Hacker News new | past | comments | ask | show | jobs | submit login

Wouldn't this be excluded anyway since the only thing "fraudulently obtained" was "use of the computer or system" worth less than $1,000 per year?

Even if that language weren't in 18 USC 1030(a)(4), the guidelines sentence assuming no priors would look to be 0-6 months and $250-$5000 fine, assuming you couldn't plea out to something less. I doubt the federal authorities are even going to waste their time looking at $12 of "fraudulent access" that will likely lead to almost no jail time.

It depends on whether someone wants to make something of it. The costs taken into account by the CFAA include the costs of investigating the incident and repairing any damage, and courts in the past have tended to accept pretty much any assertions about these costs. They probably wouldn't blink if the entire cost of fixing the exploit were attributed to the OP.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact