Was it a hack job or was it a simple prank?
A federal judge feels it was a hack and found a 38-year-old Dry Didge, KY, man in violation of the Computer Fraud and Abuse Act (CFAA) and sentenced him to five months in prison and two years on probation.
Michael Pullen has to report on Oct. 21 to a federal work camp in Ashland, OH.
Pullen is guilty of hacking into several accounts on the social networking website SodaHead.com.
Pullen didn’t cause any damage. Instead, he hacked into the accounts of those who posted homophobic and racist comments and replaced their posts with something less offensive.
He used a software vulnerability to gain access to the accounts he targeted.
The defense argued Pullen was simply a prankster and he shouldn’t have received a jail sentence. However, SodaHead.com representatives said Pullen’s hacking posed a threat to the company. They were desperately working to find the vulnerability leveraged by the hacker.
In addition to his federal sentence, Pullen will also have to pay $21,000 to the company.
Pullen’s sentencing came under the CFAA. Congress enacted CFAA in 1986 as an amendment to existing computer fraud law, which was in the Comprehensive Crime Control Act of 1984. The act clarifies and increases the scope of the previous version of the law while, limiting federal jurisdiction to cases “with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.” In addition to clarifying a number of the provisions, the CFAA also criminalized additional computer-related acts. Provisions addressed the distribution of malicious code and denial of service attacks. Congress also included in the CFAA a provision criminalizing trafficking in passwords and similar items.
Internet law expert Eric Goldman, a critic of CFAA, said it appears the law ended up properly applied in Pullen’s case.
“This is a fairly straightforward application of the law,” said Goldman, a Santa Clara University School of Law professor and director of the High Tech Law Institute in Silicon Valley. “We might want some type of restriction against accessing someone’s private space on a computer – even if it is done as a prank.
“Having said all of that, it isn’t clear whether this was all that harmful. There was probably some teeth gnashing, but what other damages were incurred from his intrusion?” he added.
Pullen started surfing SodaHead.com in 2009 after losing his job. He exploited a bug in the social media network to hijack accounts.
He claimed he only did it for around two weeks, but he attracted the attention of the U.S. Secret Service.
Agents showed up at his house in March 2010. However, prosecutors charged him in November 2012.