Judges And Prosecutors Throw The Book At Hackers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
5/13/2006
12:05 AM
50%
50%

Judges And Prosecutors Throw The Book At Hackers

Those accused of cybercrimes are facing serious charges. That could spell the end of the white-hat hacker.

Eric McCarty goes before a federal judge this month on charges he damaged the University of Southern California's online application system. McCarty, 25, says he was just trying to highlight the Web site's security vulnerabilities.

A not-guilty plea just might fly with a jury, since it doesn't appear McCarty did anything with the data he stole. But as data theft and other cybercrimes wreak damages nationwide, the "white-hat hacker" defense won't win him much sympathy. Meanwhile, prosecutors and judges are treating these cases much more seriously.

Downloadable PDF

Case in point: U.S. prosecutors last week secured the extradition of Gary McKinnon, an unemployed U.K. systems administrator charged with breaking into and attempting to damage 92 computer systems belonging to the U.S. Army, Navy, Air Force, Defense Department, and NASA. McKinnon is accused of causing $700,000 in damages between February 2001 and March 2002 in what prosecutors call the largest-ever known crime involving U.S. military computers. While awaiting extradition, McKinnon became a U.K. media celebrity, railing against the state of computer security and rallying support against his extradition. Once on trial in the United States, however, McKinnon could face up to 70 years in prison and fines of up to $1.75 million.

Jeanson James Ancheta will be behind bars for 57 months

Jeanson James Ancheta will be behind bars for 57 months
The tough stance comes as computer crimes become more malicious, carried out for profit and destruction. Jeanson James Ancheta, 20, was sentenced last week to 57 months in prison for hijacking more than 400,000 PCs over the Internet, using them to build a botnet, then renting out the system to spyware distributors, hackers, and spammers. U.S. District Attorney Debra Wong Yang's office says it's the longest sentence ever for someone convicted of spreading a computer virus. U.S. District Judge Gary Klausner ordered Ancheta to give up $60,000 in cash, a late-model BMW, and computer equipment he bought with proceeds from the scheme.

Safety is another reason courts are getting tough on cybercrime, as we realize how dependent society is on computer networks. On May 4, 20-year-old Christopher Maxwell pleaded guilty in U.S. District Court in Seattle to computer fraud for operating a botnet that disrupted critical care systems used by Seattle's Northwest Hospital in January 2005. Maxwell's crime was particularly odious because the attack disrupted operating room doors, physicians' pagers, and computers in the intensive care unit. He faces up to 10 years in prison and a $250,000 fine.

There's a get-tough response from Congress, too. Last week, six U.S. representatives, including House Judiciary Committee Chairman James Sensenbrenner, R-Wis., proposed the Cyber-Security Enhancement and Consumer Data Protection Act, aimed at updating criminal statutes to keep pace with cybercrooks' methodologies. The bill has three goals, says Rep. Howard Coble, R-N.C., who chairs the Subcommittee on Crime, Terrorism, and Homeland Security: a stronger deterrent, including heading off the development of new criminal techniques; better protection of personally identifiable data; and adequate resources for the Justice Department and other agencies to investigate and prosecute lawbreakers.

The bill would prohibit the use of botnets--zombie computers that, through use of code sneaked onto them, can be controlled for phishing, spam, and denial-of-service attacks. It would raise the maximum penalty for fraud and other computer crimes from 10 years to 30. It also calls for the Secret Service, Justice Department, and FBI to each get $10 million a year in funding through 2011 to fight computer crimes. And it would require companies, in the case of a major security breach involving data on 10,000 people or more, to notify the Secret Service or FBI within two weeks and give the feds power to decide if notification required under state laws would hurt an investigation.

Cybersecurity laws typically have been created and enforced first at the federal level; state and local police often don't have enough computer forensic resources to investigate cybercrimes, Laura Parsky, the Justice Department's deputy assistant attorney general, told the House subcommittee last week. "Although law enforcement has made inroads into addressing [the cybercrime] problem, it appears to be getting worse," Parsky said.

Last year, 95% of companies experienced more than 10 Web site attacks, involving viruses, unauthorized access, or theft of proprietary information, according to a survey of 700 computer security practitioners by the FBI and the Computer Security Institute. In 2004, just 5% experienced that level of attacks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
White Papers
More White Papers
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll