|
|
|
|
|
|
by tptacek
1466 days ago
|
|
|
I break into computers for a living, and stories like this are in the news all the time. I'd probably do much worse at, like, an embezzlement case. I'm also probably (I hope) wrong about the 2b1.1 loss calculation here; I read the USSC primer on it and it's not super clear but leans me towards the idea that a penalty assessed on Capital One for doing a poor job securing their data can't be included in a loss assessment against Thompson, and I'm not clear that the damages for a settled lawsuit over same could apply either. So total losses could be in the single-digit millions (as a general rule of thumb, you can't get convicted in federal court of hacking a real company and incur less than ~100k in damages, simply because of the cost of insurance-mandated forensics investigations --- here I don't really see any chance that the "actual damages" could have been less than 7 figures given the magnitude of what was stolen). There is also, per the USSC document, a formula for computing damages "per access device", where "access device" is a term of art that includes account numbers, so that could also generate a nosebleed sentence. For no reason whatsoever, just based on doing this exercise for every 18 USC 1030 case that's been in the news for the last decade or so, my wild-ass underinformed guess is that the sentence will end up under 10 years, but more than 5. |
|
|
https://twitter.com/80snewsscreens/status/153451127149155532...
but with 'Forum Sentencing Expert'