| His defense will be that he never had criminal intention, that it was an unfortunate accident, that can be chalked up to inexperience and curiosity. That he didn't take measures to hide his identity and that he was attempting to report a security issue and that the version that dialed 911 is a very very stupid idea of a joke. And the prosecution will argue that the very action of writing a piece of software that targets a critical infrastructure is proof of in itself of criminal intention. It will be up to the judge, but hopefully he will be lenient. This should serve as a warning for 2 things for you younger cats out there: 1. Learn how to disclose responsibly. Use proper channels for disclosing vulnerabilities and don't post exploits online like that (only after you have made contact, reported it and discussed a reasonable time table for patching or not at all). Or know the risk of full disclosure and go with that, but still never post a exploit like that online like that. 2. Any idea of a joke that involves the authorities should trigger a "Yeah, authorities are not well known for their sense of humor. They tend to not be amused" moment. Edit: The attack against 911 was in the code itself and that argument won't stand a second in Court. Be smart, stay safe, happy hacking! |