(For those of you who missed Hamlet retold as a pair of drunk Canadians saving the world, the McKenzie brothers are the main characters of the movie Strange Brew.)
Argentina is littered with them. Walk down Florida Street (ironically named) in Buenos Aires and hear "cambio, cambio, cambio" being yelled out constantly.
It's grim. Thompson did just about everything they could have done to escalate their sentence short of finding a way to traffic explosive devices or desecrate a veterans cemetery. The sentence in reality will come down to how they account for losses to the victims, but any plausible number here rockets you to the bottom of the sentencing table (the difference between 50MM and 250MM in the sentencing guidelines is much smaller than the difference between $5k and $100k).
Roughly here, you get:
6 base sentence level for 2B1.1 crimes
+20-28 victim loss(!)
+4 multiple victims
+2 sophisticated means or multiple jurisdictions
+2 trafficking in access devices (incl. account numbers)
+4 (maybe) jeopardizing the safety of a financial institution
+2 PII
+4 malware (the indictment more or less demands this one)
+2 obstruction or destruction of evidence
Assume no criminal history for the defendant, then, without replicating the whole table, level 10 is 6-12 months, level 20 is 3 years, level 30 is 7-9 years, and level 40 is 25-30 years.
That's a good catch; I just grabbed the indictment from PACER. Worth noting though that they don't have to find Thompson guilty on those counts to trigger those accelerators (and it's hard to believe Thompson could dodge the PII sentencing modification since there's zero doubt as to whether their conduct involved PII).
Ultimately though I think it'll come down to how much money Capital One lost dealing with this and the aftermath (again, I assume less the fines and lawsuit).
I break into computers for a living, and stories like this are in the news all the time. I'd probably do much worse at, like, an embezzlement case.
I'm also probably (I hope) wrong about the 2b1.1 loss calculation here; I read the USSC primer on it and it's not super clear but leans me towards the idea that a penalty assessed on Capital One for doing a poor job securing their data can't be included in a loss assessment against Thompson, and I'm not clear that the damages for a settled lawsuit over same could apply either.
So total losses could be in the single-digit millions (as a general rule of thumb, you can't get convicted in federal court of hacking a real company and incur less than ~100k in damages, simply because of the cost of insurance-mandated forensics investigations --- here I don't really see any chance that the "actual damages" could have been less than 7 figures given the magnitude of what was stolen).
There is also, per the USSC document, a formula for computing damages "per access device", where "access device" is a term of art that includes account numbers, so that could also generate a nosebleed sentence.
For no reason whatsoever, just based on doing this exercise for every 18 USC 1030 case that's been in the news for the last decade or so, my wild-ass underinformed guess is that the sentence will end up under 10 years, but more than 5.
He does security for a living. It seems pretty important to know how much jail time you would be facing if you cross the line from whitehat to blackhat (including who legally gets to decide that line).
Another story about the case says "up to 20 years" but I assume that comes with all the usual caveats, e.g. they may have just totaled up the maximum sentence from each individual count as if they had to be served consecutively.
That doesn't strike me as being entirely true, unless I misunderstand your needs? Hubspot does this - my sales guys send emails via Google, I see everything in Hubspot. Prior to Hubspot we used Close.io - same thing. Every email sent (and every reply) showed up in Close.io in the context of the contact(s).
As for IMAP tags etc. - yes I've never seen that. Although you can probably use Streak for that (streak.com)
The challenge with that is if you can't get the Department of Labor to institute this (under a favorable administration), Congress is mostly deadlocked until the makeup up representatives turns over (through voter turnover). Alternatively, you could target enough states to pass this law that it would be useless to avoid listing your jobs in those states, as you'd be excluding excessive candidates from your candidate pool.
California, Oregon, Washington state, Illinois, Minnesota, and New York would be ideal next states to push this legislation. Texas and Florida would, of course, not be likely to pass such legislation although they each have large populations that would benefit from such pro labor statute. Turn the ratchet.
You're right. It's kind of like marijuana legalization. The feds refused to but it's almost become defacto law of the land when enough states do it themselves.
Your clarification is important and I've seen all too often these past few days a critical misunderstanding of the case. The baker offered the couple any other cake in the shop and offered to bake any cake they wanted - other than one specifically for a gay wedding.
Yup. A Land Rover was stolen right near my house in broad daylight and I live in a very good neighbourhood. Cops came by and asked me if I had home cameras, but they explained to me this is very common. High-end SUVs are targeted and this is run by organized crime. Cars are overseas within days to be re-sold.
The thief just hangs around the target, waits for the fob to be used, clones the signal and can steal the car within 3 minutes.
The problem is so pervasive that Land Rover offers discounts to previous customers who are victims of theft:
In the US it seems like theft of parts is a lot more popular. Things like wheels, light housings, and catalytic converters are especially popular. Getting a car out of the country is a lot harder when you don't share land borders with eastern europe. When people steal cars they usually only use it for as long as it takes to commit another crime. A lot of the car chases are with stolen cars so police have no clue who is inside since running plates returns the owner.
GP's link is to landrover.ca, implying Canadian origin - a country which does not share land borders with Eastern Europe. By the time a group is big enough to be fencing cars overseas, I wouldn't be so quick to discount their ability to move through a seaport.
"We know our vehicles depreciate faster than average, and rather than fix common security flaws or encourage gap insurance, we'll offer a token discount."
I guess that falls in line with their reliabity standards and replace every 2 year business model.
The wifi pineapple equivalent of this would be a device that records all signals sent, filters it for unlock and start car commands, and then allows you to just bulk replay each set back until cars start.
You could effectively leave it in the bushes at a work parking lot, come back the next day, and unlock + start all of the cars with keyfobs that were present the day before.
Can someone explain to me why this wasn't the case before covid? Are the companies who are ahead of the automakers "in line" ordering more than before covid?
Cars are not a large market compared to cell phones and other users of ships. Cars are louder than the rest, but not bigger.
They typical car lasts 10-15 years. Cell phones about 2. More people have a cell phone than a car. Sure the car has more chips, but not by enough to make them bigger than phones. (Phones and cars mostly don't use the same process)
Simplest answer: Demand has gone up overall for technology like tvs, computers, game consoles, etc... Meanwhile, during covid the ability to scale (production and supply chain) to meet that demand has been difficult.
