Hacker News new | ask | show | jobs
by jacques_chester 2054 days ago
> Superficially speaking, he defrauded a US bank of $70k ($5k of which he transferred to his bank account).

So far as I know, fraud isn't a strict liability crime. It requires intention ("mens rea") as well as action ("actus rea") to be prosecuted.

I am of course not a lawyer.
1 comments
cosmie 2054 days ago
I'm not a lawyer either (just enough lawyer friends to be terrified of the legal system), although as far as I'm aware you're correct. I'm not even sure if such actions meet the legal definition of fraud, nor if it's be the most likely/appropriate charges brought in such a scenario.

But

1) Mens rea isn't an absolute defense. It doesn't refer to malicious intent, but more so specific intent[1], in this case, specifically performing a sequence of actions in order to discover/validate/confirm a vulnerability. You also don't have to know if what you're doing is a crime; if what you did fit the legal definition of fraud, and you performed that action fully cognizant of and in control of what you were doing, then it's still a crime irrespective of your awareness that it was a criminal act.

2) Mens rea is a legal argument. It may protect you from successful prosecution, but if you've hit this point, lawyers are already involved and you've more than likely already been arrested/charged.

3) The prosecutor could dismiss the case if they feel the likelihood of successful prosecution is minimal (such as when you produce the original permission you received) or the bank requests it. Or they could force a settlement if they think the case is shaky. Or they could be an ass and force the court/judge to decide. But you've still been arrested, your life has been disrupted, you've potentially sat in jail for some amount of time (at least until your bail hearing), and you've likely been economically harmed (via legal bills, cost of bail, potential impact to your state of employment, potential impairment to future earnings based purely on the arrest record even without prosecution, etc).

Which is why it's always good to involve or consult a lawyer before engaging with the company - the cost of doing so is effectively an insurance policy protecting you from ending up in a situation where you need to employ one for damage control. And you're likely to end up with a far larger bill if you end up having to pull a defense attorney in after the fact for damage control/crisis management than the bill you'd get for upfront risk mitigation.

[1] https://www.law.cornell.edu/wex/mens_rea

link
jacques_chester 2053 days ago
> Which is why it's always good to involve or consult a lawyer before engaging with the company

I absolutely agree. Always have your own lawyer!

link