Quick thought on the RIAA site hack
A hacker took down the RIAA’s site yesterday, removing all content from their site. I have one quick thought:
The fact that the RIAA’s site was open for attack does not excuse the hacker from exploiting the site’s weakness. I’ve seen the RIAA criticised for leaving themselves to be open to such an attack, which seems to have been completed using simple SQL injection. Most web developers have known about this technique and ways to prevent it for years, especially considering the fact that it could allow any site visitor to destroy your site’s database (like what just happened to the RIAA). This doesn’t change the fact that someone used that flaw to knowingly damage the RIAA’s property (their website and the data stored in their database), and that person should be held liable for that damage.
Here’s a quick analogy: Let’s say that as I leave for work in the morning, I accidentally leave the front door to my house wide-open. Does that mean that a robber who walks through that open door and walks off with all of my possessions should not be arrested for theft? Of course not!
No matter how bad the RIAA may be, their website is their property. As innocuous as it may seem, the attack to the RIAA’s site was a violation of their right to decide what they display on their own property. I doubt they will be able to catch the hacker(s) and I don’t know what the punishment should be, but it doesn’t change the fact that the attack was wrong.
Tags: [riaa]Comments
Leave a Reply