Photobucket Hackers Nabbed, Face Serious Charges From US Authorities

The U.S. Department of Justice said in a statement released Friday that two men, Brandon Bourret, and Athanasios Andrianakis, of Colorado Springs, Colorado and Sunnyvale, California, respectively, were arrested for their sale of software designed to breach the security of photo-sharing site Photobucket.com; their "Photofucket" app, says the linked Register report, was used "to plunder Photobucket's users' private and password-protected information, images and videos, it has been alleged ... The charge sheet against Bourret and Andrianakis details one count of conspiracy and one count of computer fraud, aid and abet – both of which carry a maximum prison sentence of five years and a fine of up to $250,000. In addition, the men stand accused of two counts of access device fraud, which carries a higher prison sentence of up to 10 years and a fine of up to a quarter of a million dollars, per count." The indictment, filed in Federal District Court in Colorado, is far easier to read than many.

Re:Seems a bit harsh

[rtb61]

If you read the indictment, they did not just create the code, they actually used it themselves and showed others how to use it by demonstrating it. Now of course comes much greater consequences, their customer base is also in the firing line and they will all be turned over for a reduced sentence. This could lead to a whole bunch of crimes being exposed.

Man talk about straight out if Sci FI

[future+assassin]

you get more time for hacking a corporation then you do for manslaughter.

Re:Man talk about straight out if Sci FI

[l0ungeb0y]

By that definition, shoplifters should get 20-30 years. You are one fucked up individual if you think these twerps deserve what amounts to a life sentence over grabbing some nudies. Three to Five years? Sure -- but people like you who support these totalitarian policies are the reason why our country is turning into a Fascist Police State. So fuck you very much for helping to burn our freedoms to the ground you fuck.

No sympathy is deserved for these idiots.

These assholes did things they had no moral right to do. They deserve to be punished because they actually committed intrusions, which is
behavior that is fundamentally different from merely exposing a security flaw.

To those of you who are spouting off the bullshit "moral relativism" arguments about how the NSA or Obama or some other government entity does things which are wrong "therefore anyone else who does similar stuff should not be punished" : Your thought processes are deeply in need of repair and your personal moral code is as well. A decent human being doesn't look for excuses which will justify or excuse bad behavior ; a decent human being does what is right because it is the right thing to do and avoids doing what is wrong simply because it is wrong, even if no one is watching.

Re:No sympathy is deserved for these idiots.

It hardly seems more serious than a search engine that fails to look at robots.txt and indexes content anyway.
They went about it in kind of a nasty way, but “Unauthorized access into a secure computer system” should require at least a remedial level of security. Otherwise, I could just put up a public web site, post a bunch of "private" photos on it without publishing the links, and then watch the logs for all these unauthorized criminals to commit a federal crime by accessing them... Profit?

Re:"Hacking" goes a little far here..

[Sqr(twg)]

So, the question is: Is it illegal to issue HTTP GET requests (that conform to all specifications and obey the robots.txt of the site in question) if the owner of the site didn't intent for the content at that URL to be available to you?

In other words: Is requesting a (non password-protected) webpage equivalent to representing yourself as someone who is authorized to access than page?