“Hacking back” is rooting an attacker when an attacker is actively within your systems.
It’s not owning an ex-employee’s personal accounts to rummage around in their files to “protect valuable IP.”
Of course that’s illegal, and for good reason. Can you imagine a world where executives were permitted to hack anyone they like based upon mere suspicion?
I am skeptical that someone with this professed level of technical sophistication didn’t know this was illegal while doing it.
Overall I am skeptical of prison sentences for CFAA violations, but this one comes awfully close to being justified.
Searching the mans name quickly brings up media reports of the story.
His 'hack back' involved a SIM card hijack, which was then used to get access to the other partys Google and Dropbox accounts.
Is the jail sentence fair? Highly subjective. Personally, and given the financial repayment, I believe the sentence may be excessive, but given that I don't even live in the same part of the world as these proceedings, my context is my own.
Either way, it is an abject lesson in the potential fallibility of any persons choices, when unfortunate external circumstances come to bear. No matter how young you became a millionaire, no matter how many entrepreneurship awards you have, or how prestigious the college on your certifications, how many people have praised you as prodigious and rare, you are still entirely vulnerable to your own missteps.
Sometimes, it's factors like burnout which lead there. And you can't predict how you will react under a given new kind of stress. Stress can drive us all to very strange decisions.
Notably as well, this is more equivalent to a former housemate taking something of yours as they leave, instead of a burglary. The phrase "hacking back" in the title implied to me that an outsider hacked their servers. Not that hacking back would be ethical either way, but I felt misled.
This is a story of Jonathan Manzi being sentenced to prison for 18 months for accessing his ex-employees DropBox account, after he found out his company’s IP was stolen.
It’s not owning an ex-employee’s personal accounts to rummage around in their files to “protect valuable IP.”
Of course that’s illegal, and for good reason. Can you imagine a world where executives were permitted to hack anyone they like based upon mere suspicion?
I am skeptical that someone with this professed level of technical sophistication didn’t know this was illegal while doing it.
Overall I am skeptical of prison sentences for CFAA violations, but this one comes awfully close to being justified.
Certainly the conviction was.