"Nonprofit hires woman, but she quits after a few days, asks for pay for that time; they refuse, and things get worse from there. But! They don’t turn off her email access to a board member’s email. She and a friend comb through the account, download internal documents, and then ask for a lot of money. Federal crime? Third Circuit: Not until they actually revoked her access."
Considering it was created during a major moral panic after the movie "War Games" came out, by a bunch of politicians who knew nothing about computers (aside from, again, watching the movie War Games).
As a direct result, anything and everything can be a crime (e.g. violating a private company's Terms & Conditions), and the punishments are completely disproportionate to the actual criminality.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
I think you are missing some nuance here. They found a vulnerability where they could just increment an "id" and get access to another user's information. They then went ahead and scraped as much as they could. Also this person (iProphet / weev / Andrew Auernheimer) is awful and certainly not a victim. AT&T did not leak the information, Andrew did!
Should they have had better security? Yes. Was the vulnerability extremely basic? Yes. Doesn't change much, a vulnerability was used to dump a bunch of private data.
pcaharrier|2 months ago
"Nonprofit hires woman, but she quits after a few days, asks for pay for that time; they refuse, and things get worse from there. But! They don’t turn off her email access to a board member’s email. She and a friend comb through the account, download internal documents, and then ask for a lot of money. Federal crime? Third Circuit: Not until they actually revoked her access."
https://www2.ca3.uscourts.gov/opinarch/233017p.pdf
Someone1234|2 months ago
As a direct result, anything and everything can be a crime (e.g. violating a private company's Terms & Conditions), and the punishments are completely disproportionate to the actual criminality.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
pizzalife|2 months ago
Should they have had better security? Yes. Was the vulnerability extremely basic? Yes. Doesn't change much, a vulnerability was used to dump a bunch of private data.