> "He was accused of stealing the International Space Station’s source code controlling critical life-sustaining elements worth $ 1.7 million."
This makes for an exciting sentence, but doesn't make sense - as far as I can tell he didn't deprive them of their $1.7 million dollar code (I assume he just made a copy), and there is absolutely no opportunity cost here - it's not like he had a space station or was going to give it to someone else with a space station, stopping NASA getting revenue that they may had...
I find it very hard to see any way that that could be called 'stealing' or why the $1.7 million figure is relevant at all...
That doesn't excuse messing around in other people's systems of course.
> "His actions put NASA on hold for three weeks, costing them $41,000 because they had to check and of course fix the system."
Surely it was NASA's bad security practices that cost them $41,000 - do they really think if he hadn't found the problem, they wouldn't ever have had to fix their insecure systems?
Why is blaming the victim so uniquely acceptable when we're talking about hackers?
"Don't blame the victim" comes from the context of sexual assault. Blaming the victim for dressing provocatively is unjustifiable because dressing provocatively is not misconduct.
Maintaining insecure internet-facing servers is professional misconduct. Someone else's wrong doesn't retroactively make your wrong right.
Also read "That doesn't excuse messing around in other people's systems of course." stephen_g isn't blaming the victim. But blaming the intruder as if he created the lack of security is just as disingenuous. Imagine a business that's generally open to the public at specific hours. The owner installs the doors himself without any consideration for locks. When reviewing security camera footage from non-business hours, he discovers someone open the door, walk in, look around, and leave. Sure, this person is indeed trespassing. But blaming the trespasser for the cost of putting locks on the door is asinine.
> By entering through a router in Dulles, Va., and installing a back door for access, he intercepted DTRA e-mail, 19 user names and passwords of employees, including 10 on military computers.
If the security issue was found internally, you can just patch it, do a cursory check to see if there is evidence of intrusion, and go on your way. When you find the security issue as a result of being hacked, now you not only have to patch to flaw but also investigate what was compromised, but may have been modified, etc. That would entail taking down all of the potentially affected systems for evaluation, which means a big hit to productive work while the investigation is underway.
The perpetrator is always to blame, and their blame is obviously not mitigated by anything the victim does.
If the victim has a duty to protect the information lost, and the victim is negligent, they have an orthogonal culpability as well.
On message boards, it really seems like people have trouble holding these two thoughts together in their head at the same time. Of course, nerds like us on message boards have a cluster-headache of a persecution complex as well, which is ironic given that we're all making bank making everyone else's jobs disappear.
You can't dig up roads, take library books, or drive cop cars.
http://needham.wickedlocal.com/article/20150515/NEWS/1505171...
“I honestly, honestly had nothing to do with TJX. I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.” James’s suicide note.
EDIT: Now that I'm looking a little further into the case...
He was apparently raided by the FBI two weeks prior to the suicide during an investigation in the TJX hack. During the raid, the police found another suicide note that James had written several years prior. His suicide note[2] spends the first page and a half talking about something that's been redacted, then the next page and a half talking about some background on the TJX case, denying that he had any connection and noting the fact that one of the other suspects (Chris) had been arrested and subsequently released. He believed that meant that Chris had tried to pin the blame for the hack on him, and he believed that the FBI would be looking to arrest him for a crime he didn't commit.
[1] http://www.wired.com/2009/07/hacker-3/
[2] http://www.wired.com/images_blogs/threatlevel/2009/07/jamesn...
In America one person dies by suicide every 13 minutes.
I'm kind of surprised that only two people being prosecuted by her have died by suicide. The computer industry is mostly people with some risk factors (male; single), although they do have some protective factors (ability to solve problems; money; health insurance).
https://www.afsp.org/understanding-suicide/facts-and-figures
http://www.cdc.gov/violenceprevention/pdf/Suicide-DataSheet-...
http://www.cdc.gov/Features/PreventingSuicide/
I am particularly interested in anything that can help men seek help, especially for suicide or other mental health problems. (Please do send me email if you're aware of good work). I like these Australian sites:
They don't censor the word on their website: http://softenthefckup.com.au/
Odd statistic to cite. Could you help us out and tell us what percentage of young people commit suicide?
[1] https://www.afsp.org/understanding-suicide/facts-and-figures...
It's no surprise that unchecked power to ruin individual lives no matter the severity of supposed crimes would lead to things like this. Either we should be surprised this doesn't happen more often, or shouldn't be surprised when it continues to happen.
And I certainly have zero faith that we'll see federal prosecutors reigned in any time soon.
It's only illegal when someone is willing to prosecute you for that.
We are merely resources to those in law enforcement, sources of tickets, arrests, asset seisure, prosecution and incarceration.
