The only reason you got into trouble is because you embarassed the IT guy and now his superiors know how dumb he is. He wants to say you were hacking because he's trying to deflect. How much trouble you'll actually get into will depend on how dumb (and paranoid) his superiors are.
I'm in a little trouble
- Thread starter PuNkY
- Start date
madanchi
Daemon Poster
- Messages
- 529
do this ^^
- Messages
- 3,609
He still shouldn't be going there though unsecured or not. If you walk down the street and someone has left the door of their house open you don't have a right to go in.
there is a difference between breaking the law and breaking corporate IT policy though.
and since his actions were at worst a joke, and at best actually helpful I think that the police will probably end up seeing this as a bit of a storm in a tea cup.
and since his actions were at worst a joke, and at best actually helpful I think that the police will probably end up seeing this as a bit of a storm in a tea cup.
Neodude1123201
Bogan
- Messages
- 8,474
- Location
- Australia
Also the thing is,you did not damage to the Company's property at all, it was a simple practical joke. Do they have some sort of Company policy that you signed when you started working there that specifcally said you aren't allowed to access network share? If not you should be fine...
This is always a bit of a tricky situation - and though the specific law varies from country to country, the general gist tends to be the same. Unfortunately, it doesn't fall on the side of "that was a stupidly obvious flaw that should be fixed and you didn't do anything destructive so there's no way you're being prosecuted over that." I genuinely wish it did - but unfortunately this is one of a few areas where I don't agree with the law.
Lowndsey's view is unfortunately one that the legal system would most likely take (if it got that far, I'm not trying to scare you here!) My view is that it's more akin to seeing a door open, thinking it looked a bit strange, then leaving a note there to warn the owner it's a bit of a silly thing to do... but anyway.
I can genuinely empathise in this situation, I've been in a similar mess before. This involved seeing that a network share was open that probably shouldn't have been and then directly reporting it. It didn't go down well in the slightest.
The point is even seemingly trivial, minor things such as this can be taken very seriously. It's probably not the note they're worried about, it's the fact that since you had access to a share you shouldn't have, you might well have been able to look at information they didn't want you looking at. At least that's the line they'd try to push.
However, relax. There are a few reasons why I don't think this particular situation will go anywhere:
- Presuming you didn't steal information, they'll have no logs or anything to prove that you accessed any confidential files. Without proof, they can't really win that one.
- Even if this was classed as an "attack", it was a remarkably trivial one. It doesn't render it lawful, BUT if the company does take you to court over this they're publicly proclaiming that their systems are about as secure as an unlocked garden shed. No company, small or large, wants that kind of publicity.
- There's no way they can argue your actions were malicious; if anything it was the opposite.
- You're a 19 year old clearly just trying to make a bit of money on the side, not a 30 year old who's had multiple records for this sort of thing.
- Once the company has calmed down and realised that nothing actually happened, chances are they won't want to fork out for lawyers and the like to take this to any serious level.
Also, did you sign anything related to use of IT equipment? If not, you're in a much much stronger position.
So based on the above, I really wouldn't worry. That said I'd also seriously second root's recommendation of a letter - it can't do any harm, and could help your case a lot by clearly stating your intentions.
Lowndsey's view is unfortunately one that the legal system would most likely take (if it got that far, I'm not trying to scare you here!) My view is that it's more akin to seeing a door open, thinking it looked a bit strange, then leaving a note there to warn the owner it's a bit of a silly thing to do... but anyway.
I can genuinely empathise in this situation, I've been in a similar mess before. This involved seeing that a network share was open that probably shouldn't have been and then directly reporting it. It didn't go down well in the slightest.
The point is even seemingly trivial, minor things such as this can be taken very seriously. It's probably not the note they're worried about, it's the fact that since you had access to a share you shouldn't have, you might well have been able to look at information they didn't want you looking at. At least that's the line they'd try to push.
However, relax. There are a few reasons why I don't think this particular situation will go anywhere:
- Presuming you didn't steal information, they'll have no logs or anything to prove that you accessed any confidential files. Without proof, they can't really win that one.
- Even if this was classed as an "attack", it was a remarkably trivial one. It doesn't render it lawful, BUT if the company does take you to court over this they're publicly proclaiming that their systems are about as secure as an unlocked garden shed. No company, small or large, wants that kind of publicity.
- There's no way they can argue your actions were malicious; if anything it was the opposite.
- You're a 19 year old clearly just trying to make a bit of money on the side, not a 30 year old who's had multiple records for this sort of thing.
- Once the company has calmed down and realised that nothing actually happened, chances are they won't want to fork out for lawyers and the like to take this to any serious level.
Also, did you sign anything related to use of IT equipment? If not, you're in a much much stronger position.
So based on the above, I really wouldn't worry. That said I'd also seriously second root's recommendation of a letter - it can't do any harm, and could help your case a lot by clearly stating your intentions.
OP
OP
PuNkY
In Runtime
- Messages
- 456
I sign nothing having to do with IT equipment, nor was I ever told NOT to going into network shares. I guess they just assumed I wouldn't see it.
No cops or FBI knocking on my door yet
. So he might of just said that to scare the fu*k outta me. Its kinda working, so he wins. lol