Forgot your password?
typodupeerror
United States Crime

Is Weev Still In Jail Because the Government Doesn't Understand What Hacking Is? 246

Posted by samzenpus
from the you-say-tomato-I-say-tomato dept.
Daniel_Stuckey writes "Last March, weev, the notorious internet troll who seems to be equally celebrated and reviled, was convicted of accessing a computer without authorization and identity fraud, and sentenced to serve 41 months in prison.'He had to decrypt and decode, and do all of these things I don't even understand,' Assistant US Attorney Glenn Moramarco argued. Here, on a Wednesday morning in Philadelphia, before a packed courtroom, the federal prosecution argued that a hacker should spend three and a half years in prison for committing a crime it couldn't fully comprehend. Previously, Orin Kerr, a law professor at George Washington University and weev's defense attorney, had argued first and foremost that there was no criminal hacking to speak of. According to Kerr, what weev and Daniel Spitler (who pleaded guilty to avoid jail time) had done while working as an outfit called Goatse Security was entirely legal, even though it embarrassed public officials and some of the country's biggest corporations."
This discussion has been archived. No new comments can be posted.

Is Weev Still In Jail Because the Government Doesn't Understand What Hacking Is?

Comments Filter:
  • Re:No. (Score:4, Insightful)

    by Charliemopps (1157495) on Wednesday March 19, 2014 @10:30PM (#46530529)

    Ah... no. If I can type the exploit into the address bar and I need no more than autohotkey to download their entire god damned database then that's not a hack. They made their bathroom walls out of glass and then complained that he was a peeping tom for setting up a webcam from across the street. Scuzzy? yes, but not illegal. The government shouldn't have to protect you from what common sense should.

  • Re:No. (Score:5, Insightful)

    by Frobnicator (565869) on Wednesday March 19, 2014 @10:32PM (#46530539) Journal

    Further more instead of going to ATT, he went to Gawker first.

    This, a thousand times.

    When you discover a vulnerability:
    * Do not go to the vendor. They will often ignore it or sue.
    * Do not go to the school or business. They will ignore it, sue, fire, and expel.
    * Do not go to the government. They will imprison.
    * Do not go to the Interwebz at large. You get everything above.

    Take the exploit and related proof to a trusted, large, well-established security company that accepts anonymous submissions and will publicly disclose the exploit if not addressed within a specific number of days.

  • by Sycraft-fu (314770) on Wednesday March 19, 2014 @10:47PM (#46530601)

    And it blows open in the wind, I can just hop on in to your house and nose around?

    The answer, in case you are wondering, is no. While you should take precautions to secure your house, your failure to do so is not the same as permission to enter or do as I please.

  • by Urza9814 (883915) on Wednesday March 19, 2014 @10:50PM (#46530613)

    This isn't a house, it's an office building.

    And he didn't just walk in, the server provided the information to him.

    So, he walks into an office building, asks the security guard if he can walk right up to the conference room, and the guard says 'yeah, sure, why not' so he does...and now he's being arrested for trespassing.

  • Donning CBR Gear (Score:5, Insightful)

    by IonOtter (629215) on Wednesday March 19, 2014 @10:53PM (#46530637) Homepage

    Weev is whale turds. He's the lowest of the low, he knows it, and he relishes it. He's like a wolverine, pissing and shitting on the carcass he found, so nobody else will try to eat it, even though he can't stand his own stench.

    Which is why it sucks so God Damned much to have to defend his useless ass!

    But then, if you can't defend the worst of the worst from clear injustice, then we don't even have the hope of having a republic.

  • Re:No. (Score:2, Insightful)

    by Anonymous Coward on Wednesday March 19, 2014 @11:01PM (#46530681)

    Further more instead of going to ATT, he went to Gawker first.

    This, a thousand times.

    When you discover a vulnerability:

    * Do not go to the vendor. They will often ignore it or sue.

    * Do not go to the school or business. They will ignore it, sue, fire, and expel.

    * Do not go to the government. They will imprison.

    * Do not go to the Interwebz at large. You get everything above.

    Take the exploit and related proof to a trusted, large, well-established security company that accepts anonymous submissions and will publicly disclose the exploit if not addressed within a specific number of days.

    Or you could sell it, and make potentially a lot of money, and not have to deal with any of the above consequences.

    I believe this is what is called a perverse incentive.

  • by amiga3D (567632) on Wednesday March 19, 2014 @11:02PM (#46530695)

    He never entered. He took pictures through the open door. Hell, they didn't even have a door, just a bead curtain that fell down.

  • Re:No. (Score:5, Insightful)

    by epyT-R (613989) on Wednesday March 19, 2014 @11:11PM (#46530743)

    Fuck that. If disclosing it to these people puts yourself at great risk, it's no wonder it just gets uploaded to the most convenient 0day full disclosure community. Then they HAVE to take it seriously. The broken dynamic is the fault of corporates and governments, not 'hackers.'

  • Re:No. (Score:5, Insightful)

    by jklovanc (1603149) on Wednesday March 19, 2014 @11:41PM (#46530897)

    Ah... no. If I can type the exploit into the address bar and I need no more than autohotkey to download their entire god damned database then that's not a hack

    Too bad that is not what happened. He tried millions of possible IMEIs to get the information. That is not far off from a brute force password attack. That was also where the identity fraud charge came from. The IMEI is used to identify the owner of the phone and by using someone else'es IMEI her was fraudulently acting as the owner of the phone.

  • Re: No. (Score:5, Insightful)

    by dnavid (2842431) on Wednesday March 19, 2014 @11:43PM (#46530915)

    Any public URL that is unencrypted is not a secret. Snooping on plaintext is not snooping at all. And he had no legal requirement to notify AT&T first. Besides, even if he had, they don't care about security until it goes viral. I notified them of a information leak on their iOS translation app that allowed other apps access to your translations and location data. Not only were they unable to figure out who was responsible for the app, they ultimately told me to call Apple. I tried the support for the app as well as customer service. I email their PR rep too. Zero response.

    I'm really uncomfortable with that logic. First of all saying that if all it takes is typing in a URL, then of course its public belies a level of ignorance just as high as the government in this case. "Just a URL" in the modern internet could be anything. SQL-injection is programmatic hijacking of a database server, but it often requires "just a URL." Buffer overflow attacks require just a URL, many apache worms required just a URL to propagate because of the way URL content can be processed. Just a URL is like saying all programs are just notepad documents. It cannot be the case that "if I can get there, then I get to take whatever I want" is the rule of the internet. I read in another article the analogy that AT&T basically put the material on a library bookshelf for anyone to read. That's not a good analogy: a better analogy is weev went to a public library, found that someone forgot to lock the door to the reserve stacks, and decided to go there and take a bunch of books home with him just because he could.

    That is not the person I want to be the flag-bearer for my sense of fairness.

    Second, giving anyone who points out a failing in others a free pass to point it out by any means is also something I'm really uncomfortable with. If its okay when done to big companies like AT&T and Apple, then its just as okay to do to smaller organizations like your neighborhood grocery store, or your house.

  • by AudioEfex (637163) on Thursday March 20, 2014 @12:26AM (#46531087)

    "Classic works for me, remove the 'beta' stuff from the url."

    Be careful, or you'll be tossed in jail for hacking /.

  • Re: No. (Score:5, Insightful)

    by artfulshrapnel (1893096) on Thursday March 20, 2014 @12:33AM (#46531107)

    I mean, fair enough. But if you can access every customer's record on a massive nationwide system by incrementing a single digit? That strikes me as "basically public". I sometimes exploit the same "hacking" to find the page of a webcomic I want to read if I forget the bookmark.

    As the article says: Does he deserve to go to jail? Probably. For this? No.

  • Re:No. (Score:1, Insightful)

    by Anonymous Coward on Thursday March 20, 2014 @12:38AM (#46531131)

    This approach worked pretty well against the NSA in the court of public opinion

  • by Taco Cowboy (5327) on Thursday March 20, 2014 @01:12AM (#46531247) Journal

    ... people can claim that they did not know how to do witchcraft, but they could point out to the judge which person were witches which were not.

    In the 21st century, people can claim that they do not know how to hack, but they can tell the court who are the hackers and who are not.

    As if people never learned any lesson from what had transpired three long centuries ago.

  • Re: No. (Score:3, Insightful)

    by Anonymous Coward on Thursday March 20, 2014 @01:39AM (#46531359)

    yep, there's the good ol hacker "she was asking for it" defense.

    the egg would have been all over at&t's face if this info had been released anonymously. but weev had his awesome internet persona to worry about.

    someone forgot to tell him the cool part of hacking is not getting caught

  • Re: No. (Score:2, Insightful)

    by Anonymous Coward on Thursday March 20, 2014 @02:17AM (#46531455)

    How is this any different from someone just unlocking your front door because the lock mechanism is stupid and helping himself to all your belongings? Or how would you feel if you left your house and you left one of the windows open and so someone decided because the window was open, he is basically invited in to your house and can take whatever he wants? Only a fool would make that argument the thief has any right to be in your house. You can argue the homeowner should be more careful and get a better lock and close all his windows. You can argue that someone walking by and leaving a note to the house owner warning about the perils of being reckless is being a good citizen. However, the second this good citizen decides to actually enter the house and look around and take stuff, he is being a criminal.

  • by king neckbeard (1801738) on Thursday March 20, 2014 @03:09AM (#46531567)
    Actually, it is a big concern when the justice system is perverted against its fundamental ideals. We used the whole 'ends justify the means, so fuck the rules' crap to take down some mob bosses, and now we have all the RICO crap and civili forfeiture is commonplace. This allows unjust and impractical laws to stand unchallenged because the state can nail anybody if they really want to, and they have the leverage to make most people plea bargain out. We commit crimes on a regular basis because of our incredibly complex legal system, the NSA tracks every time we wipe our ass, and they drop information to locals for 'parallel construction.' That means that, absent sufficient public outcry and scrutiny, they can put anyone in jail whenever they want.

    Our justice system was set up the way it is for a very good reason, and it's incredibly naive of you to think that this is okay because weev is an asshole.
  • Re: No. (Score:4, Insightful)

    by ultranova (717540) on Thursday March 20, 2014 @07:31AM (#46532345)

    But, he's a sadist who spreads misinformation and lies. Lethal injection.

    Americans are never happy unless you're getting your human sacrifices, eh?

  • by sycodon (149926) on Thursday March 20, 2014 @09:21AM (#46533097)

    Seems there is a prevalent feeling on Slashdot that if you leave yourself exposed, wittingly or unwittingly, then the folks who take advantage of that exposure should not be held accountable, should get the benefit of the doubt, or in some cases, even celebrated.

    The principal at stake here is the social contract of Trust. We trust each other to not harm one another in everyday life. I trust the clerk at the gas station to not bash me in the head with a bat. He trusts me to not do the same. I trust that the people I invite into my house won't go through my stuff, that they will respect my privacy, and won't steal anything, etc.

    People who violate this trust are called criminals, thieves, murderers, etc. Despite what the News says, this does not occur all that often. If it did then we'd be like Somalia. It's why we can function as a society.

    Whatever the circumstances that led to this guy accessing, downloading, and keeping the information, he violated the general trust that we all have that others won't mess with our shit, even if we leave it exposed. He also violated the law, which says, in a nutshell, don't fuck with other people's shit.

    If you want to use the unlocked door analogy, what did not do was leave a nice note for the owner saying, "hey, I found your door was unlocked". Instead, he went inside and took stuff, then put up posters all around the neighborhood telling people the door was unlocked, which door it was, and what stuff he took.

No amount of careful planning will ever replace dumb luck.

Working...