It seems to generally be a crime to access a computer system you aren't supposed to, regardless of how you came by the login info (phishing, guessing passwords, etc).
The UK is the same. I don't think it has been tested in court, but the Computer Misuse Act 1990 makes "Unauthorised access to computer material" illegal. Doing this would legally fall under this, resulting in a fine of up to £5000 or 6 months behind bars.
They might be technically capable of doing this, but I would enjoy reporting them to the police for possibly having committed criminal offences under the Computer Misuse Act, Regulation of Investigatory Powers Act and others if they ever tried it on me.
I wonder if the much-hyped US-UK extradition treaty cuts both ways in such a flagrant case of unauthorised access...
so its pretty clear, if you make a computer do something which may ultimately lead to gaining unauthorised access- and it is your intention that doing so may lead to unauthorised access then....you've just broken the law (in the uk). note you dont actually have to gain unauthorised access you just have make the computer perform and action and have the intent of gaining unauthorised access.
so if you've performed the action of coming on hackernews in your browser with the intent finding a way to gain unauthorised access, guess what? youve just broken the law!
someone call the cops
In the UK, at least, unauthorised access to computer material under section 1 of the Computer Misuse Act 1990 - and I would also assume that it would also fall foul of sections 2 ("Unauthorised access with intent to commit or facilitate commission of further offences") and 3A ("Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA") as well.
(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured]F1 ;
(b)the access he intends to secure [F2, or to enable to be secured,]F2 is unauthorised; and
Lastpass is not trying to secure the web wervers with the check
Accessing a system you don't have permission to access because it's misconfigured is still illegal lmao. People have gone to jail for doing exactly this.
Quite a few countries have laws from the 1980s that basically say "gaining unauthorised access to computer systems is a crime"
Which is of course a very expansive definition. Think you've found a leaked database credential and you test it before reporting, so as not to create a false alarm? That's illegal hacking. Almost any persistent XSS? That's illegal hacking. Access an admin panel by entering a default password? You guessed it, illegal hacking.
We might get the impression these laws don't exist, because they aren't enforced internationally or if the hacker can't be identified - so black-hat hacking, cryptolockers, tech support scams, giant data breaches and suchlike go completely unpunished. But a white-hat hacker who identifies themselves in hopes of getting their security report taken seriously might well get a visit from the cops.
In USA and UK at least unauthorised access or use of a computer is criminalised. On some situations you can argue for assumed consent, the law doesn't operate on "if I can do it then it's authorised". Unless you can show you have permission then it's not authorised, ergo not legal.
This is almost certainly an instance of Unauthorized Use under the CFAA and therefore criminal in the USA and any jurisdictions with similarly broad anti-hacking laws.
reply