Judges And Prosecutors Throw The Book At Hackers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:05 AM

Judges And Prosecutors Throw The Book At Hackers

Those accused of cybercrimes are facing serious charges. That could spell the end of the white-hat hacker.

Eric McCarty goes before a federal judge this month on charges he damaged the University of Southern California's online application system. McCarty, 25, says he was just trying to highlight the Web site's security vulnerabilities.

A not-guilty plea just might fly with a jury, since it doesn't appear McCarty did anything with the data he stole. But as data theft and other cybercrimes wreak damages nationwide, the "white-hat hacker" defense won't win him much sympathy. Meanwhile, prosecutors and judges are treating these cases much more seriously.

Downloadable PDF

Case in point: U.S. prosecutors last week secured the extradition of Gary McKinnon, an unemployed U.K. systems administrator charged with breaking into and attempting to damage 92 computer systems belonging to the U.S. Army, Navy, Air Force, Defense Department, and NASA. McKinnon is accused of causing $700,000 in damages between February 2001 and March 2002 in what prosecutors call the largest-ever known crime involving U.S. military computers. While awaiting extradition, McKinnon became a U.K. media celebrity, railing against the state of computer security and rallying support against his extradition. Once on trial in the United States, however, McKinnon could face up to 70 years in prison and fines of up to $1.75 million.

Jeanson James Ancheta will be behind bars for 57 months

Jeanson James Ancheta will be behind bars for 57 months
The tough stance comes as computer crimes become more malicious, carried out for profit and destruction. Jeanson James Ancheta, 20, was sentenced last week to 57 months in prison for hijacking more than 400,000 PCs over the Internet, using them to build a botnet, then renting out the system to spyware distributors, hackers, and spammers. U.S. District Attorney Debra Wong Yang's office says it's the longest sentence ever for someone convicted of spreading a computer virus. U.S. District Judge Gary Klausner ordered Ancheta to give up $60,000 in cash, a late-model BMW, and computer equipment he bought with proceeds from the scheme.

Safety is another reason courts are getting tough on cybercrime, as we realize how dependent society is on computer networks. On May 4, 20-year-old Christopher Maxwell pleaded guilty in U.S. District Court in Seattle to computer fraud for operating a botnet that disrupted critical care systems used by Seattle's Northwest Hospital in January 2005. Maxwell's crime was particularly odious because the attack disrupted operating room doors, physicians' pagers, and computers in the intensive care unit. He faces up to 10 years in prison and a $250,000 fine.

There's a get-tough response from Congress, too. Last week, six U.S. representatives, including House Judiciary Committee Chairman James Sensenbrenner, R-Wis., proposed the Cyber-Security Enhancement and Consumer Data Protection Act, aimed at updating criminal statutes to keep pace with cybercrooks' methodologies. The bill has three goals, says Rep. Howard Coble, R-N.C., who chairs the Subcommittee on Crime, Terrorism, and Homeland Security: a stronger deterrent, including heading off the development of new criminal techniques; better protection of personally identifiable data; and adequate resources for the Justice Department and other agencies to investigate and prosecute lawbreakers.

The bill would prohibit the use of botnets--zombie computers that, through use of code sneaked onto them, can be controlled for phishing, spam, and denial-of-service attacks. It would raise the maximum penalty for fraud and other computer crimes from 10 years to 30. It also calls for the Secret Service, Justice Department, and FBI to each get $10 million a year in funding through 2011 to fight computer crimes. And it would require companies, in the case of a major security breach involving data on 10,000 people or more, to notify the Secret Service or FBI within two weeks and give the feds power to decide if notification required under state laws would hurt an investigation.

Cybersecurity laws typically have been created and enforced first at the federal level; state and local police often don't have enough computer forensic resources to investigate cybercrimes, Laura Parsky, the Justice Department's deputy assistant attorney general, told the House subcommittee last week. "Although law enforcement has made inroads into addressing [the cybercrime] problem, it appears to be getting worse," Parsky said.

Last year, 95% of companies experienced more than 10 Web site attacks, involving viruses, unauthorized access, or theft of proprietary information, according to a survey of 700 computer security practitioners by the FBI and the Computer Security Institute. In 2004, just 5% experienced that level of attacks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll