Hacker Behind Leaked Nude Celebrity Photos Gets 10 Years

wiredmikey writes "A U.S. judge sentenced a computer hacker to 10 years in prison on Monday for breaking into the email accounts of celebrities and stealing private photos. The hacker accessed the personal email accounts and devices of stars including Scarlett Johansson, Christina Aguilera and Renee Olstead, among dozens of other people he hacked. The hackers arrest in October 2011 stemmed from an 11-month investigation into the hacking of over 50 entertainment industry names, many of them young female stars. Hacked pictures of Johansson showed her in a state of undress in a domestic setting. Aguilera's computer was hacked in December 2010, when racy photos of her also hit the Internet. Mila Kunis' cell phone was hacked in September that year with photos of her, including one in a bathtub, spread online. According to the FBI, the hacker used open-source, public information to try to guess a celebrity's email password, and then would breach the account."

Open Source information?

[suso]

What is Open Source information? The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source. I hear and see it used in many ways in which it should not be and the term has been grossly eroded in meaning over the past decade.

Re:Open Source information?

Pretty standard term.

http://en.wikipedia.org/wiki/Open-source_intelligence

Re:Open Source information?

[bsDaemon]

Trademarks are domain-specific, like how actual windows can still be called windows and Microsoft can't sue over Windows. The use of the term "open source" for intelligence information (OSINT) is as old as dirt and is used to differentiate between sources such as news papers/party organs/etc and information attained through clandestine means, either human intelligence (HUMINT) or signals intelligence (SIGINT). Nothing to get upset about. It's not like the article said he used "the well known, open-source hacker tool Linux..."

Re:Open Source information?

[ShanghaiBill]

What is Open Source information? The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source

"Open source" simply means something that was openly published and available to the public. The term has been in use for at least a century. The OSI foundation has no trademark on the term.

That fact that this guy got the info from open sources doesn't make it okay. If I find your key under your doormat, that was stupid of you, but it doesn't make it okay for me to rob you. This jerk got what he deserves.

Re:Open Source information?

[suso]

Ok, thanks for the explanation and wasn't aware that the term open source information had such a long history. Still, the term open source gets used in ways that it probably shouldn't be in relation to software.

Re:Open Source information?

[bsDaemon]

Davis W. Moore, "Open Sources on Soviet Military Affairs," Studies in Intelligence (Summer 1963-declassified article)

Herman L. Croom, "The Exploitation of Foreign Open Sources," Studies in Intelligence (Summer 1969-declassified article)

So, the term as applied goes back at least to the 60s. It has just become more common in the last 10-15 years or so.

Re:Open Source information?

[suso]

It means public information, don't pretend you didn't know.

I didn't, because I've only heard it refered to as public information before. I've heard the term sources refering to where you get your sources from, but not open-source information. It turns out Bruce Perens acknowledged this special use of the term open source in the intelligence community when he announced open source software: http://www.catb.org/~esr/open-source.html

The intelligence community probably hates it when this happens. *rolls eyes*

Re:Open Source information?

[nschubach]

I'm sure you'd still be in court for calling your new deodorant "Mountain Dew"

Re:Open Source information?

[Strange+Ranger]

It's open-source, not Open Source.
 
Which is a good argument to capitalize it if you want to own a piece of that phase.

Re:Open Source information?

[Trepidity]

There is occasional usage from the '60s, yes, but as a common term it seems to be mainly based on "open source" becoming a common cultural thing in the tech world in the '90s. At least, that seems to be the case in public sources (or should I say, "open" sources?) using the term, where widespread usage dates to around 1995.

Re:Open Source information?

[Trepidity]

Yeah, there's a separate set of doctrines around "famous marks", which may have protection in all domains. So you can't call your new operating system Coca-Cola OS unless it's actually approved/licensed by Coke, despite that company not currently having any interest in the OS market.

Re:Open Source information?

[Lashat]

But not your moonshine...

Re:Open Source information?

[Forty+Two+Tenfold]

Well, the term "hacker" is also misused.

Re:Open Source information?

[Digana]

The first OED citation for "open source" is from 1998:

open source adj. [first published, on the Internet on 8 February 1998, by E. S. Raymond in a revised version of his paper ‘The Cathedral and the Bazaar’; ‘[the term] was invented by Christine Peterson of the Foresight institute at a private meeting I ran a few days earlier’ (E. S. Raymond, private communication)] Computing (chiefly attrib.) designating software for which the original program files used to compile the applications are available to users to be modified and redistributed as they wish. 1998 InfoWorld 2 Mar. 75/4 ‘The popularity and success of Apache, the Linux operating system, the BSD version of Unix, and many other software applications prove the value and impact of open source development’, Linux creator Linus Torvalds said in Netscape's statement. 2003 Wired May 125/2 The chip king is hardly a stern taskmaster, giving only the most general directions to faculty. Much of the work is released open source, and wild tangents are encouraged.

If you have a citation that goes a centuries earlier than this, you should notify the OED about how this term has been in use for that long.

Re:Open Source information?

[rastoboy29]

I've always thought it took a lot of balls for them to claim to define "open source" when it is a generic term, in reality.

I support them and everything, but it's always annoyed  me.

Re:Open Source information?

[fallen1]

Considering that the term "Mountain Dew" was originally Southern and/or Irish slang for moonshine, I'm not so sure about that.

See the Mountain Dew Wikipedia article; look under the Packaging section.

Re:Open Source information?

[bhsx]

http://en.wikipedia.org/wiki/Open-source_intelligence "History The Foreign Broadcast Information Service (FBIS) was created in 1941 to access and exploit OSINT in relation to World War II. A classic example of their value and success is reflected in the price of oranges in Paris as an indicator of whether railroad bridges had been bombed successfully."

Re:Open Source information?

[ganjadude]

I guess the next question is were they robbed of anything? sure their privacy was breached, but were they robbed?

not condoning social hacking just making a point that the argument you are using might not be correct.

Re:Open Source information?

[Digana]

That is an entirely different meaning of the term, but arguably, is the meaning in the original summary. Is there evidence of "open source" ocurring without the "intelligence" part?

Re:Open Source information?

[geekoid]

" where widespread usage among my peers dates to around 1995."

Re:Open Source information?

[geekoid]

They didnt.
they define "Open Source". Caps have a purpose, you know.

Re:Open Source information?

[Synerg1y]

Agreed, it's w/e knowledge is available in the public domain that you can use to gather intelligence with, I've heard of people tracing spam emails back to origin and accumulating information on the spammer with OSI. There's a lot of grey here too like sites that offer you lookup information for a fee, but are available to anyone.

One thing I can't seem to wrap my head around is how did he figure out passwords from the public domain? So say I'm known by syn, but I set my password to syn24, OSI has nothing to let you guess that, those must've either been some very weak passwords, or he was trying a very large # of accounts with all sorts of semi-relative password and these victims had the weakest passwords.

Doesn't matter though, what he did is plain out wrong on all levels, I wonder if he went far enough down the rabbit hole to not even realize it, and that he was affecting real people, but the DOJ is not one to care. A very similar case not too long ago had a teenage girl committing suicide over such things, so the potential consequences of the actions he took are very real.

Re:Open Source information?

[pregister]

On a lot of email providers have security questions. Click the handy "I forgot my password" link and they ask

1) Mother's Maiden Name
2) FIrst Pet
3) Name of your high school

or whatever other type of information that would be reasonably difficult to find out WITHOUT the internet but is trivial with it, even for non celebrities. For celebrities...

Re:Open Source information?

[disambiguated]

They didnt. they define "Open Source". Caps have a purpose, you know.

There are a handful of case-sensitive words in English. "Open Source" isn't one of them.

Re:Open Source information?

[Trepidity]

I wouldn't consider every book indexed in Google Books to constitute "my peers".

Re:Open Source information?

[asdf7890]

What is Open Source information?

The quote is "open-source information" - the lack of capitalisation is significant here: no link to the OSI is intended to be implied.

Open-source information is a fairly common term in some circles, it refers to information that can be obtained or derived from sources that are open to (legitimate) public access. In other words accessing that information does not in itself constitute a break of any law or other rule.

Of course the way he used the information once he had obtained it is another matter.

The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source.

They can't in this instance. "open-source information" is a phrase that has been used by people intelligence services, academia, and other organisations since long before the OSI existed in any form. Even if they could afford the team of lawyers Microsoft use to defend their sole use of the word "windows" in certain contexts, I doubt this would be one of the contexts where they would win.

Really?

Pics or it didn't happen.

Re:Really?

[steelfood]

If there ever was a story where the pictures are worth more than any amount of words, this would be it. I'd go as far as to say that this would otherwise be a non-story if there are no pictures.

Re:Really?

Pics or it didn't happen.

Sure. Let's joke about posting personal pictures of a non-consenting party.

This comment wouldn't even come up if it was a man whose pictures were taken.

Re:Really?

[marcello_dl]

I thought those pic were leaked on purpose by the VIP public relations, to keep the names floating around in the media.

But maybe this is part of the game :)

Re:Really?

[TWX]

Sure. Let's joke about posting personal pictures of a non-consenting party.

I don't have a problem with the jokes. And honestly while I don't agree with the illegal methods of obtaining the data that the hacker used, I also do not consider his data breach any worse than any other random data breach. Fact is, those who take naked pictures of themselves or allow naked pictures to be taken of them must accept that it's possible that others will see them. That held true for the girl who sent cheesecake-style pinup photos of herself to her soldier-boyfriend who would probably show the picture to his buddies, held true for the Polaroid revolution, held true for the 8mm camera era, held true for the videotape era, and holds true for the digital camera era.

Simply, if one doesn't want naked pictures of one's self to be seen, one should not take or allow taken, naked pictures of one's self. Literally that's it. Don't do it if you don't want them seen. The only reason for a picture to exist is for it to be seen, and the large number of prurient people in this world will be happy to look. If one never takes or allows these kinds of pictures to be taken then there will never be a chance of them being shared, leaked, or stolen.

This comment wouldn't even come up if it was a man whose pictures were taken.

You've never been around women gossiping that don't know that a man can hear them, have you?

Re:Really?

[mabhatter654]

The ladies consented to putting their pictures on some random corporate email system. Those systems have ZERO pricacy promised... GOOGLE openly DOES search your stored mail (basically anything you've ever sent or recieved) unless you tell it NOT to. So at some point these pics would leak somewhere else anyway.

Better yet, if the pics were private in Instagram, they just gave them away to anybody who pays money... You KNOW Instagram is going to "accidentally" reset everybody's private pics.. their papa Facebook does it all the time.

Re:Really?

[geekoid]

"If they didn't want these pictures out there then they shouldn't have had them taken. T
that's a bullshit argument. You have the right to take picture and keep things on your machine without them being distributed.

this was time used to find someone who was breaking into other peoples account and services. So, money well spent.

The only real issue here is that the punishment doesn't fit the crime.
Like many crime,s one can be punished and NOT put into prison.

This is worthy of weekend work for about 2 years.

Re:Really?

[trev.norris]

I've very curious as to what the sentence would have been if hypothetically he was paparazzi who took photos though a window or such while they were naked, then released those onto the internet.

In my mind there should have been two different cases. One for the data breach, and one for the release of personal information. While I don't agree with what he did, 10 years seems excessive.

Re:Really?

[richard.cs]

Replying to void incorrect mod.

Re:Really?

[Americano]

If they didn't want these pictures out there then they shouldn't have had them taken.

"Why would you protest the Patriot Act or warrantless wiretapping? If you've done nothing wrong, then you have nothing to fear, citizen!" Or, for that matter... "Why would you protest Facebook & Instagram's use of your photos in any way they deem financially useful? Its your own fault if you don't keep the photos under strict lock and key in an electromagnetically-shielded, hermetically sealed lockbox!"

Say what you really mean:

"But I liked seeing Scarlett Johannson's boobies, and don't think anybody should be punished for having helped me achieve that dream!"

Re:Really?

[MonkeyPaw]

You forgot to include "if she didn't want to be raped than she shouldn't have dressed like a slut".

Re:Really?

[farble1670]

this was time used to find someone who was breaking into other peoples account and services. So, money well spent.

time spent investigating this is time not spent investigating other things.

when's the last time you've had to interact with the police concerning a crime against you? for pretty much everything, they take your name and do nothing. there's no investigation at all. but they spend 11 month tracking down this guy? let christina aguilera hire a private investigator.

Re:Really?

[farble1670]

GOOGLE openly DOES search your stored mail (basically anything you've ever sent or recieved) unless you tell it NOT to. So at some point these pics would leak somewhere else anyway.

can you link to any instance where google has leaked personal photos stored on a google server?

Re:Really?

[TWX]

That would probably depend, in part, on how the photographed party was visible through the window, where the photographer had to be in order to see the photographed party, and if the photographed party had a reasonable expectation of privacy in the location they were in.

Re:Really?

[chrismcb]

If they didn't want these pictures out there then they shouldn't have had them taken. They shouldn't have kept them in an electronic form or on any item connected to the internet. It is their own fault.

You probably believe its the women's fault when she is raped?
If I take a private picture of me or my girlfriend. I expect it to remain private. Period. It might be a different matter if I let someone else (such as a professional photographer) take pictures. But if I take pictures, and leave them on my phone, or personal computer. I have every right to expect them to remain private. Even if I am a public figure.Claiming it is their fault that they let these even exist is moronic. Thats almost like saying "if they don't want to me seen naked, they should never get naked, even in the privacy of their own homes"

Re:Really?

[chrismcb]

How much did they spend?
How do you know that other hacking gets no attention?

Wake up call

[davydagger]

"According to the FBI, the hacker used open-source, public information to try to guess a celebrity's email password, and then would breach the account."

Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

I don't know what is more disgusting, celebrities themselves, or psycho brand of psychonphants they attract.

Re:Wake up call

[dav1dc]

I agree - is it still considered a "hack" when all the attacker did was guess the password from common (public domain) knowledge??

I don't think it changes the degree of wrong in his actions - but in this light we shouldn't revel in the miraculous technical innovations used to snipe some celeb p0Rn.

Re:Wake up call

[seepho]

is it still considered a "hack" when all the attacker did was guess the password from common (public domain) knowledge??

Yes, much like a golf cart is still considered a vehicle.

Re:Wake up call

[gstoddart]

Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

Well, he'll be going to a real prison with real criminals -- Slashdot's whinging about what is a hacker, a cracker, or a script kiddie is irrelevant.

He's hardly a criminal mastermind, but what he did was still illegal.

Re:Wake up call

[SternisheFan]

Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

Well, he'll be going to a real prison with real criminals -- Slashdot's whinging about what is a hacker, a cracker, or a script kiddie is irrelevant.

He's hardly a criminal mastermind, but what he did was still illegal.

As illegal as breaking and entering into someone's home and stealing photos from a bedroom safe. Good to hear that the court system sees hacking for the serious crime it really is. Someone with a talent for computing shouldn't be given free license to break into someone elses devices and steal, and then provide some lame 'War Games' "it was just some innocent hacking" defense. 10 years will give him time to wonder if maybe he shouldn't play like some kind of untouchable omnipotent God at a keyboard. I look forward to hearing of more tough sentences in the future.

Re:Wake up call

Your logic:

1. Some famous entertainers used weak passwords (as do millions of other Americans), so that proves that "celebrities are fucking dumb".

2. Because of this, all famous entertainers deserve the same kind of scorn we would direct at criminal celebrity stalkers.

Slashdot moderator's reaction:

+5 Insightful, @davydagger!

Re:Wake up call

[WD]

I don't think the quote is right. The technique used to gain access is not to guess the password, but to guess the answers to the password recovery questions. The password itself can be strong, but when you've got a site that provides recovery questions like "Where were you born?", what are we to do? The clever approach would be to have an answer scheme that isn't guessable via public knowledge, but also something you can remember if you need to use it. There's a difference between "fucking dumb" and not being aware of weaknesses in web service authentication schemes.

Re:Wake up call

[rtaylor]

Yes.

It's still breaking and entering even if the door is wide open.

Re:Wake up call

[pclminion]

Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

On the contrary, guessing a password is a truly classic hack. What is more of a "real hack" from your perspective? Downloading and running a cracking script? To guess a person's password from information publicly available about them is a prime example of security-oriented thinking.

The best hacks are tailored precisely to the circumstances.

Re:Wake up call

[stdarg]

As illegal as breaking and entering into someone's home and stealing photos from a bedroom safe

I don't think it's as illegal as that. If someone breaks into your home and goes into your bedroom, that's scary not just because they stole your photos or money, but they could have easily run into someone and had to decide -- do I attack this person, do I turn this burglary into a rape, do I leave witnesses, etc.

I just looked up common sentences for burglary, and found an article that discusses burglary laws in New York (http://criminal.findlaw.com/criminal-charges/burglary-penalties-and-sentencing.html ). As I suspected, the main differences between degrees of burglary are whether it was a dwelling where someone lives and whether a weapon was involved. Both combined is first degree. One or the other is second degree. Neither (breaking into a store for instance) is third degree with a maximum sentence of 7 years. Hacking a phone should be the LEAST serious of any of those, really a fourth degree.

The reality is that hacking isn't that bad.

Re:Wake up call

"Illegal wiretapping gave Mr. Chaney access to every email sent to more than four dozen victims, and allowed him to view their most personal information," said US Attorney Andre Birotte Jr.

Gosh that sounds a lot like, "Illegal wiretapping gave the federal government access to every email sent to more than forty million victims, and allowed them to view their most personal information." Nobody went down for that one, though.

Re:Wake up call

[rk]

I have a made-up narrative for an alter ego where I know all the answers to those questions (e.g., what's your mother's maiden name?) and I use those answers instead of the real ones. So you can do all the research you want on me, and you'll get wrong answers for those questions. But I'm weird that way... :-)

Re:Wake up call

[DrgnDancer]

You are correct. The article states that he could have gotten 121 years if he'd been convicted on all 26 counts he was indited for. Real world third degree burglary adds up too when you've broken into a couple dozen stores. If the information in the article is correct, it looks like the average maximum sentence for each indictment is around 4.5 years, so 2.5 years less than you say for third degree burglary. It's just that he did it lots and lots of times. Sounds like he got off pretty easy, about 3 months per count.

Re:Wake up call

[dav1dc]

But it is the lowest form of hack. ^_^

Re:Wake up call

[bill_mcgonigle]

I admire your creativity, but for normal mortals:

Q: What's your mother's maiden name?
A: qU$%3HHr28k4

OK, that makes me somewhat dependant on LastPass, but that's a somewhat smaller risk than outlined in TFS.

Re:Wake up call

[locopuyo]

I think it is more like opening someone's snail mail box and photocopying all of their incoming and outgoing mail which included dirty pictures. Illegal, but not nearly as bad as breaking into a house and stealing items.

Re:Wake up call

[TheCarp]

Yes but.... if he broke into her home, stole physical photos, and released them.... most people would easily consider it as much, if not more, of a violation.... but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.

Now, that isn't condoning what he did, clearly he was wrong, hell, I even called into question whether that FBI dad who tracked down the pedophile principal had overstepped ethical bounds by reading the reports in the first place. However, the punishment, if there is to be one, should not be out of proportion with the crime....

This puts him away not just longer than someone who commited a nearly identical crime by different means, it puts him away longer than many violent criminals who actually physically harmed people.

Hell, he will likely do more time than Whitey.

Re:Wake up call

[Tsingi]

Yes but.... if he broke into her home, stole physical photos, and released them.... most people would easily consider it as much, if not more, of a violation.... but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.

10 years is a fucking joke. Bankers destroyed the world economy and no one, except Iceland, charged any of them. There is no justice.

Re:Wake up call

[Alphadecay27]

The article states that he stalked two non-celebrities for more than 10 years. It's a lot more creepy than just some guy wanting to see celebrity boobies.

Re:Wake up call

[negRo_slim]

Further proof celebs are fucking dumb.

Oh for real Sherlock? You mean high-social-value individuals were fucking idiots for taking nudes and racy images of themselves when they know there are literally millions of people that want them... I think they should of given the guy a slap on the wrist as a warning against being a fucking moron.

Re:Wake up call

[ArhcAngel]

Many of the sites I deal with have those questions as well. The difference being if you answer them correctly they send a link to my email address on file. So unless you have already hacked my email (and made sure my phone isn't receiving email) then you still can't access my accounts.

Re:Wake up call

[chargersfan420]

Yes, exactly. We can't compare this to breaking into someone's "home". In the case of Mila Kunis and her cellphone, maybe. But if you're breaking into, say, hotmail servers by guessing a password, that is more apt to trying to pick a lock on a locker in a public place, like a train station. It's still theft, but it sounds much less serious than actually breaking into a residence.

Re:Wake up call

[interval1066]

The reality is that hacking isn't that bad.

Hacking isn't bad. Malevolent hacking is bad. When I was growing up my grandmother, bless her saint-like soul, taught me about right and wrong. She used to take me and my sister for walks and point out the various caterpillars and other insects, show us how to tell time by the position of the sun, how to make butter, all that crap. On one walk we happened to see a beautiful custom '71 Camero with the key in the ignition, and no one else around. I said "Geeze g'ma, some one could just drive off with that beautiful car!" and I put my hands on the driver side window and gawked at the situation. And she said while that was true, and the owner was foolish, it was never-the-less not my car and threw my arms off the window. I said "we should find the owner and tell him/her about the key" and she said she liked where my mind was at but we should keep walking as it was none of our business. I thought about that day for years after and come to the realization she was right in many ways. One of the biggest lessons I learned from her was that just because you can do something doesn't mean you should do it. One of the best realizations of adulthood for me was realizing when I should do something and when I shouldn't. Its an inner moral thing. I've been around "adults" who act like when there is an opportunity to act/do something, they should do it. When I witness that stupid shit I just shake my head.

Re:Wake up call

[runeghost]

Some animals are more equal than other animals.

Re:Wake up call

[bws111]

Most people would not compare a single case of physically breaking and entering with 26 cases of what he was charged with (he pleaded guilty to 9). And I don't know why breaking into the house would be considered more of a violation (unless the house was occupied at the time).

So now the question becomes: would someone who was found guilty of breaking into nine houses face nearly the same jail time? Absolutely.

Re:Wake up call

[CanHasDIY]

I think it is more like opening someone's snail mail box and photocopying all of their incoming and outgoing mail which included dirty pictures. Illegal, but not nearly as bad as breaking into a house and stealing items.

Tampering with the mail is a federal offence, that carries fines of $10,000 - $25,000 and up to 3 years in prison per offence.

The difference is, having your mail read doesn't feel like as much of a violation as having your home and belongings rifled through, but from a punitive standpoint, they are pretty much one and the same.

Re:Wake up call

[SternisheFan]

"The reality is that hacking isn't that bad."

Then I should have the right to break into your car and take what I want, because I know how to work a rock that can break your window. Hacking is criminal for a reason, and the courts are catching up to proper sentences for tech crimes. This is a high profile case, which will usually get a longer sentence to discourage others. Hey, IMO murder should be life w/o parole every time, but some get out after a couple years. Justice isn't always equal. And this sentence is meant to 'send a message' to any future hackers to not do the crime if you can't do the time. Ask Michael Douglas's son how much fun jail is...

"Michael Douglas' son had his leg and finger broke in prison, according to the Huffington Post. Cameron Douglas is serving a nine-and-a-half year prison sentence on drug charges. The 34-year-old is recovering from his injuries after a New York crime boss reportedly put a $100 bounty on his head. According to the New York Post, getting beat up is payback for Douglas being a "rat," a title he may have earned after his psychiatrist accidentally revealed Cameron once testified against his drug suppliers. Nice one, doc. "He broke his femur, which is hard to snap, and had to have a rod inserted," an anonymous source told the Post. "He told health services staff that he hurt them playing handball. You don't break a femur playing handball." Maybe if you're playing with a cannon ball." http://www.mercurynews.com/entertainment/ci_22215182/hicks-michael-douglas-son-allegedly-beat-up-prison

Re:Wake up call

[bws111]

So third degree is max sentence of 7 years PER COUNT. He pleaded guilty to 9 counts, so in actuality he got a little over a year for each offense.

Re:Wake up call

[viperidaenz]

Where I come from, no. They'd get 9 sentences, all served concurrently. Basically, if you're a criminal, there's no extra jail term if you do something ten times or one hundred times.

Re:Wake up call

[defcon-11]

What if the security questions you're answering are for your email account? Gmail and others have options for 2 factor auth, where a text is sent to your phone, but it's usually entirely optional.

Re:Wake up call

[PRMan]

Didn't you hear? Animal Farm is about Russia, not America. ;)

Re:Wake up call

[GodInHell]

Except that the gov't could confiscate the photos out of your gmail box without a warrant. ... so the parallel only seems to apply when it involves some poor schmuck embarrassing wealthy beautiful people.

Re:Wake up call

[viperidaenz]

Unless I get the answers to your questions from Website A and use them on Website B, your email and your dropbox, full of nudie pix.

Re:Wake up call

[seepho]

So if you wrote and executed the trojan from "Superman 3" you'd concurrently serve a few million eight second sentences?

Re:Wake up call

[SternisheFan]

Except that the gov't could confiscate the photos out of your gmail box without a warrant. ... so the parallel only seems to apply when it involves some poor schmuck embarrassing wealthy beautiful people.

And that wouldn't be 'fair', would it. Lemme' clue you into a little factoid, life 'aint fair and neither is there always equity in the justice system. There are lots of guys doing time in prison saying, "But it's not fair! that I got a longer sentence. My crime wasn't as bad!" And you know what, he's still gotta complete his sentence living every day in fear for his life and well being until the day he gets released. Cameron Douglas is doing 9 and a half years on drug charges, and he's the son of one of the most famous actors in the world, and he just got seriously injured from a jailhouse hit. The lesson is, know the law, then don't be an asshole that breaks that law, whether you agree with that law or not. Or take your chances, spin that wheel and hope you won't get caught. It's your life, not mine your gambling with. What you think is right and what's reality in present day life aren't the same. Be smart or be in jail,(or worse).

Re:Wake up call

[mabhatter654]

Was it a hack when somebody used a whistle from a Captain Crunch box?

Re:Wake up call

[mabhatter654]

It puts him away WAY longer than when (MyFaceInstaHipsterGmail) "accidentally on purpose" puts your pics marked private up for sale.

Kid needs to get in the social media market.... Like that company selling "short term" photos that automatically delete... You KNOW they gotta be keeping copies!!

Re:Wake up call

[mabhatter654]

If the pictures had as much security as a postcard.

Re:Wake up call

[viperidaenz]

http://www.safe-nz.org.nz/cumulative.htm

Re:Wake up call

[s0nicfreak]

Except it's more like the pictures were in Mila's backpack when she went to the library, and while Mila wasn't looking he made copies of the pics using the library's copier and put the originals safely back in her backpack...

Re:Wake up call

[s0nicfreak]

If you can break into my car and make exact copies of the stuff inside without depriving me of those things, and then put the window back exactly as you found it - have at it.

Re:Wake up call

[geekoid]

Ye she was. Just like hacker dumnpoter diving.

You're problem is that you have put some emotional bond on the term and now keep apply the Scotsman fallacy.

Re:Wake up call

[SternisheFan]

If you can break into my car and make exact copies of the stuff inside without depriving me of those things, and then put the window back exactly as you found it - have at it.

Thanks, where do you park?

I would still be committing the crime of b&e, breaking and entering, for which you would have the legal right to prosecute me for. First I'd need to obtain a notarized statement from you saying you allow me to do these things. Without that statement from you, it'd still be illegal.

And the pics and videos of you and your wife/girlfriend in various stages of undress (performing certain acts) that I copied from your car and posted them on the internet, that's okay with you too, right? Just asking.

Re:Wake up call

[geekoid]

Becasue:
A) its a danger to the person whose home he is in.
B)The closer you are to the source of the crime you commit, the less you respect that person.
C)Having someone poke around in your computer is different then their physical presence in your home.

And no,. tyhat
And I don't care if he broke into 900 accounts, this punishment is a waste of money, and too much.
No one was personally at risk. nor did they have the perception that they were at risk of physical harm.
How about he spend weekends teaching computer safety and usage for 2 years? It seems that would help society, be a fine punishment, cost less, and be enough trouble as to act as a deterrent.
Putting him in jail will just mean he won't get a good job, want payback to society, and is more likely to commit more violent crimes after he gets out.

Welcome to the privatization of prisons. where locking people up as long as possible for the thinnest of reason mean more profit.

Re:Wake up call

[SternisheFan]

Yeah, but this guy did more than even a 'harmless' hack. They got him on wiretap laws, personally calling and harassing the victims... A simple harmless hack wouldn't get you that much time. Not right now, but laws may get changed in the future, and that might make a harmless hack that invades someones expectation of privacy into a felony, if it isn't one now (IANAL).

Re:Wake up call

[Americano]

but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.

You can doubt it all you want, but the laws say otherwise. If he broke into her house, stole the photos, and did this, here's the type of laws (and punishments) he'd be facing:

Mass General Laws, Chapter 266, Section 15:

Whoever breaks and enters a dwelling house in the night time, with the intent mentioned in the preceding section, or, having entered with such intent, breaks such dwelling house in the night time, the offender not being armed, nor arming himself in such house, with a dangerous weapon, nor making an assault upon a person lawfully therein, shall be punished by imprisonment in the state prison for not more than twenty years and, if he shall have been previously convicted of any crime named in this or the preceding section, for not less than five years.

That's ONE COUNT of *unarmed* breaking and entering, with *no assault on the occupants,* nor arming himself inside (e.g., picking up a baseball bat to beat the shit out of the occupants. That'll get you up to 20 years. Previous convictions will guarantee you at least 5 years.

Mass General Laws, Chapter 266, Section 18:

Whoever, in the night time, enters a dwelling house without breaking, or breaks and enters in the day time a building, ship or motor vehicle or vessel, with intent to commit a felony, no person lawfully therein being put in fear, shall be punished by imprisonment in the state prison for not more than ten years or by a fine of not more than five hundred dollars and imprisonment in jail for not more than two years. Whoever commits any offense described in this section while armed with a firearm, rifle, shotgun, machine gun or assault weapon shall be punished by imprisonment in the state prison for not less than five years or by imprisonment in the house of correction for not more than two and one-half years.

Do it *just once* during the daytime, while unarmed, and you'll get "up to 10 years", or a $500 fine + up to 2 years. Do it with a weapon, and you'll get at least 5. Now consider that he attempted, or succeeded at, "breaking and entering" multiple times, and also took (and distributed) stuff which was not his to take (and distribute). This puts his punishment VERY MUCH in line with somebody doing "a nearly identical crime by different means." Most property crimes will get you 2-20 based on the severity, with a past conviction getting you a mandatory minimum of 5 in a lot of cases.

Re:Wake up call

[Americano]

In Massachusetts, as an example, A single offense of breaking and entering could easily get you 5-20 years in prison, depending on the time and circumstances. Even if you serve them concurrently, you're still serving 9 x 5-20 years.

And prior convictions will make for a mandatory 5 year minimum; "doing something ten times or one hundred times" will absolutely increase any penalty you can expect to receive, as well.

Re:Wake up call

[viperidaenz]

If you serve 9 5 year sentences concurrently, you're free in 5 years.

If you're in New Zealand and you kill someone, its worth your while to kill all the witnesses. If you get caught, you'll serve your 17 year life sentences concurrently but without witnesses, you're less likely to be caught. You may as well rape your victims before (and after) you kill them too, since you'll still get out of jail at the same time anyway.

Re:Wake up call

[Americano]

Hmm... my notation wasn't very good, on second read. Please read "9 x 5-20 years" as "9 concurrent 5-to-20 year sentences."

The point was mostly that you could easily get 9 concurrent 5-20 year sentences that would put you in jail for 10 or more years, to the original question of, "if this guy broke into somebody's house, would he have gotten this severe a punishment?"

For a single incident, the penalty can easily run 5-20 years (depending on circumstance & your past conviction record). Even if you served the sentences concurrently as you point out, it'd be completely within the bounds of legal possibility to see the guy handed 9 concurrent 10-year sentences for breaking into 9 houses. B&E can get you a lot more jail time than many here seem to think, and 10 years for this sort of a crime is really not that out of the ordinary.

We can certainly dispute whether 10 years is warranted for a single count of B&E, and how well B&E maps to what this guy did... but if we're using "doing the same thing at somebody's house" as a guide, 10 years is completely within reason.

Re:Wake up call

[ceoyoyo]

Ah, I just use my favourite celebrity's answers. That way it's easy to remember.

Re:Wake up call

[ArhcAngel]

I have no sympathy for you if you forget the password to your email...

But since you asked I have multiple email accounts which are on file with one another.

Re:Wake up call

[19thNervousBreakdown]

Yeah, didn't consider that. Geez. A good point from an AC. What the hell happened to /.?

Re:Wake up call

[ganjadude]

no, i get what he is saying. "what is your mothers name" jane doe" instead of debbie smith" if you remember your "fake" info, than its no big deal, and its not easy to guess for others

Re:Wake up call

[SternisheFan]

For something this minor, one year would've been sufficient. Maybe also slap him with some fines and community service and what have you to really drive the point home that people's privacy, celebrity or not, shouldn't be violated like this.

10 years is just going to turn the "hacker" into a hardened criminal by the time he finally gets out.

Also, who thinks he only got this harsh of a sentence because the victims were celebrities? *raises hand*

Why does the IRS go after celebrities? It is higher recognition, more people will hear about it, more people will know they will be harshly punished if they cheat on their taxes. Overkill for this hacker? May be he got made into an example to others.

Re:Wake up call

[farble1670]

Welcome to the privatization of prisons. where locking people up as long as possible for the thinnest of reason mean more profit.

and they love prisoners like this. non-violent, non-gang, he'll probably do his time quietly and without problems while they collect their payout.

Re:Wake up call

[farble1670]

If you can break into my car and make exact copies of the stuff inside without depriving me of those things, and then put the window back exactly as you found it - have at it.

oh you mean like your credit card information, your medical records, your tax return, and that picture of you having sex with the night cleaning person on the desk of your high-paid job?

didn't think that one through to well did you?

Re:Wake up call

[viperidaenz]

B&E is completely different though. If I burn my hand trying to open the back door of someones house because some snot nosed little kid put a heater on it, expect to be sued.

Physical property and information are not the same thing.

Re:Wake up call

[Americano]

Which is why I said, "we can certainly dispute [...] how well B&E maps to what this guy did..."

I'm not the one who proposed the "rob someone's house," parallel - I'm simply pointing out that ten years in prison for a conviction (or guilty plea) for robbing 9 different houses is certainly not unusual, extreme, or impossible, under very real laws as they exist today.

And frankly, I don't think there's a huge difference from a daytime, unarmed B&E - those laws specifically talk about "lawful tenants not being put in fear" - and in the case of the computer access, he wasn't armed, he didn't "put anybody in fear," but he certainly accessed property he had no reason or right to access, with malicious intent, and in fact acted on that intent. It's not a perfect parallel, but it's certainly not that big of a stretch, either - it'd be akin to breaking in and stealing their TV while nobody was home during the day.

Re: Wake up call

[circletimessquare]

You spelt sycophants wrong

The correct spelling is sickopants

Re:Wake up call

[s0nicfreak]

What kind of idiot keeps those things in their car? Why would I care if you copied those things anyway? And yes I would actually like you to copy the pictures, as I did not know they existed, nor that I had a high paid job - I'd like some evidence to help me find where the money has gone.

Re:Wake up call

[s0nicfreak]

Yes, if I took such pictures, then the reason I would have taken them would be so that they could be looked at.

Re:Wake up call

[farble1670]

have you ever had to transport documents? have you ever forgot your wallet in your car? but you're right, things like that never happen.

Re:Wake up call

[si618]

10 years will give him time to wonder if maybe he shouldn't play like some kind of untouchable omnipotent God at a keyboard. I look forward to hearing of more tough sentences in the future.

Compare to the recent settlement where HSBC laundered billions in drug money and no-one will be charged.

What a messed up country; a guy gets 10 years for cracking accounts and posting pictures of boobies, and corporations actively participating on the wrong side of the "war on drugs" get off with a few weeks lost income for the share holders, yet those who facilitated do not get charged. How pissed off would you be being locked up for a few grams of dope and reading about these guys getting no personal penalty for laundering drug money for tonnes of hard drugs!

Re:Wake up call

[SternisheFan]

He rolled th dice and they came up badly for the guy. People are in jail for things I wouldn't agree are fair lengths of time. This guy did more than just post boob pics, he harassed by phone, broke interstate wiretap, and was made an an example of. He'll get out sooner, if he survives prison, no guarantee of that. But, if you don't want to be one of those people in jail crying, "I shouldn't be here!" then don't break laws. No sympathy for this guy here.

how many years in prison

did Rupert Murdoch and his son get?

Re:how many years in prison

[Jeng]

It makes a bit of sense that if you pay the police to give you access to the accounts that you probably will not be arrested for it.

So yes, if Rupert Mudoch was sitting at his PC guessing, passwords instead of paying the police to, he could very well be in jail.

Re:how many years in prison

[wonkey_monkey]

What crimes has Rupert Murdoch committed?

Don't put things online you want to keep private

[jdray]

I'm not quite clear why anyone thinks that putting things online in any capacity is safe from prying eyes, particularly if they're a celebrity. I don't defend the actions of these "hackers" (pfft), but the photo owners should be smart enough to take some precautions or find someone that can help them do it.

10 years does not fit the crime

[jdastrup]

10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.

Re:10 years does not fit the crime

10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.

Maybe Child Molesters and Murderers should go to prison longer.

The real question is would someone who leaked pictures of an Ex get the same?

Re:10 years does not fit the crime

[Spy+Handler]

he got additional years for being stupid. He should've known that in this society (and just about every society), crimes committed against the rich and famous are punished far more severely than crimes committed against the riffraff.

Even the gangbangers know this, they prey on lowly people in their own ghettos most of the time.

Re:10 years does not fit the crime

[The+Living+Fractal]

Ten years seems excessive, yes, but I'm sure he'll get out in a couple years or so if he's a non-violent inmate. Read more about what he did... it's quite a laundry list of abhorrent behavior.

Re:10 years does not fit the crime

[ShanghaiBill]

10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.

Child molesters and murders get less time because their sentences are reduced on appeal, they get time off for good behavior, or they are released early by parole boards or to reduce overcrowding. The same will happen to this guy. It is unlikely that he will be in the slammer for more than two or three years, and likely even less than that.

This is actually a good system, because the headlines show the initial (phoney) sentence, which has a deterrent value by scaring other potential perps, but we don't actually incur the expense of imprisoning them for anywhere near that long.

Re:10 years does not fit the crime

[fredprado]

I do agree that 10 years is already too much for the offence, but it is even worse. He pleaded guilty to get only 10 years. He could face 121 years. THAT is absurd.

Re:10 years does not fit the crime

[Sperbels]

Well, you see, Scarlett Johansson's ass is copyrighted. So the MPAA is probably setting the sentence.

Re:10 years does not fit the crime

[Zemran]

He should have burgled the houses, and raped the nannies while he was at it, to steal physical photos... He would have got less time. He could have even murdered a couple of guards and got less than 10 years.

Re:10 years does not fit the crime

[gstoddart]

10 years is a ridiculous amount of time to be in prison for something like this.

Well, he could have been facing a lot worse.

Chaney pleaded guilty in March, in a deal with prosecutors. He could have been jailed for up to 121 years if convicted on all 26 indictments he was originally charged with.

It's a steep sentence, but I have no sympathy for him -- nor more than I would for spammers, con-artists, or crooked politicians.

It's not like he could be under any illusion what he was doing was ever legal.

Re:10 years does not fit the crime

[jythie]

I would wager no. Just like the justice system is different depending on who you are, it is different depending on who your victim was. If this person was hacking the phones of a bunch of nobodies (even 14 year old ones) the FBI probably would have just filed the complaint and gone back to other cases.

Upset someone important though and all of a sudden resources materialize and harsh sentences are 'appropriate'.

Re:10 years does not fit the crime

[denis-The-menace]

Child molesters and murderers will get more time if their victims are famous or rich.

If the victims are not connected or wealthy, then Child molesters and murderers get a slap or are ignored.

Re:10 years does not fit the crime

[alen]

121 years if he was found guilty of every count and sentenced to serve consecutively. chances are the sentence would be concurrently for all counts and it would be a lot less

Re:10 years does not fit the crime

[couchslug]

OTOH its a nice way to remind other people to stay the fuck out of systems which do NOT BELONG TO THEM.

Re:10 years does not fit the crime

[TheCarp]

> This is actually a good system, because the headlines show the
> initial (phoney) sentence, which has a deterrent value by scaring
> other potential perps, but we don't actually incur the expense of
> imprisoning them for anywhere near that long.

Hmmm in theory anyway. In practice, there is evidence that harsh sentances do not actually translate into significant deterrance.

A much stronger effect is seen by increasing the percieved likelyhood of gettin caught.

An excellent book that talked of this was "More Sex is Safer Sex", that has a whole chapter on this effect, using LoJack as their example... claiming a 20% drop in car thefts for every 1% increase in cars with LoJack....with no increase in penalties (threatened or otherwise).

People are FAR more afraid of getting caught than the penalty.

Re:10 years does not fit the crime

[i+kan+reed]

U.S. almost never does concurrent sentences.

Re:10 years does not fit the crime

[Desler]

murderers get less time.

This is not true at the Federal level (which this case was). 1st degree murder is mandatory death or life imprisonment. Second degree murder is no less than 10 years up to life imprisonment.

Re:10 years does not fit the crime

[nschubach]

Well, he would have had to burgle many houses and probably killed/raped many nannies to get all the celebrity photos so I think as a serial rapist/murderer he might have seen more time.

Re:10 years does not fit the crime

[DaveV1.0]

If someone did what this guy did to you and/or your girlfriend/wife and/or your daughter(s), what sentence would fit the crime?

Re:10 years does not fit the crime

[betterunixthanunix]

No, it sounds like a nice way to remind people that the rich, famous, and well-connected are exempt from the rules of life. These celebrities know that their naked photos are high sought after and in some cases worth millions -- so why do they not taken the most basic precautions, like encryption? For most of us "little people," insurance policies won't pay out if we don't lock our doors -- why makes these celebrities so special that they should play by a different set of rules?

Re:10 years does not fit the crime

[nbauman]

I thought so too until I read this:

http://www.vancouversun.com/entertainment/Hollywood+hacker+that+posted+nude+photos+Scarlett+Johansson+sentenced+Monday/7708693/story.html

Chaney also targeted two women he knew, sending nude pictures of one former co-worker to her father.

The women, who both knew Chaney, said their lives have been irreparably damaged by his actions. One has anxiety and panic attacks; the other is depressed and paranoid. Both say Chaney was calculated, cruel and creepy.

When I hear movie and modeling celebrities giving these long stories about how their lives have been destroyed by having nude photos made public on the internet, I wonder whether that's what the district attorney told them they'd have to say to get a conviction. After all, how many of those celebrities would pose nude for Playboy or Vogue at a time when it would be good for their career?

However, distributing nude pictures of co-workers, who are private persons, is something else again, and sending nude pictures to a woman's father is the kind of outrageous behavior that can get the judge to throw the book at him. And it makes me lose a lot of sympathy for him.

Still, 10 years does seem harsh when compared to the sentences for violent crimes.

And how many years did Murdoch get?

Re:10 years does not fit the crime

[fredprado]

Even if the 121 years would be unlikely they would still be possible with it is an absurd on its own, and it is reasonable to infer from his choice that a much greater sentence than 10 years was likely enough for him to accept the agreement and take 10 years.

Re:10 years does not fit the crime

[westlake]

10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.

The geek's white collar crimes are likely to land him in a federal criminal court, This is never good news, because white collar crimes are a federal criminal court's bread and butter and the judge will have heard every lame excuse for mercy the geek has to make.

Punishment for Murder - Federal - Mandatory Sentencing

Second degree murder

Imprisonment for life or any term

Second degree murder by an inmate, even escaped, serving a life sentence

Life imprisonment

First degree murder

Death or life imprisonment

Military - Mandatory Sentencing

Murder under UCMJ Article 118 Clause (2) or (3)

Any legal punishment (other than death) as directed by the court-martial

Murder under UCMJ Article 118 Clause (1) or (4)

Death or life imprisonment

Murder (United States law)

Re:10 years does not fit the crime

[citizenr]

If someone did what this guy did to you and/or your girlfriend/wife and/or your daughter(s), what sentence would fit the crime?

You are counting on an emotional answer so your argument is flawed.

Re:10 years does not fit the crime

[CanHasDIY]

OTOH its a nice way to remind other people to stay the fuck out of systems which do NOT BELONG TO THEM.

Right, 'cuz if someone hacks your computer and posts sensitive information online, the FBI will of course go after those criminals with the same zeal as they did this fellow.

Just ask the hundreds of thousands of people who get their identities stolen every year.

Re:10 years does not fit the crime

[hackula]

Oh, well in that case it would be 50 life sentences served consecutively in Gitmo.

Re:10 years does not fit the crime

[hackula]

Anonymous Coward for President 2016! You have my vote!

Re:10 years does not fit the crime

[Quila]

I do agree that 10 years is already too much for the offence

The offenceS. He got 10 years for a crime spree consisting of 26 separate crimes. That's not bad.

Re:10 years does not fit the crime

[Stiletto]

He would have gotten far fewer years in prison simply breaking in to their houses and snapping the pictures himself in person.

Re:10 years does not fit the crime

[fredprado]

Considering the nature of those crimes, and the fact that all of them are related, yes it was bad. 10 years is far too excessive even for a thousand crimes of this nature.

Re:10 years does not fit the crime

[DaveV1.0]

No. I am pointing out that most people say "That is too harsh" until they or someone they love is the victim of the crime, then the punishment isn't harsh enough. It is not about an emotional answer. It is about hypocrisy.

Re:10 years does not fit the crime

[Slashdot+Parent]

The real question is would someone who leaked pictures of an Ex get the same?

I doubt it. Penalties for hacking are very stiff. Not sure what the penalty for posting a nudie pic is, but it's probably pretty light.

Re:10 years does not fit the crime

[Quila]

Four months per crime when years were possible, the judge was being nice. This wasn't the case of a hacker being railroaded for just perusing some systems he hacked into. There was malicious intent here, he invaded privacy and publicly distributed the results,

Re:10 years does not fit the crime

[fredprado]

Nope. The judge wasn't "being nice". The accused took a guilty plea bargain, because if he did not he would be facing a possible 121 years sentence, which is beyond ridiculous in this case (or in any case to tell the truth). That is how your justice system works. You intimidate the accused into forfeiting their constitutional rights of defending themselves with the threat of ridiculous sentences. It is why only 3% of those accused of anything in US actually go to trial.

Re:10 years does not fit the crime

[Quila]

Like they say, "If you can't do the time, don't do the crime."

Re:10 years does not fit the crime

[fredprado]

The problem is that even if you didn't do the crime you will still likely take the blame and do the time, because you just can't risk to defend yourself and get life if you lose. US has the highest number of prisoners in the World, considerably higher than China, which is a totalitarian regimen and has 4 times US population.

Re:10 years does not fit the crime

[Quila]

He did the crime. Case closed.

Re:10 years does not fit the crime

[fredprado]

It is far from closed. Did he commit the crime? How can you be sure if you "justice" system just condemn everybody it wants regardless of the guilt or innocence of the accused? And even if he did the crime the fact stands that 10 years is an abusive time and wouldn't happen in any other country, and I won't even comment on the 121 years possible sentence.

Re:10 years does not fit the crime

[Quila]

We both know he did the crimes. You just have a problem with the time.

Hacking (yes, this is a form of hacking), gaining unauthorized access in order to gain personal information and redistribute it. I think that deserves a few months.

Do it 26 times, that adds up. Hey, maybe Madoff shouldn't be in jail forever like he is. He only stole some billions of dollars, and that's only a multiple of thousands of dollars, for which you could just get community service. Why did he get a 100+ year sentence?

Pics

or it didn't happen...

Defense rests your honor.

Re:Pics

[BitZtream]

If you're too stupid to know how to find the pics online, you don't deserve to see them.

Have you heard of a search engine? Took me more time to type this than it took to view all of the pictures.

Re:Pics

[Zemran]

I am not surprised she was pissed off, they are really bad pics...

http://1.bp.blogspot.com/--YQnbGWJdps/TpfO7UrWrGI/AAAAAAAAHWE/-Zu5cw_6Sw4/s1600/ScarlettJohanssonNudeLeak2.jpg

Re:Pics

[newcastlejon]

Google Image Search not so recently started accepting images as search terms. You can either upload one, supply the URL or drag-drop depending on browser. It does a fairly good job of finding similar images.

I'm not going to bother linking to Google.

HSBC laundered money, execs lose/reduce bonuses

[RichMan]

Why does it seem there is one set of rules for the little people and another set for big business?

"HSBC executives brushed off complaints from other bank employees, so that the problems persisted for eight years, the report says.

In addition, some HSBC bank affiliates skirted U.S. government bans against financial transactions with Iran and other countries, according to the report. And HSBC’s U.S. division provided money and banking services to some banks in Saudi Arabia and Bangladesh believed to have helped fund Al Qaeda and other terrorist groups, the report said."

http://www.thestar.com/business/article/1227431--hsbc-laundered-billions-of-dollars-for-mexican-drug-cartels-senate-investigation-finds

"The penalty includes a five-year agreement with the US department of justice under which the bank will install an independent monitor to assess reformed internal controls. The bank's top executives will defer part of their bonuses for the whole of the five-year period, while bonuses have been clawed back from a number of former and current executives, including those in the US directly involved at the time."

Re:HSBC laundered money, execs lose/reduce bonuses

[DickBreath]

I think that this article about High Court versus Low Court justice will explain it for you.

Re:HSBC laundered money, execs lose/reduce bonuses

[KonoWatakushi]

Why does it seem there is one set of rules for the little people and another set for big business?

Here you go: With Liberty and Justice for Some. Aside from the book, Glenn Greenwald has a lot of interesting insights at Salon, and now writes for The Guardian.

Re:HSBC laundered money, execs lose/reduce bonuses

[CanHasDIY]

Matt Taibbi is a fucking American Hero.

That is all.

information wants to be free!

[larry+bagina]

These celebrities should open source their privates and make money by selling support contracts.

Re:information wants to be free!

[BMOC]

I think most celebrities do have a open-use policy on their nether regions, but retain the rights to body-mod to themselves. To be precise, I think they're more like 10-day trial shareware.

U.S. is crazy

[fredprado]

Seriously. The guy did deserve to go to jail, but 121 years?!!! And he pleaded guilty to get "just" 10 years? It is no surprise U.S. prisons are full and U.S. has the highest number of prisoners per capita in the World...

Re:U.S. is crazy

[Fallingcow]

Our justice system only works (for certain definitions of "works") because we threaten insane sentences to force less-insane plea bargains.

We can't afford to have more than a tiny number of cases go to trial, or the system would break down. Not enough money, not enough judges, not enough lawyers.

Re:U.S. is crazy

[theNetImp]

Each hack is a different crime. Each crime has a minimum sentence. The rest is math. Most countries are no different.

Re:U.S. is crazy

[fredprado]

Most countries don't add multiple sentences to be served sequentially in this way. Furthermore most countries have a maximum total time for sentences. Here in Brazil, for example, it is 30 years. 121 years in prison is basically a death sentence, and in many ways it is even worse than it.

Re:U.S. is crazy

[fredprado]

The collateral effect is that many people will accept the bargains even if they are innocent, because not doing it is risking too much.

Re:U.S. is crazy

[Hatta]

Not only that, but less than 3% of defendents in federal court exercise their right to trial. The sentences are simply too high to risk going to court, even if you're innocent. Plea bargaining amounts to nothing more than punishing people for exercising their constitutional rights.

I mean really, 97% plead guilty. When was the last time the government was 97% accurate at anything? You'd be generous if you supposed they were 90% accurate, in which case 7% of the federal prison population would have been unjustly imprisoned.

Of course, the justice department keeps no statistics on failure rates. It's barbaric.

Re:U.S. is crazy

[fredprado]

Yes, for these exact motives you point plea bargaining shouldn't be legal at all. It is basically legally intimidating people from using their constitutional rights.

Idiot

[Dyinobal]

The idiot he should of just laundered money for al-qaeda.

Re:Idiot

[PRMan]

You forgot the most important part:

The idiot he should of just laundered money for al-qaeda, while working for HSBC bank.

Have we completed the road to serfdom yet?

[BMOC]

Because this really seems like the elite beating down a serf for daring to see the princess naked.

Re:Have we completed the road to serfdom yet?

[kc67]

I've seen the preview, I can't wait for the movie. :)

Re:Have we completed the road to serfdom yet?

Bottom line is that the guy would have gotten a slap on the wrist for posting nude pictures of you, if you could have even gotten the police to care enough to file a report. In a system where you are entitled to only so much justice as you can afford, is is ill-advised to target the wealthy; save your crimes for the poor.

Re:Have we completed the road to serfdom yet?

[DrgnDancer]

Not really true. I know normal people that his sort of thing has happened to and the perpetrators went to jail. Maybe not for ten years, but remember that this guy was charged with 26 counts. He did this to *a lot* of people. Surprisingly enough you go to jail for a longer time when you rob four stores than when you rob one store.

Re:Don't put things online you want to keep privat

[w_dragon]

He got into their email and looked at old messages. I think it's safe to assume they were using some form of webmail, which means that their email was stored online.

Re:Don't put things online you want to keep privat

[gfxguy]

Why is it safe to assume they were using webmail? All of my mail accessed on the web through a web interface, but that doesn't mean that's how I access it. The summary clearly states he hacked their phones, and accessed their email and devices.

Not in my state

[Sycraft-fu]

I don't know about your state but here it is pretty lengthy. Second degree murder has sentences that range from 10-20 years provided it is an isolated offence. If you already have convictions of certain types, it can be 25 years, or more. First degree murder is a life sentence or the death penalty. In cases of life, sometimes parole can be allowed, but not before 25 years and then it is still discretionary.

Something else you seem to forget is that he is charged of multiple crimes. You don't get to lump crimes together and claim "Well it was the same sort of crime, so it only counts as one." If you rob a store, then go rob another store, then go rob another store, you'll be charged with 3 crimes and each carries its own sentence. What's more, when you commit multiple crimes often you are eligible for more strict sentences (as noted with the murder thing earlier).

If you disagree with the individual charges fair enough, but please stop with the hyperbole.

Re:Not in my state

[dissy]

It looks like the multiple charges (26 specifically) totaled up to 121 years of prison time.
That would require 5x 1st degree murders in your state to bring the minimum 25 years up to that amount, or 6-12x 2nd degree murders for the same.

He plead guilty to avoid getting the entire 121 years total, in exchange for serving only 10 years for all counts combined.

So if you use the time sentenced on a per-charge basis then that comes to a little over 4.5 years of prison per charge, which is in fact less than what a murderer would get.

But looked at another way, two counts of this form of "hacking" is still equal to a second degree murder in the best of situations. Guessing "12345" as a password twice is equal to depriving a person of their life in the heat of the moment (Minus the 4 month rounding error)

Re:Not in my state

[TheCarp]

> Something else you seem to forget is that he is charged of multiple crimes. You don't get to lump
> crimes together and claim "Well it was the same sort of crime, so it only counts as one." If you rob a
> store, then go rob another store, then go rob another store, you'll be charged with 3 crimes and each
> carries its own sentence.

while I totally get what you are saying, i also feel that there is a problem with this thinking. It kind of assumes that each incident was a totally distinct decision, separate from his decision to rob stores in the first place. It seems based entirely on the minutia of the harm caused, and not any measure of continued danger to society or the possibility of reform.

Lets say, for the sake of argument, we had a clear rule where each store got him 1 year. Do we really think that a person who robs 6 stores will not be adequetly punished with the same punishment as one who did 3? Can we really say that one who robbed 12 needs twice as long? Why? Is this just a matter of making it feel right? Or is this about deterance and reform?

I just seems like you end up with cases like this..... with people doing 10 years because of the linear addition of charges, rather than because of any real belief that keeping him away for 10 years will either be required for his reform, or required to protect the public.

Or to bring in another thought.... a while back I read an article by a local prosecutor about why we needed to expand hate crimes to include the homeless. His argument centered around a pair of young men who beat a homeless man within an inch of his life, totally gratuitously. No heated disagreement, no torrid personal motives, no theft....they just wanted to beat a homeless man.

The problem, as the prosecutor saw it, was that these men got all of a few months in prison, because there were not enough laws to stack on charges. It wasn't in someones home, there were no items to be stolen, he wasn't black, or gay..... so these guys got off very very light.

What struck me was that.... violent crimes can so easily get off with light sentances, but, the solution is somehow to...create new classes of protected people to use for increasing charges? Huh? How does that follow? Shouldn't it just....be a worst crime to violently beat someone?

I mean, I am all for going easy on people in some situations, younger people, people who got in bar fights etc.... but...the idea that you can't differenciate between that and two guys mercilessly beating a defenseless man for sport just seems shortsighted and disingenuine. It seems like there has to be a better calculous to use here.

Re:Not in my state

[Sycraft-fu]

That is why prosecutors and judges will consider the nature of the offences in sentencing and pleas. Often, they'll be offered the ability to serve the sentences concurrently, as in at the same time effectively reducing the time served.

The thing is each incident IS separate, a separate person is wronged. It really isn't fair to say to someone "Well you were just one in a string of crimes so we aren't going to punish the person for their crime against you. Sorry."

Also there's the concept of justice that you deserve more punishment if you are a habitual/career criminal. You break the law once, ok maybe not a big deal. Maybe you didn't understand, or had a moment of weakness or something. You do it time after time, well then you clearly you just don't give a fuck.

Like they didnt want it to happen

[JustNiz]

I consider the real sickness here is the wierdness that is the mind of apparently most Hollywood stars.
I mean why do they apparently all carry nude pictures of themselves on their phones? Especially even knowing that phones can be hacked.
I can smell the Paris Hilton effect in action.... There is no such thing as bad publicity.

Re:Like they didnt want it to happen

[BMOC]

The sickness is called "Ego", it's incurable, and they all have it. Worse still, they have invented an infection path via reality television which they use to spread this epidemic of narcissism to the rest of the planet

Re:Like they didnt want it to happen

[Zero__Kelvin]

"I mean why do they apparently all carry nude pictures of themselves on their phones?"

Because they hope the phone will be "hacked" and the pictures posted online, thereby generating a great deal of publicity for them.

Re:Like they didnt want it to happen

[bad-badtz-maru]

They are in Hollywood working in a visual medium. It shouldn't be a surprise that they would have an above-average concern in how they look and that they also
might exchange visual information with each other with more ease than you or I might be accustomed to. That doesn't mean they want that information to travel beyond their peers.

Re:Like they didnt want it to happen

[xeromist]

Who knows? I can't relate because I'm not compelled to take naked pictures of myself. Perhaps if I had that frame of mind I'd also want to keep them on my phone? Maybe they think pictures are safer on a mobile than on a desktop computer connected to the Internet? *shrug*

Re:Like they didnt want it to happen

[Stone+Rhino]

Wow, this is a really hostile, cynical, and destructive attitude.

Seriously, you're blaming these people for engaging in a private activity that's fairly common? And you're saying this is some "weirdness" on their part? 1/3rd of teens have sent naked pictures to each other. Millions of people participate in everything from sending some cheesecake to a significant other to posting pictures publicly. You've never written an email or text message with personal information, or taken a risque photo, or engaged in some activity that you would prefer not being broadcast to the public?

I thought Slashdot was all about privacy rights, and protesting the abuses of email companies that would fold to the government, or social networks that would track without your consent. Suddenly, the victim of a privacy violation is the one at fault?

They don't lose their right to have private lives, and they aren't all cynical publicity-hounds. They've got their public lives, and they've got their private lives, just like the rest of us. They weren't 'leaking' a sex tape for the publicity, they were violated by someone who preyed on them. We all go to the bathroom sometimes, but it doesn't mean we were asking to have pictures of it posted to the web.

Re:Like they didnt want it to happen

[chrismcb]

I mean why do they apparently all carry nude pictures of themselves on their phones?

Because they are people too. You might be surprised at the number of people who have naked pictures of themselves on their phones.
If these people wanted the "Paris Hilton effect", they would actually leak the pictures. "ooops I accidentally sent that to the wrong person" not have it in a hidden folder that takes a hacker to find.

Re:Don't put things online you want to keep privat

[SternisheFan]

I'm not quite clear why anyone thinks that putting things online in any capacity is safe from prying eyes, particularly if they're a celebrity. I don't defend the actions of these "hackers" (pfft), but the photo owners should be smart enough to take some precautions or find someone that can help them do it.

People who aren't tech-savvy shouldn't get damaged because of it. Would you want your grandmother to have her social security money to get stolen from her, then tell her she deserves what she got? "Shoulda' been bhind a firewall Gramma! That'll learn you!" Sheesh!

open-source information

[jameson71]

What is with these announcements using the term "open-source information" when announcing "crimes" committed by using information that is publicly available? It used to just be called "public information"

Let's take a closer look...

[Frosty+Piss]

Seriously. The guy did deserve to go to jail, but 121 years?!!! And he pleaded guilty to get "just" 10 years? It is no surprise U.S. prisons are full and U.S. has the highest number of prisoners per capita in the World...

Maybe he shouldn't have been doing things that are clearly illegal, without much question creepy, and doing these things to "high profile" people to boot?

Perhaps society should be protected from creeps this fucking stupid?

Also, keep in mind:

The indictments against him included accessing and damaging computers, wire tapping and identify theft.

...So we're not talking about just a few celebrity nudes.

He then allegedly communicated directly with contacts found in the hacked email account's address list and searched the account for photos, information and other data.

To control the account, Chaney is alleged to have altered the email's account settings to go to a separate, unrelated e-mail address that he controlled.

After gaining complete access to the hacked account, Chaney then used the contact list to "harvest" new targets, according to the FBI.

Just a little "innocent" hacking of "rich people" who should have known better?

And, keep in mind that if he wasn't already doing credit card theft, it was probably in his "script kiddie" queue.

Re:Let's take a closer look...

[fredprado]

He may be a creep and, as I said, I think he deserves to be punished for it, but 10 years is too much time, no matter how you look at it. 121 years, on the other hand, is simply absurd and it is too much for ANY crime.

Re:Let's take a closer look...

[fredprado]

And that is exactly the problem with your country (and with you). You seem to have forgotten that there are minor crimes. And please, what the next step could be is irrelevant, because it never happened.

Re:Let's take a closer look...

[Threni]

Exactly. Even in America you only tend to get charged and tried for crimes you did do, not those you didn't do. I don't know, maybe this guy is black or poor or something.

Scarlet grainy pics uncensored

[Cito]

most sites have these watermarked or censored with black bars

- REDACTED

Re:Scarlet grainy pics uncensored

[nbauman]

Those are not particularly embarrassing pictures for a professional model.

Re:Scarlet grainy pics uncensored

Please don't post shortened links. This is not Twitter.

Re:Scarlet grainy pics uncensored

[ceoyoyo]

Sure they are. Nobody photoshopped out the zits.

Quit blaming the victim

[SirGarlon]

Stop blaming the victim. I've heard this so often, I'm finally going to snap. (Nothing personal.)

Make up your mind whether IT administration is easy or hard.

If it's easy, then the IT profession is perpetrating a massive scam and collecting fat paychecks for what is basically an easy job. I don't believe that, and I do not think you will find many people on Slashdot who support that position.

On the other hand, if IT is hard, then it's not fair to condemn non-professionals from being unable to do it. Rather than calling people "stupid" for not knowing things that we take for granted, we could actually try to promote public awareness and give people constructive advice.

Re:Quit blaming the victim

[maxwell+demon]

Make up your mind whether IT administration is easy or hard.

IT administration is hard. Coming up with a secure password is easy. Coincidentally I happen to know no single person who is paid for coming up with passwords.

I strongly doubt that many celebrities administrate their own servers.

Re:Quit blaming the victim

[oh_my_080980980]

It's fairly easy to encrypt naked photos that everyone has of themselves and stores on their computer....

Re:Quit blaming the victim

[UnknownSoldier]

Consider this, there is a third choice.

There are times where having too many policies causes bureaucracy. Conversely not having enough polices is insecure.

IT policies are constantly about balancing time vs security; that is short-term convenience vs long-term security.

i.e. When you use a good password policy schema and force people to use long passwords with X months of forced password changes people bitch that it is too cumbersome.

Re:Quit blaming the victim

[SirGarlon]

Vector integration is pretty easy, too, once you've got 12 years of mathematical preparation and half a semester of Calculus 201. That doesn't mean I expect celebrities to do it at home.

Re:Quit blaming the victim

[Hentes]

we could actually try to promote public awareness and give people constructive advice

What do you think he did? Pointing out that the people involved have made security mistakes is very different from putting all the blame on them (which he didn't do).

Re:Quit blaming the victim

[dbIII]

Behind many stupid rules is a story of trying to put a roadblock on idiocy after it has happened.

Text on ticket: "Ticket not to be taken internally"
Homer: "They put that on there because of me!"

Re:Quit blaming the victim

[farble1670]

i.e. When you use a good password policy schema and force people to use long passwords with X months of forced password changes people bitch that it is too cumbersome.

and you forgot to add, that sort of thing backfires because it results in people writing down their passwords physically or storing them in text files.

Re:Quit blaming the victim

[maxwell+demon]

Actually, writing down passwords physically can be a safe thing when you store it in a place to which only you have access. Storing in a file is of course not that good an idea.

Re:Quit blaming the victim

[UnknownSoldier]

Thanks for the suggestion. That is exactly what I meant by bureaucracy but I said it indirectly. Maybe a better wording would be:

" ... where having too many or too strong of policies causes bureaucracy and/or unenforceability due to inconvenience."

Re:Quit blaming the victim

[UnknownSoldier]

> Storing in a file is of course not that good an idea.

If _that_ file is encrypted that is OK.

i.e. KeyPass - then open source password manager.

Re:Quit blaming the victim

[maxwell+demon]

When writing down passwords physically, you don't have a file you could encrypt. You have a piece of paper you can lock away.

Re:Quit blaming the victim

[maxwell+demon]

Oops, ignore my previous reply; I was only reading with half my mind, and misread your post.

Brings me back

[skitchen8]

I would hardly call this hacking, more social engineering with the social part being the ability to use Google. I remember hacking an ex girlfriend's account when I was in middle school to send e-mails to every guy she knew asking for sexual favors. I guess I'm just a super 1337 hax0r. I also have to question how wise it is to carry nude pictures of you everywhere, do they often run into emergency "showing my tits" situations?

Re:What is Open Source information?

[Andy+Prough]

It means he's been reading books by Eric Raymond and RMS in a non-proprietary e-reader format.

That's because no one wants to see

[Andy+Prough]

Justin's bieber.

Re:Careful what you wish for

[fredprado]

That is your opinion and you are entitled to have it. The fact that I don't agree with it doesn't mean I don't think for myself, though. The fact that you want everybody to forcibly agree with you means you don't want people to think for themselves, though.

Do you e-mail around naked photos of yourself?

[pseudorand]

Is it just me, or is it somewhat strange that these celebrities would have naked photos of themselves in their e-mail in the first place? I know I don't have any naked photos of myself in my gmail account, and I'm not even someone everyone wants to see naked. If you were a young, female celebrity who knew everyone wanted to see you naked, wouldn't you think twice before a) taking a naked picture of yourself and b) e-mailing it to anyone.

Or maybe I'm just a prude who doesn't know how to put his cell phone camera to good use.

Re:Do you e-mail around naked photos of yourself?

[oh_my_080980980]

THANK YOU! What the hell are they doing with naked photos on your their cell phone! That's just asking for trouble. Put another way say those were your social security number and passwords for your on-line bank account. How much sympathy would anyone have for them? None! Yes we all feel bad about a break in but we are all have little sympathy for people who do stupid things. Keep nude photos of yourself on your cell phone is stupid.

Re:Do you e-mail around naked photos of yourself?

[daern]

Is it just me, or is it somewhat strange that these celebrities would have naked photos of themselves in their e-mail in the first place? I know I don't have any naked photos of myself in my gmail account, and I'm not even someone everyone wants to see naked. If you were a young, female celebrity who knew everyone wanted to see you naked, wouldn't you think twice before a) taking a naked picture of yourself and b) e-mailing it to anyone.

Or maybe I'm just a prude who doesn't know how to put his cell phone camera to good use.

Or maybe your ass just isn't as good as hers... ;-)

Re:Do you e-mail around naked photos of yourself?

[chrismcb]

Or maybe I'm just a prude who doesn't know how to put his cell phone camera to good use.

This is probably it... I think many more people have naked pictures of themselves on their phone than you think. Remember too, this wasn't just about emails.

for bonus LULZ...

[Thud457]

he should have posted them to Instagram. /rimshot

concurrent sentences

[davidwr]

This was a federal case.

Federal sentencing guidelines rarely call for "fully stacked" sentences when the crimes are done at the same time or as part of the same "crime pattern."

They usually give you X years for the most serious conviction, a relatively small incremental amount added on for each additional conviction, and maybe a very small incremental amount for additional non-conviction credible allegations up to some maximum.

Here's his indictment: PDF

1. 18 USC 1030(a)(2)(C), (c)(2)(B)(ii), 6 counts
2. 18 USC 1030(a)(5)(A), (c)(4)(B)(i), (c)(4)(A)(i)(I), 2 counts
3. 18 USC 1030(a)(5)(A), (c)(4)(B)(i), (c)(4)(A)(i)(III), 1 count
4. 18 USC 1028A(a)(1), 8 counts
5. 18 USC 2511(1)(a), 9 counts

PIC HERE

[davidwr]

617, frame 2.

Meanwhile no jail time for HSBC....

[oh_my_080980980]

..who laundered money for drug cartels....http://www.rollingstone.com/politics/blogs/taibblog/outrageous-hsbc-settlement-proves-the-drug-war-is-a-joke-20121213

Let me be the first to say ...

[tgd]

Thank-you.

Hard time?

[Horshu]

I'd say he'll give new meaning to "hard time", but really, it's not new.

Hacker Behind Leaked Nude Celebrity Photos

[Culture20]

How did he photobomb so many nude celebrities? Who ended up leaking the photos, and who realized they all have the same person in the background (and that it was a hacker too)?

Good news!

[Phasma+Felis]

Well, dang, Slashdot doesn't normally post good news! A scumbag gets caught and goes to prison. Justice is done, the system works, etc etc.

You hypocrites. If this article was about a EULA where someone claimed the right to publish the contents of your email without permission, Slashdot would be (rightfully) up in arms. But when some stalker-ass waste of skin actually does violate the privacy of a bunch of innocent women, suddenly privacy violation is perfectly okay as long as the victims were popular and used naive passwords.

Or else you're puking up non sequiturs about HSBC. Yeah, those fuckholes deserve to rot in prison too, and it's criminal that they won't be published. That's got nothing to do with Christopher Chaney's guilt.

That's what he gets...

[abirdman]

That's what he gets for clicking through the license and TOS pages on webmail. The guy is obviously a desperado.

suicide?

[schlachter]

If witnesses are testifying that they were considering killing themselves because someone in the world saw them without clothes...they are seriously fucked up and have issues with their bodies and/or self esteem. I feel bad for this hacker. Sure...put him in jail for 6 months or make him pay restitution of $10K to each of his victims...but 10 years? Seriously? Murders get less time. We live in a scary state.

you have it backwards...

[schlachter]

I think the photos were hacked from their location in the cloud...not on the device. Nonetheless...if you're going to take nude photos of yourself, your smartphone is the easiest way to do it. There's nothing wrong with having nude photos of yourself. Why is that sick? Weird? I think it's far sicker that people are so afraid of others seeing them without their clothes that they consider suicide (as the witnesses said), send people to jail for years, or lifetimes (in the case of pics of teens). We all need to chill just a bit and focus on the real criminals...violent criminals and big business fraud.

Re:you have it backwards...

[JustNiz]

>> There's nothing wrong with having nude photos of yourself. Why is that sick? Weird?

ok so name one sane reason for having nude photos of yourself on your phone.

Re:Don't put things online you want to keep privat

[viperidaenz]

Because it is accessible from the internet. It's not like this guy stole the devices in question and gained physical access.

What's the difference between the computer you're sitting in front of, connected to the internet and one sitting in a data centre somewhere?

And for that, the rich gets richer

[ub3r+n3u7r4l1st]

and the poor gets poorer, because they are so easy to pick on.

Re:Don't put things online you want to keep privat

[mabhatter654]

If it was more than 6 months old it wasn't private anymore, correct... At least that is what the government claims, right.

partly their fault

[slashmydots]

You can't get em stolen if you don't take them. There are zero photos of me naked that exist but there would definitely be zero even more (lol) if I was famous! Stop taking pics like that, you dumbass celebrities! By the way, e-mail? E-MAIL? Switch to the much more secure printed out photo of you naked thrown randomly as a paper airplane. That's less likely to get stolen or viewed improperly. Seriously.

So basically

[kelemvor4]

Some code kiddie got caught doing what the MPAA and RIAA do every day. There have been numerous articles about how your data isn't protected by your civil rights once it leaves your house (e.g. email). However when it's not the MPAA/RIAA committing the offense it's worthy of a lengthy prison sentence.... I was going to say this was enlightening, but somehow it's merely unsurprising.

Re:Don't put things online you want to keep privat

[Stiletto]

If I get into your E-mail, I have access to every web site you use, because they all use E-mail based password reset functions. I'll just change all your passwords and confirm the change using your 0wned E-mail account.

depends on who the perpetrator is

[nickmalthus]

As illegal as breaking and entering into someone's home and stealing photos from a bedroom safe.

This isn't illegal when the government does it in mass.

Ruper Murdoch wants to hire this kid...

[tekrat]

After all, he breaks into other people's phones, and he HASN'T gone to jail. Nor will he ever. Hell Rupert Murdoch could shoot someone in the head on live TV, and still not go to jail. Simply because he is a member of the 1%.

Re:Logic

[PPH]

I don't know about that. You can place "No Trespassing" signs around your property and then have an interloper charged with that crime. Its not like these signs produce some sort of force field that one must attack to overcome. They signify the intent to keep the property (or for uid/passwords; data) secured.

Of course, you should use a good password. But if some third party tries to guess it, that signals their intent to obtain unauthorized access.

IANAL.

Re:Don't put things online you want to keep privat

[farble1670]

I also believe you should have some recourse if I break into your gmail account and read through your emails.

well then too bad, because you can be sure that the authorities aren't going to give a crap about you. now, if you can ensure that your criminal also breaks into the accounts of high-profile individuals, then you may be in business.

not just per capita, actually in total too

[DABANSHEE]

The US has more people in jail than China & executes more people than the Chinese too. I'm speaking in total. BTW China has 3 to 4 times the population of the US too.

at most potentially trespassing.

[DABANSHEE]

As illegal as guessing the number code on the front door of a house with a number code door lock, then walking in & taking photos of any photos found in the house in RAW mode before leaving (or running the photos through a battery powered high res scanner, then putting them back), which means a crime of common"trespassing" at most. Actually in a significant percentage of common-law jurisdictions it wouldn't even be a crime of trespass unless there's a "no trespassing" sign on the front door or one in the front yard that's easily visible to anyone approaching the front door.

It's totally ridiculous for a cyber crime to have a penalty that's the same as it's equivalent real world crime, let alone to have a penalty that's significantly greater.

Re:Don't put things online you want to keep privat

[jdray]

As I said, I don't defend the hackers. However, I think people who use tools should understand the scope of the tools they're using, in the same way that people who own and use firearms should be responsible to understand how they operate, what the risks are, and what safety measures need to be taken.

Dumb questions

[DrYak]

I still don't get it why such things are considered "security question".
The only thing they might protect against is a completely blind random automated probing.

And I can't understand why in 2012 anyone would still give actual answers to this question: it take a couple of seconds maximum to find the relevant info on facebook.
If you can't block such security holes, at least use some form of joke or pun: you mother's maiden name is "Chtulhu" or "this is none of your business" as First pet, etc.
If a celebrity use as security measure, an info that 99.9% of her fan know already, she almost deserve to get her nude pic uploaded.

(and that's ignoring the fact that some of them would probably enjoy the free publicity).