A
comprehensive article that touches on cyber-crime laws, the limits to overcoming cyber-crime and the opportunity in the collective security of the human race.
With the advent of the computer age, legislatures have been struggling to redefine the law to fit crimes perpetuated by computer criminals. This crime is amongst the newest and most constantly evolving areas of the law in many jurisdictions. The rise of technology and online communication has not only produced a dramatic increase in the incidence of criminal activity, it has also resulted in the emergence of what appears to be some new varieties of criminal activity. Both the increase in the incidence of criminal activity and the possible emergence of new varieties of criminal activity pose challenges for legal systems, as well as for law enforcement.
The news said that another person had their identity stolen.
It happened again. You might even know of someone that had it happen to them.
We often hear of percentages - and they are surprisingly high. Enforcement is
taking place, but we have to wonder if computer crime laws are really having
any effect against cyber crime.
Defining Cyber Crime
Computer crime refers to any crime that
involves a computer
and a network. The
computer may have been used in the commission of a crime, or it may be the
target. Net-crime refers to criminal exploitation of the Internet. Cyber-crimes
are defined as: "Offenses that are committed against individuals or groups
of individuals with a criminal motive to intentionally harm the reputation of
the victim or cause physical or mental harm to the victim directly or
indirectly, using modern telecommunication networks such as Internet (Chat
rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)"
Hacking has a rather simple definition to it. Basically it is defined as the unauthorized use of a computer - especially when it involves attempting to circumvent the security measures of that computer, or of a network.
Beyond this, there are two basic types of hacking. Some only hack because they want to see if they can do it - it is a challenge to them. For others, however, it becomes an attack, and they use their unauthorized access for destructive purposes. Hacking occurs at all levels and at all times - by someone, for some reason. It may be a teen doing it to gain peer recognition, or, a thief, a corporate spy, or one nation against another.
Effectiveness of
Computer Hacking Laws
Like any other law, the effectiveness must be determined by its deterrence. While there will always be those that want to see if they can do it, and get away with it (any crime), there are always the many more who may not do something if they are aware of its unlawfulness - and possible imprisonment.
In the early 1990's, when hacker efforts stopped AT&T communications altogether, the U.S. Government launched its program to go after the hackers. This was further stepped up when government reports (by the GAO) indicate that there have been more than 250,000 attempts to hack into the Defense Department computers. First there were the laws - now came the bite behind it. One of the effects of computer hacking brought about focused efforts to catch them and punish them by law.
Then, more recently, the U.S. Justice Department reveals that the National Infrastructure Protection Center has been created in order to protect our major communications, transportation and technology from the attack of hackers. Controlling teens and hackers has become the focus of many governmental groups to stop this maliciousness against individuals, organizations, and nations.
Like any other law, the effectiveness must be determined by its deterrence. While there will always be those that want to see if they can do it, and get away with it (any crime), there are always the many more who may not do something if they are aware of its unlawfulness - and possible imprisonment.
In the early 1990's, when hacker efforts stopped AT&T communications altogether, the U.S. Government launched its program to go after the hackers. This was further stepped up when government reports (by the GAO) indicate that there have been more than 250,000 attempts to hack into the Defense Department computers. First there were the laws - now came the bite behind it. One of the effects of computer hacking brought about focused efforts to catch them and punish them by law.
Then, more recently, the U.S. Justice Department reveals that the National Infrastructure Protection Center has been created in order to protect our major communications, transportation and technology from the attack of hackers. Controlling teens and hackers has become the focus of many governmental groups to stop this maliciousness against individuals, organizations, and nations.
One of the most famous for his computer crimes hacking was
Kevin Mitnick, who was tracked by computer, and caught in 1995. He served a
prison sentence of about five years. Others have likewise been caught. Another
case is that of Vasily Gorshkov from Russia, who was 26 years old when
convicted in 2001. He was found guilty of conspiracy and computer crime.
Other individuals have also been found guilty and sentenced
-and many others remain on trial. If you are one who pays much attention to the
news, then you know that every now and then, you will hear of another hacker
that has been caught, or a group of hackers that have been arrested because of
their criminal activities. The interesting thing is that it is often others who
had learned hacking techniques, and are now using them to catch other criminal
hackers.
Another criminal hacker, who called himself Tasmania, made big news when he fled Spain on various charges of stealing into bank accounts online, and banks, and went to Argentina. There he went into operation again. He was quickly tracked to Argentina, and the governments of Spain and Argentina went after him with surveillance, first. Before long, he was arrested, along with 15 other men, and was then extradited back to Spain (in 2006) where he could face up to 40 years in prison.
Another criminal hacker, who called himself Tasmania, made big news when he fled Spain on various charges of stealing into bank accounts online, and banks, and went to Argentina. There he went into operation again. He was quickly tracked to Argentina, and the governments of Spain and Argentina went after him with surveillance, first. Before long, he was arrested, along with 15 other men, and was then extradited back to Spain (in 2006) where he could face up to 40 years in prison.
The simple truth is, these criminal hackers/cyber attackers get smarter
everyday and they do everything possible to cover their tracks, making it
difficult to find or locate them. We can’t help but wonder if this computer
crime laws have any impact on the rate of computer crimes being committed day
after day. We wonder if the existing laws in place
are adequate to combat cyber
crime and consequently if amendments need
to be put in place.
Today, criminal organizations are very active in the development and diffusion
of malware that can be used to execute complex fraud with minimal risks to the
perpetrators. Criminal gangs, traditionally active in areas such as human or
drug trafficking, have discovered that cyber-crime is a lucrative business with
much lower risks of being legally pursued or put in prison. Unethical
programmers are profitably servicing that growing market. Because today’s ICT
ecosystem was not built for security, it is easy for attackers to take over
third party computers, and extremely difficult to track attacks back to their
source. Attacks can be mounted from any country and hop through an arbitrary
number of compromised computers in different countries before the attack
reaches its target a few milliseconds later. This complicates attribution and
international prosecution.
SO, WHAT LAWS DO WE HAVE IN
PLACE TO COMBAT CYBER CRIMES?
1. THE COMPUTER
MISUSE ACT OF 1990: A law in the UK that makes illegal certain
activities, such as hacking
into other people’s systems, misusing software, or helping a person to gain
access to protected files of someone else's computer.
Sections 1-3 of the Act introduced
three criminal offences:
a) Unauthorised access to
computer material, punishable by 6 months' imprisonment or a fine "not exceeding
level 5 on the standard scale"
(currently £5000);
b) unauthorised access
with intent to commit or facilitate commission of further offences, punishable
by 6 months/maximum fine on summary conviction
or 5 years/fine on indictment;
c) unauthorised
modification of computer material, subject to the same sentences as section 2 offences.
2. COMPUTER FRAUD
AND ABUSE ACT: A law passed by
the United States Congress in 1986, intended to
reduce cracking of computer systems and to address
federal computer-related offenses. The Act (codified as 18 U.S.C. § 1030) governs
cases with a compelling federal interest, where computers of the federal
government or certain financial institutions are involved, where the crime
itself is interstate in nature, or where computers are used in interstate and
foreign commerce.
It was amended in 1989, 1994, 1996, in 2001 by the USA
PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and
Restitution Act. Subsection (b) of the Act punishes anyone who not only commits
or attempts to commit an offense under the Act, but also those who conspire to
do so.
3. ELECTRONIC
COMMUNICATIONS PRIVACY ACT: Passed in 1986, Electronic Communications Privacy Act (ECPA) was an amendment
to the federal wiretap law, the Act made it illegal to intercept stored or
transmitted electronic communication without authorization.11 ECPA set out the
provisions for access, use, disclosure, interception and privacy protections of
electronic communications. Which is defined as “any transfer of signs,
signals, writing, images, sounds, data, or intelligence of any nature
transmitted in whole or in part by a wire, radio, electromagnetic, photo
electronic or photo optical system that affects interstate or foreign
commerce." The Act prohibits illegal access and certain disclosures
of communication contents. In addition, ECPA prevents government
entities from requiring disclosure of electronic communications by a
provider such as an ISP without first going through a proper legal
procedure.
4. CYBER SECURITY ENHANCEMENT ACT: Cyber Security Enhancement Act (CSEA) was
passed together with the Homeland Security Act in 2002, it granted
sweeping powers to the law enforcement organizations and increased
penalties that were set out in the Computer Fraud and Abuse Act.
The Act also authorizes harsher sentences for individuals who knowingly
or recklessly commit a computer crime that results in death or serious bodily
injury.
The sentences can range from 20 years to life. In addition CSEA
increases penalties for first time interceptors of cellular phone traffic, thus
removing a safety measure enjoyed by radio enthusiasts.
5. Other Laws Used to Prosecute Computer Crimes
In addition to laws specifically tailored to deal with computer crimes,
traditional laws can also be used to prosecute crimes involving computers. For
example, the Economic Espionage Act (EEA) was passed in 1996 and was created in
order to put a stop to trade secret misappropriation. 15 EEA makes it a crime
to knowingly commit an offense that benefits a foreign government or a foreign agent.
The Act also contains provisions that make it a crime to knowingly steal trade
secrets or attempt to do so with the intent of benefiting someone other than the
owner of the trade secrets. EEA defines stealing of trade secrets as copying, duplicating,
sketching, drawing, photographing, downloading, uploading, altering, destroying,
photocopying, replicating, transmitting, delivering, sending, mailing, communicating,
or conveying trade secrets without authorization. The Act, while not
specifically.
While we can’t measure all the computer crime laws here, different
countries have different laws laid down to fight cybercrime and to prosecute
the guilty ones.
BUT
EVEN WITH THE PRESENCE OF THESE LAWS:
We’ve discovered that internationally,
both Governmental and non-state actors engage in cybercrimes, including espionage, financial
theft, and other cross-border crimes. Activity crossing international
borders and involving the interests of at least one nation-state is sometimes
referred to as cyber warfare. The international legal system is attempting to
hold actors accountable for their actions through the International Criminal
Court.
And this
leads us to discussing invasive monitoring by governments. Wikileaks claims
that mass interception of entire populations is not only a reality; it is a
secret new industry spanning 25 countries. Wikileaks has published 287 files
that describe commercial malware products from 160 companies
(http://wikileaks.org/the-spyfiles.html). These files include confidential
brochures and slide presentations these companies use to market intrusive
surveillance tools to governments and law enforcement agencies. This industry
is, in practice, unregulated. Intelligence agencies, military forces and police
authorities are able to silently, and en masse, secretly intercept calls and
take over computers without the help or knowledge of the telecommunication
providers. Users’ physical location can be tracked if they are carrying a
mobile phone, even if it is only on standby (think RFID).
To get a
glimpse of the potential market size, the U.S government is required by law to
reveal the total amount of money spent spying on other nations, terrorists and
other groups. In 2010, the United States spent $80 billion on spying
activities. According to the Office of the Director of National Intelligence,
$53.1 billion of that was spent on non-military intelligence programmes.
Approximately 100,000 people work on national intelligence. These figures do
not include DARPA’s “Plan
X” which seeks to identify and track the vulnerabilities in tens of
billions of computers connected to the Internet, so they can be exploited.
It is
increasingly common for governments to use monitoring tools, viruses and Trojans
to infect computers and attack civilians, dissidents, opponents and political
oppositions. The purpose is to track the victim’s operation on the web, gather
information about their activities and the identity of collaborators. In some
cases, this can lead to those targeted being neutralized and even ruthlessly
suppressed.
According to
F-Secure “News from the Lab” blog, during the Syrian repression the
government discovered that dissidents were using programmes like SkypeTM to
communicate. After the arrest of a few dissidents, the government used their
Skype accounts to spread a malware programme called “Xtreme RAT” hidden in a
file called “MACAddressChanger.exe” to others activists who downloaded and
executed the malware. The dissidents trusted the MACAddressChanger programme
because other files with that name had been successfully used in the past to
elude the monitoring system of the government. The Xtreme Rat malware falls
into the “Remote Access Tool” category. The full version can easily be bought
online for €100. The IP address of the command and control server used in those
attacks belonged to the Syrian Arab Republic — STE (Syrian Telecommunications
Establishment).
In the Trend
Micro “Malware Blog”, experts at Trend Micro found that the Syrian government
was also using the DarkComet malware to infect computers of the opposition
movement. The malware steals documents from victims. It seems that it was also
spread through Skype chat. Once executed, the malware tries to contact the
command and control (C&C) server to transfer the stolen information and
receive further instructions. It has been observed, in this example that the
C&C server is located in Syria and the range of IP addresses are under the
control of the Government of Syria.
What the above partially
illustrates is the very real conflict of interest in organizations and
governments responsible for securing our digital world.
African countries have been
criticized for dealing inadequately with cybercrime as their law enforcement agencies
are inadequately equipped in terms of personnel, intelligence and infrastructure,
and the private sector is also lagging behind in curbing cybercrime. African
countries are pre-occupied with attending to pressing issues such as poverty,
the AIDS crisis, the fuel crisis, political instability, ethnic instability and
traditional crimes such as murder, rape and theft, with the result that the
fight against cybercrime is lagging behind. It is submitted that international
mutual legal and technical assistance should be rendered to African countries
by corporate and individual entities to effectively combat cybercrime in
Africa.
CONCLUSION:
While there is no silver bullet for dealing
with cyber crime, it doesn’t mean that we are completely helpless against it.
The legal system is becoming more tech savvy and many law enforcement departments
now have cyber crime units created specifically to deal with computer related
crimes, and of course we now have laws that are specifically designed for
computer related crime. While the existing laws are not perfect, and no law is,
they are nonetheless a step in the right direction toward making the Internet a
safer place for business, research and just casual use. As our reliance on
computers and the Internet continues to grow, the importance of the laws that
protect us from the cyber-criminals will continue to grow as well.
Efforts at combating cyber-crimes will all
continue to produce futile results as long as governments and the OPS (organized
public sector) are insincere in their drive towards protecting the sanity of
the internet.
Whatever efforts we make, we shouldn't
ignore the fact that an enlightened citizenry is the key to safety of the
internet but then, the battle of sovereign supremacy will continue to undermine
our collective safety online.
It behooves every one of us on the globe to
look inward and think ahead that our collective safety is greater than the
greed and ferocity of hegemonist both in the private sector and supremacist in
government.
References:
“2003 CSI/FBI Computer Crime and Security Survey”.
http://www.usdoj.gov/criminal/cybercrime/CSI_FBI.htm
http://www.hackingalert.com/hacking-articles/computer-hacking-laws.php
http://securityaffairs.co/wordpress/7619/malware/malware-its-all-about-you.html
http://www.sans.org/reading_room/whitepapers/legal/federal-computer-crime-laws_1446
http://en.wikipedia.org/wiki/Computer_crime
http://nials-nigeria.org/pub/lauraani.pdf
CYBER CRIME AND NATIONAL SECURITY: THE ROLE OF THE PENAL AND PROCEDURAL LAW
http://nials-nigeria.org/pub/lauraani.pdf
Computer Misuse Act
http://www.lawteacher.net/criminal-law/essays/computer-misuse-act.php
“2003 CSI/FBI Computer Crime and Security Survey”.
http://www.usdoj.gov/criminal/cybercrime/CSI_FBI.htm
http://www.hackingalert.com/hacking-articles/computer-hacking-laws.php
http://securityaffairs.co/wordpress/7619/malware/malware-its-all-about-you.html
http://www.sans.org/reading_room/whitepapers/legal/federal-computer-crime-laws_1446
http://en.wikipedia.org/wiki/Computer_crime
http://nials-nigeria.org/pub/lauraani.pdf
CYBER CRIME AND NATIONAL SECURITY: THE ROLE OF THE PENAL AND PROCEDURAL LAW
http://nials-nigeria.org/pub/lauraani.pdf
Computer Misuse Act
http://www.lawteacher.net/criminal-law/essays/computer-misuse-act.php
5 comments → CYBER-CRIME LAWS AND THEIR INEVITABLE WEAK BITES
Without regulating the internet, fighting cyber crimes would be inevitable. All ordinance against it would taken into no effect.
Regulating the internet is a very difficult task, and involves numerous policies.
Maybe in the future, we could get to see that happening
Internet have many advantage as well as have many disadvantage. Its great description about cyber crime laws. This type of crime is effect on our society.
Preventing hacker activity has thus become one of most important activities for businesses and computer experts and ends up utilizing huge amounts of money which can be in billions. And even with such investments in IT security and the prevention of hacking activity, it is still impossible task to curb all hacker activity or still to stay ahead of the hackers. Laws need consistently and relentless application.
We are responsible in assuring our safety against cyber criminals.
Post a Comment