

TechCrunch Hacker Identified: You Decide If We Press Charges - aresant
http://techcrunch.com/2010/04/28/techcrunch-hacker-identified-you-decide-if-we-press-charges/

======
raganwald
I really feel my 48 years. What is this, The Running Man?

Either leave it in the hands of the authorities or prosecute. Making a game
out of it sends a very strong message that it's all about the page views
whether you're hacking a site to redirect towards your sleazy affiliate trap
or whether you're turning the justice system into the Circus Maximus.

~~~
dschobel
Arrington is 40 so age obviously has no relationship to decency.

------
ihodes
While I do think the guy should be prosecuted, I don't like how TC is turning
the ordeal into another way to make money.

It reminds me of public hangings.

~~~
metamemetics
This guy is probably already scared shitless and crapped several pairs of
pants when he realized he was under FBI investigation.

I can't see how the minimal damages are worth dragging him through a lengthy
trial and bankrupting him with legal fees and a felony conviction on his
permenant record.

~~~
Tichy
Hacking web sites is not a game. I suspect most criminals crap their pants
when they get caught - should they all be let go?

~~~
metamemetics
Definitely yes if the punishment for their respective crimes is not in
correspondence with damage actually done.

If crack cocaine carries a mandatory sentencing of 5 years in jail for less
than a gram (it used to), the only moral thing to do is to let the offender
go. Even if you think they deserve to be punished to some degree, you have to
examine if the expected punishment is proportional to the desired punishment.

He inconvenienced TC for one hour. A felony conviction would be screwing him
over for the rest of his life, possibly 70+ years. I don't see any positive
outcomes from that which would offset resources wasted prosecuting.

~~~
CWuestefeld
Prosecute, without a doubt.

In the chat transcripts, they explicitly discuss the possibility of getting
caught. The perp knew the risks, and made a conscious decision to proceed. The
Friend's discussion about getting paid for links reveals a pattern (albeit not
in this case) of doing this for personal gain. And they also show clearly that
they understand the effects of their behavior on the victims, and just don't
care about it.

If you want to prevent these hackers from mischief, there must be a credible
threat of repercussions. Letting them go will not discourage all this guy's
friends. But maybe in a similar conversation next year, when they're talking
about getting caught, someone will mention "you remember last year when Xyz
got caught, and he's still in jail!".

~~~
JoeAltmaier
Its so pathetic, how little money they actually gained..should probably
consider switching careers, knocking over convenience stores.

~~~
Tichy
Stupidity is hardly an excuse.

------
barrkel
The irony being, a motivator hacker could very likely hack this poll.

~~~
cowmoo
Yea, write a simple Python/Perl script that interfaces with TOR and force-
reset your exit nodes each time you send out a new request and randomize the
time interval. There are plenty of TOR exit nodes in the world to swing the
vote your way.

~~~
rlpb
It's not too difficult to detect and ban votes from exit nodes. It could even
be done after the fact (and still be mostly effective) if it appeared that an
attack took place.

------
jacquesm
When twitter was hacked TechCrunch did everything they could to expose the
valuable data and they paid the hacker.

Why should anyone even care if TechCrunch got hacked, it's only fair that when
you condone hacking of other sites and profit from it that you just shrug it
off when it happens to you.

TC pressing charges because of being hacked would be completely hypocritical
of them.

~~~
andrewpbrett
> they paid the hacker

This is not true.

~~~
jacquesm
People are wondering how much they paid, not if they paid.

Is Arrington on the record stating that they did not pay?

Even if, they still profited tremendously from the traffic, so the point still
stands. You either are ok with black hat hacks or you're not, you can't be
fine with it when it is other people and press charges when it's you.

edit:

If've found this response:

[http://techcrunch.com/2009/07/15/our-reaction-to-your-
reacti...](http://techcrunch.com/2009/07/15/our-reaction-to-your-reactions-on-
the-twitter-confidential-documents-post/)

There is lots of handwaving there, but the issue of whether or not money
changed hands is not mentioned at all, and it would have been a pretty strong
point in their defense if it hadn't. The only words he uses is 'But if it
lands in our inbox, we consider it fair game.", which suggests nothing
preceded that, but that's speculative.

~~~
andrewpbrett
People wonder about lots of things that aren't true. I unzipped those files.
We did not pay for them. "Landed in our inbox" should do more than suggest
that nothing preceded it. Would you say that software just "landed on your
desktop" after you paid for it?

Profiting from traffic and paying for stolen goods are two very different
things, so I don't think the point does still stand.

~~~
jacquesm
Profitting from traffic from stolen goods is pretty unethical, for me it
doesn't matter if you paid for it or not. Clearly the hacker did this either
to damage twitter or to profit from it, and in either case you could have done
the right thing. Claiming that others would have disclosed it (which is
something TC did pretty loudly) is really funny, so you effectively have
already admitted that it was unethical, but because others would have done it
that made it 'right'. Anything for a scoop.

You could have gotten a good bit of mileage simply by reporting about the
hack, instead you decided to do damage to others for your own profits.

It's funny how acceptable stuff like that has become, and how you seem to be
claiming some kind of moral highground here for something that is simply
sleazy.

Profitting from stolen goods, directly or indirectly is unethical, if you had
any sense at all you'd have given twitter a warning that their files are out
in the open and you'd have destroyed the data.

I hope one day you'll find the tables turned, we'll see how ethical you will
think this is then.

And I'll be on your side in that one, just like I was solidly on twitters side
in the other.

Giving people a platform to do damage and to profit from that is sickening.

~~~
lena
First you said "they paid". When this was questioned, you said that people
wondered how much they paid, not if they paid. And now you say that it doesn't
matter if they paid?

~~~
jacquesm
Yep.

Because either way they gained from stuff that wasn't theirs to begin with and
that was taken with malicious intent.

I wasn't aware that TC was on the record for not having paid, but that, as I
said in my eyes makes little to no difference.

I wish sincerely that TC will have a helping of their own medicine and we'll
see how they react, judging by this 'poll' I don't think they'll be as
gracious as twitter was.

------
NathanKP
It's one thing to hack out of educational interest or as a "white hat" but
this hacker's motive was just to make money. Therefore my vote would obviously
be yes, he should be prosecuted. If what the hacker says in his chat log is
true, and he has made money by redirecting major sites in the past then he
definitely deserves it.

------
hunterclarke
Don't get me wrong, I do not support hackers, but I feel like TechCrunch's
game-like approach to this is a little immature. Nothing but a publicity
stunt.

~~~
sdurkin
They're the ones who got hacked, and they're giving the guy a chance to avoid
charges, all while having fun.

I understand your point, but I also get why TC's doing it.

------
vinhboy
Lame. Can you at least tell us how you got hacked? I thought we are tech geeks
here....

~~~
lionhearted
I'm guessing a Wordpress exploit - there were a few of them a while back. If
you go to techcrunch.com/wp-admin it looks like they're running custom
Wordpress.

~~~
sfall
they are running off wordpress.com
[http://techcrunch.com/2010/02/18/wordpress-com-outage-
techcr...](http://techcrunch.com/2010/02/18/wordpress-com-outage-techcrunch/)

------
frisco
There's usually a fine line when prosecuting 'hackers' like this. Are they
just playing around to see what they can do? Do you have a substantial chance
to point them in the right direction for the future if you don't take the
legal route? In this case, though, it just looks like an uneducated thug of
the internet that Arrington would have little hope of converting.

~~~
jacquesm
If that same thug hacks facebook next week and offers the stuff he finds
during the hack on an underground forum for a fee Arrington will be the first
in line to pay.

~~~
astrange
The reply to you from a TechCrunch employee up there ^ indicates the opposite.
I tend to believe people like that, it generally works out.

------
dschobel
While it's certainly up any victim to testify / support a prosecution, isn't
the actual decision of whether a crime has been committed and whether to
pursue prosecution up to the law enforcement agencies?

Any legal types around to clarify?

~~~
metamemetics
Correct. However if a "victim" is not willing to cooperate it is often not
worth it for a prosecutor to invest limited resources into a case.

------
ErrantX
Wow, ok that makes that evidence comletely inadmisable! :-) I hope they have
some more.

------
zackattack
I'd rather press charges against people who make comments on TechCrunch.

Tangential note, are there any good encryption plugins for GMail/Gchat/IRC?

~~~
dinde
If you're using gchat over pidgin, then the OTR plugin.

------
enjo
Right in the pooper indeed.

