David Nosal found guilty of hacking without actually hacking

David Nosal, an executive recruiter based in San Francisco, was convicted of all charges in a six-count indictment by a federal jury on Wednesday, this with Mr. Nosal never actually breaking into a computer. With this conviction it appears that the definition of 'access' has been given more of an expansive legal reach.

What Nosal did do according to the prosecution was coax, sometimes with money, his former colleagues at the Los Angeles-based executive search firm Korn/Ferry International to access databases and provide trade secrets in order to assist him in building a competing firm.

Wired points out that the Computer Fraud and Abuse Act was passed in 1984 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality.

The act makes it a federal offense if one “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” Prison penalties are up to 5 years per violation.

In the April, 24th news release from the US Attorney's Office, northern district of California it states that Nosal was initially indicted by a federal grand jury on April 10, 2008. The government obtained superseding indictments on June 26, 2008 and February 28, 2013. In the most recent superseding indictment, Nosal was charged with one count of conspiracy, three counts of unauthorized access to a computer used in interstate or foreign commerce or communication, one count of unauthorized downloading and copying of trade secrets, and one count of unauthorized receipt and possession of stolen trade secrets. Nosal was found guilty on all six counts of this indictment.

Sentencing is scheduled for September 4, 2013 in San Francisco, and the maximum statutory penalty for the conspiracy charge and the unauthorized access charges is five years’ imprisonment and a fine of $250,000, plus restitution if appropriate.

So if you leave a company, and perhaps you might have left some information on the server; do not call a friend to retrieve it. As Mr. Nosal learned that act could be considered hacking (accessing), and those 'friends' will most certainly provide evidence against you in exchange for not being charged. My statement takes it to the extreme, but you never know.....