UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense 356
Diamonddavej writes "The BBC reports that software development student Glenn Mangham, a 26-year-old from the UK, was jailed 17 February 2012 for eight months for computer misuse, after he discovered serious Facebook security vulnerabilities. Hacking from his bedroom, Mangham gained access to three of Facebook's servers and was able to download to an external hard drive the social network's 'invaluable' intellectual property (source code). Mangham's defense lawyer, Mr. Ventham, pointed out that Mangham is an 'ethical hacker' and runs a tax registered security company. The court heard Mangham previously breached Yahoo's security, compiled a vulnerability report and passed on to Yahoo. He was paid '$7000 for this achievement,' and claims he was merely trying to repeat the same routine with Facebook. But in passing sentence, Judge Alistair McCreath said despite the fact he did not intend to pass on the information gathered, his actions were not harmless and had 'real consequences and very serious potential consequences' for Facebook. The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'"
Uhh (Score:5, Insightful)
Re:Uhh (Score:5, Insightful)
This guy had no business doing what he did. AFAIK you need a signed agreement with the company in question to perform penetration testing, otherwise it's illegal, no matter what your motivations are.
While that may be true, that doesn't appear to be the judge's rational for convicting the kid.
It sure sounds like the judge is rationalizing the ostrich strategy when he says that the kid's actions had 'real consequences and very serious potential consequences' for Facebook. Those consequences existed not because of the kid's actions but because of facebook's security failings. Even if the kid had done nothing, those vulnerabilities would still be there and facebook (and more importantly facebook's users) would have faced just as much, if not more, risk than they did if the kid had done nothing.
Re: (Score:3, Insightful)
Now that's not to say that I don't disagree with the rest of your post: the holes obviously existed, and if a black hat had got in they'd have to respond
Re:Uhh (Score:4, Insightful)
His actions did have consequences. I work for a large company with lots of publicly facing servers. If the guy had hacked into our servers, he may well have tripped an IDS or some other log analysis process, which would have alerted us to someone being somewhere they shouldn't be. Imagine how many man hours would be involved in identifying the intrusion.
Now that's not to say that I don't disagree with the rest of your post: the holes obviously existed, and if a black hat had got in they'd have to respond in the same manner. The thing is, a black hat would (hopefully) be found and prosecuted too, for the same reasons.
If someone is able to hack into YOUR SERVERS... it's YOUR problem... not the hackers. YOU left the vuln... he exploited it.
It's not the, "I left my front door open, you came in uninvited, and now I'm installing an alarm system"
it is, "I own a company, it's in a building, the public comes to it... someone found I left a door open
that wasn't marked and now I have to install a lock, sign and alarm system, even though,
I SHOULD HAVE ALREADY."
The hacker didn't CREATE the situation that allowed his access. He just FOUND it.
-AI
Re:Uhh (Score:5, Insightful)
The lock on your bedroom window is crap. I broke it last night, and then rifled through all of your stuff. Did the same to 2 of your neighbors also.. ya know, just to show it wasn't a fluke.
Your welcome.
I would like my reward now.
Re:Uhh (Score:5, Insightful)
OK, we'll sentence you based on the potential damage you might have done -- to wit, you could have accidentally burned the entire house down while you were there, and the fire could have spread to the entire neighborhood and killed a bunch of people.
Sentence the man for what he did: breaking into the computers. Not based on crap like "Potentially what you did could have been utterly disastrous to Facebook"
Re: (Score:2)
fortunately the law is supposed to be based on what was DONE, not what could've been done.. of course, that limits the power of overreaching police forces and the egos of cowardly politicians so maybe not anymore..
Re:Uhh (Score:5, Insightful)
Sentence the man for what he did: breaking into the computers. Not based on crap like "Potentially what you did could have been utterly disastrous to Facebook"
Creating a hazard can be illegal, eg: you can be booked for reckless driving even if no other cars are around at the time. Leaving aside the question of whether it was he or Facebook that created the hazard, or what proportion of culpability should be shared, the sentence is based not on what he did, but who he did it to (from the first link in the summary) :
"You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance,"
So to answer rgbrenner's "lock on your bedroom window is crap", argument, the judge's response is "You broke the bedroom lock on a rich man's house, it's not like you broke into the house of normal people".
You don't have to be sympathetic to this guy to find this court judgement reprehensible.
Re:Uhh (Score:5, Insightful)
Its a lot closer to this situation:
You walk into the gaping hole in the wall of a casino or bank, walk up to the dude behind the counter and say "dude behind the counter, you got a giant gaping hole in your wall, maybe you should do something about that". And then you get arrested for the $200 dollars of damage that they have to repair now that they are aware of the giant gaping hole in the wall.
Re: (Score:3)
And then you get arrested for the $200 dollars of damage that they have to repair now that they are aware of the giant gaping hole in the wall.
Cheap masonry workers you've got there :-) No wonder your walls are full of holes...
Re: (Score:2)
That would be true if he simply clicked a public link that lead him to the data. He clearly did more than that so closer to scaling the wall using special equipment.
Also he admitted to deleting his tracks which makes it even more evident that he knew what he was doing was wrong and would get him in trouble.
Re: (Score:2, Insightful)
A gaping hole is blatant. These security holes were no and required skilled approach just to be identified. aka, i snuck in through the vents, pkease fix that and pay me.
Re:Uhh (Score:5, Interesting)
There are no words to describe how stupid this kid is. Anyone with half a brain who's followed the news for longer than 2 weeks knows that you don't hack first and communicate later.
Re: (Score:3, Funny)
It's literally nothing like that situation.
He stole data. The holes weren't obvious or trivial. They now have to hope he didn't actually sell the data, or that someone didn't hack it from _him_.
So other than every facet of the situation being totally different, I guess you're right it's similar other than that.
Re: (Score:3)
Re: (Score:3)
Re:Uhh (Score:4, Insightful)
And yet, even if I accepted this as true, burglars -- even serial burglars -- are not sentenced based on potential deaths.
Re:Uhh (Score:4, Insightful)
That's not even remotely the same: one happens in the physical world, the other is pretty much a bunch of numbers being sent between computers on a network without any other consequences at all -- he didn't log into their servers and issue rm -rf, did he? No data was lost/deleted, there was no material/financial loss, so what the heck? It seems almost like a mind crime: he knows what he's not supposed to know, and nothing else, and he's not blackmailing anyone over it, nor is he intending to. Sure someone's feathers got ruffled, but -- to me -- it seems like Facebook basically says: we have a big ego, and we have lotsa money to show for it. And we won't mind jailing people just to show how big of an ego we have.
Re:Uhh (Score:4, Insightful)
Nothing was lost when I broke into your bedroom and went through all of your stuff either.. yet you seem to think that is a crime that should be punishable.
The only problem with my analogy is that I didn't take anything from your house. This guy took source code worth millions of dollars from the server.
Re: (Score:3)
And what if we chose a different place to use as an analogy, as it seems obvious that certain locations can have worse repercussions...
What if you broke into a blood bank?
You can bet your arse that the mere indication that you had unauthorised and unfettered access to a blood bank would have costly repercussions for that organisation - full audits, physical checks and tests, and that's if they don't simply junk all the blood you had access to...
Compromised servers are no longer trustworthy - cleaning up aft
Re: (Score:3)
and he's not blackmailing anyone over it, nor is he intending to
open to interpretation. After all, he did manage, somehow, to convince Yahoo that it was a good idea to pay him $7000...
Yes, that's puny as ransoms go, but the smart extortionist makes sure his ransom is not more expensive than other alternatives that the victim may have at its disposal (... such as lawyers...)
Re: (Score:3)
Comparing hacking to IRL burglary is a false analogy.
Re: (Score:2)
I mean, you might get more out of buying one share of stock and suing the CEO than you'd get out of the reselling the actual stock.
Wouldn't the award be proportional to the amount of stock you actually held? So all you'd be doing is do the other shareholders a favor (who would collect most of the award, whereas you fronted the court costs...)
Re:Uhh (Score:5, Insightful)
There is a common sentiment on Slashdot that whatever good intentions a company may have, its gathering of data without permission constitutes both a violation and a risk. That risk being the potential for the data in their hands to be compromised by yet another party. Can this logic not also apply to this Glenn and his company as well?
Re:Uhh (Score:5, Insightful)
While that may be true, that doesn't appear to be the judge's rational for convicting the kid.
Why does everyone keep calling him "the kid"? He's 26 years old. Just because he's a student doesn't make him some naive, innocent minor - he clearly knew what he was doing...
Re: (Score:3)
Why does everyone keep calling him "the kid"? He's 26 years old. Just because he's a student doesn't make him some naive, innocent minor - he clearly knew what he was doing...
I think it was pretty much the definition of naive for him to think that he could keep doing this vigilante white-hat stuff without some corp with too many lawyers eventually coming down on his ass as hard as possible.
"Damage" (Score:2)
Re:"Damage" (Score:5, Insightful)
Re: (Score:2)
There is no inherent right to crack other people's property. I find nothing wrong in the law saying 'thou shalt not penetrate others network without explicit permission or authority.' This person had neither.
I don't condone his actions at all, but I question placing full legal responsibility on him for the cost of security reviews. Surely whatever security reviews the professionals at Facebook had been shown to be inadequate. Was the security of Facebook from other attacks decreased because of changes he made to the system? Did he cause damage or reveal it?
Re: (Score:3)
nah.. you've got it all wrong. You show up at work one day with an alert from your IDS. You look at the server, and see that someone breached the server, downloaded the source code for your software, and tried to clean up their tracks by deleting logs. You report it to senior management. Management calls the FBI, and launches an investigation. Management tells you to go through the logs and the server, and find out anything you can. After two months of investigating, they finally find him, and FBI agents ar
Re:"Damage" (Score:5, Interesting)
Not just the review..
He impersonated a Facebook employee who was on vacation, hacked into the servers, tried to cover his tracks by deleting evidence he was there, downloaded facebook source code, then hid.
Facebook discovered on their own that he hacked in, and they had to work with the FBI to find out who this guy was. They had to do a real investigation.
THEN when the FBI knocks on his door, he says: I'm an ethical hacker trying to HELP facebook.
Seriously.. this guy is nothing more than a common criminal.
Re: (Score:2, Insightful)
I'd say it was a valuable public service, much like a journalist investigating a company. Rather than being prosecuted the story here should be that apparently some random guy was able to hack into Facebook where hundreds of millions of people's most personal data is kept. The fact that it cost Facebook money to fix is irrelevant as they should have fixed the problems anyway. If someone pushes on your security door and it falls off the hinges that should not be criminal damage.
By prosecuting the guy all the
Re:Uhh (Score:4, Insightful)
By prosecuting the guy all they have done is ensure that in the future people who manage to find these holes will either just exploit them for criminal gain
Or maybe it will make some of those people think twice before they do it in the first place...
Re:Uhh (Score:4, Insightful)
There will always be people trying to do this, whether hobbyist or professionals making a quick buck. So any leak -needs- to be fixed. Your argument implies that it's possible to scare people into never ever doing this sort of thing again, and people have been trying to do just that for years already. Newsflash: people still hack into servers, and all the scare tactics have only served to punish those who went public with their findings-... the ones who mean to do right and point out the risks, rather than keep it to themselves and use it for personal gain.
Scare tactics are not having the intended effect. Perhaps it'd be good if people started thinking of other solutions?
Re: (Score:3)
Or maybe it will make some of those people think twice before they do it in the first place...
Or maybe it won't. Putting people in jail for victimless crimes doesn't have any positive benefits for society. Only negative ones.
Re: (Score:2)
Have to generally agree in this case - I don't see how a jail sentence is going to deter the guy from doing it again any more than a fine would have.
Re: (Score:2)
It won't stop black hats looking for them, but it will stop the rest of us finding out about them until we get data-raped.
Walking up to my bank's doors and checking they are locked should not be a crime. Discovering that they are unlocked, taking a quick peek inside to make sure it isn't just a store cupboard I found my way into and then reporting the fact to the bank should not be a crime. Even asking the bank for a job checking that their doors are locked shouldn't be. This guy maybe overstepped the bound
Re:Uhh (Score:4, Insightful)
Not only that, but it almost sounds like bribery. He hacks into Yahoo, downloads confidential data, then "asks" them for a reward?
Why did he need to download facebook source code after he found the vulnerability? Why did he need to breach the server at all? Much less 3 servers?!
Re: (Score:2)
It isn't bribery, he just helped find more vulnerabilities. :-)
But really, sometimes it takes evidence to convince these companies to look at something.
I'm sure sending them part of their source code would get their attention.
Re: (Score:2)
True, find breach, send info to facebook on how to do it from a fake untraceable account.
you do a good deed, stay anonymous from litigious bastards, and increase your karma.
Anyone doing any other way is scamming for something. real white hates do it secretly and for free.
Re: (Score:3)
Why did he need to download facebook source code after he found the vulnerability? Why did he need to breach the server at all? Much less 3 servers?!
This here is the root of the problem of why his actions were so wrong.
Granted, he shouldn't have been poking around in the first place, but that action (if limited to that) might be able to be forgiven. Everything else he did after the poking around was very much uncalled for and unprofessional behavior.
It would be one thing if he accidentally stumbled over a possible vulnerability, but that is Not what he did.
Example:
"Hello facebook security team.
I was attempting to reach my server at 123.x.x.x port yyyy,
Re: (Score:2, Interesting)
Let me ask you this.. if Yahoo didn't pay the reward, what would he have done with that confidential info? Does he sell it to someone else?
Why does he have it at all? He can disclose the security problem to yahoo and they can verify it.. that does not require he steal something from the server.
Re: (Score:2)
It does: you'd need some proof. If you have the choice of reacting to every single claim that just tells you the steps and stuff (plenty of which might end up being useless or fake), or just reacting to the ones that actually got something they shouldn't have, the latter is much more likely to be cost-effective in terms of time spent investigating the leak.
Re: (Score:2)
Physical world analogy. (Score:4, Insightful)
So you're walking through the business district of a city and just jiggling door knobs to see if anyone left anything unlocked.
Why? Because you're a "white hat".
That's the FIRST issue that you have to get through to the judge.
Once you find an open door, you go inside and take some important stuff out. So that you can prove to the company that you were inside.
That's the SECOND issue you have to get through to the judge.
Then, you call the company and tell them that door X is unlocked and you can prove it because you have property Y.
The company (being unenlightened and still thinking in physical world terms) calls the cops and you are arrested. Even though you intended to give property Y back to the company.
It makes sense that way.
So, do NOT freelance. If you do NOT have a signed contract with the company you CAN be prosecuted. You have to put in the EXTRA EFFORT to distinguish your actions from the actions of the bad guys. A signed contract does that.
Re: (Score:2)
Re: (Score:2)
The worst thing he could be charged with is the electronic equivalent of B&E. Of course, this being Slashdot, I didn't read the article, and just glanced at the summary, so I'm not sure if that is what happened or not.
Re: (Score:2)
good, well I hope the next time zuckerberg has a heart attack, his neighbor gets a signed agreement from him before calling 911. after all, corporations are people, right? (yes I know this is the UK, but it would be no different in the US) the only 'costs' were associated with a byzantine, bought-out legal system and not with mangham himself.
Re: (Score:2)
you need a signed agreement with the company in question to perform penetration testing, otherwise it's illegal, no matter what your motivations are.
Indeed, I am not sure what is this "ethical hacking defense" that the summary refers to. That may have prevented him from going to jail for a decade instead (i.e. if he had also sold private information or did some obvious damage he'd be punished further). But it isn't a defense, more of a good topic to bring up at sentencing.
$200,000? (Score:3, Insightful)
So Zuckerberg had to go to his wallet instead of pulling change from his pants pocket, maybe the hacker should have been less ethical and just sold the code.
Re:$200,000? (Score:4, Insightful)
What does that matter? $200,000 is $200,000, just because the victim "can afford it" doesn't change the crime itself.
Re: (Score:2)
Re: (Score:3)
Yeah, I haven't seen any specifics on what it was that cost them $200k or whether that is totally inflated, I just don't think the measure of his guilt should have anything to do with the size of the company hacked.
On the flip side, I think the judge's comment that "you accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance" is even worse. If it's a crime it shouldn't matter
Re: (Score:2)
True. You would hope, for example, that stealing a Toyota would result in the same *criminal* punishment as stealing a Ferrari (civil damages, on the other hand, could be a different story). But in reality if you look at the judge's comments, that's clearly not how he thought about it, which is wrong...
Let this be a lesson to all (Score:5, Insightful)
In the case of companies like Yahoo, you can do this. But in the case of Facebook, it's better to sell any uncovered flaws to interested parties other than Facebook or to simply release the information anonymously to the public.
These "damages" are the lawyer's fees associated with making claims against the "criminal" and the programmers needed to correct the vulnerability... (which are probably the same programmers whose code was vulnerable in the first place.)
Facebook, you just set the tone for how security researchers will reveal your vulnerabilities in the future. You just made a very uncomfortable bed for yourself to lie in.
Re:Let this be a lesson to all (Score:5, Insightful)
A new way to profit: leave the holes in place, and charge anyone who discovers them. If the person is stupid enough, he or she will do more than notify you. If they exceed what a random uninterested person would do with the the hole, they've just self-identified as a criminal. You can therefor recover enough money from them to pay for fixing the holes.
This creates a whole new meaning for "honeypot" (;-))
--dave
Re: (Score:3)
You can therefor recover enough money from them to pay for fixing the holes.
why would they do that when they can get far more by hyping up their IPO?
Re: (Score:3)
Even better, audit smaller sites with permission so you build up a portfolio of clients before pursuing business with the big guys. That way you don't have to lie about your income on your tax forms, you don't draw negative attention to yourself or your business, and instead of selling for chump change what few holes you do find, you make a steady income from secure sites as well as insecure sites.
You know, what smart security pros do?
Re: (Score:3)
Security Researches get permission before penetration testing and there is a lot of money to be made in legitimate security work. Just breaching a company computer network is a crime. It does not matter if you steal any information or cause any harm.
How about I come over and break into your house when you are not home and leave a note telling you how I did it? I'll try breaking in again a few days later to see if you took measures to keep me out. If I can still break in then I will be justified in taking o
Re: (Score:3)
The difference is that people are CONSTANTLY trying to break into sites like facebook and often successfully. This guy isn't the first and won't be the last. By not publishing the information, he did them a favor. By asking for a reward, he may have entered a grey area. But by prosecuting this guy, they have sent out a rippling message that facebook is not to be dealt with openly or honestly.
I get that they should be contacted "beforehand" and permission should be acquired, but the fact is, real crimina
Re: (Score:2)
My house doesn't contain billions of dollars worth of information. Now, if you are able to break-in to my bank, without really trying, where I keep lots of uninsured assets, I'd consider that a tremendous service. In a high-crime neigborhood, I'd also consider a note that, eg. a side window doesn't lock, to be a positive public service.
Re: (Score:2)
No. The lesson is, if you break in in April, and don't actually do anything voluntarily to disclose the vulnerability and let Facebook know about it and fix it, and actually go back in to erase your fingerprints, and the FBI comes and knocks on the door of your home two months later, that you are too late with the Good Samaritan defense. Having read the article, I'm not particularly as sympathetic to the kid as I was based on the /. summary. He got caught and he hadn't done anything to redeem himself.
Sugarcoat it all you want... (Score:5, Insightful)
...but a breach into any company is a break-in-and-entering if you haven't been assigned to do so for testing the security vulnerabilities by the company itself.
It's kind of like catching a thief without any goods, but inside of your home. Uhm...I'm just testing your security system, now you know you have a weak system, thank you - I'll mail you the bill.
"Ethical Hacker"? (Score:2)
I call bullshit. He "runs a tax registered security company," which means his motivation was largely if not entirely monetary. Hardly ethical.
Re: (Score:2)
1) Everybody lies.
2) It's not lupus.
Poor Yahoo (Score:5, Funny)
ooo, that's got to hurt.
How money was spent dealing with the issue? (Score:2)
That is, doing a security audit, implementing tests and fixing bugs? If you have poorly tested code, and you notice it because someone is trying to get in through the back door, you should not try to charge them for your own faults.
Hopefully, you would have spent that money anyway.
If you hadn't, then good thing someone came in before you had also to face more serious consequences (as in a public exp
Re: (Score:2)
Beside that, if it wasn't a student from the UK but some cliché bad guy from a country where Facebook can't do shit we could see all the info ending up right on the web. I don't know why but for some reason I want this to happen..
$200,000 is bullshit (Score:2)
Claiming he caused $200,000 in damages is absurd, what is the actual damage? Fixing vulnerabilities that were there in the first place?
I always think it's funny that when hackers get busted and the company has to spend a ton of cash on securing their servers/software they claim it's somehow the hacker that caused the damages. They had to be secure in the first place.
Re: (Score:3)
It usually boils down to all the time spend (thus money) that was needed to reinstall all the servers in the datacenter with a new known good image ?
Re: (Score:2, Informative)
I'm sympathetic to that argument. Post-intrusion followup, investigation, rootkit removal (read -- bare metal installation after hdd imaging), these are all legitimate expenses incurred even in the case of a white hat.
Fixing the problem they found is not. Conducting an audit to look for similar problems is not.
Related: How's that related to this? https://www.facebook.com/whitehat/ Did he not follow the procedures?
Mr. Patel (Score:3)
The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'
Mr. Patel? Is that Mr. Synthesizer Patel? I guess he discovered music wasn't paying the bills.
200K damages (Score:2)
If you were never planning on releasing or selling any of the vulnerabilities you found. If you were will
he broke the 11th commandment (Score:2)
Saying "I'm an ethical hacker" when you get caught, doesn't mean you don't do time.
It means you are an idiot.
Alex
Important notes left out of the article (Score:2)
In 2005, Chris Putnam had created a Facebook worm, eventually the worm got traced back to him and Facebook hired him.
Facebook has also previously hired Geohot, of the iphone/sony hack fame.
So what does a person do.... (Score:2)
Equality before the law (Score:4, Insightful)
So it's okay to hack a small business but not a large international one? The legality of an offence depends on the amount of capital the plaintiff has? The rich now have more rights than the poor?
Zuckerberg is a hypocrite (Score:3)
If only Harvard had prosecuted Zuckerberg when he hacked Kirkland House's online mailing lists to spam users with links to his Facemash service, Facebook might have never existed and this may have never happened at all.
Re:Judges from the 20th century have to go (Score:5, Insightful)
Re:Judges from the 20th century have to go (Score:4, Interesting)
From the article:
"Judge McCreath told him
'This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled.'"
I think we can pretty clearly see where the judge's opinion lies.
Re:Judges from the 20th century have to go (Score:5, Insightful)
Also as to the judge's understanding:
"'You and others who attempt to hack really must understand how serious this is, the creation of that risk the extent of that risk and the cost of putting things right.' "
As others have said - the risk was there whether or not the kid hacked in. He didn't create the risk.
Re: (Score:2)
Perhaps in the judge's point of view, if nobody ever hacked, there would not be a risk like this. So, people hacking stuff creates said risk. So... people who hack anything must be punished for the existence of this risk, no matter what they hacked or why they hacked.
Re: (Score:2)
Re: (Score:2)
Wait, isn't what you just said pretty much a definition of a mind crime? It was all in his head, after all (or equivalent to being in his head). So now when we know too much we're supposed to go to jail?! Just because he was not entitled to knowing something should not make it illegal, IMHO such laws are entirely unconscionable. Now don't get me wrong, I do understand that there are secrets of various nature (military, industrial, etc), but the punishment shouldn't be for knowing them, but for illegal discl
Re: (Score:2)
This world will progress when we start judging on motive instead of some false sense of superiority.
Re: (Score:2)
If I forget to lock my door on my way out of my house one day and come home to find an "ethical" thief in my home waiting to educate me on the importance of locking my doors, you can bet that I'll be calling the police.
There's the right, there's the wrong, there's the lawful and there's the unlawful/illegal. Right and lawful aren't the same, as aren't wrong and unlawful. They should be, but they aren't. That said, there are people who tend to operate more along the right-wrong axis of the ethical plane, and those who tend to operate more along the lawful-unlawful one (and I thank D&D for the clear way in which they express this insight). From your described hypothetical reaction it's clear you're of the later persuasi
Re:Judges from the 20th century have to go (Score:4, Informative)
Re: (Score:2)
It is inexcusable to let people pass judgement in matters they don't comprehend.
I think the judges understand the law quite clearly. Unauthorized access is against the law. Many people have tried the "ethical hacker" defense and it almost always fails.
Re: (Score:2)
It is inexcusable to let people pass judgement in matters they don't comprehend.
I'm pretty sure that the 20th Century Judges fully comprehend[1] the 20th Century laws that are the basis these types of cases.
[1] For the average judge. I know there are outliers in either direction.
Re:Judges from the 20th century have to go (Score:5, Funny)
Considering that most of the judge from the 21st century are, at most, 12, and not even lawyers, let alone judges, yet kinda makes this tough.
Alas, no mod points (Score:3)
Considering that most of the judge from the 21st century are, at most, 12, and not even lawyers, let alone judges, yet kinda makes this tough.
I salute you sir; nicely done. Although the disturbing thought did occur to me that perhaps the GP was in fact calling for the reinstatement of nineteenth century judges to adjudicate these newfangled matters.
Re: (Score:2)
The judge followed the law. That is what he is OBLIGATED to do.
When we get to the point of allowing ANY LAME excuse as a reason to violate ANY law we will have lost everything the rule of law offers to society.
I can see the excuses from the witness stand:
Why yes, officer, I did shoot you, I was performing a public service by testing your bullet proof vest. You should get a better one, yours is all bloody anyway.
Yes, Mr. Banker, I did test your vault door last night, as a public service and to guarantee my
Re: (Score:2)
"The judge followed the law. That is what he is OBLIGATED to do."
Which was his first mistake. A jury is NOT obligated to follow the law and a Jury can find someone not guilty in spite of the law if they find a law unjust.
Problem is most judges bullshit the jury and tell them they have to follow what the law says. in reality the do not.
Re: (Score:2)
What makes you think this UK Judge was presiding over a Jury Trial?
Re: (Score:2)
Re: (Score:3)
Can we use the cost of having to install locks and security systems in homes to deal with theft to increase the punishment of the thieves?
It seems you're writing this with the assumption that this guy is being fined $200k. He isn't. Facebook can choose to pursue damages in civil courts, just as a burglarized home owner can. But that's not what's happening yet and your post kind of jumps the gun with that assumption.
Re: (Score:2)
For the record, I agree with most people here that the $200k "damage" figure is bs. Unless he infected their system or took down security in some way, that $200k cost was only the cost of patching their preexisting vulnerability. Facebook would have have difficult time arguing for damages if that were the case.
Re: (Score:2)
Re: (Score:2)
He broke in through the window, now my house needs $xxx for a security system which protects windows as well, and its all his fault
Is your house a mansion with lots of valuables lots of people are dying to steal from you?
Re: (Score:2)