Feds Drop CFAA Charges Against 'Hacker' Who Exploited Poker Machines 144
FuzzNugget writes "According to Wired, the two CFAA charges that were laid against the man who exploited a software bug on a video poker machine have been officially dismissed. Says Wired: '[U.S. District Judge Miranda] Du had asked prosecutors to defend their use of the federal anti-hacking law by Wednesday, in light of a recent 9th Circuit ruling that reigned in the scope of the CFAA. The dismissal leaves John Kane, 54, and Andre Nestor, 41, facing a single remaining charge of conspiracy to commit wire fraud.' Kane's lawyer agreed, stating, 'The case never should have been filed under the CFAA, it should have been just a straight wire fraud case. And I'm not sure its even a wire fraud. I guess we'll find out when we go to trial.'"
Here's the actual link to the dropped charges (Score:5, Informative)
AT&T criminal negligence (Score:4, Informative)
Only a few months ago we had this:
http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
http://www.wired.com/business/2013/03/weev/
AT&T had left the accounts of every iPad owner open, a group spotted it, reported it to Gawker, the Feds investigated, let AT&T off, and arrested the group and the lead was sentenced to 3.5 years.
So now you can't report security holes you find to the news because the FBI will arrest you for hacking.
They ran a public CGI (Score:3, Informative)
"Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application."
The 'hack' was they visited a URL, and the FBI managed to convince a judge that visiting a URL is hacking. The FBI clearly cooperated in AT&T's coverup here, visiting a URL is not hacking. It appears that AT&T is too big to prosecute, so they shot the messenger.
The CFAA was misused and the limited technical knowledge of a judge abused, to get a prosecution that lets AT&T cover up their negligence in exposing private data publicly on the web. It also shields them from lawsuits, since they can point to the 'crime', and claim to be the 'victims'.
They dropped the CFAA charges in this case, but that means nothing, the FBI has long abused that law, it clearly needs to be fixed and the FBI clearly need to be reined in.
Re:Of course, it's only illegal if the house loses (Score:5, Informative)
There have been several cases where the machine displayed a much higher jackpot then what was then paid out.
http://news.slashdot.org/story/10/06/05/1828218/malfunction-costs-couple-11-million-slot-machine-jackpot [slashdot.org]
http://idle.slashdot.org/story/09/11/06/1638213/casino-denies-man-166-million-jackpot [slashdot.org]
And I don't think the 'winners' got anywhere with their lawsuits.
Re:Glitches (Score:5, Informative)
I assume you didn't read into the case. The prosecutors were never trying to argue that Nestor (the accused) used hacking to find the glitch. They were trying to argue that the combination of keys that activates the glitch is so complex that it should by itself be considered 'hacking'.
However, the 'combination of keys' used was not that extraordinary - all were legal game-play moves. Boiled down to the fact that switching a denomination of a game could change the payout the machine would give you on games you already won (but did not cash out yet).
The prosecution was trying to paint is as access rights violation but they failed to show just what exactly did the defendants do that they were 'not entitled' to do.
It still might be a fraud. Especially since Nestor convinced the operator in one case to switch on the feature that enabled the glitch. But hacking is out of the question.