undefined | Better HN

0 pointskelnos9y ago0 comments

I think someone at the org needs to be responsible for not ensuring former employees' access is not revoked, but that doesn't mean an employee who takes advantage of that lapse isn't responsible for his/her actions.

Put another way, someone at Verelox screwed up and left the door unlocked, but that doesn't mean that the person who walked in broke stuff is in the clear.

Look, someone, without authorization, accessed a former employer's network and maliciously destroyed data. That's a crime. Sure, the CFAA is overly broad and is abused, but this is not one of those cases: this is a textbook example of something that should be prosecuted under the CFAA.

0 comments

2 comments · 1 top-level

thanksgiving9y ago· 1 in thread

I disagree. The point of focus should be verelox and the criminal negligence on their part. Verelox is the criminal, not the victim. The clients may be the victims.

We should not equivocate on cfaa. It is good for nothing. Full and unconditional repeal should be our only demand.

kelnosOP9y ago

> The point of focus should be verelox and the criminal negligence on their part. Verelox is the criminal

Nope. The affected customers probably have grounds for a civil suit, but no sane prosecutor would think bringing criminal proceedings against Verelox to make sense at all.

The ex-employee who perpetrated this is at fault as well and must bear responsibility for his destructive actions. Having the ability to do something (even due to a lapse in security) does not make that action moral or legal.

j / k navigate · click thread line to collapse