I really feel my 48 years. What is this, The Running Man?
Either leave it in the hands of the authorities or prosecute. Making a game out of it sends a very strong message that it's all about the page views whether you're hacking a site to redirect towards your sleazy affiliate trap or whether you're turning the justice system into the Circus Maximus.
This guy is probably already scared shitless and crapped several pairs of pants when he realized he was under FBI investigation.
I can't see how the minimal damages are worth dragging him through a lengthy trial and bankrupting him with legal fees and a felony conviction on his permenant record.
Definitely yes if the punishment for their respective crimes is not in correspondence with damage actually done.
If crack cocaine carries a mandatory sentencing of 5 years in jail for less than a gram (it used to), the only moral thing to do is to let the offender go. Even if you think they deserve to be punished to some degree, you have to examine if the expected punishment is proportional to the desired punishment.
He inconvenienced TC for one hour. A felony conviction would be screwing him over for the rest of his life, possibly 70+ years. I don't see any positive outcomes from that which would offset resources wasted prosecuting.
In the chat transcripts, they explicitly discuss the possibility of getting caught. The perp knew the risks, and made a conscious decision to proceed. The Friend's discussion about getting paid for links reveals a pattern (albeit not in this case) of doing this for personal gain. And they also show clearly that they understand the effects of their behavior on the victims, and just don't care about it.
If you want to prevent these hackers from mischief, there must be a credible threat of repercussions. Letting them go will not discourage all this guy's friends. But maybe in a similar conversation next year, when they're talking about getting caught, someone will mention "you remember last year when Xyz got caught, and he's still in jail!".
That is just how the system works, though, you commit a crime, you get convicted. Then you could argue that the laws should change. But I can't understand these kids(?): smart enough to hack a server, but not smart enough to understand the consequences? Presumably he is feeling invincible?
There seem to be a lot of people who might be willing to give him a second change even with a felony conviction. It sounds like you would? If he really is just a stupid kid, there might be extra laws for kids, and the punishment less severe?
Cocaine is an entirely different matter, because it only damages the user, not other people. Hacking a public server damages other people. How is that excusable? And he didn't just put up a powned message, either, he tried to make money. What's next, selling accounts to the russian mafia?
I mean I would agree with you that if you personally feel that the crime is not really a crime (as you might feel about possession of drugs), you wouldn't press charges. But I don't see how hacking a server with the purpose of making money could not be considered a crime.
This is seriously right. A website was directed somewhere else for short period so we should... fuck this guy's whole life for it? I can't believe 3X as many people voted to convict this guys, it just confirms my opinion of human nature. We should show this guy some compassion and redirect our resources to the thousands of rapes and murders that get cold cased after a week due to lack of funds to continue. Our whole system is basically fucked, it's time for a rewrite.
> While I do think the guy should be prosecuted, I don't like how TC is turning the ordeal into another way to make money.
I had almost the opposite reaction - I also think the guy should be prosecuted, but I think it's smart how they're turning it into an ordeal. They got messed up by the guy, but instead of being all serious and sober and lawyery, they're having a good time with it.
They're also probably more than a little worried that a headline like "TechCrunch files charges against hacker" might alienate some of their audience, many of which are 'hackers', albeit in a very different sense. I think it's smart of them to ask their readers what they should do.
It might manage to help the guy's case, though. If it looks like TechCrunch is pressing charges as part of some kind of publicity stunt, their testimony becomes not very credible. No idea if the guy would be able to manage to get it brought to the jury's attention, but if they found out about it, I can't imagine it winning points with the jury.
Yea, write a simple Python/Perl script that interfaces with TOR and force-reset your exit nodes each time you send out a new request and randomize the time interval. There are plenty of TOR exit nodes in the world to swing the vote your way.
It's not too difficult to detect and ban votes from exit nodes. It could even be done after the fact (and still be mostly effective) if it appeared that an attack took place.
Actually, that's not even necessary. They just track with cookies. Incognito mode with Chrome makes this child's play. Run a script to open in incognito and keeping voting till a certain point. If you want to be really scrupulous, keep changing IP.
> Run a script to open in incognito and keeping voting till a certain point
Why would you bother to script a full-fledged browser when you can just connect to the site directly through the script, ignoring cookies and/or changing the user-agent string.
How? I mean, through all my shell accounts, I could probably easily fake 10 votes.
Back in my less mature days, I registered 20 AIM accounts, and then wrote a script to have them all log in simultaneously and in one by one start a conversation with a target, and then at my command, flood the target with "warnings", silencing them on AIM. So immature - so fun.
well... if you're a hacker with control to a botnet, then yeah, just tell the botnet to vote no. The 'no' votes will come in so fast that it will crash the servers.
When twitter was hacked TechCrunch did everything they could to expose the valuable data and they paid the hacker.
Why should anyone even care if TechCrunch got hacked, it's only fair that when you condone hacking of other sites and profit from it that you just shrug it off when it happens to you.
TC pressing charges because of being hacked would be completely hypocritical of them.
We’ve been asked if we wanted to purchase information in the past that would have made for some great stories and we have always declined. Our policy is to never pay for information.
People are wondering how much they paid, not if they paid.
Is Arrington on the record stating that they did not pay?
Even if, they still profited tremendously from the traffic, so the point still stands. You either are ok with black hat hacks or you're not, you can't be fine with it when it is other people and press charges when it's you.
There is lots of handwaving there, but the issue of whether or not money changed hands is not mentioned at all, and it would have been a pretty strong point in their defense if it hadn't. The only words he uses is 'But if it lands in our inbox, we consider it fair game.", which suggests nothing preceded that, but that's speculative.
People wonder about lots of things that aren't true. I unzipped those files. We did not pay for them. "Landed in our inbox" should do more than suggest that nothing preceded it. Would you say that software just "landed on your desktop" after you paid for it?
Profiting from traffic and paying for stolen goods are two very different things, so I don't think the point does still stand.
Profitting from traffic from stolen goods is pretty unethical, for me it doesn't matter if you paid for it or not. Clearly the hacker did this either to damage twitter or to profit from it, and in either case you could have done the right thing. Claiming that others would have disclosed it (which is something TC did pretty loudly) is really funny, so you effectively have already admitted that it was unethical, but because others would have done it that made it 'right'. Anything for a scoop.
You could have gotten a good bit of mileage simply by reporting about the hack, instead you decided to do damage to others for your own profits.
It's funny how acceptable stuff like that has become, and how you seem to be claiming some kind of moral highground here for something that is simply sleazy.
Profitting from stolen goods, directly or indirectly is unethical, if you had any sense at all you'd have given twitter a warning that their files are out in the open and you'd have destroyed the data.
I hope one day you'll find the tables turned, we'll see how ethical you will think this is then.
And I'll be on your side in that one, just like I was solidly on twitters side in the other.
Giving people a platform to do damage and to profit from that is sickening.
First you said "they paid". When this was questioned, you said that people wondered how much they paid, not if they paid. And now you say that it doesn't matter if they paid?
Because either way they gained from stuff that wasn't theirs to begin with and that was taken with malicious intent.
I wasn't aware that TC was on the record for not having paid, but that, as I said in my eyes makes little to no difference.
I wish sincerely that TC will have a helping of their own medicine and we'll see how they react, judging by this 'poll' I don't think they'll be as gracious as twitter was.
It's one thing to hack out of educational interest or as a "white hat" but this hacker's motive was just to make money. Therefore my vote would obviously be yes, he should be prosecuted. If what the hacker says in his chat log is true, and he has made money by redirecting major sites in the past then he definitely deserves it.
Don't get me wrong, I do not support hackers, but I feel like TechCrunch's game-like approach to this is a little immature. Nothing but a publicity stunt.
I'm guessing a Wordpress exploit - there were a few of them a while back. If you go to techcrunch.com/wp-admin it looks like they're running custom Wordpress.
There's usually a fine line when prosecuting 'hackers' like this. Are they just playing around to see what they can do? Do you have a substantial chance to point them in the right direction for the future if you don't take the legal route? In this case, though, it just looks like an uneducated thug of the internet that Arrington would have little hope of converting.
If that same thug hacks facebook next week and offers the stuff he finds during the hack on an underground forum for a fee Arrington will be the first in line to pay.
While it's certainly up any victim to testify / support a prosecution, isn't the actual decision of whether a crime has been committed and whether to pursue prosecution up to the law enforcement agencies?
Either leave it in the hands of the authorities or prosecute. Making a game out of it sends a very strong message that it's all about the page views whether you're hacking a site to redirect towards your sleazy affiliate trap or whether you're turning the justice system into the Circus Maximus.