You're absolutely correct. Like I said in my previous reponse, there is no gray area here. Everything he did from start to finish is exactly what Joe Hacker would do to break into the site. He claims he "tried not to hide" his actions, which I believe he is saying just to avoid the embarassment of being found. I find it hard to believe this guy is a real "professional" security researcher, especially considering he STOLE data that he ought to know would get him in serious trouble. If the data was "discovered" on his computer, then he didn't admit to taking it. That leads me to question his real motives, and what he planned to do with the data. His story of "security research" is most likely a cop-out.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11389/33754#33754