Is it illegal, from my view no it's not illegal in that sense, but not really wanted either,

Well, you could maybe make it harder by preventing passwords like 1234, by making them 6-8 characters long with a mandatory character/number combo. Like 123456a or abcdefg8.

Then again people will create dumb passwords, no matter what you do.
Looks to me like he didn't wanted that Avatar anyway.

I still don't like it.
If you are not certain that the web site or program asking for your API key is safe, please do not give it to them! You are responsible for any usage of the information obtained by using your API keys.

There's nothing "meta' about it, it is illegal, plain and simple.

from: http://community.eveonline.com/support/api-key/



I think that pretty much says it all.

1234 was my first guess, by the way :)

What law does it break?

Depends on the country, i Denmark it would be -º 263

What does this paragraph state?

You are not allowed to access other peoples private data, or invade their privacy and so on.

data isn't private when it's on eveboard. the only way this effects the individual is ingame.

What law does it break?

data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)

Stop whining, my ribs are hurting from the laughter :)

What law does it break?

Section 9c
A person who, in cases other than those defined in Sections 8 and 9, unlawfully obtains access to a recording for automatic data processing or unlawfully alters or erases or inserts such a recording in a register, shall be sentenced for breach of data secrecy to a fine or imprisonment for at most two years. A recording in this context includes even information that is being processed by electronic or similar means for use with automatic data processing. (Law
1998:206)

If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

except for the fact he posted his PW in his application to PL. so the information is out there :)

That is irrelevant point. What matters is that you did not have permission to use it.

I dont think so..

The hundreds of chars using a combination of 123 to 12345 does not make it hard.

Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

They claim there that the titan was going to be PL titan. Go there, read the comments and judge for yourself.

So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Except he didn't hack eveboard- this tells you nothing of the security of eveboard beyond the fact that it allows morons to use moronic passwords (as they're apt to do).

He says he guessed the password, yes? That is considered bad. The fact that the password in question was weak does not take away from the point of him guessing the password and gaining access to PRIVATE data.

The law is clear here, Kat. Rocket broke the Swedish law. You may blame the victim all you want, but it does not change the facts.

He says he guessed the password, yes? That is considered bad. The fact that the password in question was weak does not take away from the point of him guessing the password and gaining access to PRIVATE data.

And since there was no punishment and the fact that the rules for setting a password is very weak it quite clearly points to eveboard not being secure.

except for the fact he posted his PW in his application to PL. so the information is out there :)

Social engineering and hacking are not the same thing, friend.

Apparently he didn't just guess it, the PW was available for him through an application for PL as stated here:



So no matter how many characters his PW contained, no matter how much leetspeak he used in his PW, no matter how many times you are able to guess a PW within a certain amount of time, he only needed to "guess" once while (possibly) having the right PW.

I'm not saying I approve that the PW is used for this outcome, I'm just saying that it's quite easy to blame Eveboard's security for Mino IV's choice to share his PW instead of keeping it private...

I'm not saying I approve that the PW is used for this outcome, I'm just saying that it's quite easy to blame Eveboard's security for Mino IV's choice to share his PW instead of keeping it private...

Also note that he said "1234 was my first guess, by the way :)" on page 1 means he did not have access to that information until after the privacy invasion.

Does it? It also could've been his first guess because he had read the application

Does it? It also could've been his first guess because he had read the application

Guessing a password is not Social Engineering, it's brute forcing,since you try stuff till it works. A social engineer would get the victim to give him the password thus requiring no guessing.

If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

Does it? It also could've been his first guess because he had read the application

It's correct i guessed the PW prior to hearing of his app, the point of the information being on the PL board means it is publicly available information; whether i knew it at the time or not.

Is guessing the password to Poses illegal as well?

Is accessing someone elses's account without their express permission illegal ? hmmm let me think about it .... err yes

Makes you think what other accounts he may try to access by guessing the password ?


Tal

And i'm not gonna get arrested for guessing the password for publicly available information (i.e. PL forum app) especially considering i didn't even use the information (logged in with 3 days on skill plan) maliciously or otherwise, to blow up an internet spaceship in a game where information is traded and shared by the minute without the consent of it's originator.

No, you're not going to get arrested because Chribba said he doesn't think it's a problem and he is the data owner.

If Chribba wanted to report you then it would be a whole other ballgame.

Social engineering and hacking are not the same thing, friend.

You said that the security of eveboard was compromised, which it was not. If you don't know about the subject you're going to blab on about it helps to just not say anything on it.

A single guess is not going to throw any anti-bruteforcing measures of the site. Even the requiring of rulesets that force people to use a seemingly more secure password are actually counter to the goal of securing the user's acount as the rulesets *limit* the keyspace one would have to use in a bruteforce attack. A reasonably open-ended password ruleset *allows* for both hilariously bad passwords such as this genius' and genuinely secure ones.

The responsibility is firmly in the hands of doofuses that pick such passwords, and it's wholly unfair to call Chribba's work insecure based on something like this.

Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or gaining computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud scheme.
"Social engineering" as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer and information security professionals.

So this RoCkEt X guessed Mino IV's password on Eveboard, which allowed him to figure out when Mino IV would log his titan chararcter on enabling RoCkEt X to kill said titan. The story is here http://themittani.com/news/legion-alts-downs-avatar-low-sec, and here http://pastebin.com/u9XjXtAa Too me it seems in the grey area just curious on other people's thoughts.

CCP Games is the data owner friend. Chribba is allowed to use the data under CCP's terms.

If he had read the application then he would of known the password and would not have had to "guess" the password. Pretty simple.

What does this paragraph state?

CCP Games is the data owner friend. Chribba is allowed to use the data under CCP's terms.

Hope you e-lawyers are as up to date on your contract law as you are on your information and privacy laws!

In the US, yes it is illegal. Any attempt to access any account that does not belong to you makes you guilty. If you manage to guess a password and actually gain access you are now in violation of several more laws.

CCP Games is the data owner friend. Chribba is allowed to use the data under CCP's terms.

Hope you e-lawyers are as up to date on your contract law as you are on your information and privacy laws!

data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)

Stop whining, my ribs are hurting from the laughter :)

Actually, the "break-in" happened on Chribba's server that he lets other people use, so the compromised data was the account info and whatever stuff is stored there. That it is very similar to EVE data is of no consequence, it's data (bits and bytes) stored on Chribba's server by the account owner and thus belongs to those two. The account owner did not give the permission to view it to Rocket (but... see below).

Using german law Rocket would have been guilty of computer espionage against Chribba and the account owner, and if he changed anything it might also be considered sabotage. It's basically the same problem IT security experts have: if they test the defenses of servers they are actually committing a felony under german law. In fact possessing tools like WireShark is already considered being on the wrong side of the law.

A decent lawyer would probably be able to use the ****** password as major defense as a "meaningful attempt to secure the data" is required. However like stealing a wallet from a car the owner forgot to lock is still theft the act would remain a criminal act under german law. The account owner would probably be rated as extremely careless ("grob fahrl+ñssig") to the point of "if you are this stupid, you mostly deserve what you get".
Also if the guy actually posted the password to an application things get even more fishy, as this might be interpreted as permission to view the data. Why else send the password to someone if not that he uses it? He might be able to file charges against the person who gave Rocket access to the application if Rocket wasn't part of the application process.
But then, Rocket contradicts himself ("1234 was my first guess" / "password was posted in an application") so a clever lawyer might bend that to his will.

Of course finding someone to persecute it might be the biggest problem. And proving who did what is a totally different matter as it requires access to Chribbas IP logs.

Uh, no, sorry but you're wrong. CCP was the originator of the data but not was not the owner at the point of the incident.

Not a lawyer but my job's heavily into database security.

The main question re any actual law is what country Chribba's server is in.

You wouldn't download a car!

The place where he posted his pw for that eveboard is a publically viewable subforum of PL's forums.

What law does it break?

See, this is why you use an alpha-numeric password at least 16 characters long of upper and lower case letters with numbers sprinkled through it too.
It's not fool proof but it makes your password a hell of a lot harder to guess, also rotate it frequently.

You wouldn't download a car!

So, if i post my API here, and select one person in this thread whom i allow to use it, anyone else using it is doing so illegally? i don't think so. If this was the case, half of eve's intel would have been obtained illegally, and for example - eveskunk would be illegal, and it's not. in any way, shape or form.

If it's hidden behind a password it isn't public, even if the player used a simple password, as the INTENT was to keep it out of sight.

If only it wasn't posted on a public board.... something something not a reasonable expectation of privacy *vaguely legal related words*

-9 billion einsteinbrains

zzzzz...

The password to my EVEboard is my API key. I'm betting this guys probably was as well. If someone has my API key they can see my EVEboard. How is that hacking?

Well, people are kind of mixing up two different things here.

One is accessing the GÇ£accountGÇ¥, which requires an API ID/vCode key pair. The other is accessing the outwards-facing character sheets, which (may) require a password.

If someone has your API though it doesn't matter if it was hidden or not because they can access the shell of the character sheet.

Again I'm not saying I approve this kind of data access nor do I state wether RoCkEt X was wrong/right. If this data was oh so important to Mino IV, he should've protected it this way. It's like leaving the keys of your car in any public location. Wether or not the guy who took your car was wrong/right by guessing what car the key belonged to and eventually taking it, it still was a stupid move and rather easy to blame the maker of the car for it.

Hi guys.

Update from BOPE corp - Rocket X was arrested on Friday 19th at 1544 at his home residence.

We'll keep you informed of his progress.

As my car-keys do have a stallion on it, it's very easy to guess the car most places.

Should I forget my keys somewhere I for sure am stupid, however, that doesn't mean you're free to take the car.

Bingo! The same goes for having 1234 as your password



Bingo! I'm not saying anyone was right by using the access to Mino IV's account without permission

I would if I could!


And someone change the combination on my luggage!

So this RoCkEt X guessed Mino IV's password on Eveboard, which allowed him to figure out when Mino IV would log his titan chararcter on enabling RoCkEt X to kill said titan. The story is here http://themittani.com/news/legion-alts-downs-avatar-low-sec, and here http://pastebin.com/u9XjXtAa Too me it seems in the grey area just curious on other people's thoughts.

except for the fact he posted his PW in his application to PL. so the information is out there :)

If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

May I refer to what rocket said earlier in the thread:



This just ruins any illegal claim, as the guy has posted his p/w on an application on the PL forums intending on other PL members (and as it's public for other people) to see and in follow has given them authorization to access the material contained on his EVEBoard page.

I just smell butthurt

Only in EVE Online will people get assmad about spaceships

FREE ROCKET 2013

This just ruins any illegal claim, as the guy has posted his p/w on an application on the PL forums intending on other PL members (and as it's public for other people) to see and in follow has given them authorization to access the material contained on his EVEBoard page.

I just smell butthurt

Unless the PL application clearly states that the password will be used in perpetuity, repeated use is not automatically allowed. If i let you borrow my car once, it doesn't mean you can come borrow it whenever you want.

Unless the PL application clearly states that the password will be used in perpetuity, repeated use is not automatically allowed. If i let you borrow my car once, it doesn't mean you can come borrow it whenever you want.

May I refer to what rocket said earlier in the thread:



This just ruins any illegal claim, as the guy has posted his p/w on an application on the PL forums intending on other PL members (and as it's public for other people) to see and in follow has given them authorization to access the material contained on his EVEBoard page.

I just smell butthurt

Unless the PL application clearly states that the password will be used in perpetuity, repeated use is not automatically allowed. If i let you borrow my car once, it doesn't mean you can come borrow it whenever you want.

This.



I smell damage control. Why would you "guess" a pw that has been given out beforehand?

Usually recruitment boards are private (as if folks really did see the recruitment process, they'd probably never join another guild/clan/corp again!). The only "public" there is the officers who handle them. After it's approved then applications can be publicly posted, and usually without the personal info (as some apps require RL names and phone numbers).

Usually recruitment boards are private (as if folks really did see the recruitment process, they'd probably never join another guild/clan/corp again!). The only "public" there is the officers who handle them. After it's approved then applications can be publicly posted, and usually without the personal info (as some apps require RL names and phone numbers).

What law does it break?

No but if you let the person keep the car keys that implies that you allow them to keep using the car at will and you then cant SHOUT THAT THEY STOLE YOUR CAR.

-The Computer Misuse Act. (http://en.wikipedia.org/wiki/Computer_Misuse_Act_1990)

But as far as I know, Julian whatshisname from wikileaks is still being chased so I would only advise caution when trying to interpret the law for anyone questioning the validity of their conduct and take all considerations when doing something you think might not be okay to do.

Good luck trying to win that in court.

It all comes down to INTENT. Someone gives another a key to their house, it's fine for them to come over (like in home care, where nurses have to let themselves in the house). It doesn't mean it's okay to steal from the house, though.

Since the "crime" occured in Sweden, I would venture that Swedish law was broken. A little Googling results in the offence being laid out in Chapter 4 Section 9c of the Swedish penal code.

Quite a few countries have laws against unauthorised access.

Of course it's really only against the law when it embarrasses a big corp or the government but eh

If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

So this RoCkEt X guessed Mino IV's password on Eveboard, which allowed him to figure out when Mino IV would log his titan chararcter on enabling RoCkEt X to kill said titan. The story is here http://themittani.com/news/legion-alts-downs-avatar-low-sec, and here http://pastebin.com/u9XjXtAa Too me it seems in the grey area just curious on other people's thoughts.

No but if you let the person keep the car keys that implies that you allow them to keep using the car at will and you then cant SHOUT THAT THEY STOLE YOUR CAR.

If you don't want him to keep using your car, maybe you should take the key back?

This is the problem with using analogies; inevitably someone tries to extend the analogy beyond the confines of the actual point.

If we were to continue using the car analogy, you've got a copy of the key, not my personal key. Even if you have a key, unless I gave you permission to use the car, whether you have a key or not is irrelevant. It's called "taking without owner's consent." It's illegal, and it's illegal pretty much everywhere. The key issue here isn't the key or password, it's whether or not the access is authorized. There are tons of examples of people accessing ex-boy/girlfriend's email/facebook/whatever accounts using a password given to them by the ex and getting in trouble for it. It's still illegal. Permanent consent to access would only be assumed in cases where ownership is an issue, for example, a couple who is separated but who still jointly own their house.

Quit pulling arguments out of your ass. You clearly aren't familiar with the legal framework.

This is the problem with using analogies; inevitably someone tries to extend the analogy beyond the confines of the actual point.

If we were to continue using the car analogy, you've got a copy of the key, not my personal key. Even if you have a key, unless I gave you permission to use the car, whether you have a key or not is irrelevant. It's called "taking without owner's consent." It's illegal, and it's illegal pretty much everywhere. The key issue here isn't the key or password, it's whether or not the access is authorized.

Quit pulling arguments out of your ass.

If only it wasn't posted on a public board.... something something not a reasonable expectation of privacy *vaguely legal related words*

-9 billion einsteinbrains

zzzzz...

This is the problem with using analogies; inevitably someone tries to extend the analogy beyond the confines of the actual point.

If we were to continue using the car analogy, you've got a copy of the key, not my personal key. Even if you have a key, unless I gave you permission to use the car, whether you have a key or not is irrelevant. It's called "taking without owner's consent." It's illegal, and it's illegal pretty much everywhere. The key issue here isn't the key or password, it's whether or not the access is authorized. There are tons of examples of people accessing ex-boy/girlfriend's email/facebook/whatever accounts using a password given to them by the ex and getting in trouble for it. It's still illegal. Permanent consent to access would only be assumed in cases where ownership is an issue, for example, a couple who is separated but who still jointly own their house.

Quit pulling arguments out of your ass. You clearly aren't familiar with the legal framework.

Alot of people seem to be basing there opinion on the fact that the api was accessed via guessing the password,
it wasn't the data that the API provides was shown on the page not the API not the account details or login details.

So saying that the api was accessed without permission is wrong because it WAS NOT ACCESSED, only the data it provides was accessed which the player Chose to be shown on eve board.

Things to learn here:

1) Don't Use 1234 as a password on eve board (ESPECIALLY IF YOUR IN A SUPER CARRIER OR TITAN)
2) Don't Log off a titan like a ****** without safe log off
3) Everyone thinks they are expert lawyers
4) Everyone thinks everyone else is wrong even when they are wrong
5) The rage in this thread makes me laugh so hard it took me about 20 mins to write this reply.

How long have you been practicing e-law?

If you don't want him to keep using your car, maybe you should take the key back?

Unfortunately, if I were to post my SSN, that would not give you permission to acquire it by trying all the door handles to my house and reading it from the card inside that same house.

Sine he was able to kill the titan through legit ways, grats to him on his hunt.

Unfortunately, he TRIED to do it through nefarious ways, so boo to that.

If Rocket were to be arrested for this then the people that made the accusation should be fined as well for filing a false police report.

Let's just go ahead and arrest all of eve, m8

Monkeys see monkey do.... PL != of eve...

Meta gaming != hacking, troll all you want..

Smashing keyboard with hamhands != comprehensible sentences

Would you be this buttdevastated and e-lawyery if he was still in PHEW and not PL?

GǣThe Computer Misuse Act 1990 is an Act of the Parliament of the United KingdomGǥ GǪwhich has no jurisdiction over Swedish servers.

That's because he was trying to evade justice by fleeing the country where he was being accused of a crime.

I agree. Chribba should refund the poor chump.

Nice patience on the kill Rocket - gratz.

Fake Edit. Also - this thread was absolutely hilarious.

Oh dear... you got issues son. :)

Sounds like Rocket x got the password from the application he sent in to PL. If he can see the password in the application it means that he was authorized to look at the account, therefore he broke no laws, he was authorized to look, anytime you give out free intel like that expect it to be used against you. That being said I have my characters up on eveboard as well so I don't see the issues, if someone wants to work that hard for a kill then they deserve it.

you are the one saying no laws was broken, who is it exactly who is being the e-lawyery... look in the mirror...

The white-knight space lawyers are out in force today.

The titan pilot posts his EVE API on a 3rd party website designed specifically for displaying API information publicly.

Innocent til proven guilty dawg

Good thing that this is totes comparable to an SSN, the keys to your car, etc..

To be clear, I would download *your* car and vigorously stick my keys into it repeatedly and with reckless abandon while blaring your SSN over my sickass sound system wit da bass drops all up in that.

The white-knight space lawyers are out in force today.

The titan pilot posts his EVE API on a 3rd party website designed specifically for displaying API information publicly. He then uses 1234 as a password, and THEN posts that password on a public site. At this point EVERYBODY IN THE WHOLE WORLD goes apeshit because one person decided to view this eveboard.

Anyway, you're all so mad about eveboard that you've forgotten to be mad about ISBOXER. I suggest you all go and make an ISBOXER thread, despite the fact that both ISBOXER and eveboard were just bling on this kill. The titan was doomed the moment he thought that "safe logoff" didn't apply to him -- if Rocket didn't get him, somebody else would have.

As always, good job Rocket.

Innocent til proven guilty dawg

Also, tell me how saying the issue is more complicated than you morons having some vague feeling that it's illegal saying that no laws were broken? Go on, I will wait for you.

HE'S ALREADY IN JAIL FOR HIS DASTARDLY DEEDS, HAVE SOME RESPECT YOU GODAWFUL PEOPLE

#freerocket

So you condone illegal activities. That sucks =(

To be clear, a player did something that he should not have.

To be clear, he quite succinctly said he did.

To be clear, he said he didn't even need the information he did access.



You know, to be clear.

GǪand the other issue is one of assumed and implied consent. There are plenty of situations where the continued use could be reasonably assumed.

There are also numerous examples where access has been given once, and then been turned into effective ownership because the details of the initial verbal agreement can't be established.

Any intentional access to obtain information to the detriment of the account holder should be considered unauthorized."

The key point from that article is: "Based on jury verdict, it appears that a use exceeding authorization constitutes an unathorized use under the statute. Furthermore, the context can establish the scope of permission. In this case, permission was granted to access an email account for performing work and obtaining information necessary for performing a job function. When the account was accessed four years later, the purpose was to obtain information to harm the owner of the email account and the employer. This was not a proper purpose.

Unless there is a written document establishing the scope of authorization for another's email account, the scope of any authorization should be limited to access for the benefit of the account holder. Any intentional access to obtain information to the detriment of the account holder should be considered unauthorized."

As far as eveboard goes, that doesn't really give any details to that kill apart from when the skill ran out which sure could give a theory in what timeframe a pilot would log on to change queue. Plus they had been monitoring him for quite some time it appears.

Is it illegal, from my view no it's not illegal in that sense, but not really wanted either, but should there be a need for me to implement additional security measures to prevent brute force (than those already in place) I will do so. Guessing passwords for 60 seconds I don't think will trigger any police action (especially not in the case of eveboard, and if there had been substantial load I'm sure my monitors would have gone haywire). PS. I don't at all condone.. condole(?) or approve of this technique at all, just giving my view on how I feel about it.

If anything, I'd rather see the whole ISboxer setup being more of a grey zone in this case.

/c

[quote=Lucius Exitiusbut since its an extension of the game its no different then guessing a POS password.

Then how do you read the api keys in game? YOU POST YOUR API on EVEBOARD POST being the key word there.

You don't. The game itself has no method of displaying information from API keys other than with the integrated web browser, which is reliant upon services provided by third parties.*

Just because you can access it using the in game browser does not make it part of the game.

* Unless you like reading XML.

To be clear, someone drove a forklift up your rearend.

To be clear, your familiarity with any country's law, let alone many countries' and on varying legal specialties, is fuckall and you're now talking through the resulting gaping wound.

To be clear, I downloaded the keys to that forklift, stuck them in til one worked, and am now inserting large numeric art sculptures back into the afforementioned gaping void in a series quite similar to your SSN.

Just ~bein' clear~

I'm no big city lawyer but I believe you just soiled yer britches.



Man let's go comparing this to all kindsa ****, rather than facing the reality that we lack social skills and need to find a healthy hobby that doesn't permanently alienate us from people that might otherwise enjoy our company if only we'd step from the dark corners of our dingy, cheeto-hazed, redbull-can-filled, vaugely sperm-smelling rooms from which we wile away the hours furiously slapping out long diatribes about internet space pixels and the surrounding statutory and legal precedents.

I like all the pseudo lawyers up in here, it's almost like you guys think something will come of this, its cute.

I'm no big city lawyer but I believe you just soiled yer britches.

Man let's go comparing this to all kindsa ****, rather than facing the reality that we lack social skills and need to find a healthy hobby that doesn't permanently alienate us from people that might otherwise enjoy our company if only we'd step from the dark corners of our dingy, cheeto-hazed, redbull-can-filled, vaugely sperm-smelling rooms from which we wile away the hours furiously slapping out long diatribes about internet space pixels and the surrounding statutory and legal precedents.

And here we have proof that a large majority of Eve players will happily discuss minutiae until it is well past relevance.

This reminds me of how I guessed the password of a secure container in space once. it was "8888" or something like that. Got 10 billion worth of what was apparently a sweatshop's loot. (The guys were stashing it in containers so as to guard their assets against the inevitable bans).

Anyway, gaining access to someone elses account on a computer system might be illegal, but even so, this falls outside CCP's jurisdiction anyway. Case closed.

I think hacking a container in a game, or even corp theft for that matter all done in game, is perfectly legal.

It's when you are out of the game, at a browser or terminal, and crack into an account, that things get dicey.


But like i said before, it all depends on who you are (at least in my country). If you are with the "in" crowd you can get caught hacking phones and have your own show on CNN still or run an entire news network. If you are not in the "in crowd" or perhaps have publicly gone against it, then even the hacking of a secure container might land you in trouble. At the least, even if a judge throws it out later, the "message" is sent by the SWAT raid you get regardless of the crime or the charge.

I think hacking a container in a game, or even corp theft for that matter all done in game, is perfectly legal.

It's when you are out of the game, at a browser or terminal, and crack into an account, that things get dicey.


But like i said before, it all depends on who you are (at least in my country). If you are with the "in" crowd you can get caught hacking phones and have your own show on CNN still or run an entire news network. If you are not in the "in crowd" or perhaps have publicly gone against it, then even the hacking of a secure container might land you in trouble. At the least, even if a judge throws it out later, the "message" is sent by the SWAT raid you get regardless of the crime or the charge.

Wow, this thread is almost 10 pages and full of internet lawyers.


Ban OP, gas thread, and nuke it from orbit, it's the only way to be sure to get all the internet lawyers.

Consider this.

Dude has a bunch of keys.
He goes around to random houses to see which key will fit a lock.
Eventually he finds one which opens a door.

Just because the key fits the door does not make his action legal, it's still a crime.

Likewise, nor should such an action as discussed here be condoned. Same legal principles apply.
There's nothing "meta' about it, it is illegal, plain and simple.

o7

You're quoting me, quoting the lawyer who writes that blog. The statement is his, not mine. As he is an actual lawyer and you are a cheeto-eating, redbull-drinking, Onanistic recluse, I'm going with his opinion over yours.

Any intentional access to obtain information to the~~~~~detriment of the account holder~~~~~ should be considered unauthorized."

So this RoCkEt X guessed Mino IV's password on Eveboard, which allowed him to figure out when Mino IV would log his titan chararcter on enabling RoCkEt X to kill said titan. The story is here http://themittani.com/news/legion-alts-downs-avatar-low-sec, and here http://pastebin.com/u9XjXtAa Too me it seems in the grey area just curious on other people's thoughts.

1 Unauthorised access to computer material.

(1)A person is guilty of an offence ifGÇö
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured]F1 ;
(b)the access he intends to secure [F2, or to enable to be secured,]F2 is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.

(2)The intent a person has to have to commit an offence under this section need not be directed atGÇö
(a)any particular program or data;
(b)a program or data of any particular kind; or
(c)a program or data held in any particular computer.

[F3(3)A person guilty of an offence under this section shall be liableGÇö
(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
(c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.]

Except eveboard doesn't have accounts, you post your API key on it. Having a password doesn't make it an account, no different then password protecting an excel or word document, its not illegal. IT would be like saying reading this post is illegal, its here for all to see.