necessarily what you would think is "direct") it almost instantly becomes a federal crime. Problem is the law hasn't caught up to the technology as its a blanket law.. Hacking a govt site or hacking an amusement park site.. can both carry similar penalties.. Though I would venture to say the wheels of justice would move much quicker on the Govt side....that and the kid would be hired later on by the govt.. I work in IT Network/Security for my company and occasionally have to deal with legal and its amazing some of the penalties electronic crimes carry. Some clearly justified others not as much.. **Speaking of hacking vulnerabilities... I edited this post and I didn't even post it! LOL for some reason there's no name for the user who posted it either. Interesting!And... a*** This post was edited by 8/31/2008 8:11:19 AM ***

ridemcoaster's avatar
^ Weird my last post I have no name LOL... probably just as well.. witness protection program and all..
^Probably due to a hacker. :)
Jeffrey - as long as the signs come out with no damage, and the only thing lost is time, there is no issue.

Now, if this guy had gone in, and stolen financial records, or caused actual damage to either the company or their patrons, then yes, I could see these types of penalties. But the simple fact is, he went and sprayed graffitti on a wall with water colors.

^okay, fess up, ridemcoaster, you hacked Jeffs site, didn't you? Using the Stealth virus mode again, ehhhh?
I take issue with someone wasting my time, even if I did leave a door open. I leave my side yard gate unlocked. Am I supposed to be okay with someone going into my yard, having a party, and leaving beer cans and litter all over the place for me to pick up?
Once a hacker, always a hacker.

What makes you think this guy hasn't already or will eventually hack another website following the incident with the Six Flags site?

Put him away.

Carrie M.'s avatar
I'm kind of surprised that anyone would classify someone breaking into an organization's web site illegally as a non-issue. That's a crime regardless of what he did once he gained access.

In my mind, had he stolen financial records or damaged the system, the crime would be hacking and stealing/damaging. The absence of the latter crime doesn't change the first.

Jeffrey - I don't disagree that what he did was wrong, but the penalty is overly harsh. Especially what he did amounts to egging your house. Is it a pain in the ass, yes. Do YOU have to clean it up, yes. In the end, does it REALLY matter, no.

Heck, Six Flags should thank him for exploiting their security flaw in the way he did. It could have been someone much more malicious (and smarter in covering their tracks) who did it and done some serious damage in the process.

And back to my first post, if I came out to the car and found notes stuck inside it, I'd close the damn windows next time.

Egging can mess up a paint job. :)


Vater's avatar
The key word in the 'maximum of a $250,000 fine and 10 years in prison' blurb is 'maximum.' I seriously doubt his sentence will be anything close to that.
FlyingScooter:I would never do such a thing to such a fine, fine, website such as Coasterbuzz ... **This post too, LOL***** This post was edited by 8/28/2008 3:13:01 AM ***

Now someone is getting the hang of it..

Wait for it.. this horse is almost beaten dead..
*** This post was edited by 8/28/2008 7:57:56 AM ***

ridemcoaster's avatar
^ Although there's a reason Im Sr Engineer of Network Security for a large IT company :-)
"But the simple fact is, he went and sprayed graffitti on a wall with water colors."

I think there should be higher penalities for people spraying graffitti. It ruins neighborhoods. When people graffati, it like those people are talking over for the most part. If it's different if some person is saying I love Mandy in graffati, but these people just want to take over, and ruin a certain area. Once you give poor penalities for it, they keep on doing it over and over again. On top of it, they aren't the easiest people to catch so it's even more easy for them to do it.

Go to Delaware, and see the train system how pathetic, and rundown it looks. The whole state of Delaware is just pretty scary to be in with all the graffitti. Gangs takeover, and destroy.

So, I'm glad this person got a decent sized penalty. They shouldn't be messing up someone else's website. Wouldn't you hate it if your website just went down for awhile because someone hacked your website? All your work is destroyed, just like graffati destroys neighborhoods.

I feel egging should be a crime, but not as bad as graffati, and hacking. Egging usually involves throwing projectiles at people or things that could cause damage, and they still have to clean up afterwards. The slap on the wrist makes these things continue over and over again. On Halloween on a street, they were egging the cars that were going by. If you are doing that, I would send them to 4 years in jail. They could kill a person driving down the street.

For the toliet paper thing, I would consider more as it's just a prank.*** This post was edited by Spinout 8/28/2008 10:23:07 AM ***

10 years? Come on. He won't get close to that and he had better not. Our system of law use to involve the intent or state of mind a person had at the time a crime was committed. This person could have obviously done severe damage but didn't. The leaving of a note in someone's car is a great example because it shows what the person intended to do. It's obvious that the not served as a warning and not an attempt to damage or steal anything out of the car. The government is going way overboard with these types of crimes. Some of you actually think he should get 10 years? At most he should get 6 months. That's the problem with our laws. They provide such a broad range of possible sentencing that they can slap a man on the wrist or cut his hand off.

Since leaching off a open internet signal is a crime in most states should you be put in jail for doing it? Anyone see a problem with this? Think of it like this. Say you are at a coffee shop and you connect to what you think is the free wifi they offer. However, you actually connect to an overlapping open signal. Should you be prosecuted? I know I am getting a little off subject but I almost assume now that the government twists the evidence to convict rather than seeking the truth. You can't trust they don't put a whole lot of spin on everything. I know many people in the criminal justice system and this comes from some of their own mouths "we live in a scary time, people are being convicted of crimes based on an investigatior's opinion as to what the defendant probably was up to." All started when Fuhrer Bush went on his rampage. God I need a drink now.*** This post was edited by Winston 8/28/2008 3:22:09 PM ****** This post was edited by Winston 8/28/2008 11:48:26 PM ***

Wow.. 10 years is absolutely ridiculous for this type of crime. Yes, he hacked into the site and he shouldn't have, but I feel like taking away 10 years of his life is way too strict of a punishment for this. That's the problem with all these new legislations about cyber crime. They don't seem to discriminate between going into a site and trashing everything, and going in and doing something like this.

I'm all too familiar with cybercrimes.. I was just prosecuted for a couple of hacking crimes back in the spring. Nothing this serious though.. I was just bored at my school and decided to explore the network servers. I was looking at 2 years in jail max, and just got off with some community service and 1 year of court advisement. I learned a big lesson from my whole ordeal, and hopefully this guy will too.

Go Hokies!!

You must be logged in to post

POP Forums - ©2022, POP World Media, LLC