Hacker News new | past | comments | ask | show | jobs | submit login

Prosecutor discretion exists. Furthermore, AFAIK (IANAL, especially not a US criminal justice lawyer), US sentencing guidelines take into account first-party financial damages (low for CapitalOne) not diffuse third-party damages of the kind suffered that will be suffered by the 100M people whose PII was lost.



CapitalOne disclosed that this hack is going to cost them between $100mm and $150mm, which is a lot more than JSTOR would have lost from Aaron Swartz's "hack" of academic humanities papers.


It seems likely that were the accused to be convicted, a fine will be part of the sentencing, and Capital One may opt to pursue separate civil legal remedy against the convicted person to seek damages given their cost is stated as being >$100M. Unclear to me if this somehow isn’t allowed under U.S. law because the federal prosecution may be where it all gets determined, and a civil case may be “double punishment”?

So after coming out of prison and finding a job, which is likely to be hard for a felon, and may not be highly paid, what wages they make will be garnished to pay the criminal/civil financial judgements.

For most people who’ve worked in technology, the potential punishment here would qualify as “destroying your life”. Enormous impact.


Right, but it wouldn’t have happened if they hadn’t had such lax security, and I would argue that capital one are liable here for failing to adequately safeguard consumer data. If you properly secure your stack, you don’t get hacked.

If they had fallen victim to some undisclosed zero-day, I’d feel bad for them - but in this case it appears to be misconfigured VPC SGs. Their error. Inadequate processes.

We are also all labouring under the assumption that she was the only person to make off with this data.

I’m willing to bet that she’s just the first one daft enough to talk about it.


"If you properly secure your stack, you don’t get hacked." Thats absolutely not true. You do reduce the chances of being hacked and you might reduce time it takes for you to discover the breach and you will be able to contain it quicker.


You vastly reduce the chances. It’s the difference between bothering to close the bank vault’s door when you go home at night or not.


> Right, but it wouldn’t have happened if they hadn’t had such lax security, and I would argue that capital one are liable here for failing to adequately safeguard consumer data. If you properly secure your stack, you don’t get hacked.

If the system was designed by humans, it can be hacked.


Especially if the bad guy used to work for your vendor.


> Prosecutor discretion exists.

Which means she should've been held personally responsible/impeached over what she did to Swartz. But instead Obama protected her, just like he did with all of his other government criminals, as well as Bush administration's criminals, too.

"We need to move forward." and "No abuses were found." and other such BS needs to end when it comes to government criminals. No wonder more riots are popping up and the hatred towards authorities is increasing every year.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: