Hacker News new | ask | show | jobs
by doldols 1524 days ago
What steps were those? How are they distinguishable from the steps you would take to protect your website from being taken down because of abuse reports from upset people?

Trading in hacked data might not be illegal unless it’s credit card information, but your average hosting provider probably isn’t going to care about such nuances.
1 comments
jacquesm 1524 days ago
> Trading in hacked data might not be illegal unless it’s credit card information

Dangerous nonsense. Trafficking in stolen data is illegal, please read the full indictment.

link
doldols 1523 days ago
But it really isn’t… The indictment mostly sticks to payment information for a reason.

And besides, indictments are not law.

link
Teandw 1523 days ago
They focus on payment information as those are the most serious crimes and would provide the harshest sentence. Trading hacked emails does not carry the same weight as trading hacked credit card details.
link
doldols 1523 days ago
What weight does trading hacked emails carry?

As far as I can tell, lawmakers simply have not criminalized this.

Many things that obviously should be illegal are not illegal.

link
Teandw 1522 days ago
If trading hacked emails wasn't illegal, you'd have legitimate and big businesses trading them. You don't see any businesses like that because it is infact illegal.

As someone else mentioned, an 'access device' actually refers to many things, including emails. You have an extremely poor understanding of the law if you even remotely think that trading hacked emails would somehow be legal.

link
doldols 1521 days ago
> If trading hacked emails wasn't illegal, you'd have legitimate and big businesses trading them.

But there are in fact big infosec businesses trading them. They just brand it as “data leak monitoring” or “darknet intelligence” or whatever. Equifax does this, NortonLifeLock does this as do many others. There are also products aimed specifically for pentesters.

> As someone else mentioned, an 'access device' actually refers to many things, including emails

>”Access device" is defined at 18 U.S.C. § 1029(e)(1). Instead of using the term "credit card," or "debit/credit instrument," the term "access device" is used in the statute and is defined broadly as any "card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds...." The only limitation, i.e., "other than a transfer originated solely by paper instrument," excludes activities such as passing forged checks.

link
jacquesm 1523 days ago
What do you think 'access device' means in this context?
link