Crime laws, continued...
SECTION 1030
18 USC, Chapter 47, Section 1030, enacted
as part of the Computer Fraud and Abuse Act of 1986, prohibits
unauthorized or fraudulent access to government computers, and
establishes penalties for such access. This act is one of
the few pieces of federal legislation solely concerned with computers.
Under the Computer Fraud and Abuse Act, the U.S. Secret Service
and the FBI explicitly have been given jurisdiction to investigate
the offenses defined under this act.
The six areas of criminal activity covered
by Section 1030 are:
1. Acquiring national defense, foreign
relations, or restricted atomic energy information with the intent
or reason to believe that the information can be used to injure
the United States or to the advantage of any foreign nation.
(The offense must be committed knowingly by accessing a computer
without authorization or exceeding authorized access.)
2. Obtaining information in a financial
record of a financial institution or a card issuer, or information
on a consumer in a file of a consumer reporting agency.
(The offense must be committed intentionally by accessing
a computer without authorization or exceeding authorized access.)
Important note: recently on the dc-stuff
hackers’ list a fellow whose name we shall not repeat claimed
to have “hacked TRW” to get a report on someone which
he posted to the list. We hope this fellow was lying and simply
paid the fee to purchase the report.
Penalty: Fine and/or up to 1 year
in prison, up to 10 years if repeat offense.
3. Affecting a computer exclusively
for the use of a U.S. government department or agency or, if it
is not exclusive, one used for the government where the offense
adversely affects the use of the government’s operation of
the computer. (The offense must be committed intentionally
by accessing a computer without authorization.)
This could apply to syn flood and killer
ping as well as other denial of service attacks, as well as breaking
into a computer and messing around. Please remember to tiptoe
around computers with .mil or .gov domain names!
Penalty: Fine and/or up to 1 year
in prison, up to 10 years if repeat offense.
4. Furthering a fraud by accessing
a federal interest computer and obtaining anything of value, unless
the fraud and the thing obtained consists only of the use of the
computer. (The offense must be committed knowingly, with
intent to defraud, and without authorization or exceeding authorization.)[The
government’s view of “federal interest computer”
is defined below]
Watch out! Even if you download copies
of programs just to study them, this law means if the owner of
the program says, “Yeah, I’d say it’s worth a million
dollars,” you’re in deep trouble.
Penalty: Fine and/or up to 5 years
in prison, up to 10 years if repeat offense.
5. Through use of a computer
used in interstate commerce, knowingly causing the transmission
of a program, information, code, or command to a computer system.
There are two separate scenarios:
a. In this
scenario, (I) the person causing the transmission intends it to
damage the computer or deny use to it; and (ii) the transmission
occurs without the authorization of the computer owners or operators,
and causes $1000 or more in loss or damage, or modifies or impairs,
or potentially modifies or impairs, a medical treatment or examination.
The most common way someone gets into trouble
with this part of the law is when trying to cover tracks after
breaking into a computer. While editing or, worse yet, erasing
various files, the intruder may accidentally erase something important.
Or some command he or she gives may accidentally mess things up.
Yeah, just try to prove it was an accident. Just ask any systems
administrator about giving commands as root. Even when you know
a computer like the back of your hand it is too easy to mess up.
A simple email bomb attack, “killer
ping,” flood ping, syn flood, and those huge numbers of Windows
NT exploits where sending simple commands to many of its ports
causes a crash could also break this law. So even if you are a
newbie hacker, some of the simplest exploits can land you in deep
crap!
Penalty with intent to harm: Fine
and/or up to 5 years in prison, up to 10 years if repeat offense.
More on computer crime law--->>
