undefined | Better HN

0 pointsbawolff1y ago0 comments

I mean, a backdoor at this scale (particularly if it wasn't noticed for a while and got into stable distros) could be worth millions. Maybe hundreds of millions (think of the insider trading possibilities alone, not to mention espionage). 2 years doesn't seem like that much work relative to the potential pay off.

This is the sort of case where america's over the top hacking laws make sense.

0 comments

jethro_tell1y ago

And what law would you use to target someone who wrote some code and posted it for free on the internet that was willingly consumed?

bawolffOP1y ago

The computer abuse and fraud act? Seems like a pretty easy question to answer.

jethro_tell1y ago

Maybe I'm miss understanding things, but it seems like anyone can publish an exploit on the internet without being a crime. In the same way encryption is free speech.

It would seem unlikely this guy would be also logging into peoples boxes after this.

It seems a much tougher job to link something like this to an intentional unauthorized access.

At this point, we have no confirmed access via compromise.

Do you know of a specific case where the existence of a backdoor has been prosecuted without a compromise?

Who would have standing to bring this case? Anyone with a vulnerable machine? Someone with a known unauthorized access. Other maintainers of the repo?

IANAL but it is unclear that a provable crime has been committed here

3 more replies

account421y ago

Similar laws we use to prosecute someone who intentionally brought a poisened cake to the potluck.

unethical_ban1y ago

Are you suggesting intent is impossible to determine?

j / k navigate · click thread line to collapse

0 pointsbawolff1y ago0 comments

This is the sort of case where america's over the top hacking laws make sense.

0 comments

jethro_tell1y ago

And what law would you use to target someone who wrote some code and posted it for free on the internet that was willingly consumed?

bawolffOP1y ago

The computer abuse and fraud act? Seems like a pretty easy question to answer.

jethro_tell1y ago

Maybe I'm miss understanding things, but it seems like anyone can publish an exploit on the internet without being a crime. In the same way encryption is free speech.

It would seem unlikely this guy would be also logging into peoples boxes after this.

It seems a much tougher job to link something like this to an intentional unauthorized access.

At this point, we have no confirmed access via compromise.

Do you know of a specific case where the existence of a backdoor has been prosecuted without a compromise?

Who would have standing to bring this case? Anyone with a vulnerable machine? Someone with a known unauthorized access. Other maintainers of the repo?

IANAL but it is unclear that a provable crime has been committed here

3 more replies

account421y ago

Similar laws we use to prosecute someone who intentionally brought a poisened cake to the potluck.

unethical_ban1y ago

Are you suggesting intent is impossible to determine?

j / k navigate · click thread line to collapse