Wall of Fame Assholes – Page 19

You Can Catch A Hacker

I dissuade people from harassing other people. Not only is it morally repugnant to me but it’s also a waste of time that could be spent doing something beneficial. But some people have a deep-seated need to be complete assholes. This has lead to endless headaches for website administrators. Fortunately most of these assholes aren’t the sharpest tools in the shed and vastly overestimate their ability and underestimate their targets’ inability to retaliate. One of these assholes had instigated multiple swatting incidents and thought he couldn’t be caught because he was a “hacker.” Kids, what you’re going to read here is an example of how not to opsec:

In April 2015, after months of harassing Marshall Public Schools officials and pulling off swatting attacks in the area, Morgenstern called a public resources officer assigned to Marshall High School and left a voicemail saying that it was “not possible” for him to be caught. Why? Well, he was a “hacker,” and as everyone knows, “you can’t catch a hacker.”

He continued his eloquent rant: “You’re a fat fucking lesbian. I want to kill your family, I want to kill your family, I want to make you watch me kill your family. I am going to call a bomb threat into your house every day, just to piss you off. And then, I am going to jerk off to it. How does that make you feel? How does it make you feel to know that I am a hacker??”

So how did federal authorities ultimately bring down Morgenstern?

Well, among several of the handles and e-mail addresses that the 19-year-old used was anonymously.lulzsec@gmail.com and the Twitter handle @RIURichHomie. The FBI simply filed a subpoena to Google for the records associated with that account and another to Twitter. They both showed that they had been accessed by the same IP address from a Comcast account served to a home in Cypress, Texas.

Authorities also found through a simple Google search that Morgenstern had previously controlled the Twitter account @ZackL337H4X0R.

I’m sure the website administrators were all but too happy to hand over those records. Even with my hatred of the state I think I’d have enjoyed turning those records over.

Many of the tools I advocate on this blog would provide pretty good protection for people such as this. That’s certainly the downside of the double-edged sword that is computer security. However, the good greatly outweighs the bad, especially when you realize that most people like this aren’t smart enough to properly use anonymizing tools. And even the assholes who are smart enough to use such tools are usually too dumb to use them properly but have an ego that’s large enough to convince them they’re smarter than they really are.

Oracle. Because You Suck. And We Hate You.

Unpatched vulnerabilities are worth a lot of money to malicious hackers. Hoping to outbid more nefarious types many large software companies; including Google, Microsoft, and Mozilla; have begun offering cash payments for disclosed vulnerabilities. Companies that don’t have bounty programs will often publicly credit you for the discovery. But Oracle will do neither. In fact Oracle’s Chief Security Office went out of her way to describe Oracle’s official policy regarding vulnerability disclosure (the blog post was later, smartly, removed from Oracle’s site but the Internet is forever so we get to laugh anyways). The post contains some real gems:

If we determine as part of our analysis that scan results could only have come from reverse engineering (in at least one case, because the report said, cleverly enough, “static analysis of Oracle XXXXXX”), we send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer’s behalf – reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already. (In legalese, of course. The Oracle license agreement has a provision such as: “Customer may not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Programs…” which we quote in our missive to the customer.) Oh, and we require customers/consultants to destroy the results of such reverse engineering and confirm they have done so.

It’s good to get this out of the way early. Oracle, upon receiving a report of a vulnerability, will first investigate whether discovering the vulnerability required reverse engineering its code. If it did Oracle’s way of saying thanks is to send you a legal threat for violating the license agreement. Although I’ve never sold a vulnerability to a malicious hacker I’m fairly certain their reaction is not to threaten you with legal action. Score one for the “bad guys” (I’m using quotes here because I’m not sure if malicious hackers really are bad guys when compared to Oracle).

Q. What does Oracle do if there is an actual security vulnerability?

Pay the person who disclosed it instead of selling it to malicious hackers, right?

A. I almost hate to answer this question because I want to reiterate that customers Should Not and Must Not reverse engineer our code. However, if there is an actual security vulnerability, we will fix it. We may not like how it was found but we aren’t going to ignore a real problem – that would be a disservice to our customers. We will, however, fix it to protect all our customers, meaning everybody will get the fix at the same time. However, we will not give a customer reporting such an issue (that they found through reverse engineering) a special (one-off) patch for the problem. We will also not provide credit in any advisories we might issue. You can’t really expect us to say “thank you for breaking the license agreement.”

Or not. People kindly disclosing discovered vulnerabilities to Oracle will only receive the legal threat. No payment or even public credit will be given. Meanwhile malicious hackers will give you cash for unpatched vulnerabilities so they score another point.

Q. But one of the issues I found was an actual security vulnerability so that justifies reverse engineering, right?

Under these circumstances I’m sure Oracle will forgive you for violating the license agreement since malicious hackers aren’t going to abide by it either, right?

A. Sigh. At the risk of being repetitive, no, it doesn’t, just like you can’t break into a house because someone left a window or door unlocked.

I guess not. Although I’m not sure how breaking into a house is an accurate analogy here. A better analogy would be buying a lock, taking it apart, and discovering a mechanical flaw that makes it easy to bypass. Entering a home uninvited is quite a bit different than being inviting into a home, and a customer who paid Oracle for a license was certainly invited to use the company’s software, and discovering that the locks inside the home could be easily bypassed due to a design flaw. Most homeowners would probably thank you for pointing out the locks they purchased are shitty. Regardless of the analogy a malicious hacker isn’t likely to care that you “broke into a house” or violated a license agreement. Score yet another point to them.

Q. Hey, I’ve got an idea, why not do a bug bounty? Pay third parties to find this stuff!

That’s a good question. Oracle can’t possibly argue that bug bounty programs are a bad idea, right?

A. Bug bounties are the new boy band (nicely alliterative, no?) Many companies are screaming, fainting, and throwing underwear at security researchers**** to find problems in their code and insisting that This Is The Way, Walk In It: if you are not doing bug bounties, your code isn’t secure. Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers. (Small digression: I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except – we had already found all of them and we were already working on or had fixes. Woo hoo!)

Jesus Christ. Really? Since Oracle finds 87 percent of vulnerabilities bug bounty programs are useless? I guess the other 13 percent are somehow valueless because they’re the minority? Seriously, what the fuck is Oracle thinking here? Malicious hackers pay per vulnerability. They don’t give a shit if it’s part of a minority of irrelevant metric kept by Oracle. And it only takes one vulnerability to put your customers at risk. That’s the fourth point for malicious hackers.

Q. Surely the bad guys and some nations do reverse engineer Oracle’s code and don’t care about your licensing agreement, so why would you try to restrict the behavior of customers with good motives?

I’m not even going to waste your time with asking if Oracle has found some common sense by now. We know it hasn’t.

A. Oracle’s license agreement exists to protect our intellectual property. “Good motives” – and given the errata of third party attempts to scan code the quotation marks are quite apropos – are not an acceptable excuse for violating an agreement willingly entered into. Any more than “but everybody else is cheating on his or her spouse” is an acceptable excuse for violating “forsaking all others” if you said it in front of witnesses.

Oracle seems to have the same mentality as those who put up those retched “no guns allowed” signs. That is a belief that words can somehow stop people from acting in a certain fashion. The question or malicious hackers reverse engineering Oracle’s code in violation of its license agreement isn’t one that lends itself to arguing about the moral high ground. They are doing it so it’s in your best interest to have other people, people who want to help you thwart the malicious hackers, doing the same. Once again we return to the fact malicious hackers aren’t going to give you a speech on morality, they’re going to pay you. That’s five points to them and zero to Oracle.

Considering what we learned in this blog post what motivation does anybody have to disclose discovered vulnerabilities in Oracle’s software? At worst you’ll receive a legal threat and at best you’ll receive nothing at all. Meanwhile malicious hackers will pay you cash for that vulnerability.

The reason companies like Google, Microsoft, and Mozilla established bounty programs is because they realize vulnerabilities are a valuable commodity and they have to outbid the competition.

I’ve long wondered why anybody does business with Oracle considering the company’s history. But this post really confirmed my dislike of the company. There are times where you have to set aside trivial disagreements, like a customer violating a license agreement, for the good of your business (which is also the good of the customers in this case). If somebody discloses a vulnerability to you you shouldn’t waste time asking a bunch of irrelevant legal questions and you certainly shouldn’t threaten them with legal action. Instead you should verify the bug and pay the person who disclosed it to you instead of disclosing it to somebody with a vested interest in exploiting your customers. Make it worth somebody’s while to disclose vulnerabilities to you so they don’t disclose them to people who are going to target your customers.

The White House Is Still Pissed At Edward Snowden

Since Edward Snowden aired the National Security Agency’s (NSA) dirty laundry the United States government has wanted his head. Meanwhile far saner individuals have been begging the White House to pardon him. This begging came in the form of a petition posted on the White House website that has been ignored since 2013. After two long years the White House has finally given its answer — Edward Snowden will not be pardoned:

Unsurprisingly, the White House formally announced Tuesday that it will not be granting a pardon to Edward Snowden anytime soon.

Immediately after Snowden was formally charged in 2013 with espionage, theft, and conversion of government property, supporters began petitioning the White House to pardon the famed former National Security Agency contractor.

I don’t think anybody is surprised. Snowden’s actions made the Internet a safer place for everybody and that directly conflicts with the White House’s desire to spy on everybody. Any decent nation would give somebody like Snowden, who revealed unlawful activities being perpetrated by a government agency, a medal and declare a nation holiday in his honor.

Adding further insult to injury Lisa Monaco, who is apparently the president’s adviser on homeland security and counterterrorism, made this laughable statement to justify the White House’s decision not to granted a pardon:

Instead of constructively addressing these [civil liberties] issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it.

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and—importantly—accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers—not hide behind the cover of an authoritarian regime. Right now, he’s running away from the consequences of his actions.

I say the statement is laughable because the last time a whistle blower tried to “constructively address” the NSA’s unlawful activities the state sicced the Federal Bureau of Investigations (FBI) on them. Back in 2001 William Binney tried going through the appropriate channels to get the NSA’s domestic spying activities addressed. He ended up looking down the barrel of several FBI agents’ guns as they raided him home in an attempt to intimidate him into shutting up. That was one of several good stories he told on the panel discussion I was on with him.

When you threaten somebody at gunpoint for trying to get the NSA’s domestic spying addressed through proper channels you can’t expect the next person to do the same.

TSA: We’re Not Happy Until You’re Not Happy

When the Department of Homeland Security (DHS) recently performed an internal investigation of the Transportation Security Administration’s (TSA) security procedures it discovered a 95 percent failure rate. Were the TSA a private security provider you would probably have seen some serious housecleaning to rid itself of individuals who obviously don’t know what they’re doing. But the TSA is a government agency, which means you and I are punished for its failures. In response to the 95 percent failure rate the TSA is demanding more tax victim money and planning to make air travelers wait even longer to get through security:

The Transportation Security Administration has a new strategy for improving its woeful performance in catching airport security threats — and it will likely mean longer lines and more government bucks.

A month after the TSA was embarrassed by its almost-total failure in a covert security audit, Homeland Security Secretary Jeh Johnson has ordered the agency to pursue an improvement plan that will require more hand-wanding of passengers, more use of bomb-sniffing dogs and more random testing of luggage and travelers for traces of explosives. It will also consider reducing travelers’ chances of being sent through the expedited PreCheck lines at airports.

Let us not forget the TSA motto: we’re not happy until you’re not happy. This “improvement plan” should tell you everything you need to know about government agencies. If you look at the list of “improvements” you’ll see the word “more” in front of everything. The TSA’s response to its 95 percent failure rate is literally trying more of the same thing only harder.

Authors Guild Demands The Impossible To Fight Piracy

Statism encourage the use of the truncheon to solve every problem. Is your neighbor is being noisy at night? Don’t go over and talk to them, sic men with guns on them! Is your new competitor stealing away some of your business? Don’t revamp your business model to more effectively compete, demand the state implement new regulations that stifle your competitor!

The problem with this mode of thinking is that it discourages creativity so when a problem that can’t be solved by the truncheon appears the only solution is to demand the impossible. That’s what the Authors Guild is doing in the name of fighting piracy:

The Authors Guild, one of the nation’s top writer’s groups, wants the US Congress to overhaul copyright law and require ISPs to monitor and filter the Internet of pirated materials, including e-books.

[…]

Rasenberger believes that ISPs have the technology and resources to remove pirated works without being notified that pirated content is on their networks. She continued:

Individual copyright owners do not have the resources to send notices for every instance of infringement online, much less to keep sending the for copies reposted after being taken down. Individuals do not have access to automated systems that track infringing copies and send notices, nor do they have the bargaining power to make the deals with ISPs that larger corporations can.

ISPs, on the other hand, do have the ability to monitor piracy. Technology that can identify and filter pirated material is now commonplace. It only makes sense, then, that ISPs should bear the burden of limiting piracy on their sites, especially when they are profiting from the piracy and have the technology to conduct automates searches and takedowns. Placing the burden of identifying pirated content on the individual author, who has no ability to have any real impact on piracy, as the current regime does, makes no sense at all. It is technology that has enabled the pirate marketplace to flourish, and it is technology alone that has the capacity to keep it in check.

Those who don’t understand the technical issues involved in piracy may believe this is a viable solution. But the stronger emphasis on security, thanks to Edward Snowden, also ensures Internet service providers (ISP) are going to be less and less able to monitor their customers’ activities. An ISP can only monitor what it can see. If piracy is happening over unencrypted connections an ISP can see it. Encrypted connections are an entirely different matter. Unless pirates are using ineffective encryption it’s not possible for an ISP to monitor their activities. It is possible for an ISP to use heuristics to estimate what customers are doing but that is a far cry from being able to say without question what a customer is doing. And an ISP doesn’t want to acquire a reputation for cutting off service and turning over customers to law enforcers without iron clad evidence of wrongdoing.

Solving digital copyright infringement, what piracy actually is, requires adjusting business models. Identifying and combating pirates is no longer feasible so copyright holders must give customers reason to choose paying them over obtaining pirated copies of works. I think the music industry is finally seeing a solution with streaming services such as Spotify and Apple Music. Such services make it extremely easy for users to acquire and listen to music. In fact they make it easy enough that the cost of the subscription is less than the hassle of finding a pirate source of music, downloading it, and loading it onto devices and computers. While that doesn’t stop all piracy is stops a lot of it and that’s the best a copyright holder can hope for when their product can be copied infinite times with ease.

Music piracy has proven that no amount of laws will solve the problem. The Digital Millennium Copyright Act (DMCA), the very act that is being cited by the Authors Guild, was passed, in part, as a response to music piracy. Music piracy is still a thing even though the DMCA has been on the books for years because passing a law and enforcing a law are two entirely different things.

Hacking Team Changes Its Tune In Desperate Attempt To Remain Relevant

Last week Hacking Team made a big deal about terrorists having access to its advanced technology. This week everything is different. Hacking Team wants the world to know that the technology that was obtained from its internal network is old and crappy and no big deal:

On Monday, Hacking Team released a statement saying that while some of its surveillance-related source code was released to the public, the firm still retains an edge. “Important elements of our source code were not compromised in this attack and remain undisclosed and protected,” the release said. “We have already isolated our internal systems so that additional data cannot be exfiltrated outside Hacking Team. A totally new internal infrastructure is being build [sic] at this moment to keep our data safe.”

Hacking Team must work very fast if it was able to discover all new exploits between last week and today that allows it to regain its edge as a top purveyor of surveillance software to countries that regularly commit atrocities. At best the company is literally making up bullshit, which wouldn’t be the first time considering how often it denied doing business with many of the countries it was doing business with, or at worst has been able to buy a slew of new zero-day exploits. Either way I doubt the damage against Hacking Team’s brand can be undone. Being a malware seller that was breached is one thing but being a malware seller that has demonstrably shitty internal security practices isn’t likely to put its customers’ minds at ease.

My highest hope is that Hacking Team goes bankrupt and its top brass are raked through the coals.

Hacking Team Demonstrates It Doesn’t Know What Words Mean

Hacking Team has finally released a response to the attack it incurred. Much like the company’s internal network security the response it posted should have people concerned. In addition to not following basic security practices, such as not storing login credentials in plaintext files, the company also doesn’t have a strong grasp of the English language:

Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies.

If Hacking Team could control who had access to the technology before the attack the attack wouldn’t have been successful. The fact the attack was successful proves that Hacking Team didn’t have control over its technology. Apparently whoever is doing public relations for the company doesn’t know what the meaning of control is.

The next two sentences, especially combined with the above sentence, are especially laughable to me:

Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.

Instead of governments and government agencies having exclusive use of Hacking Team’s technology now terrorists, extortionists, and others have access to its technology? What exactly is the difference between a government and an extortionist? None. Governments by their very nature are extortionists. They do tend to use nice sounding euphemisms like taxes, license fees, and citations but in reality government are in the business of forcefully taking wealth from the populace.

Looking a bit deeper we must asking how some of the governments and agencies Hacking Team sold to; such as Sudan, Ethiopia, and the Drug Enforcement Agency; differ in any notable way from other terrorist organizations. With the exception Hacking Team has accepted money from them there is no notable difference. Simply calling something by a different name doesn’t change what it is. Admittedly this is a problem many people have with the English language.

Outside of the failure to utilize the English language the Hacking Team response contains this gem:

HackingTeam is evaluating if it is possibile to mitigate the danger.

How could a company that discovers previously unknown vulnerabilities help mitigate danger to people? For actual security companies the answer is to work with developers to fix the vulnerabilities before they can be actively exploited. Hacking Team, on the other hand, sat on those vulnerabilities so it could sell tools for the sole purpose of exploiting them. Its entire business model relied on people being in danger. Had it actually cared about helping mitigate danger it wouldn’t have sold the tools it did, especially to the customers it did.

This Hacking Team breach just gets better by the day. Between the company’s scummy practices, source code getting open sourced, and complete failure at handling public relations this breach is the gift that keeps on giving.

Company That Provides Spyware To Oppressive Regimes Gets Hacked; LULZ Follow

Yesterday might as well have been Christmas for the information security industry. Hacking Team, a company known for selling surveillance malware to oppressive regimes, was hacked an 400GB of its data was released to the Internet. A hacker going by the name PhineasFisher, who made a reputation for themselves when they hacked the spyware provider Gamma International, has supposedly claimed responsibility. If that’s true then we all own them a bear.

Remember what I said about Hacking Team having a reputation for selling software to oppressive regimes? Documents in the leaked data reveal some of the company’s customers. From that information it appears that the company will deal with anybody willing to throw cash at it:

One document pulled from the breached files, for instance, appears to be a list of Hacking Team customers along with the length of their contracts. These customers include Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Oman, Saudi Arabia, Sudan, and several United States agencies including the DEA, FBI and Department of Defense. Other documents show that Hacking Team issued an invoice to Ethiopia’s Information Network Security Agency (the spy agency of a country known to surveil and censor its journalists and political dissidents) for licensing its Remote Control System, a spyware tool. For Sudan, a country that’s the subject of a UN embargo, the documents show a $480,000 invoice to its National Intelligence and Security Services for the same software.

Nigeria, Saudi Arabia, Sudan, and the Drug Enforcement Agency (DEA)? Talk about some nasty buyers. If I owned a company that had entities like these as customers I would shut my doors and label myself as the biggest failure in business. But Hacking Team apparently has not moral issues with selling to such scum and are even willing to bypass a United Nations embargo for $480,000! The bottom line is if you have the cash Hacking Team will sell to you.

Another interesting revelation that has come from this breach is just how terrible Hacking Team’s own internal security was. When you think of shady surveillance software providers you probably imagine some of the tightest network security in the business, right? As it turns out not so much:

The data released Sunday night and through to today not only contains a large number of emails, none of which have proven too embarrassing so far, but also a number of the firms’ internal passwords, which appear to be worryingly insecure for a company that deals in exposing others’ security. These include credentials belonging to Christian Pozzi, security engineer at Hacking Team, stored in a file called login.txt. His chosen logins include easily-crackable variations on the word “password” and the name of an X-Men character all in lower-case and with no numbers or symbols.

A file directly linked to Pozzi also included images believed to show RCS grabbing screenshots.

Apparently the head of a malware provider isn’t aware of password managers. Had he been he wouldn’t have needed to use insecure passwords stored in plain text files. This just goes to show that being smart enough to write exploits doesn’t mean you’re skilled enough to defend against even the most basic of them.

Now that I’ve had a little fun at Hacking Team’s expense let’s get down to the nitty gritty. What does this hack mean? Since the company’s exploitation software was just open sourced (not by its choice) a lot more good than simply revealing the immoral actions of a scummy company can come of this. The software security holes Hacking Team’s malware relied on can now be discovered and fixed. Malware producers, like government surveillance agencies, cause a lot of damage simply by keeping the exploits they discover secret. Instead of being helpful members of the security community by assisting companies in fixing their security flaws they write software that exploits them and sell it to anybody willing to pay. Ironically breaking into these companies’ networks and releasing their source code to the world makes everybody safer.

I’ll post more interesting information as it is revealed. But if you want real-time updates of what is being discovered I urge you to follow #HackingTeam on Twitter. There you’ll find such entertaining tidbits as the supposed Transport Layer Security (TLS) private key for support.hackingteam.com and the Hacking Team’s owner’s really shitty passwords.

David Cameron Is On A Holy Crusade To End Encryption

When Edward Snowden showed the world that the United States and British governments were spying on the entire world, including their own citizens, a lot of people were pissed. Citizens of those countries were pissed because their governments had promised them for decades that they weren’t going to spy on them. Other countries, especially those who were allied with the United States and Britain, were pissed for the same reason. Both the United States and British governments were pissed because lots of people suddenly started encrypting the lines of communication that were being spied upon.

In addition to becoming pissed off the people being spied on decided to start making more thorough use of encryption. Seeing this and noting how it could hurt their spying efforts the two government responsible for this entire mess have been working diligently on making those who have begun using strong encryption criminals. David Cameron, a British politician, has been beating on the criminalizing encryption drum especially hard:

David Cameron has signalled that he intends to ban strong encryption — putting the British government on a collision course with some of the biggest tech companies in the world.

As reported by Politics.co.uk, the British Prime Minister reaffirmed his commitment to tackling strong encryption products in Parliament on Monday in response to a question.

Crypto Wars II is moving into full swing. What I really enjoy about Mr. Cameron’s crusade is how blatantly it demonstrates the true goals of the British state. Like all states the British state claims to protect the person, property, and rights of the people within its borders. However banning strong encryption would violate every British citizens’ person, property, and rights.

By not having access to strong encryption users of the Internet are directly at risk of many threats. The first threat is that their personal information is up for grabs by anybody who has the knowledge to bypass weak crypto systems. That means, for example, abused spouses could have their efforts to contact help discovered and thwarted.

Property is also at great risk if strong crypto isn’t available. If you think the leaking of credit card data is bad now just imagine what it would be like if anybody snooping communications between a client and server could break the crypto and nab the card data. Business deals would also be at risk because anybody snooping communications between two businesses could see what deals were being worked on and maneuver to hamper those deals.

Weak crypto systems also put peoples’ rights at risk. Due process could go entirely out the window if law enforcement officers are able to extend their “anything you say can and will be used against you” to snooping on every citizen at all hours of the day. On a personal level you also put the right of privacy at risk Embarrassing communications, such as those between a doctor and their patient could suddenly find themselves posted on public forums.

There is an upside to all of this. What Mr. Cameron proposes is a pipe dream. Prohibiting strong crypto is impossible because it is nothing more than math and math, being in the realm of ideas, cannot be stopped from spreading. With the widespread use of the Internet we’ve seen how impossible censorship has become and that isn’t going to change.

If You Defend Eric Casebolt You Are an Idiot

I haven’t discussed the event in McKinney, Texas because, sadly, stories of police abuse are so frequent that it’s hard to say anything new about them. But idiots rising to defend badged abusers have managed to piss me off enough to write a post. For those of you who aren’t familiar with the situation this video will explain everything:

Thank the gods for people who record the police.

The officer who threw the girl to the ground and kept her pinned is Eric Casebolt. He recently resigned from the force in the hopes of dodging any consequences for actions. That hardly seems necessary though when so many neocons are willing to rise to his defense. Believe it or not there are a lot of people justifying what Casebolt did.

What could possibly justify an officer rushing into a crowd of non-threatening teenagers, run around like a rabid dog, and toss an obviously unarmed girl to the ground? That depends on which idiot is defending him. One of the most common justifications given is the number of teenagers present.

Apparently there is some number, one that none of these abuse apologists will provide, of people present where an officer can transition from a calm and collected professional into a psychotic abuser. It doesn’t matter that the teenagers in the video are obviously non-threatening. It doesn’t matter that the attire of most of the teenagers, especially the girl thrown to the ground, makes it almost entirely impossible for them to conceal a weapon. The simple fact that there are so many of them gives the officer justification to abuse that girl according to these boot lickers.

A lot of abuse defenders have been making a point of the teenagers failing to cooperate with the officers. Failing to cooperate in this case must mean failing to kowtow immediately because none of the teenagers appear to be engaging the officers. Standing idly by as a psychotic nutball runs around screaming threats of violence is not failing to cooperate; it’s actually an exceptionally polite way to deal with the situation. Those teenagers had every right to tackle that officer to the ground as soon as he began assaulting that girl.

“Totality of the situation” is a phrase being favored by these boot lickers. What particular aspects of this situation when combined justify this situation? Who knows. I honestly suspect “totality of the situation” is code for “too many black youths being present” because I can’t see any justification for the violent displayed by the officer in that video.

Simply put, everybody who has been defending Casebolt is an idiot. They are the reason for this country has become a tyrannical police state. Coldbolt should be arrested and tried for assault just as anybody else not wearing a badge would have been in that situation. He should compensate the girl he assaulted an amount agreed upon by a jury because she is the victim and deserves redress. Unless the law applies to everybody equally and wrongs are expected to be righted as much as possible a society cannot consider itself free.