logoalt Hacker News

Someone1234last Thursday at 5:49 PM1 replyview on HN

Considering it was created during a major moral panic after the movie "War Games" came out, by a bunch of politicians who knew nothing about computers (aside from, again, watching the movie War Games).

As a direct result, anything and everything can be a crime (e.g. violating a private company's Terms & Conditions), and the punishments are completely disproportionate to the actual criminality.

See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.

Replies

pizzalifelast Thursday at 6:06 PM

  See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
I think you are missing some nuance here. They found a vulnerability where they could just increment an "id" and get access to another user's information. They then went ahead and scraped as much as they could. Also this person (iProphet / weev / Andrew Auernheimer) is awful and certainly not a victim. AT&T did not leak the information, Andrew did!

Should they have had better security? Yes. Was the vulnerability extremely basic? Yes. Doesn't change much, a vulnerability was used to dump a bunch of private data.

show 3 replies