In Russia, against a website committing credit card fraud while reporting everything to service providers, and actively preventing people from being defrauded?... I really couldn't give a poop, if the USA wants to come prosecute me and aid international fraudsters so be it (if you can even find them).
This is FUD, and saying "This is a confession to a crime, just so you are aware." is really an overly strong statement that is not warranted.
Yes, the CFAA is famously lax in what it's definition of "unauthorized access" is, and I know in the past some idiot politicians have tried to prosecute for a journalist clicking "view source" to see the HTML of a webpage, but one shouldn't confuse prosecutorial misconduct for "confessing to a crime". There is nothing in the statement that you are replying to that says that the user actively broke access control.
What do you do with the skimmer once you pull it off? How do you prove that you’re in felony possession of fraud device? You also would be contaminating a crime scene. Most skimmers have limited memory and are sometimes controlled via Bluetooth.
It’s best to leave it to the ones _authorized_ to fiddle with such things. I’m sure your fellow citizens appreciate your gumption though.
They were doing some exploratory poking around a public system, and at no point did they access a system without authorization. All this information is available to anyone, and malformed requests can happen for many reasons.
I suppose intent to gain unauthorized access might be a problem, and I'm sure some lawyer could find a case there.
Intent matters. Sending a malformed request in an attempt to harm could probably be prosecuted.
In much the same way that you usually are not allowed to shoot robbers in the street, people who are doing nefarious things but aren't yet convicted of a crime are not "fair targets". Especially when it comes to the CFAA, I don't think there's a concept of self defense.
I don't think anyone should be particularly concerned about "criminal" actions conducted against a httpd/server host platform that's physically in Russia, operated by literal phishing criminals. What is the US going to do, extradite you to Russia for screwing with low-rent russian organized crime?
As the other poster says, this is no more morally wrong than pulling a skimming device off an ATM.
tomxor|2 years ago
hn_throwaway_99|2 years ago
Yes, the CFAA is famously lax in what it's definition of "unauthorized access" is, and I know in the past some idiot politicians have tried to prosecute for a journalist clicking "view source" to see the HTML of a webpage, but one shouldn't confuse prosecutorial misconduct for "confessing to a crime". There is nothing in the statement that you are replying to that says that the user actively broke access control.
valine|2 years ago
vuln|2 years ago
It’s best to leave it to the ones _authorized_ to fiddle with such things. I’m sure your fellow citizens appreciate your gumption though.
RockRobotRock|2 years ago
morkalork|2 years ago
imiric|2 years ago
They were doing some exploratory poking around a public system, and at no point did they access a system without authorization. All this information is available to anyone, and malformed requests can happen for many reasons.
I suppose intent to gain unauthorized access might be a problem, and I'm sure some lawyer could find a case there.
mrguyorama|2 years ago
In much the same way that you usually are not allowed to shoot robbers in the street, people who are doing nefarious things but aren't yet convicted of a crime are not "fair targets". Especially when it comes to the CFAA, I don't think there's a concept of self defense.
Is it a crime? Arguably. Does anyone care? Nah
m4jor|2 years ago
walrus01|2 years ago
As the other poster says, this is no more morally wrong than pulling a skimming device off an ATM.