If I leave other people’s stuff that I promised to take care of on the street and it gets stolen, I would be to blame.

blame isn't mutually exclusive. you can still blame the person that stole it too!

> might have some impact on whether the act was illegal or not

Only the burglary, trespassing, or B&E parts. Theft is still theft even if you leave your doors unlocked and/or open.

More like complaining when your teenager takes a break from mowing on trash day and leaves the mower next to the trash and someone takes it.

A website is not a house. It is nothing like a house. There is no front door. There is no lock. There is no expectation of privacy. There are only things you can access and things you cannot. There is nothing inappropriate about trying to open the bathroom window from the outside.

If I wanted to try to use such a weak analogy, the analogy to hacked is not robbed. You were only robbed if content was removed and exclusively held by someone else, which in the security world we call a ransom.

You can see how quickly this breaks down.

Well, other legal distinctions aside, robbery is taking things by threat of force.

If someone doesn't know they've been a victim of larceny until later, it wasn't a robbery.

Good analogy, from a personal perspective.

In this case, a person was yelling through the front door "Your door is wide open!" and no-one was listening.

For a 42B AUM company, at a time where running an IT operation means "use CrowdStrike so that you pass audits", leaving the front door open all night should get you fired, regardless of whether you blame hackers or not.

If you put all your stuff on your front porch with a sign “please take what you want” and it’s all gone the next day - then you can’t say you were robbed.

I think this is a more apt analogy to what az16 did here

IMO these sorts of analogies to houses and porches don’t really work because there are just different cultural norms between websites and porches.

If there were a convention of leaving stuff on your porch to donate it, and a general assumption that when people left stuff on their porch it was up for grabs, somebody started storing their groceries there, and they were taken… they would just be stupid and not sympathetic.

If somebody just moved to a neighborhood where this was tradition and didn’t know about it, they would rightly be a little bit annoyed when the groceries they stored on their porch were taken, but really they only have themselves to blame for not understanding the local conventions.

If somebody opens up a storage company and then just put all the customers’ stuff on one of these porches, they are just dangerously, unethically incompetent. Even if there isn’t a convention of taking stuff from porches, actually. Because there are also armed gangs (nation-states) that go check out people’s porches for secrets.

There's no analog for the sign. You just put it in because without it your scenario still feels like theft (because it is) and you end up arguing against your own point.

That is fair enough, I guess it’s not a great analogy overall.

But IMHO it’s hard to feel to bad for someone (az16 in this case) who handles their arguably most valuable goods in such a manner and gets robbed.

More like if they kept their wallets in an open basket on the porch.

It's not an invitation to take it, it's just really stupid.

Yes that would have been a much better analogy.

Using those credentials is still a violation of the he CFAA, no reasonable person would think they were invited to access the systems protected by those credentials.

Yea, I'm sure the Russian/China/NK/Iran hackers are deeply afraid of the CFAA, you got them shaking dude (and vice versa when someone in the US hacks one of their sites).

The particular problem here is we think of the crime on the web in a civil/criminal manner... "People should just follow the law or be punished for a crime". This is not the internet. Regardless of what you think about the internet, it is an international war zone. If you leave the hatch of a tank open and a drone blows it up, that was you being stupid. If you leave an ammunition truck unguarded and the enemy takes it, again, that is you being stupid.

History will look back and say WWIII started on the web, but as of now it seems a huge number of people are in denial about it.

None of this at all applies to this thread. It’s true, but also irrelevant to this discussion being had.

All of this applies to this thread.

Do you cultivate vines with fruit, or do you cultivate brambles and eat thorns?

Remember white hats don't need to exist. Black hats will exist by the very nature they are parasitic and thrive where exploits exist. We can either have a community that warns you that "Hey, the stuff on your porch is going to get stolen" or we can have a community that calls their buddy when they see some stuff fresh for the taking.

A huge portion these discussions under this article are people arguing the minutia of a puddle in the lawn while a 10 meter high tsunami is rushing their way.