New Era of Laws related to Hacking and Scamming

1
New Era of Laws related to Hacking and Scamming

• CSE 551
• Bharti Gupta
• Divyanshu Bansal
• Jason Barrat

2
Spamming
3
Scams Pre-Computer Era

• Victor Lustig Selling the Eiffel Tower twice
• Pyramid scams
• Stolen identity scams
• Now broadened with new technology to computers

4
Chain Letter Scam

• Ever since email it is now very prevalent through
  the Internet community and practically everyone
  has seen this type of scam in their inbox.
• How it starts off is someone is to send a little
  cash to each of the names listed in the email and
  to send it to their address. Than after you send
  that money to those people, you put your name and
  address on the line and send it out to everyone
  you know. They are supposed to do the same thing
  and in this return every time someone sends money
  to everyone on the list everyone gets paid.

5
FTC about Chain Letters

• Chain letters that involve money or valuable
  items and promise big returns are illegal. If you
  start one or send one on, you are breaking the
  law. Chances are you will receive little or no
  money back on your "investment." Despite the
  claims, a chain letter will never make you rich.
  Some chain letters try to win your confidence by
  claiming that they're legal, and even that
  they're endorsed by the government. Nothing is
  further from the truth. If you've been a target
  of a chain email scam, contact your Internet
  Service Provider and forward the email to the FTC
  at spam_at_uce.gov. (FTC)

6
Charity Scam

• A person receives an email from a fake charity
  and to send money to a certain address
• Also they can use the name of a real charity and
  just a fake address and person to where send
  money to
• A lot of those emails are long sob stories about
  people dying or down on their luck and to send
  money through a wire-transfer overseas or even
  just to send cash to someone in the United States

7
FTC about Charity Scams

• Ask questions about the nature and activities of
  the organization to which youre considering
  donating. Thats the only way you can be sure the
  money you contribute will support a worthwhile
  cause. And if you work for a nonprofit
  organization, you need to know what are
  acceptable solicitation practices. (FTC)

8
Diploma Scam

• This a scam that promises that you can earn a top
  notch college diploma online
• Fake schools send you this email and you pay to
  take these fake classes or a scam might even be
  that you just pay for the diploma without taking
  any courses online
• If its not an accredited university then even by
  presenting one of these fake documents, you the
  person who paid for this can get in trouble for
  using a fake document to act like it is a legit
  diploma

9
Hacker and Hacking
10
Hacker a vandal or a terrorist??

• Highly skilled programmer
• Computer and network security expert
• Hardware modifier
• Cheater
• PATRIOT ACT OF 2001
• Hacker - A Terrorist
• 5-15 years of imprisonment
• one who harbors or provides expert advice or
  material assistance to these people is also a
  terrorist

11
Why Hacking???

• Earlier hackers were about bragging rights, while
  today's hackers are in it for the financial
  benefit.
• Hackers hunt for security flaws and find ways to
  exploit them, hijack computers and rent those out
  for use as spam relays, or participate in
  targeted attacks that steal sensitive information
  from individuals or spy on businesses
• With IT outsourcing at a high level, what are all
  these jobless programmers to do???

12
Hacking Good or Bad???

• What do you do when you work for a large
  government agency as an outside contractor and
  your work is constantly slowed down by
  bureaucracy and paperwork?
• In March 2004, Mr. Joseph Thomas Colon, a
  government consultant with BEA Systems hacked
  FBI's secret computer servers and obtain the
  passwords of thousands of employees and agents
• Mr. Colon was caught, fired from his job, and has
  since plead guilty of intentionally accessing a
  computer with exceeding authorized access and
  obtaining information from any department of the
  United States under Computer Fraud and Abuse Act
  of 1986.

13
Hackers and Laws

• Computer hacking is at least three decades old,
  which gave plenty of time for governments to
  develop and approve cybercrime laws
• At the moment, almost all developed countries
  have some form of anti-hacking law or legislation
  on data theft or corruption which can be used to
  prosecute cyber criminals
• Ethical Hacker A computer and network expert who
  attacks a security system on behalf of its
  owners, seeking vulnerabilities that a malicious
  hacker could exploit
• There is even a certification for hacking known
  as Certified Ethical Hacker (CEH) by Global
  Knowledge.

14
Different laws across the world

• United States of America
• The Computer Fraud and Abuse Act of 1986 (CFA
  Act)
• Law passed by the United States Congress in 1986
  intended to reduce "hacking" of computer systems.
• The maximum penalty for violations is up to 10
  years for a first offense and 20 years for the
  second offense
• Foreign Intelligence Surveillance Act of 1978
• Prescribes procedures for the physical and
  electronic surveillance and collection of
  "foreign intelligence information" between or
  among "foreign powers".

15
US.contd.

• USA Patriot Act of 2001
• Modified a wide range of existing laws to provide
  law enforcement agencies with broader latitude in
  order to combat terrorism related activities.
• Amended both the laws
• The Computer Fraud and Abuse Act of 1986
• Foreign Intelligence Surveillance Act of 1978
• Different laws for every state
• http//www.ncsl.org/programs/lis/CIP/hacklaw.htm

16
United Kingdom Laws

• The Computer Misuse Act 1990
• The act differentiated "joyriding" crackers from
  serious computer criminals.
• A model upon which several other countries
  including Canada and the Republic of Ireland,
  have drawn inspiration when subsequently drafting
  their own information security laws
• Terrorism Act 2000
• An Act to make provision about terrorism and the
  preservation of peace and the maintenance of
  order.
• Represents a worthwhile attempt to fulfill the
  role of a modern code against terrorism, though
  it fails to meet the desired standards in all
  respects.

17
Germany

• New legislation proposed by the German government
  aims to make computer hacking a punishable crime
• Extends existing law that is limited to sabotage
  to businesses and public authorities.
• Other punishable cybercrimes include
  denial-of-service attacks and computer sabotage
  attack on individuals
• Offenders could face up to 10 years in prison for
  major offenses.

18
Hong Kong and China

• The Chinese territory currently has no laws for
  spamming specifically outlawing junk email, and
  recent surveys looking at the sources of spam
  have included Hong Kong and China among the worst
  in the world.
• The proposed new law appears to threaten
  companies which knowingly use spammers to market
  their products.
• It may also allow action against individuals who
  authorize spam campaigns if they are in Hong Kong
  at the time the spam is sent.
• The law is intended to be open ended, covering
  all present and future forms of electronic
  communication, including telephone, fax and
  instant messaging as well as email.

19
Hong Kong and China.contd.

• The Telecommunication Ordinance
• Any person who, by telecommunication, knowingly
  causes a computer to perform any function to
  obtain unauthorized access to program or data
  held in a computer commits an offence and is
  liable on conviction to a fine of 20,000
• The Computer Crimes Ordinance
• Unlawful Tampering with Computers, Programs, or
  Data
• There are two specific defenses available for the
  accused.
• He believed he had been given consent from the
  person entitled to give such consent to do any of
  the activities alleged
• He believed he would have been given consent from
  the person entitled to give such consent if the
  person knew all the relevant circumstances.
• It relates to the mental state of the accused at
  the time of committing the alleged offence, which
  is defined by a Latin tern mens rea.

20
India

• THE INFORMATION TECHNOLOGY ACT, 2000
• Whoever with the intent to cause or knowing that
  he is likely to cause wrongful loss or damage to
  the public or any person, destroys or deletes or
  alters any information residing in a computer
  resource or diminishes its value or utility or
  affects it injuriously by any means, commits
  hacking
• Whoever commits hacking shall be punished with
  imprisonment up to three years, or with fine
  which may extend up to two lakh rupees, or with
  both.

21
Conclusion

• Cybercrime is here to stay. Its the reality of
  the 21st century.
• Current laws doesn't distinguish between
• Digital vandalism and something more serious,
  like breaking into the 911 system or taking over
  nuclear power plant computers.
• Good hacking and Bad hacking
• With sufficiently sophisticated legislation, and
  more international cybercrime treaties such as
  being adopted, the world is hopefully heading in
  the right direction.

22
Questions???