Security News > 2021 > July > US email hacker gets his “computer trespass” conviction reversed

A couple of months after Y's departure, X received an email from another colleague, whom we shall call Z. and Z received a "Bounce" message from a external email address Q that Z hadn't copied in on the original email.

Smelling a rat, Z alerted Y to inform him about the mysterious "Q" in the email equation.

Back in 2013, presumably before his administrator privileges were revoked but after their falling-out, Y had modified X's email account settings so that a copy of all X's incoming email messages would be sent to the mysterious outside address, Q. Q, it transpired, was not only operated by Y but also had been "Routinely accessed from his cellphone."

As you probably know, abusing built-in mail forwarding rules in email systems is a common trick used by cybercrooks to keep tabs on what their victims are up to, especially in so-called Business Email Compromise scams.

Did Y's actions - siphoning off and looking at someone else's business email, even after his employment at that company had ended - really amount to obstruction, given that no emails were actually impeded?

That part of the Georgia computer crime statutes criminalises "Us[ing] a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority."

News URL

https://nakedsecurity.sophos.com/2021/07/02/us-email-hacker-gets-his-computer-trespass-conviction-reversed/