|reply to MooJohn |
Re: He didn't *hack* anything
I'm not denying there's a gray area here, but the actions following his exploit were what made them criminal. Instead of going to ATT, he bragged to friends and seemed intent on possibly harming ATT. None the less, he might win on appeal due to the vagueness of the law.
None the less, his actions were borderline criminal if not criminal. It doesn't matter if he used SQL ijection or script kiddy code. The end result was the same. Att had a flaw, with said individual exploiting the flaw.
Your argument is like a person leaving a possession on their front porch and then justifying the stealing of the item. Even if I leave money sitting out in plain site, it's still theft if you take it off my property. It doesn't matter if you are a career criminal or opportunistic. You've committed the same act of theft.
He didn't *steal* anything either
No one was deprived of anything. He obtained a list of owners' email addresses -- oh the humanity!
If he tried to extort them or cause financial harm, charge him with that. To say his access was criminal simply because he typed things into the box that they didn't expect and it spit out information is ludicrous.
John M - Cranky network guy