
Meanwhile, the Solarwinds crackers ...
... won't see the inside of a courtroom anywhere.
Sometimes justice is about who you can catch; this is the guy they Kott.
The US Department of Justice says a grand jury has indicted Swiss security provocateur Tillie Kottmann over multiple exploits and attempts at fraud, and authorities have quickly moved to rule out free speech as a defence. Readers may remember Kottman pointed out holes in a security skills assessment website run by Deloitte, …
Other EU countries are less scrupulous - and care less about EU citizens(*) who aren't their own ones
If there's an interpol red notice issued then there is a high risk of any routine intra-EU border crossing check runing into arrest and a trip to the USA
(*) Yes, I know Switzerland isn't part of the EU but it's tightly integrated these days
I cannot possibly comment on Polish-French directors. But it is the case -and also stated in the treaty- that Switzerland does not extradite its citizens if they can be prosecuted within Switzerland. And neither if the crime in question is not punishable in Switzerland.
authorities have quickly moved to rule out free speech as a defence.
The DoJ’s announcement features a canned quote from Acting U.S. Attorney Tessa M. Gorman, to the effect that: “Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech–it is theft and fraud”.
I'm not sure an AG's view, Acting or not, counts as ruling out a defence. That's the judge's prerogative.
"The indictment [PDF] alleges Kottman’s activities went beyond merry pranking and moved into attempts to defraud victims for personal gain."
That wasn't easy to see in the PDF. A section number would have been helpful. Nevertheless, it is likely he is getting funding from somewhere. And causing a lot of extra work and anxiety, destroying weekends, all resulting in financial loss.
There are other established ways to go about pointing out security problems that don't involve active limited hostility. Your reasoning seems to be preventitive punishment is better than nothing, but actually nothing is not the only alternative - there are cooperative alternatives. Just like in the non-cyber world, there are many people fixed on the idea that limited punishing of others is always good for them. I first noticed this starting in school, back in the 70's, when corporal punishment was still a thing and a few teachers were always twisting students ears or delivering short blows with the flat of a ruler. It turns out that there are always some people like that all throughout life, enabled by whatever power they have.
"Washington Dept. of Transportation". Selected as a target because - Surprise! - they know little and have less need for security than other targets. It looks like bullying to me.