|
|
|
|
|
|
by Teandw
1524 days ago
|
|
|
If trading hacked emails wasn't illegal, you'd have legitimate and big businesses trading them. You don't see any businesses like that because it is infact illegal. As someone else mentioned, an 'access device' actually refers to many things, including emails. You have an extremely poor understanding of the law if you even remotely think that trading hacked emails would somehow be legal. |
|
|
But there are in fact big infosec businesses trading them. They just brand it as “data leak monitoring” or “darknet intelligence” or whatever. Equifax does this, NortonLifeLock does this as do many others. There are also products aimed specifically for pentesters.
> As someone else mentioned, an 'access device' actually refers to many things, including emails
>”Access device" is defined at 18 U.S.C. § 1029(e)(1). Instead of using the term "credit card," or "debit/credit instrument," the term "access device" is used in the statute and is defined broadly as any "card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds...." The only limitation, i.e., "other than a transfer originated solely by paper instrument," excludes activities such as passing forged checks.