Judges And Prosecutors Throw The Book At Hackers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:05 AM

Judges And Prosecutors Throw The Book At Hackers

Those accused of cybercrimes are facing serious charges. That could spell the end of the white-hat hacker.

Eric McCarty goes before a federal judge this month on charges he damaged the University of Southern California's online application system. McCarty, 25, says he was just trying to highlight the Web site's security vulnerabilities.

A not-guilty plea just might fly with a jury, since it doesn't appear McCarty did anything with the data he stole. But as data theft and other cybercrimes wreak damages nationwide, the "white-hat hacker" defense won't win him much sympathy. Meanwhile, prosecutors and judges are treating these cases much more seriously.

Downloadable PDF

Case in point: U.S. prosecutors last week secured the extradition of Gary McKinnon, an unemployed U.K. systems administrator charged with breaking into and attempting to damage 92 computer systems belonging to the U.S. Army, Navy, Air Force, Defense Department, and NASA. McKinnon is accused of causing $700,000 in damages between February 2001 and March 2002 in what prosecutors call the largest-ever known crime involving U.S. military computers. While awaiting extradition, McKinnon became a U.K. media celebrity, railing against the state of computer security and rallying support against his extradition. Once on trial in the United States, however, McKinnon could face up to 70 years in prison and fines of up to $1.75 million.

Jeanson James Ancheta will be behind bars for 57 months

Jeanson James Ancheta will be behind bars for 57 months
The tough stance comes as computer crimes become more malicious, carried out for profit and destruction. Jeanson James Ancheta, 20, was sentenced last week to 57 months in prison for hijacking more than 400,000 PCs over the Internet, using them to build a botnet, then renting out the system to spyware distributors, hackers, and spammers. U.S. District Attorney Debra Wong Yang's office says it's the longest sentence ever for someone convicted of spreading a computer virus. U.S. District Judge Gary Klausner ordered Ancheta to give up $60,000 in cash, a late-model BMW, and computer equipment he bought with proceeds from the scheme.

Safety is another reason courts are getting tough on cybercrime, as we realize how dependent society is on computer networks. On May 4, 20-year-old Christopher Maxwell pleaded guilty in U.S. District Court in Seattle to computer fraud for operating a botnet that disrupted critical care systems used by Seattle's Northwest Hospital in January 2005. Maxwell's crime was particularly odious because the attack disrupted operating room doors, physicians' pagers, and computers in the intensive care unit. He faces up to 10 years in prison and a $250,000 fine.

There's a get-tough response from Congress, too. Last week, six U.S. representatives, including House Judiciary Committee Chairman James Sensenbrenner, R-Wis., proposed the Cyber-Security Enhancement and Consumer Data Protection Act, aimed at updating criminal statutes to keep pace with cybercrooks' methodologies. The bill has three goals, says Rep. Howard Coble, R-N.C., who chairs the Subcommittee on Crime, Terrorism, and Homeland Security: a stronger deterrent, including heading off the development of new criminal techniques; better protection of personally identifiable data; and adequate resources for the Justice Department and other agencies to investigate and prosecute lawbreakers.

The bill would prohibit the use of botnets--zombie computers that, through use of code sneaked onto them, can be controlled for phishing, spam, and denial-of-service attacks. It would raise the maximum penalty for fraud and other computer crimes from 10 years to 30. It also calls for the Secret Service, Justice Department, and FBI to each get $10 million a year in funding through 2011 to fight computer crimes. And it would require companies, in the case of a major security breach involving data on 10,000 people or more, to notify the Secret Service or FBI within two weeks and give the feds power to decide if notification required under state laws would hurt an investigation.

Cybersecurity laws typically have been created and enforced first at the federal level; state and local police often don't have enough computer forensic resources to investigate cybercrimes, Laura Parsky, the Justice Department's deputy assistant attorney general, told the House subcommittee last week. "Although law enforcement has made inroads into addressing [the cybercrime] problem, it appears to be getting worse," Parsky said.

Last year, 95% of companies experienced more than 10 Web site attacks, involving viruses, unauthorized access, or theft of proprietary information, according to a survey of 700 computer security practitioners by the FBI and the Computer Security Institute. In 2004, just 5% experienced that level of attacks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
How to Land a Job in Cloud Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/19/2019
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll