IIRC, all he would have been selling is email addresses that are known to belong to iPad owners with AT&T as a provider. I don't recall that he had any credit card info.
Yeah sure. That's what the devil's advocate tags were about. I was arguing reductio-ad-absurdum - for some crimes, half carried through preparations should be punishable even if the intended "end crime" never got carried out.
I'm not suggesting weev was after credit cards or intending to commit fraud. But I stand by me second para - that Kaminsky or Blaze wouldn't have downloaded the entire database after confirming the vulnerability works - and weev should have known he was "doing something wrong" when he chose to. I agree that AT&T (and the prosecutors here) are _seriously_ overreacting, but weev was a fool if he didn't expect _any_ adverse reaction.
The mother that drove her daughters' friend/rival to suicide via fake MySpace profiles should have known that what she was doing was wrong, but a conviction for her on the grounds that using a fake name violated MySpace's Terms of Service, and is therefore 'hacking' under the CFAA is just bad law. Making bad law to punish someone that was doing something 'bad' is a net-loss to society, not a net-win
This stinks to me of AT&T and their legal team trying to make them look like "the victim" - where in truth their subscribers are he aggrieved parties here and AT&T are as much in the wrong from he subscribers point of view as weev is.
