Interesting excerpt: "They may decide to, for insurance purposes, blame some huge downtime expense on you. I can hear it now, "When we detected the intruder, we promptly took our system off-line. It took us two weeks to bring it up again for a loss in wasted manpower of $2 million." In some cases you might be better off just using the company's payroll system to cut you a couple of $10,000 checks. That way the government has a firm loss figure."
I used to think the exact same thing. It looks insane from the outside. But when you cause a real incident at a large company, a good chunk of those loss numbers are easily traceable. $2MM on manpower alone is spectacularly high, but remember that a fully-loaded headcount/week could easily range from $3000-$4000. A company with thousands of servers will lose far more than 2 weeks in forensics work after a genuine breakin.
We're talking about companies with cash flows in the tens/hundreds of millions of dollars per day. It doesn't seem real to the kind of people who break into computers in the same way, say, a nuclear reactor does. But it's real.
I absolutely agree with you, I can imagine the time I'd spend digging around on my own little VPS after a break-in... I really meant "How insane are the rules for sentencing based on arbitrary $$$ values."
The process as a whole would be sane if there was messaging, education, and reliable enforcement. As it stands, it's really just an inverse lottery that you don't find out about until you lose/win.
In any case my gut feeling is that if you get into trouble - get a real lawyer. Using this or any legal advice you get online might actually make your situation worse.
Justin Peterson (the author) was an FBI informant who helped put Kevin Mitnick and Kevin Poulson in jail. I believe he escaped a large portion of his jail time by selling out friends.
How insane.