I don’t think “used curl to post content to an open endpoint” counts as hacking tbh
It is by definition hacking.
Stupid doesn’t negate unwanted nor illegal. I may be dumb and leave my door unlocked but you’re still a criminal if you come in without permission and move stuff about.
Nah, hacking legally requires you to gain access to a system that you’re not authorized to touch.
Using a public API endpoint is not hacking.
The cfaa:
Section 1030 describes a number of offenses that occur when a defendant accesses a protected computer “without authorization.” See 18 U.S.C. §§ 1030(a)(1), (a)(2), (a)(3), (a)(4), and (a)(5)(B)-©. The Department will not charge defendants for accessing “without authorization” under these paragraphs unless when, at the time of the defendant’s conduct, (1) the defendant was not authorized to access the protected computer under any circumstances by any person or entity with the authority to grant such authorization; (2) the defendant knew of the facts that made the defendant’s access without authorization; and (3) prosecution would serve the Department’s goals for CFAA enforcement, as described below in B.3.
https://www.justice.gov/jm/jm-9-48000-computer-fraud
(2) the term “protected computer” means a computer— (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; or © that— (i) is part of a voting system; and (ii) (I) is used for the management, support, or administration of a Federal election; or (II) has moved in or otherwise affects interstate or foreign commerce;
It is by definition hacking, stop being obtuse and moreover stop spreading misinformation.
Hacking is not the name of a charge or a crime. Hacking predates computers. This was clearly a hack. Don’t know what to tell you except go back to your sources.
The crime is “unauthorized access”
In this case, this is not a crime because there is not authentication bypass. Its just accessing a public api
It is unauthorized. An unlocked door isn’t an invitation not is an open website or database, this is clearly delineated in the cfaa which btw makes tampering with any protected device a crime open door or not.
You should really lookup the law before you offer bad advice.
If you know it’s not intended to be open then you notify someone it’s white hat hacking.
Iirc they actually modified it which removes any doubt.
Its a public API. This is not hacking any more than me using curl to read your comment without authenticating is hacking.
You can unlawfully use things that are public the fact they admit they know the opening is unintended makes it clearly hacking. Stop trying to undermine an accomplishment simply because you don’t like the connotations you link together in your head.
I’m just explaining how the law works
You’re not though.
Federal law specifically and in multiple prohibits unlicensed/unwanted entry into government devices, you don’t know what you’re talking about you simply feel it shouldn’t be illegal which is a different thing entirely.
It is more like someone immature sitting on the entrance outside the door and doing graffiti on the floor. Surely unwanted and definitely criminal, but inconsequential.
That’s still hacking though boss petty and amusing but still hacking.
