Laws Against Computer HackingOverviewThe term “Hacking”Kevin Mitnick a.k.a CondorThe Computer Fraud and Abuse Act of 1986Federal interest ComputerFeloniesMisdemeanorExamplesDigital Millennium Copyright Act of 1998Security TestingEncryption ResearchComputer Maintenance Competition Assurance ActOnline Copyright Infringement Liability Limitation ActOther uses of the DMCAConclusionsRecognitionLaws Against Computer HackingLaws Against Computer HackingBy Doug LeeBy Doug LeeOverviewOverviewThe term HackingThe term HackingGood example of a hackerGood example of a hackerComputer Fraud and Abuse Act of 1986Computer Fraud and Abuse Act of 1986Digital Millennium Copyright Act of 1998Digital Millennium Copyright Act of 1998Exemptions from the LawExemptions from the LawThe term “Hacking”The term “Hacking”Typing? Or Criminal Activity?Typing? Or Criminal Activity?““In the past decade, however, "hacker" has In the past decade, however, "hacker" has come to describe those people with a hands-come to describe those people with a hands-on interest in computer security and on interest in computer security and circumventing such security. “circumventing such security. “Kevin Mitnick a.k.a CondorKevin Mitnick a.k.a CondorFBI’s number one FBI’s number one most wantedmost wantedNickname “The Lost Nickname “The Lost Boy of Cyberspace”Boy of Cyberspace”Captured February Captured February 1995199525 counts of federal 25 counts of federal computer and wire computer and wire fraudfraudThe Computer Fraud and Abuse The Computer Fraud and Abuse Act of 1986Act of 1986Why signed into law?Why signed into law?Three offensesThree offensesMisdemeanor trafficking in computer passwordsMisdemeanor trafficking in computer passwordsFelony unauthorized access in federal interest Felony unauthorized access in federal interest computerscomputersFelony “malicious damage”Felony “malicious damage”Federal interest ComputerFederal interest ComputerDefintion of Federal Interest ComputerDefintion of Federal Interest Computer "exclusively for the use of a financial institution "exclusively for the use of a financial institution or the United States Government, or, in the case or the United States Government, or, in the case of a computer not exclusively for such use, used of a computer not exclusively for such use, used by or for a financial institution or the United by or for a financial institution or the United States Government, and the conduct States Government, and the conduct constituting the offense affects such use, or constituting the offense affects such use, or which is one of two or more computers used in which is one of two or more computers used in committing the offense, not all of which are committing the offense, not all of which are located in the same State.“located in the same State.“Examples: Banks, Federal Reserve, Depart of Defense etc…..Examples: Banks, Federal Reserve, Depart of Defense etc…..FeloniesFeloniesUnauthorized Access with intention to Unauthorized Access with intention to commit fraudulent theft commit fraudulent theft Address "malicious damage”Address "malicious damage”–Victim loss of $1000 or moreVictim loss of $1000 or more–Except medical casesExcept medical casesFive years for first felonyFive years for first felonyTen years for the second felonyTen years for the second felonyMisdemeanorMisdemeanorIntent to commit fraud affecting interstate Intent to commit fraud affecting interstate commercecommerce–computer passwords are revealedcomputer passwords are revealed–Message boardsMessage boards–Disposes passwords to another personDisposes passwords to another personExamplesExamplesHerbert Zin a.k.a “shadowhawk”Herbert Zin a.k.a “shadowhawk”–First violatorFirst violator–Broke into AT&T, Department of DefenseBroke into AT&T, Department of Defense–Sentenced nine months and $10,000 fineSentenced nine months and $10,000 fineRobert MorrisRobert Morris–Launched worm virusLaunched worm virus–Three years probation, 400 hours community Three years probation, 400 hours community service, $10,000service, $10,000Digital Millennium Copyright Digital Millennium Copyright Act of 1998Act of 1998Signed on October 28,1998 by Signed on October 28,1998 by President ClintonPresident ClintonDivides into Five TitlesDivides into Five Titles–WIPO Copyright and Performances and Phonograms WIPO Copyright and Performances and Phonograms Treaties Implementation Act of 1998Treaties Implementation Act of 1998–Online Copyright Infringement Liability Limitation ActOnline Copyright Infringement Liability Limitation Act–Computer Maintenance Competition Assurance ActComputer Maintenance Competition Assurance Act–Miscellaneous ProvisionsMiscellaneous Provisions–Vessel Hall Design Protection ActVessel Hall Design Protection ActSecurity TestingSecurity Testingsecurity testing means “ accessing a computer, security testing means “ accessing a computer, computer system, or computer network, solely for the computer system, or computer network, solely for the purpose of good faith testing, investigating, or purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such authorization of the owner or operator of such computer, computer system, or computer network”computer, computer system, or computer network”Security testing Security testing –Information usedInformation used»To promote the securityTo promote the security»Does not infringe the violation of privacy or breach of securityDoes not infringe the violation of privacy or breach of security–Vulnerabilities must be told to developerVulnerabilities must be told to developerEx. Ex. HP threatens to sue researchers Tru64 operating systemHP threatens to sue researchers Tru64 operating systemEncryption ResearchEncryption Researchthe term `encryption research' means activities the term `encryption research' means activities necessary to identify and analyze flaws and necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied vulnerabilities of encryption technologies applied to copyrighted worksto copyrighted worksexemptionsexemptions–Act of good faith to get authorizationAct of good faith to get
View Full Document