[celticninja]

I am not 100% certain that the hacker did anything illegal. As I understand it he exploited a loophole in the contract, that has been going on since contracts have existed and is not illegal in itself.

[throwawayjava]

For me, this is the most interesting question. I suspect this was illegal, though. CFAA is pretty broad for exactly this reason -- the effect and intent, not the vector -- is what matters.

[koolba]

Why would the CFAA[1] apply? I don't think US law is the governing law for everything that happens on the Internet (though they'd probably love that...).

[1]: https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

[throwawayjava]

You mean jurisdictionally? E.g. if the hacker was located in the US, or in one of the many, many countries with an extradition agreement since some of those distributed computations almost certainly occurred in the us. Or in one of the many, many countries whose hacking laws are explicitly modeled on cfaa...

[Atheros]

Indeed.

"I have put one million dollars in this safe. The combination is one of the factors of this very large number."

Man factors number, opens safe, and takes one million dollars

"Woah hold on there, I didn't think anyone could do that! The money is still mine! Give it back!"

No.

[hectorr1]

It's a pretty grey area. I'm not sure they did either, but my guess is that they want to find out for sure by approaching the court system. Would definitely be an interesting conversation with their lawyer.