____________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Computer
Crime Law Issue #1
By Peter Thiruselvam <pselvam@ix.netcom.com>
and Carolyn Meinel
____________________________________________________________
In this Guide you will find:
Tired of reading all those “You could
go to jail” notes in these guides? Who says those things
are crimes? Well, now you can get the first in a series of Guides
to the gory details of exactly what laws we’re trying to
keep you from accidentally breaking, and who will bust you if
you go ahead with the crime anyhow.
This Guide covers the two most important
US Federal computer crime statutes: 18 USC, Chapter 47, Section
1029, and Section 1030, known as the “Computer Fraud and
Abuse Act of 1986.”
Now these are not the *only* computer crime
laws. It’s just that these are the two most important
laws used in US Federal Courts to put computer criminals behind
bars.
COMPUTER CRIMES: HOW
COMMON? HOW OFTEN ARE THEY REPORTED?
The FBI’s national Computer Crimes
Squad estimates that between 85 and 97 percent of computer intrusions
are not even detected. In a recent test sponsored by the
Department of Defense, the statistics were startling. Attempts
were made to attack a total of 8932 systems participating in the
test. 7860 of those systems were successfully penetrated.
The management of only 390 of those 7860 systems detected the
attacks, and only 19 of the managers reported the attacks (Richard
Power, -Current and Future Danger: A CSI Primer on Computer Crime
and Information Warfare_, Computer Security Institute, 1995.)
The reason so few attacks were reported
was “mainly because organizations frequently fear their employees,
clients, and stockholders will lose faith in them if they admit
that their computers have been attacked.” Besides, of the
computer crimes that *are* reported, few are ever solved.
SO, ARE HACKERS A BIG
CAUSE OF COMPUTER DISASTERS?
According to the Computer Security Institute,
these are the types of computer crime and other losses:
· Human errors - 55%
· Physical security problems - 20%(e.g.,
natural disasters, power problems)
· Insider attacks conducted for the
purpose of profiting from computer crime - 10%
· Disgruntled employees seeking revenge
- 9%
· Viruses - 4%
· Outsider attacks - 1-3%
So when you consider that many of the outsider
attacks come from professional computer criminals -- many of whom
are employees of the competitors of the victims, hackers are responsible
for almost no damage at all to computers.
In fact, on the average, it has been our
experience that hackers do far more good than harm.
Yes, we are saying that the recreational
hacker who just likes to play around with other people’s
computers is not the guy to be afraid of. It’s far more likely
to be some guy in a suit who is an employee of his victim. But
you would never know it from the media, would you?
(Carolyn's note: This has changed. In 1999,
within the US alone, computer
crime was estimated to take a $10 billion toll.)
More on computer crime law--->>
________________________________________________________
