I got into my ISP's backbone infrastructure and sent a bug report to them, they sent me a court appearance request yesterday because I " Voided my access rights ". Any legal advice?
Yeah I figure, Section 2 Part D of the data protection act 1998 states
(d) appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction.
If you were to make a case you could state that you were investigating the security and legitimacy of your ISP's security claims. Furthermore I doubt the judge would sentence you for informing them of a security flaw.
I have no idea how things may work in other countries but here in the USA a company will try to shut you up any way legally possible if you disclose white-hat nature hacks. Now they have every reason to bar you from their service permanently, I'm sure sensibly you can understand. Its akin to the mail courier slipping your back door lock and leaving a message that you need to beef shit up.
I have no other advice but this: reiterate to whatever legal council you can get that your intentions were honest and your actions were to better secure both yourself, the company, and all of their customers.
Beyond this , good luck and godspeed.
The Computer Misuse Act is VERY broadly drafted and arguably technically makes it a crime to access a public website without getting permission first. Get a good lawyer that specialises in this area as others have said, in a sane world the fact you didn't have malicious intent and notified them ought to make this not a crime but the reality is that any "unauthorised access or modification" could be prosecuted.
Thanks very much for this
Yeah, that is true. I was looking at the data protection act 1998 as they are technically a data handler. Finding a lawyer in my area is a hassle enough without them having to specialize in the area.
>Broadly speaking, if the access to a system is authorised, the hacking is ethical and legal. If it isn't, there's an offence under the Computer Misuse Act. The unauthorised access offence covers everything from guessing the password, to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorised access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data", explains Struan Robertson, legal director at Pinsent Masons LLP, and editor of OUT-LAW.com.
>Unauthorised access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defence in our hacking laws that your behaviour is for the greater good. Even if it's what you believe."
TL;DR white hat hacking without permission is explicitly illegal, you're fucked OP
>gain access to someone's infrastructure
>tell them about it
Were you expecting to get a medal?
why the fuck didn't you use anonymous email and 8 proxies and VPN's located in iran and netherlands, then tell them to hire you otherwise they can keep their broken hardware/software.
this and you could get money from the press because of the interview then the EFF would report that, that ISP has security issues and everyone of their subscribers could be a target
as far as i know, it's a win win
Yeah, much easier and morr profitable to work black hat OP. You should have figured that out from recent cases like geohot and the rest.
They are retarded enough to leave the entire system wide open thinking that no one would bother?
contact EFF see what they say.
Maybe the ISP had that as a trap for hackers.
They aren't that stupid, but still a security risk.
Get a layer appointed to you unless you have one.
If your lawyer is somewhat smart, he'll make you look like a "hero" and make you look like you should get hired because "their ISP employees are obviously not professional like enough to do their job."
Stay positive and don't act nervous in court.
I hope your using a VPN to view and reply in this thread as well.
nigger, if it turns into like a 3 month to a year trial type of shit then other ISP's will know it's serious shit and most likely hire you since the ISP taking you to court are a bunch of idiots.
alright, he should say "thanks reddit" unless ya'll don't wanna "credit" reddit.
Nah, people don't give a fuck. Some guys get hired right out of prison.
Tons of guys in the computer world either were arrested for computer abuse or would have been arrested had they been caught. I stay on the straight and narrow, but I wouldn't be bothered by hiring someone who'd been arrested (or convicted) for computer crimes, as long as they didn't break trust or do something insanely stupid. You were naive, not stupid. Good luck, bro.
No, "Ebaums did it"
Yeah kinda salty about that reference.
I said that because of the rep we have due to /b/'s idiocy. You think the fact that he is associated with the image boards from where "anonymooze is lejun" is said to have come from is a good thing?
In most commonwealth countries you can get a pardon from the queen after a few years, and you can travel anywhere, no restrictions or bullshit. I'd be surprised if OP was unable to get a pardon, based on him being a good Samaritan.
A company threatened me after I told them they had a skiddy-tier vulnerability, I could get fucking root shell from a browser... running mysql/php as root, smart ones.
I called their legal after they sent the classic ursosued email and pointed out that if you make this a public case I'm going to use this info in court, and the whole world will know how to pwn them, you should at least fix your shit before trying to sue me for doing nothing.
They never fixed their shit, and never sued me... they went out of business and their domain hosts malware now.
>Nah, people don't give a fuck. Some guys get hired right out of prison.
From what I've heard, this stopped being true in the late 90s. It used to be that skilled hackers were so rare that anyone who needed one for security would be willing to look past even baby rape to get one. Nowadays you have enough white hat guys coming out of masters/PhD programs that there's no need to take a risk on a felon.
OP, as nice as it would be for all of us to know who you are, the reality is that giving away a key phrase will also give away your identity in this thread. Think about it:
>How many people are currently in legal trouble for breaking into their ISP's backbone infrastructure?
>You're using a VPN to post in this thread as you've stated in this thread. I assume you're using your home connection (ie the ISP you just hacked) to access your VPN that you're posting with. Thus, the ISP will be able to put two and two together if you use a key phrase mentioned in this thread.
>Even just using the key phrase will be enough to link you to this thread.
You already made a mistake by making this thread. I mean, I'm willing to bet that the number of people currently in deep shit for doing what you did is 1.
>Is clapistan so fucking backwards people will sue you if you say "your combination lock is 00-00-00, you should change that".
As someone said before. Even accessing a public website without explicit permission is technically illegal.
And this isn't limited to america. I remember a french journalist was arrested for putting contents of a pdf he found on google in slides.
It was content available over http without a robots.txt.
>Any legal advice?
You're fucked. You gained access to restriced systems. It doesn't matter how you did it, and what you did with the info afterwards, the fact is you violated their infrastructure.
Seek out the media. Most grey hat hackers get a pass if it gets public they tried to help the "victim'.
Holy shit I didn't think they were still going. Really don't know where you stand but arent they a tiny as fuck business? As most anons have said the law is vague as fuck so just get yourself any half decent solicitor and they'll get you off. I doubt they have the money to go after you
Alright its 4:04 AM. Im tired and have to find a layer tomorrow.
Things I did in the thread
>Found NIFags on 4chan
>Found out how fucked I am
>Calmed myself a but
>Made a start on a defense
You serious? I remember dealing with them because they promised me that they had coverage in my area which was border/boonies before i moved back to derry. After a pile of excuses they told me I couldn't get it even though i was on the coverage map. I just went with o2 which was horrible and then 3 which isnt half bad and got 4mb speeds even in the ass end of nowhere.
Thank fuck I have BT now.
Yeah they really don't. Their sales people were horrific as I said before as well. The website design is even worse
Aye it's nice and quiet place. I play a lot of PC games but a load of my mates play consoles online. Most houses I wander into have at least an xbox. usually only fucking fifa though
Can't believe I've never seen that image before. I've never really been to /mu/, do they really obsess over metal and piss on The Animal Collective? Sounds like a fucking hell hole.
>it's akin to the mail courier slipping your back door lock and leaving a message that you need to beef shit up
In that case I beef shit up and thank him for notifying me of the vulnerability and feel thankful to the universe that he was a cool guy who told me instead of stealing my TV.