Laws don’t fix technical issues any more than they fix physical ones. Clearly this was possible, so it could be done by a foreign intelligence agency or well-hidden criminal organization.
I think this is probably illegal. But, I think we should not punish this sort of thing too harshly. Tech is an ecosystem. Organizations need to evolve to protect themselves. Instead, we should make companies liable for the damage that happens when they are hit by one of these attacks.
Before anyone calls it out: yes, this will be blaming the victim. But, companies aren’t people, and so we don’t really need to worry about the psychological damage that victim blaming would do, in their case. They are systems, that respond to incentives, and we should provide the incentives to make them tough.
I think this is probably illegal. But, I think we should not punish this sort of thing too harshly. Tech is an ecosystem. Organizations need to evolve to protect themselves. Instead, we should make companies liable for the damage that happens when they are hit by one of these attacks.
Before anyone calls it out: yes, this will be blaming the victim. But, companies aren’t people, and so we don’t really need to worry about the psychological damage that victim blaming would do, in their case. They are systems, that respond to incentives, and we should provide the incentives to make them tough.