I just watched this video. In it the presenter hacks a phishing website using a SQL injection attack and then deletes the database of harvested emails and passwords.
Assuming that he did this to a real scammer as opposed to a demo website he set up for the video, was he breaking the law?
Edit: The presenter is American but computer crimes are generally held to happen in the jurisdictions of both the hacker and the computer, so I'm interested in other jurisdictions too.
You haven't specified a jurisdiction. In the United Kingdom† this is a clear violation of section 3 of The Computer Misuse Act 1990
(1) A person is guilty of an offence if—
(a) he does any unauthorised act in relation to a computer;
(b) at the time when he does the act he knows that it is unauthorised; and
(c) either subsection (2) or subsection (3) below applies.
(2) This subsection applies if the person intends by doing the act—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; [F2or]
(c) to impair the operation of any such program or the reliability of any such data; [F3or
(d) to enable any of the things mentioned in paragraphs (a) to (c) above to be done.]]
† This is one of the few Acts that apply to the whole of the UK.
i dont know about how the code is effected by the law but generally.
Crimes are still crimes against criminals. But they have no legal recourse when illegal value is destroyed.
So ironically, you would probably get into trouble if he could prove you deleted HIS data, time effort etc, but any destruction of harvested data would be ignored.
That being said this would probably end up civil, and he would almost definatley have a defamation case against you in civil court if you published any relevant information that could lead to his identification.
