I'm not claiming the attempt didn't succeed. I'm claiming that the attempt didn't occur, and that distributing the backdoor more widely would only have created the preconditions for an attempt. We don't know who the intended target was, or what the intended payload was.
Yes, subsection (b) of the CFAA covers attempts at acts described in subsection (a) of the CFAA. Which specific act under subsection (a) do you claim has been attempted?
All of them? It's a backdoor into Linux to gain unauthorized access to computers that even specifically only works for that attackers specific private key. We have trial by jury where I guess you could argue that this carefully crafted backdoor was just some sort weird accident, but we also have prosecutors to make the obvious counterargument and investigate what these folks were going for. Though frankly they're probably state actors that we're never gonna catch. But literally all of part a. I still don't understand if I'm actually just missing something obvious about our criminal justice system that would mean the US has no ability to prosecute even moderately complex crimes by slightly sophisticated actors that didn't reach fruition, since by your reasoning we'd also never be able to prosecute essentially any organized crime anywhere as long as they keep their targets a secret? If the attempt didn't occur then did someone just trip and fall on their keyboard over a period of months to accidentally carry out sophisticated social engineering to write a carefully hidden backdoor into a package targeted at hijacking widely used operating systems?
It's not (1) or (2) as no exfiltration has occurred. It's not (3) as a government system has not been targeted. It's not (4) as "the thing obtained consists only of the use of the computer". It's not (5) as no system has been targeted or damaged (based on the statutory definition of 'damage'). It's not (6) as we have no evidence of the attacker sharing their Ed448 private key. It's not (7) as there has been no act of extortion.
> did someone just trip and fall on their keyboard over a period of months to accidentally carry out sophisticated social engineering to write a carefully hidden backdoor into a package targeted at hijacking widely used operating systems?
I'm not arguing that it was a weird accident. I'm arguing that this clearly malicious act does not, based solely on the information we have today, constitute a violation of the CFAA.
Yes, subsection (b) of the CFAA covers attempts at acts described in subsection (a) of the CFAA. Which specific act under subsection (a) do you claim has been attempted?