|
|
|
|
|
|
by richardwhiuk
4187 days ago
|
|
|
Personally (and I know this is likely to be an unpopular sentiment on HN) I have very little sympathy for weev. He knowingly and deliberately attack a weakness he had found to scrape data, knowing that the access was unauthorized. I disagree that the data was in the public domain (although the Third Circuit disagrees) - just because something is accessible to the public doesn't mean it's in the public domain. Just because he wrote it up as a security researcher doesn't mean he should be immune for his actions - in fact in some ways it makes it worse because he did it knowing that he was unauthorized. He exposed the vulnerability to the press (so he didn't act in good faith regarding the disclosue) and he did so potentially for monetary gain (he claimed to be a member of a hacker group called “the organization,” making $10 million annually). I think one part of improving cyber security is prosecuting people who deliberately and maliciously hack into other systems who do so for either monetary gain or fame. I think this is especially the case whereby they don't act in good faith (e.g. providing proper disclosure). |
|
|
This would do nothing except cast a chilling effect over the security community. Everyone would sit on exploits, too afraid of overzealous prosecutors to publish them or even reach out to the affected parties.
Unless, of course, you believe the US justice system to be the paragon of restraint and reasonableness.