Student Jailed for Hacking Facebook

[Azivalla]

Forgive me, buy I seem to recall theft being a crime, physical and virtual.

[artemishunter1]

Here's the deal "kids". Most hired as a security software developer today are hackers. They got hired because they were capable of finding holes in security systems that the current developers couldn't. Software security is all about patching up holes (hence the term "patching"), and without the individuals able to find these holes, well we're fucked. If you do not allow these kind of white-hat hackers to exist you'll cut out a huge source of security software development, hence making software world wide more vulnerable. That'd be great.

He used the excuse after he was caught. He did not seek the permission of the company he hacked. he did not contact the company after he was successful. How is he a white hat hacker? Not most, only some. And they are extraordinary hackers.

[klaps_05]

if you want to work cyber security first you need permission before taking any action.

[Greeney]

I wonder if the comments made from the kid who played Zuckerberg in The Social Network were really stated.

Mark Zuckerberg: You know I've already apologized in the Crimson to the ABHW, to Fuerza Latina and to any women at Harvard who may have been insulted as I take it that they were. As for any charges stemming from the breach of security, I believe I deserve some recognition from this Board.
Ad Board Chairwoman: I'm sorry?
Mark Zuckerberg: Yes.
Ad Board Chairwoman: I don't understand.
Mark Zuckerberg: Which part?
Ad Board Chairwoman: You deserve recognition?
Mark Zuckerberg: I believe I pointed out some pretty gaping holes in your system.

[daftone]

8 months in jail is a little much for hacking a website. I mean I've seen murderers who only get 4 years.

[Tojara]

Why waste money by putting him in jail? Isn't that just a further waste of tax payer money?

Put him under house arrest for a long time with zero access to any technology.

[Zyzzyx]

I wonder if Zuckerberg's comment from The Social Network was based on a true event.

This is the funny part. A lot of the move was made up, but he actually did do many of those things at Harvard. It'd be awesome if he actually did crash the network there and was punished for it. That would lay a really thick batch of irony on this case.

The people saying this is the same as physical theft are morons. Again, he did do something wrong, but as someone said this IS how security is made. If they didn't find it, somebody else will. It could easily be someone looking to actually destroy the company. Wrong way for everyone to go about it.

Get over yourselves people, the internet follows different rules that physical locations do not and can not have. Anyone from anywhere in the world can get into a system like this, they don't have all the barriers that exist in trying to break into a bank. Fighting it changes too.

[artemishunter1]

This "kid" did find a hole, otherwise he would never have gotten in. Jailing him will only result in tacit knowledge being lost. He did indeed do something illegal, but as I said this is how people become security developers. By having an interest in security software this "kid" found his way into Facebook. Now, had he not kept any valuable information, he wouldn't have been taken seriously. He took information, to prove his point, which now never got proved properly, and the security flaw remains. Don't try and apply real world logic to the world of the internet. Certain things work differently, if you don't understand it, either try to, or leave it, don't blindly expect it to be like the real world.

As I said, if you keep these people from operating you will only make the internet a worse place to be.

All in all, we arrested a man who proved he knew something, and now the flaw he pointed out will never get fixet because well.. We arrested the only man who knew it.

So, in your logic he should go free. whats the difference between him and hackers who take personal info for identity theft. should an identity thief be released when he is caught in exchange for the security leak?

also, flaw has been found out. since, he was caught during their security check.

[mrwingtipshoes]

Hope more people attempt and succeed at hacking facebook. I despise social networking even though I use it.

Whats with the hipster "i hate social networking" thing? Is this the new target for "i hate popular things"?

[Deleted]

See how he did it then give the guy a job if he's good.

[Deleted]

Duh, he should be banned from using a computer until his 18th birthday.

Precedent has already been set.

United States Government vs. Dade Murphy (1988).

didn't know movies count as precedent :P

HACK THE PLANET!

[elimin]

if you want to work cyber security first you need permission before taking any action.

Observation skews results, if you know a thief is coming for your TV, do you lock the door? To be frank, if this had happened in the US, he would have probably been offered a job.

[Nigeldruid]

So, in your logic he should go free. whats the difference between him and hackers who take personal info for identity theft. should an identity thief be released when he is caught in exchange for the security leak?

There's no exchange, he didn't steal anything. He copied information, didn't do anything with it, hence to me, he didn't do anything wrong. Had he been selling the information to companies or in uploaded it to the public it'd been a different story, but he did not do that. He broke in, left everything as it was, didn't tell anyone, and minded his own business. All this with a record of pointing out security flaws to other similar networks mind you.

[BatteredRose]

A few months of jail, community service, and restricted and monitored net access would be more than a fair deal for him.

[chadwix]

Forgive me, buy I seem to recall theft being a crime, physical and virtual.

Certainly you can differentiate between the two. Killing someone in the virtual world is very different from doing it in the physical realm.

Stealing has the same principle since you arent really stealing anything, the orig owner still maintains possession of said item. If you choose to profit from it then it becomes a new ballgame and i think copyrights would be applicable.

[Grimboozer]

There's no exchange, he didn't steal anything. He copied information, didn't do anything with it, hence to me, he didn't do anything wrong. Had he been selling the information to companies or in uploaded it to the public it'd been a different story, but he did not do that. He broke in, left everything as it was, didn't tell anyone, and minded his own business. All this with a record of pointing out security flaws to other similar networks mind you.

If he really wanted to prove the security hole, there was no need to copy the information. In the world of virtual information, copying info is just as bad as stealing info. Identity thieves don't steal my info, they copy it for their own use. I can still use my social security number, while they are using it to get credit cards under my name. And just because he hadn't used the information at the point of being caught, that does not disprove intent to use it. At this point, it's his word of "Not going to use the info" and that's all they have to go on. Similar to drugs, there's no way to prove intent to sell, so the law states that if you have it in your posession and above a certain amount, intent is implied.

[PenguinChan]

Community service at most. I'm gonna laugh if something much worse happens to Facebook because of this kid trying to prove a point that there was a hole in the site.

[chadwix]

If he really wanted to prove the security hole, there was no need to copy the information. In the world of virtual information, copying info is just as bad as stealing info. Identity thieves don't steal my info, they copy it for their own use. I can still use my social security number, while they are using it to get credit cards under my name. And just because he hadn't used the information at the point of being caught, that does not disprove intent to use it. At this point, it's his word of "Not going to use the info" and that's all they have to go on. Similar to drugs, there's no way to prove intent to sell, so the law states that if you have it in your posession and above a certain amount, intent is implied.

Facebook users dont enter their ss or cc numbers. There are no potential identity theft possibilities, which is why these laws are being created.

The new laws to prove intent are no more valid than a crystal ball and will be shot down in court. You cant prove something that has yet to happen.

[Greeney]

If he really wanted to prove the security hole, there was no need to copy the information. In the world of virtual information, copying info is just as bad as stealing info. Identity thieves don't steal my info, they copy it for their own use. I can still use my social security number, while they are using it to get credit cards under my name. And just because he hadn't used the information at the point of being caught, that does not disprove intent to use it. At this point, it's his word of "Not going to use the info" and that's all they have to go on. Similar to drugs, there's no way to prove intent to sell, so the law states that if you have it in your posession and above a certain amount, intent is implied.

Yet they say he helped yahoo they seemed to appreciate it. In additional news, he didn't actually use the information... So quite frankly I think his word is better than most peoples. The wording in the article clearly states he was punished because he was merely capable of committing actions that might have been utterly disastrous. Quite frankly, I think Zuckerberg should have gone out of his way to ask for leniency for this individual, especially after the shit he did himself. The only excuse to punish this guy is for "wasting time" for law enforcement officials, not for doing something 75% of you would have done. I'm sure Facebook is crying over that $130,000, especially due to the fact that the one who found the hole didn't expose it. That would only have cost the company far closer to $10,000,000.

Just because you use a computer doesn't mean you understand how the world of virtual information works, for starters there are thousands of "ethical hackers" who are only interested in gaining more knowledge and helping others out. If I were to send a message to you explaining that I got your credit card, your username, and password off some site; you sure as hell better only appreciate that I found out your information, explained how I got it, and stopped... even if i did hit ctrl+c into a notepad file.

As far as drugs go there is a way to prove intent to sell. The cop pretends to want to buy it.

[Reg]

If he deleted his footprint, how did they find him? LOL

He probably updated his Facebook status and game himself away.