[ Pobierz całość w formacie PDF ]

raid that year was the Chicago Task Force invasion of Steve Jackson Games, Inc.
June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all these raids to found the
Electronic Frontier Foundation. Its initial purpose is to protect hackers. They succeed in getting law
enforcement to back off the hacker community.
In 1993, Marc Andreesson and Eric Bina of the National Center for Supercomputing Applications release
Mosaic, the first WWW browser that can show graphics. Finally, after the fade out of the Plato of twenty
years past, we have decent graphics! This time, however, these graphics are here to stay. Soon the Web
becomes the number one way that hackers boast and spread the codes for their exploits. Bulletin boards,
with their tightly held secrets, fade from the scene.
In 1993, the first Def Con invades Las Vegas. The era of hacker cons moves into full swing with the Beyond
Hope serie s, HoHocon and more.
1996 Aleph One takes over the Bugtaq email list and turns it into the first public "full disclosure" computer
security list. For the first time in history, security flaws that can be used to break into computers are being
discussed openly and with the complete exploit codes. Bugtraq archives are placed on the Web.
In August 1996 I start mailing out Guides to (mostly) Harmless Hacking. They are full of simple instructions
designed to help novices understand hacking. A number of hackers come forward to help run what becomes
the Happy Hacker Digest.
1996 is also the year when documentation for routers, operating systems, TCP/IP protocols and much, much
more begins to proliferate on the Web. The era of daring burglaries of technical manuals fades.
In early 1997 the readers of Bugtraq begin to tear the Windows NT operating system to shreds. A new mail
list, NT Bugtraq, is launched just to handle the high volume of NT security flaws discovered by its readers.
Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of research, write and release a
password cracker for WinNT that rocks the Internet. Many in the computer security community have come
far enough along by now to realize that Mudge and Weld are doing the owners of NT networks a great
service.
Thanks to the willingness of hackers to share their knowledge on the Web, and mail lists such as Bugtraq,
NT Bugtraq and Happy Hacker, the days of people having to beg to be inducted into hacker gangs in order
to learn hacking secrets are now fading.
Where next will the hacker world evolve? You hold the answer to that in your hands.
Contents of the Crime Volume:
Computer Crime Law Issue #1
Everything a hacker needs to know about getting busted by the feds
____________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Computer Crime Law Issue #1
By Peter Thiruselvam and Carolyn Meinel
____________________________________________________________
Tired of reading all those  You could go to jail notes in these guides? Who says those things are crimes?
Well, now you can get the first in a series of Guides to the gory details of exactly what laws we re trying to
keep you from accidentally breaking, and who will bust you if you go ahead with the crime anyhow.
This Guide covers the two most important US Federal computer crime statutes: 18 USC, Chapter 47, Section
1029, and Section 1030, known as the  Computer Fraud and Abuse Act of 1986.
Now these are not the *only* computer crime laws. It s just that these are the two most important laws used
in US Federal Courts to put computer criminals behind bars.
COMPUTER CRIMES: HOW COMMON? HOW OFTEN ARE THEY REPORTED?
The FBI s national Computer Crimes Squad estimates that between 85 and 97 percent of computer intrusions
are not even detected. In a recent test sponsored by the Department of Defense, the statistics were
startling. Attempts were made to attack a total of 8932 systems participating in the test. 7860 of those
systems were successfully penetrated. The management of only 390 of those 7860 systems detected the
attacks, and only 19 of the managers reported the attacks (Richard Power, -Current and Future Danger: A
CSI Primer on Computer Crime and Information Warfare_, Computer Security Institute, 1995.)
The reason so few attacks were reported was  mainly because organizations frequently fear their employees,
clients, and stockholders will lose faith in them if they admit that their computers have been attacked.
Besides, of the computer crimes that *are* reported, few are ever solved.
SO, ARE HACKERS A BIG CAUSE OF COMPUTER DISASTERS?
According to the Computer Security Institute, these are the types of computer crime and other losses:
� Human errors - 55%
� Physical security problems - 20%(e.g., natural disasters, power problems)
� Insider attacks conducted for the purpose of profiting from computer crime - 10%
� Disgruntled employees seeking revenge - 9%
� Viruses - 4%
� Outsider attacks - 1-3%
So when you consider that many of the outsider attacks come from professional computer criminals -- many
of whom are employees of the competitors of the victims, hackers are responsible for almost no damage at all
to computers.
In fact, on the average, it has been our experience that hackers do far more good than harm.
Yes, we are saying that the recreational hacker who just likes to play around with other people s computers
is not the guy to be afraid of. It s far more likely to be some guy in a suit who is an employee of his victim.
But you would never know it from the media, would you?
OVERVIEW OF US FEDERAL LAWS
In general, a computer crime breaks federal laws when it falls into one of these categories:
� It involves the theft or compromise of national defense, foreign relations, atomic energy, or other restricted
information.
� It involves a computer owned by a U.S. government department or agency.
� It involves a bank or most other types of financial institutions.
� It involves interstate or foreign communications.
� it involves people or computers in other states or countries.
Of these offenses, the FBI ordinarily has jurisdiction over cases involving national security, terrorism,
banking, and organized crime. The U.S. Secret Service has jurisdiction whenever the Treasury Department is
victimized or whenever computers are attacked that are not under FBI or U.S. Secret Service jurisdiction
(e.g., in cases of password or access code theft). In certain federal cases, the customs Department, the
Commerce Department, or a military organization, such as the Air Force Office of Investigations, may have
jurisdiction.
In the United States, a number of federal laws protect against attacks on computers, misuse of passwords,
electronic invasions of privacy, and other transgressions. The Computer Fraud and Abuse Act of 1986 is
the main piece of legislation that governs most common computer crimes, although many other laws may be
used to prosecute different types of computer crime. The act amended Title 18 United States Code �1030. It
also complemented the Electronic Communications Privacy Act of 1986, which outlawed the unauthorized
interception of digital communications and had just recently been passed. The Computer Abuse
Amendments Act of 1994 expanded the 1986 Act to address the transmission of viruses and other harmful
code.
In addition to federal laws, most of the states have adopted their own computer crime laws. A number of [ Pobierz całość w formacie PDF ]

Pokrewne