62 comments

[ 3.1 ms ] story [ 124 ms ] thread
When I was 17, I pranked my high school's website by replacing homepage content with a rickroll video through some creative hacking. The school turned around and hit me with a felony charge due to it being computer related. So I can definitely understand where this is coming from.
When I was in highschool we had the those Novell systems, including its own email client. All students and faculty had an email address. Whilst trying to be clever, I discovered that Novell will happily forward an email to everyone, including all mailing-lists, if you enter an asterisk in the "To" field. Novell happily kept the asterisk in the field when replying, so every reply was also sent to everyone. Students naturally got inquisitive and emailed back, trying to unsubscribe, asking what was going on or even trying to sell an old PlayStation.

The load apparently crashed the email server. All I got was a detention — kept back half an hour after school. And had to apologise to the network admin. That to me was a suitable reaction to a kid doing something stupid.

I'm lucky, I think, because over the 5 years of highschool I cracked every users password, found multiple vulnerabilities in the Novell NetWare system that allowed me to run arbitrary binaries, found out that I could use the `NET SEND` command to pop a message on every computer that was connected to the network, among other things.

The IT Coordinator wanted me nailed to the wall, but the vice-principal found a lot of the things I did interesting, and instead made the IT coordinator give me access to a Suse VM with full permissions, and didn't even give me a detention.

My impetus for doing all of this was so that I could run compilers and IDEs while at school, as I was running a Pentium 2 with 76Mb of RAM in 2005. It could've gone a completely different way, I think, and if my vice-principal hadn't seen something in me I could've ruined my life with all that. Scary to think about.

(comment deleted)
I feel like there's something missing from this story.

Brian stopped Jason from receiving emails, then Jason broke Brian's wifi for an hour, then Brian calls the FBI.

Do these two have previous history? Was there some sort of escalation between the second and the third event?

Good question. Who calls the FBI over something like that? Granted, I haven't heard his side of the story, but with the information I have now I don't ever want to be friends with Brian.
What I want to know is why the FBI even cared in the slightest that Jason broke Brian's wifi for an hour. I feel like there must be something missing to this story to explain that.
Indeed – in the past, even if you suffered actual damages the first thing the FBI would ask was whether they were over $50K because they didn't touch anything under that amount. I wonder if most of the appeal was a case where all of the participants are known & local – they're thinking a quick, easy prosecution and some press to pad someone's annual review.
Sometimes they prosecute these cases just to gain experience in prosecuting them.
Based on other comments & Occam's Razor tells me that Brian banned Jason's email account then Brian started to DDoS Brian's WiFi at which point Brian contacted FBI.
Not sure this warrants a felony charge, but not sure this petition is particularly inspiring either.

Both parties behaved amazingly immaturely. But this petition is a heavily reality-distorted mealy mouthed justification of hand-waving away of what he did. Every action by the other party is blown up "many DDoS activities keeping him out of important business meetings", while the things he did are just hand waved away like so: "Jason decided to play a friendly prank on him in return and performed three twenty minute stress tests on one of Brian’s wifi hotspots" - not sure how one person's actions are a DoS, but another are not).

Hyperbole abounds, too: "Conviction would guarantee the rest of his life to be spent in financial insolvency and as a third-class citizen with fewer rights and only the most unfulfilling employment prospects."

Really, convicted of a felony, you're guaranteed lifetime financial insolvency?

"a conviction would spell the end of his professional career and aspirations to serve the nation's Foreign Service corps as a diplomat."

A little snarky, but I'd wager the State Department is looking for diplomats who'd avoid getting into petty situations like this in the first place...

IMO, you're missing the point. Is this laden with hyperbole? Perhaps.

But 'how bad life REALLY is as a felon' is not so much the issue at hand, as it is the absurdity of pressing felony charges for what is, apparently, effectively, just a silly computer prank.

"just a silly computer prank" is exactly the downplaying outlined in the comment you are responding to. It was a ddos. Call it what it was.
A small scale denial of service is "just a silly computer prank" -- it's like having a bunch of your friends stand in the street and block traffic. You're not allowed to do it, but that in no way justifies felony charges.

That seems to be the entire disconnect in this debate. It isn't about whether it was right or wrong, it's about the unreasonableness of imposing disproportionately severe penalties on someone who did a relatively minor bad thing.

regardless of calling this new, this is a plain case of two criminals. remove the freedom and computer related novelty of this and bring it down to obvious law breaking events:

person A shoots person B. person B recovers and shoots (also non-fataly) person A. Now person A goes to the police and tell on person B.

this is exactly what happened, if you call shooting someone a prank. but let's not focus on that. if the above happened, person B would be convicted for some 10 years, and then the DA would cut that to 2 years in exchange for the first crime, ending up with person A getting 10 years and person B 2 years.

...And that is why nobody starts the snitching chain.

This is more like person A farting near person B, and then person B sticking a post-it note that says "kick me" on person A's back.

Not shooting. Not criminal.

The thing with a digital "prank/crime", is that a minor action similar to a prank, can have major consequences similar to a crime... or no consequence whatsoever, all of it with the same action.

I agree that in this case the consequences seem laughable, but I think that should be a matter for a judge and/or jury to decide.

Every action is like that. You can put your foot down and step on the floor and keep walking, or you can put your foot down and step on a baby and kill it.
Waste of time. If I were a judge, I'd order $50 fine, no record, done. And then glare at the attorney for even considering this.
the FBI seems to disagree with you.

my point stands. both farts/kick me stickers can lead the person to jail if authorities want to. you can argee about reforming the laws that allow that retarded situation, but that is the situation we are in now.

both actions waranty a criminal response with the law as it is. while most people would not call the FBI, one did, so it is the same scenario as two criminals shooting each other.

> Really, convicted of a felony, you're guaranteed lifetime financial insolvency?

This is actually flat out true. All large companies perform background checks and none of them will hire you if have any sort of criminal charges whatsoever. You don't even have to have been found guilty. This is called the "digital plantation" by one ex-policeman who wrote a book about it: http://www.amazon.com/Arrest-Proof-Yourself-Dale-C-Carson/dp...

I was employed all seven years it took for my felony charges to fall off a typical background examination by employers such as Apple. I've spoken about it on HN before. If you're talking about minimum wage or trades, yeah, a felony makes things practically impossible, but in our industry it's overlooked by many companies. Notable exceptions are Google (who fired me when their legal team "caught up" to new hires over two months after I joined, even though I disclosed it), Facebook and LinkedIn, in my experience.

Harder, sure. Impossible? Not even remotely. Just more pressure to be good at what you do.

I hope you appreciate the irony on claiming here that a felony computer hacking charge is the kiss of death.

Hint: http://www.ycombinator.com/people/

I don't know who you're referring to, but just because one person managed doesn't make it fair for the rest who didn't end up doing as well.
I have two friends with felonies that work in SV Tech, they each make over $200k a year for the last 5 years at reputable venture backed companies.
Are they for drunk and driving?
I have a federal felony conviction, for nearly the same exact offense that Jason is being charged with. I've worked for several software companies since my conviction, before starting my own. It definitely doesn't end your career.
Felony convictions are a big deal. Damn near every job application in the country includes the question "are you a convicted felon?". Checking that box will cause your resume to be automatically discarded countless times.

Felony convictions are a big fucking deal. They should not be given without very good reason. This particular instance does not in any shape, way, or form warrant a felony.

You should probably read the indictment that I linked in my other comment before being so confident.
My statements regarding the severity of a felony are true independent of this particular case. So I certainly stand by those.

As for this particular instance. An indictment is quite literally one side of the story. One should be exceedingly cautious when forming any opinion based on one. There's a lot more to this story than is currently clear. I would not be surprised if Jason David Miller is guilty of actions worthy of punishment. I would not be surprised if those actions are a considered a felony in the eyes of the law. I would be exceptionally surprised if those actions are worthy of a felony in my eyes. (which means exactly nothing, I know).

Felony charges are obviously ridiculous, but I don't quite see the humor in the "funny prank" of shutting down someone's internet connection. It's at least as much a "denial of service attack" as flooding someone's email account.
I've read this petition three times and I still have no idea what happened. Also, what in the holy fuck is the author thinking giving everyone enough information to find the "bad guy" in her story (I knew who she was talking about even without it) but keeping the identity of the person we're allegedly helping obscured?

The difference between me and whoever the person advocating for this guy is, is that I know how to use PACER and am willing to pay to investigate claims like this. Honestly, I wanted to read the indictment because the horribly-written petition left me confused, but indeed, the petition leaves out quite a bit of the story. That includes the guy signing back up for Hacker Dojo under a false name after being banned, his grand total of one day being a member of Hacker Dojo, and completely omitting the attorney that he retained privately (and who quit not long after due to a "breakdown of communication"; puts perspective on raising a legal defense).

By the indictment, which went before a grand jury, by the way, it sounds like he signed up as "Ad Min," got banned, signed up as "Dallas Smith," got banned again (probably), then threw a hissy a month or so later and packeted Hacker Dojo. Poor guy indeed. Who attacks Hacker Dojo?

5:14-cr-00114-EJD, United States of America v. Jason David Miller.

Grand Jury Indictment: https://dl.dropboxusercontent.com/u/6121606/hackerdojo/indic...

Order to Seal (since lifted): https://dl.dropboxusercontent.com/u/6121606/hackerdojo/seal....

Continuance so Miller can retain counsel: https://dl.dropboxusercontent.com/u/6121606/hackerdojo/subin...

Status hearing where Miller's attorney subs in: https://dl.dropboxusercontent.com/u/6121606/hackerdojo/couns...

Withdrawal of Miller's attorney ten days later: https://dl.dropboxusercontent.com/u/6121606/hackerdojo/withd...

Full history: https://dl.dropboxusercontent.com/u/6121606/hackerdojo/histo...

This is all public information. I paid $2.60 to look it up, and you can too -- sign up for PACER. Federal court is really simple if you know how to look, it's the state courts that tend to be harder and require a physical presence.

EDIT: I edited out my speculation once I had the indictment, and extend apologies to the commenters who wanted to engage it.

> Keep your pranks on the right side of legal, or get burned. Understand the CFAA and when you are in violation. It's as simple as that.

If it's so simple then why do you have a conviction? To me, your comment reads like "I didn't get fair treatment so neither should he!"

That's not how we move forward.

> Keep your pranks on the right side of legal, or get burned. Understand the CFAA and when you are in violation.

Because the problem is clearly the "evil hacker jason" and not the ridiculousness of the laws in which severity of punishment is entirely inconsistent with any tangible damages?

I think people forget that it's their tax-payer money being used to ruin's someone else's life.

Would you say the same thing after reading the indictment? Just curious.
Is there something in the indictment that you find to be in direct contradiction to the petition? I couldn't find it - of course the Brian half of the story is missing here.
The petition says that denial of service attacks were performed against his email account. The indictment says he was banned. Sounds like some serious spin.
There were no pranks but simply DDoS for being banned, Brian did not DDoS Jason's email but banned him for breaking the rules. Pretty much the only truth in that petition is that Jason is in deep sh*t.
Thank you for posting. I was trying to find my login info for PACER to read this myself.

EDIT: These definitely shed the true light on what is happening here. This no longer appears to be the he wouldn't let me use my WiFi case as the petition attempts to portray. Thank you again for posting.

That indictment doesn't really provide much information other than what's in your third paragraph ("Ad Min" and "Dallas Smith"). It doesn't really serve as a refutation of anything in the petition, either, as there is no context, only a generalized description of a DDoS--no description of precisely how Miller conducted such an attack--and an assertion that Miller DDoSed Hacker Dojo. The indictment is just Prosecutorspeak for the same events described in the petition, lacking any potentially mitigating detail that would make them seem like they are abusing the law or asserting charges wildly out of proportion to any potential damages. In fact, it supports the petition's remarks about pre-trial detention, as the indictment clearly says "no bail, arrest warrant"--I would think that's a red flag given the charge .

So, to paraphrase, I've read this indictment three times and I still have no idea what happened. So it's not really an authoritative narrative of events, either, and doesn't put any of the questions raised in the petition to rest. In another comment you asked someone if they would say the same thing after reading the indictment, and my answer would be absolutely, if not more so. I'm not sure why it would make you feel any more like this is a reasonable application of computer laws instead of, say, evidence that the San Jose US Attorney's office has too many lawyers and needs to be down-sized.

A textbook case of 2 people who take themselves way too seriously... and it all escalated over a email address! The level of maturity of both sides is mind numbing and the whole case makes Hack Dojo (which is an amazing place) look like an immature little boys club.
hack dojo is mostly a immature little boys club for rich people.
Thousands of Peter Pan's living in a perpetual Neverland.
heh, if my hackerspace had emails like that, most of us would have stuff like post.master@ and web.master@ within minutes... and high five anyone that actually managed to use that to convince someone they were actually high level email addresses for the site.
Bad things happen when idiots collide. I signed it though, because even a fool doesn't deserve to be punished so severely.
This is terribly written and comes off as extremely misleading. No useful details are given. "Kept out of important meetings?" "A prank on WiFi?" What happened, what are you trying to get people to sign their names to? Sure, we're all biased against prosecutors and a "WiFi prank" doesn't sound like anything really bad, but shit, write clearly and state the facts, don't try to snow us.
Couldn't agree more. There is a significant amount that seems to be missing from this and leads me to a couple questions:

1. If Brian Klug is a founder of the HackerDojo as a Google search on his name confirms, why would the HackerDojo sell a "premium email address" to Jason Miller for a $100? Wouldn't Brian, as a founder, have a say in who has a particular HackerDojo email account.

2. Going out on a limb here, but a look at the MeetUp page for the Palo Alto Data Science Association, shows no entry that I could find for a Jason Miller as the founder.

I am not trying to make any accusations here, but something just doesn't add up. The HackerDojo is a recognizable name and this whole thing doesn't add up to me.

Lastly it is pretty standard for anyone on pretrial release to have some sort of monitoring aspect, so that part is not out of the ordinary. This could be especially true when, like Jason Miller, the individual is not a resident of the state (Jason is from Maryland and appears to be living there now according to his LinkedIn profile) where the charges were filed.

Anyway, I would love to hear the real story behind this one. I can't find my PACER account information so if anyone has an account on PACER and can find/share the charging documents it may shed some light on this case.

Membership in Hacker Dojo was $100/month at the time. He paid for a month. It's $125/month now for non-students.

It's evidence of the spin, because Hacker Dojo doesn't sell "premium e-mail addresses." More spin: "Klug performed a denial of service attack on Miller’s email account" = David was banned, which is clever, because it's Miller that's charged with packeting Hacker Dojo.

Also, why the hell is Anonymous on the petition?

(comment deleted)
I think if I was her and I was trying to distance myself from him (regardless of the reason) I would remove my name from this petition. Leaving amicably and having your name tied to an unrelated legal matter are two complete opposite ends of the spectrum.
(comment deleted)
This thread is a magnet for new throwaways. The one you were talking to is the second of two I've seen.
(comment deleted)
I'm baffled as to why this didn't stop when he was asked not to use ad.min@ – this seems like a reasonable request which most people could just accept and move on from. High five, you did a nice trick, but the real admin asked you to stop, so just move on, right?

As others have mentioned, there seems to be a lot not said here, which isn't a surprise, and of course, felony charges are insane here.

Or why didn't the real admin just rename/ban the account? Edit: Reading the indictment posted in another comment, that's exactly what they did. The indictment also says the Hacker Dojo network was DDoSed several times over a few weeks. So this petition starts to feel more like outright lying.
I could be wrong here, but from reading the charging documents it sounds like the "denial of service" that was actually done to Jason's email account was really his account being banned when he was kicked out of the HackerDojo for using a fake name the first time. It was not until he signed up for HackerDojo a second time using another fake name, and getting banned again, that he is accused of committing his DoS on the HackerDojo.
I guess the lesson here is that when someone pranks you with denial email spamming you call the FBI? Sad situation folks.
(comment deleted)
GTFO of here, I don't know you and I'm not signing a petition based on hearsay. This is a legal problem. Contact a lawyer and prepare for court.
Looks like even his lawyer doesn't want to have anything to do with him based on the documents posted.

You are right the petition not only misleading it is straight lie.

I was a member at hacker dojo while this happened. His actions had a real financial impact, not just on hacker dojo but on members like me who couldnt get work done. While I never met him, it's difficult to feel sorry for him as he knew exactly the damage he was causing and was "addicted to pushing the button that hurt our wifi" (paraphrasing, but i do remember reading his letters that said basically this.)

My personal opinion is that while i dont want a precedent for felony charges for "wifi pranks", if this kid (20s) wasn't charged witha felony my gut says he'll be back at it again harder and faster having gotten away with it.

I remember when this was going on at Hacker Dojo. The Internet was completely unusable for weeks. It seems likely that goal of the attack was cause Hacker Dojo to lose members.

It seemed like an economic attack on a community space.