Alex Pilosov · @apilosov

21st Nov 2012 from Twitlonger

@rabite @maradydd
What is happening with weev is not simply injustice. He's done plenty of mean things and hurt many people's feelings (including mine) in process - but none of those are criminal, and more importantly, they have no bearing to what he is being prosecuted for.

The big issue here is that this decision, if it stands, affects everyone who ever discovered a security flaw - not just people in security industry - this includes neteng, sysadmin, and any other kind of geek.

Just this one time, weev acted as responsibly as anyone in "security industry" - the email addresses obtained weren't posted publicly on pastebin, or sold to the highest bidding spammer. An excerpt (proof of exploit if you will) was provided to a reporter - that is all.

One reason weev is being prosecuted is he's trolled feds plenty and they were waiting for *something* they can nail him for that could be considered a crime (vs, annoying people). You don't doxx the FBI agent (and later on, prosecutor) that's investigating you, without some kind of retribution.

However, the other reason that he was prosecuted is because it would set a precedent for "post-factum unauthorized access" cases, and likely not to be able to mount a significant defense since he's burnt his bridges. And it was mostly the case - very few people spoken up so far.

I am hoping that the judge's rulings on his motions, and prosecutor's conduct (as an example, "attending blackhat" was something that was thrown at weev's expert witness to prove that he is a hacker, just like weev) will scare enough people to realize that on this issue, we are all on the same side - and that if let standing, this will not just affect people *in* the security industry - but everyone who ever done something unusual. If security research is forced underground because of chilling effect of possible prosecution - we will all suffer.

weev isn't the cutest poster child for "good hackers" or "security industry". But let's put it this way - he's better than Kevin Mitnick. He didn't clone cell phones to get free calling, or set up wiretaps, or read private email.

If you consider yourself a 'tinkerer' or a 'hacker' of any kind, you should, at minimum, pay attention to the case and think how it will affect your work. Preferably, you should speak up and make it clear that what he was prosecuted for wasn't a crime.

Reply · Report Post