Taking over 60k spyware user accounts with SQL injection

(ericdaigle.ca)

228 points mtlynch | 1 comments | 03 Jul 25 14:56 UTC | HN request time: 0.233s | source

Show context

blueplanet200 ◴[08 Jul 25 16:41 UTC] No.44501690[source]▶

From sqlmap

> Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"

I don't know the legal footing these spyware apps stand on, but this blog post seems like exhibit A if Catwatchful ever decided to sue the author, or press criminal charges. Hacking, even for reasons that seem morally justified, is still illegal.

replies(6): >>44501792 #>>44501947 #>>44502094 #>>44504388 #>>44505059 #>>44505234 #

VWWHFSfQ ◴[08 Jul 25 16:54 UTC] No.44501792[source]▶

>>44501690 #

Yeah this whole exercise was completely illegal and I'm surprised this person publicly (and proudly) blogged about it like this.

They probably need to engage an attorney now.

replies(5): >>44501866 #>>44501907 #>>44501998 #>>44503077 #>>44508921 #

mtlynch ◴[08 Jul 25 17:04 UTC] No.44501907[source]▶

>>44501792 #

The server they compromised is essentially a command and control server for an illegal botnet.

Are there documented cases of botnet owners trying to sue or get law enforcement to prosecute someone for infiltrating their botnet?

I'd be more concerned about extralegal retaliation from people in the malware ecosystem.

replies(1): >>44502136 #

1. dylan604 ◴[08 Jul 25 17:26 UTC] No.44502136[source]▶

>>44501907 #

Hey, that's my server, and is totally 100% legit. I was unaware that I was pwnd and someone was using it as a C&C server. I'm now suing you for hacking my server, as you could be the person that installed the C&C server. After all, you are an admitted hacker.

Stranger things have won in court

↑