Two hackers accused of stealing personal data belonging to 120,000 early adopters of Apple's iPad tablet last year discussed the possibility of selling it to spammers or using it to promote Goatse, the collective of trolls they belonged to. According to a criminal complaint filed Tuesday, Andrew Auernheimer and Daniel Spitler …
"conspiracy to access a protected computer without authorization"
I'd say that it wasn't protected. Of course, there's still plenty of other charges, but if the door isn't locked you can't be guilty of *breaking* and entering.
Doesn't sound to me like it was protected...
In the UK you can
In the UK you can
Make it tight Apple, please.
And even tighter still.
Maybe the perps should have gone to WikiLeaks (unless of course their aims were much the less altruistic and much the more pecuniary?).
Make it tight?
Make it tight so they can't goatse? Well that conjures quite an image!
High tech hackers blasé about their security
Maybe wanna-be hackers should set up their own secure scratch-pad comms, employing encryption, so the Feds don't cases served up on a platter.
There is 'one time' encryption software available that would even the NSA work overtime.
This is more like putting the information on pieces of paper in glass boxes in a public hall and then complaining when someone comes around and notes the information on the papers down for themselves.
They can't be convicted of conspiracy to access a protected computer because they did not access any protected part of the computer. There was no request for authorisation or password, no checking of credentials, just an open webserver serving pages as intended to anyone who came by.
Conversely, AT&T need to be charged with breaching privacy laws, as the entire world had/has access to that information and they have no way of knowing who all copied it before they closed the security hole.
There have been cases where somebody just typing in a url directly being regarded as hacking = unauthorized access to a computer.
Somebody guessed that the answers to next weeks competition were at website/next-weeks-date/answer.html and won a prize.
"The discussion could come back to harm the cases of the two men, Rasch told The Register."
They decided they didn't want either the data or the script. I don't see why that harms their cases, as they don't seem to be denying that they had either of those things.
"Goatse, the collective of trolls"
Goatse - collective noun, a group of trolls. "I saw a goatse of trolls the other day, they were all fat and ugly" Nice :)
Most of these comments are missing the point...
... the point is, access of this type to their systems was "Unauthorized Access".
If you want to access areas that are marked "Unauthorized", no matter how simple or complex your script, you should be ready to address the consequences.
These guys went after data for the purpose of 're-purposing' the data for their own short-term monetary gains, it even shows up in their child-like chat logs.
These two should have the book thrown at them. Caught red-handed. They weren't trying to do anything righteous, that's just a smoke screen.
...common sense emerges. Agree 100%.
Just curious - where did it say "Unauthorized"?
Was there something on the web page they looked at that said "all our customer data is at this url: XXXXX. No Unauthorised Access Permitted"?
These dudes are going down.
You can try to nit pick the case against them apart, but a competent jury will find the information was protected even if it wasn't properly protected. The transcripts clearly outline that they were in this purely for personal gain, definitely not whitehat, and it would even be a stretch to label them grey.
"The transcripts clearly outline that they were in this purely for personal gain,"
No they don't. They appear to have considered many uses for the data. But relying on the transcripts, you can only convict them of thoughtcrime.
Plenty of guilt to go around
To put it in another context: If you know of a weakness in certain door locks that allows you to open them without a key, does that give you the right to break into peoples' houses and look around? No.
AT&T should be prosecuted for failing to properly lock down the information, and these twits should be prosecuted for exploiting the weakness to steal information.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great