Probably his best defence is the fact that it's really unlikely that the attackers would ever swear a complaint or testify. Kind of a "robbing drug dealers problem". I'd be more worried about being targeted by a massive DDOS.
They have a term for that, its "vexatious litigant." If you do this enough, the court generally makes it hard to get counsel, will make you get your lawsuits approved by a judge ahead of time, and more.
They're probably already committing a felony accessing the computer. The scan is an intent to transmit malware. If that's true, you could make a pretty good fleeing felon argument.
> They're probably already committing a felony accessing the computer.
He bases this attack on IP addresses. IPv4 addresses are regularly shared between consumers. He's tossing a knife into a crowd because he thought he saw someone.
> you could make a pretty good fleeing felon argument.
In a nation that allows you to attack, not just restrain, a fleeing felon.
But his attack may hit a nation that doesn't allow that.
Self-defence is not normally an acceptable reason where technology and law collide.
Let's be frank.
He's serving up malware to potential users who hit too many 404s.
> Awesome! My production implementation of the bomb also looks at 404's and 403's per IP and if there are too many of those it will send the bomb. [0]
This could be exploited by a third party, which makes him complicit.
He targets IP addresses, and as the IPv4 world often shares those, he can attack innocent bystanders who happen to be in the same allocation as a miscreant.
Finally, self-defence is established as denial or dropped connections. As he's intentionally avoided established practice, and developed an attack instead, it becomes undue harm.
Let alone if he attacks someone in a nation that has an extradition treaty, but no concept of this sort of "fighting back".
In a perfect world, that's what he's doing. In reality, he's potentially being a big jerk to legitimate users and giving a tool that can allow malicious people to send victims his way. It'd be self defence to cut the connection, not to send harmful files.
That's a good point, although I think the innocuosness of the action would be at least a mitigating factor. I wouldn't expect MS to take any blame, but the "damage" being due to faults in the OS or browser would also be mitigating---a minor rearend collision on a Ford Pinto could cause it to explode because of a design flaw, but the driver of the other car wouldn't be charged with arson. (Afterthought: he might be if he rammed it deliberately, so I guess that supports your thesis rather than mine)
Microsoft doesn't take the fall for malware, even if its a fault in SMB or the like.
The intent is damage.