| Hacking? Really? You're gonna go with that? Allegedly sending messages[0] to former colleagues is now hacking? The credentials for accessing the system to send such messages was shared by hundreds, if not thousands of people and posted on intranet sites. So sending messages (albeit unauthorized ones) using a widely-known set of shared credentials is worthy of a whole bunch of cops descending, guns drawn, on a couple with young children? I'd also point out that the biggest ISP in that area is Comcast, which routinely sets up free wifi for anyone in range[1] by sharing their customers' links. As such, any one who had access to the credentials (hundreds to thousands of people) could have just driven over to her house and used her Wifi. And the cops come with guns drawn? With small children in the house? From the linked article: "The search was part of a criminal investigation into unauthorized messages sent last month to a group of health department employees using an internal emergency alert system. [...] According to the affidavit, the users on the emergency alert group account shared the same username and password, which cybersecurity experts said left the system vulnerable to a breach that could be difficult to trace." [0] https://www.nytimes.com/2020/12/11/us/florida-coronavirus-da... [1] https://www.xfinity.com/support/articles/open-xfinity-wifi-h... |
I run a SaaS business. As part of logging into that company my users send their username and password to my servers which my servers see in clear text.
Just because it would be absolutely trivial to save all those passwords in clear text and use the 50% of them that are re-used credentials to login to my customers’ accounts doesn’t mean that it wouldn’t be illegal to do so.
The complexity of the hack is irrelevant. Whether you have the correct password is irrelevant. Whether it was authorized access or not, and whether the perpetrator believed it was authorized access or not, is what matters.
And as part of the process to determine that, serving a warrant on the home of the IP address of the person who performed the action is appropriate.
And waiting at the door for 23 minutes while making multiple phone calls with the homeowner to try to serve the warrant is more than reasonable. It’s frankly how I would hope they would treat me in the same situation if for some reason I refused to come to the door. (Plenty of time to destroy evidence, that’s for sure)
They haven’t even charged her at this point. It was serving a warrant as part of the investigation! What, you want them to not investigate? This is bizarre-land politics and disinformation campaign territory.