Quote

My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.

No company that I ever hacked into reported any damages, which they were required to do for significant losses. Sun didn't stop using Solaris and DEC didn't stop using VMS.

I wasn't a hacker for the money, and it wasn't to cause damage.

I don't condone anyone causing damage in my name, or doing anything malicious in support of my plight. There are more productive ways to help me. As a hacker myself, I never intentionally damaged anything.

Your company is probably going to get hacked. The velocity and complexity of hacking attempts has skyrocketed, with companies routinely facing millions of knocks on the vault door.

If you want to fight the evil you see in finance and industry, get to work reading the corporate filings, see if there has been fraud, and where you find it, report it to the SEC or write about it or blog about it.

I want to be clear. No company is too big to be prosecuted. We have zero tolerance for corporate fraud, but we also recognize the importance of avoiding collateral consequences whenever possible.

It's true, I had hacked into a lot of companies, and took copies of the source code to analyze it for security bugs. If I could locate security bugs, I could become better at hacking into their systems. It was all towards becoming a better hacker.

Companies do not commit crimes; only their agents do. And while a company might get the benefit of some such crimes, prosecuting the company would inevitably punish, directly or indirectly, the many employees and shareholders who were totally innocent.

There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese, and those who don't know they've been hacked by the Chinese.