Transcript web.ncf.ca
The formation and reform of laws concerning the hacking of computers. ● ● ● ● Peter Timusk B.Math Third year Law student For LAWS4305 October 9th, 2003 Carleton University, Ottawa, Canada Definition of Hacking R.C.M.P.:The term computer "hacker" refers to an individual who, via a modem or some other computer communications device, circumvents computer security and breaks into a computer system. "Hacking" could be roughly equated to a break and enter. A "hacker"can steal data, sabotage information, or do nothing but browse.[ R.C.M.P. Web site <www.rcmp-grc.gc.ca> (cited fall 2000)] Origin of the term hacker Originated at MIT university as a compliment for programmers who got the computers to work using ad hoc techniques. Unlike computer criminals, no crimes were comitted, instead these programers worked strange hours. In a way a positive deviation became a criminal label. Many early computer owners not just teenagers tried to break into larger systems using a modem. Good vs. Bad ● ● ● ● Hacker v. Cracker To avoid criminalizing computer hobbyists who were using computers in the 1970's and 1980's such as Steve Jobs, or Bill Gates, the term Cracker was introduced to mean someone who broke into a password guarded system or software. i.e. Cracked the system. This didn't really stop the criminal connotations of hacker from developing in the media. [Sterling, B. "The Hacker Crackdown" 1992, (electronic version) updated July 1998. ● ● White Hat v. Black Hat The new division meaning someone who does good things by hacking, the white hat hacker; or someone who commits crimes by hacking, the black hat hackers.[Crume, J., Inside Internet Security, What Hackers Don't Want You To Know (Don Mills, ON: Addison-Wesley, 2000)] ● Ethical hackers would be white hats. Sections of Criminal Code concerning hacking. Unauthorized use of computer 342.1(1) Every one who, fraudulently and without colour of right, (a) obtains, directly or indirectly, any computer service, (b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system, (c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or (d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or © is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction. The problems with the law and/or enforcement of the laws. ● ● ● ● Behind the times, new crimes come along and the courts and the law are slow to react. Severity is driven by economics of Hi-Tech, i.e. Ten years in jail for vandalising the white house web site. Very hard to find and prove... someone who hacked a computer; requires computer forensics as a science. A teenager can do significant damage to electronic commerce. Power relationships? The sentence for hacking on 'the books' and in reality. ● ● ● ● Charges thrown out because of bad evaluation of damages, the 911 case. 3 years probabation, and community service for the first Internet Worm. Usually community service, case of mafia boy. Sentencing will find an equilibrium for new crimes. Victimisation Reporting Rates (FBI) “The FBI's National Computer Crimes Squad estimates that between 85 and 97 percent of computer intrustions are not detected. In a recent test sponsored by the Department of Defense that statistics were startling. Attempts were made to attack a total of 8932 systems participating in the test. 7860 of those systems detected the attacks and only 19% of the managers reported the attacks.”[(Richard Power, Current and Future Danger: A CSI Primer on Computer Crime and Information Warfare, Computer Security Institute, 1995) in D. Icove, K. Seger, & W. VonStorch, Computer Crime, A Crimefighters Handbook, ( Sebastopol, CA: O'Reilly & Associates, Inc., 1995] How Dangerous are Hackers? ● ● ● ● ● ● ● ● ● ● ● Crashing bank or stock market computers Releasing private credit card information Organising on the Internet for protests Terrorist plans hidden in digital photographs Hydro plants shutdown by hackers Personal information exposed Corporate espionage EMP bombs to “knock out” computer installations Viruses to stop email service Denial of service attacks Source [Schwartau, W.,Information warfare : chaos on the electronic superhighway (New York, NY: Thunder's Mouth Press, 1994)[This book gives the larger picture. While some of the crimes this book describes have not occurred, so is speculative, it does offer warnings and techniques for prevention.]] You are the victim ● ● ● ● Virus destroys your essay the day before you print it up and hand it in. How would you place blame? How would you report this crime? Would you get justice? ● ● ● Another student, a hacker, gets your essay file, destroys your copy and hands it in as theirs. How could you prove it was yours? Would this happen? The voluntary sector enforcement partnerships: The Cyber Angels ● ● ● www.cyberangels.org Voluntary organisation concerned with making the Internet safe for children concentrates on policing child pornography but also does work concerning computer security and anti-hacker work. Is a partner with law enforcement does not work on its own. The commercial sector enforcement partnerships: IBM ● ● ● ● ● Suggestions for security to end users and administrators. Gives advice on computer security Has computer security services for sale Sells and makes computer security devices Gives away computer security books and promotes computer security to do business in computer security provision. The future and suggestions for reform The new crimes find new laws. Are the first laws the best? Should we not study this further before making the laws? Are we being to harsh for the amount of deviation involved? Couldn't a computer skilled offender help with a community groups computer problems? As such, community service orders should and is likely to be the sentence given.