Computer Hacking and Unauthorized Access to Computer Networks: Curiosity Can Kill the Cat

Recently, we have encountered many instances of the following scenario... Often out of curiosity, an Internet website visitor may exceed his authorized access under his access login or under the website's terms of use.  Website access scripts are easily available online. Their use, however, may generate serious accusations of computer crime, specifically hacking and unauthorized access.  Under cybercrime and computer laws, a conviction for computer hacking can carry 20 years to life in prison. 

If you are accused of computer hacking or unauthorized access to a computer network, our computer hacking defenseattorneys understand the technical aspects of the Internet and can provide you with a top tier computer hacking defense. 

Source: http://cyberlawyerblog.com

Recommendation: 20 years for unauthorized access that the exact mean of a lot so if you insist on hacking other people to satisfied your curiosity I suggest you give it second thought you may spend the rest of your life in prison because of some childish  curiosity .

Teenage hacker admits Scientology cyber-attack

LOS ANGELES (AFP) — A teenager hacker has admitted carrying out a cyber attack that crashed Church of Scientology websites as part of a campaign by a mysterious underground group, justice officials said Friday.

Dmitriy Guzner, 18, of New Jersey will plead guilty to computer hacking for his role in launching a distributed denial of service (DDOS) attack against Scientology websites in January this year, the Justice Department said.

DDOS attacks occur when websites are overwhelmed by a large volume of malicious Internet traffic, making the sites unavailable to legitimate users.

According to information filed in federal court in Los Angeles, Guzner described himself as a member of a shadowy Internet-based group known as "Anonymous" that has carried out a series of protests against Scientology.

A statement released by the Justice Department in Los Angeles said Guzner would formally plead guilty in "coming weeks" at a court in New Jersey. He faces up to 10 years in federal prison.

Founded in the United States in 1954 by science-fiction writer L. Ron Hubbard, the Church of Scientology, which has attracted Hollywood stars such as Tom Cruise, was recognized as a religion there 20 years later.

Source: AFP

Recommendation : let me explain what is DDOS it considered as short for Distributed Denial of Service, it is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack. The kid, just 18 years old have to spend next 10 years of his life in prison he would loose so many thing up the time he'll be release just because of hacking.

Cracking cyber crime: Delhi Police at a Net loss

With all the marvels of IT, a downside had to come along. Business organisations are busy updating their fire-proofing almost on a monthly basis, official sites keep an eye out for hackers and intelligence agencies hone in on terrorist "chatter" through a web of hundreds of satellites.

It is no surprise that cyber crime would have an impact on city policing. What was perhaps not anticipated was that it would implode through an event like the MMS case. But the unravelling cyber story and the controversial arrest of Bazee.com chief Avnish Bajaj has brought to the fore the menace of cyber crime and its grave implications.
Added to the rising incidence of cyber crime is the fact that the Information Technology Act, 2000 — the law meant for dealing with such situations — is itself ambiguous, if not completely inadequate. This has also opened up several legal and investigative fronts.

Numbers game: Statistics can be, as Benjamin Disraeli once said, "lies and damn lies". They simply don’t tell the the whole story. The Delhi Police have registered only about 50 such cases in Delhi in the past three years. According to experts as well as senior police officers, this had lulled people into a false sense of security. But the recent MMS case has again proved that the netizens and cops alike will continue to be dogged by the bugbear of cyber crime in the near future.

As per a survey conducted by cyber law expert Pavan Duggal, for every 500 incidents of cyber crime in the city only 50 get reported. Out of these, only one gets registered. "Lack of awareness is the main reason for this, as it is not like any other crime which one can report and get registered in the nearest police station. The cyber law states that only an officer of the rank of ACP can either register or investigate such cases," says Duggal.

Concurs deputy commissioner of police (crime) Tejindra Luthra, "Even our information is that a lot of these cases are going unreported. We have also noticed that several cyber crime cases in Delhi pertain to credit card fraud. The credit card companies, however, dissuade the complainant from approaching the police by making good their losses."
Sleazy trend

According to experts, there are three kinds of cyber crime — of a personal nature, those dealing with property and cases pertaining to the nation. In Delhi, almost all the cases reported so far have targeted individuals. This includes cyber stalking, harassment, defamation and morphing. And, in more than 50 per cent of these cases, the victim was a woman.
Many believe that orientation of law enforcing agencies is important for ensuring that more such cases are reported. Out of the eight cases of cyber crime registered this year, only two have been solved. A senior officer cited the example of a case last year in which the seized computers were dumped in a godown where dust settled on them and resulted in their not functioning in the court.

Cops logging in Realising the gravity of the situation, the Delhi Police have now made computer training mandatory for head constables and sub-inspectors. While constables undergo training for nine months, sub-inspectors are trained for two years. The Police Training College in Jharoda Kalan now boasts two specialised computer training centres.

Source: http://www.crime-research.org

Recommendation: 
An urgent requirement is to make the concerned laws more attuned to tasks that investigators have to deal with. If the law is implemented literally, even the act of an adult accessing X-rated material over a personal computer may qualify as culpable. Cyber crime is clearly going to test the ingenuity and resourcefulness of the judiciary, legislatures and criminal investigators.

What makes cybercrime laws so difficult to enforce

When the Internet first “went commercial” and became affordable enough and easy enough to access for ordinary people (that is, those outside academia and government), it was a new frontier. Like the Wild West of old, it was mostly unregulated; legislators hadn’t anticipated the rapid growth or the types of online behaviors that would require new laws to protect innocent users.

Over the more than two decades since, state and federal governments have passed many statutes to address the problem of criminal activities that take place over the Internet. Cyberbullying, cyberstalking, theft of wireless services, spamming, unauthorized access - most of these laws didn’t exist twenty-five years ago.

So now we have plenty of laws on the books, but enforcing them is another matter. It can be frustrating for the victims of such crimes, when the perpetrators are never brought to justice. Some local police departments have set up divisions specifically devoted to computer crimes enforcement, but some shy away from investigating and enforcing these types of crime. That’s because, for a number of reasons, enforcing laws governing online behavior is intrinsically more difficult than the enforcement of “traditional” laws. In this article, we’ll take a look at those reasons.

Jurisdictional issues

The concept of jurisdiction pertains to which agency or court has the authority to administer justice in a particular matter, and to the scope of those agencies’ and courts’ authority. Jurisdiction can be based on a number of different things:

Branch of law. In the U.S., there are three broad branches of law: criminal law, civil law, and regulatory law. The criminal (or penal) system deals with offenses that are prosecuted by the government - local, state or federal - and can be punished by monetary fines, loss of liberty (jail or prison), or in extreme cases, even loss of life (death penalty). The civil system deals with disputes between individuals or organizations (including in some cases government agencies), in which the party found liable is ordered to pay monetary damages and/or ordered to do or not do something (injunction). Regulatory agencies have jurisdiction over specific industries or activities and can impose fines and/or take away an individual’s or organization’s authorization to conduct business or engage in the regulated activity.

Type of case. Within each system, there can be different agencies or courts assigned responsibility for different types of cases. For example, within the criminal system, some courts deal exclusively with traffic offenses and some deal with domestic violence and other family law cases. Some law enforcement agencies have jurisdiction only over crimes that violate the state’s alcoholic beverage code, or only investigate and prosecute offenses that fall under the parks and wildlife code. Within the civil system, some courts handle only divorce cases, others handle only probate matters, and so forth.

Grade of offense. In the criminal justice system, different courts have jurisdiction over different grades of offense, based on severity. Municipal courts may handle only city ordinance violations and/or certain misdemeanor offenses. County courts may handle more serious misdemeanors, while district courts handle felony offenses.

Monetary damages. In the civil system, different courts handle cases based on the monetary damages. For example, small claims courts or justice of the peace courts may have jurisdiction over lawsuits up to a few thousand dollars.

Level of government. In the U.S., there are separate laws, law enforcement agencies and court systems for different levels of government. In the criminal system, you have municipal police, county sheriffs (and in some states, constables and/or marshals), state police or troopers, and numerous federal agencies such as the FBI, DEA, BATF, etc., enforcing the laws that are passed by the governing bodies at the corresponding levels (city and county ordinances passed by city councils and county commissioners, state statutes passed by state legislative bodies and federal laws passed by the U.S. Congress).

Because these systems are separate, a person can be charged, tried and acquitted under state law, for example, and then charged, tried and convicted under federal law for the same act, without incurring double jeopardy. There are also international law-making bodies such as the EU and the UN; their laws are generally adopted by the member nations via treaties.

Geographic area. Any good real estate agent will tell you it’s all about location, location, location - and that’s what geographic jurisdiction pertain to. In the case of the courts, it’s also referred to asvenue. A law enforcement agency or court has jurisdiction only over crimes that take place in the geographic location where that agency or court has authority. That may include the location of the perpetrator, the location of the victim, or the location where the crime actually occurred.

Before a law enforcement agency can investigate a cybercrime case, it has to have jurisdiction. The first thing that must be determine is whether a crime has taken place at all. In some cases, there is no law on the book that covers the particular circumstance. In other cases, the wrongful action that took place is a civil matter, not a criminal one. This might be the case, for instance, if you entrusted your data to a company and that company lost it.

If a criminal offense has occurred, the next step is to determine what law was violated. Was it a city ordinance, a state statute, or a federal law? Local police don’t generally pursue a person for federal crimes, and the FBI doesn’t generally investigate and arrest for state offenses (although in some serious matters, agencies at different levels come together to form task forces and work together to pursue criminals who commit offenses that are violations at both levels).

The next, and in the case of cybercrime the stickiest point, is to determine the geographic jurisdiction. This is more difficult in cybercrime cases than in other types of crime because often the perpetrator is not in the same city, state or even country as the victim.

Why is geographic jurisdiction such a big problem? There are a couple of important reasons:

Laws differ from state to state and nation to nation. An act that’s illegal in one locale may not be against the law in another. This complicates things if the perpetrator is in a location where what he/she is doing isn’t even against the law - even though it’s a clear-cut crime in the location where the victim is.

Law enforcement agencies are only authorized to enforce the law within their jurisdictions. A police officer commissioned in California has no authority to arrest someone in Florida, the FBI doesn’t have the authority to arrest someone in Spain and so forth. Extradition (the process by which a state or nation surrenders a suspect to another) is difficult at best, and often impossible. Under international law, a country has no obligation to turn over a criminal to the requesting entity, although some countries have treaties whereby they agree to do so. Even in those cases, it’s usually an expensive and long, drawn-out process.

Thus jurisdictional issues frequently slow down or completely block the enforcement of cybercrime laws. Extradition treaties often require “double criminality,” meaning the conduct must be a crime in both the jurisdiction seeking to extradite and in the jurisdiction from which the extradition is sought.

Anonymity and identity

Before jurisdiction even comes into play, it’s necessary to discover where - and who - the criminal is before you can think about making an arrest. This is a problem with online crime because there are so many ways to hide one’s identity. There are numerous services that will mask a user’s IP address by routing traffic through various servers, usually for a fee. This makes it difficult to track down the criminal.

In 2009, Eugene Kaspersky identified the relative anonymity of Internet users as a key issue that enables cybercrime and proposed Internet “passports” for individuals and accreditation for businesses to help combat the problem.

Some studies have shown that people are more likely to engage in offensive and/or illegal behavior online because of the perception of anonymity.

However, attempts to better track online identity raise serious issues for privacy advocates and result in political backlash. And end to anonymity on the Internet could have serious consequences in countries where the government punishes dissenters, so even if the technological challenge of identifying every online user could be overcome, many lawmakers would be hesitant to mandate it. Cybercriminals exploit the rights and privileges of a free society, including anonymity, to benefit themselves.

Nature of the evidence

Yet another thing that makes cybercrime more difficult to investigate and prosecute in comparison to most “real world” crimes, is the nature of the evidence. The problem with digital evidence is that, after all, it is actually just a collection of ones and zeros represented by magnetization, light pulses, radio signals or other means. This type of information is fragile and can be easily lost or changed.

Protecting the integrity of evidence and maintaining a clear chain of custody is always important in a criminal case, but the nature of the evidence in a cybercrime case makes that job far more difficult. An investigator can contaminate the evidence simply by examining it, and sophisticated cybercriminals may set up their computers to automatically destroy the evidence when accessed by anyone other than themselves.

In cases such as child pornography, it can be difficult to determine or prove that a person downloaded the illegal material knowingly, since someone else can hack into a system and store data on its drive without the user’s knowledge or permission if the system isn’t adequately secured.

In cases of intrusion or cybervandalism, the bad guy often erases all logs that show what happened, so that there is no evidence to prove that a crime even occurred, much less where the attack came from.

The good news

The news isn’t all bad. Computer forensics has come a long way, and there are tools available to investigators that allow them to examine digital evidence without tampering with it. Trained forensics examiners can reliably preserve data for presentation in court and even recover deleted data, and the legal system is evolving and new procedures being adopted to deal with the special challenges presented by the nature of digital evidence.

While anonymity online is still achievable, it’s getting more difficult. With diligent work, it’s often possible to track down criminals by IP and by clues that they may leave within the content of data. Many cybercriminals are not particularly technically savvy, such as those who use the Internet to commit fraud or cyberstalking. Many of those who are more knowledgeable about technology still leave clues because they get careless or are arrogant and overly confident.

Jurisdictional issues still present a challenge, particularly when the criminal is in another country, but more and more governmental entities are recognizing the harm that cybercrime does to their citizens and are working together. Countries (and states within the U.S.) are cooperating to adopt consistent laws, and forming interjurisdictional task forces to deal with cybercrime that crosses state and national boundaries.

Source: http://www.techrepublic.com

Recommendation:

Cybercrime law is very difficult to enforce because there are many ways of hiding your identity.I was talking to a New Orleans injury lawyer few days ago and he told me he has a new case which involved a 16 years old teenager who admitted unofficial that he was stalking a girl online.But they can put all things together because he used some softwares which helped him to remain unknown.

Has Your Business Been Hacked?

On February 9, Steve Martinez, head of our Cyber Division, addressed the Third Annual Cyber Security Alliance Summit in Tampa, Florida.

Who was there? Law enforcement officers; executives from business, banks, and brokerage firms; and university professors—all engaged in one of today's most burning issues: "Securing the Cyber Infrastructure," the theme of the conference.

What was Steve's primary message? "We need your help!" And by that he means help from all levels of U.S. and international law enforcement...help from the brilliant techie minds and ideas of private industry and university research...and, above all, help from victimized businesses—specifically, reports of attacks on their computer systems.

Why "above all" from victimized companies? Because we need a more comprehensive intelligence base of all the tools and techniques hackers are using to attack the cyber infrastructure. If we don't have that information—and we estimate we get reports on only about a third of all intrusions into business computer systems—we can't be predictive. We can't be proactive. We can't parse out criminal signatures, much less chase down the criminals who are cheerfully hacking credit card or trade secret information from one company then moving to the next when their breach is discovered and closed. Bottom line: your combined reports to us will help protect you and your never-quite-invulnerable systems from insidiously clever criminal hackers.

In Steve's words, "So the successful future of cyber cases lies not in merely protecting your own systems. If there are criminals out there who are going to continue hitting company after company, it is essential that we go after them aggressively. The sanction, and the most effective deterrent, has to be putting these criminals in jail. Now and in the future we need your cooperation as victim companies to help provide us with the intelligence and evidence that will enable us to do just that."

How to make a report? File a complaint online at the Internet Crime Complaint Center...or contact your local field office. And don't worry: our agents have been closely trained to be discreet, to protect your public image and your intellectual property, and to not disrupt your operations.

How can you become our partner? Join a local InfraGard Chapter—part of a national organization that's dedicated to protecting your computer systems and everyone else's. As a member, and at no cost to you or your business, you'll have access to special training; to DHS/FBI threat alerts, advisories, and warnings; to cyber professionals; and to other businesses that are dealing with your same issues.

Want to know more about the big picture of current and future threats to cyber security? We encourage you to read Steve's speech in its entirety.

Source: http://www.fbi.gov

Recommendation:

I find this post very helpful for those who like to use it in order to protect them self against hackers and crackers joining the campaigns that have been discussed inside the case can provide some protection for our business there is also some some unprofessional advise about cyber space and law if they face any attacks in my point of view anybody should be prepared for rainy days so read it again and write down what you need.

Hungarian pleads guilty in Marriott hacking case

WASHINGTON Nov 23 (Reuters) - A Hungarian man pleaded guilty in U.S. court on Wednesday to hacking into Marriott International Inc (MAR.N) computers and threatening to reveal confidential information if the hotel operator did not offer him a job, the Justice Department said.
It said Attila Nemeth, 26, pleaded guilty in federal court in Baltimore, Maryland, under a deal with prosecutors. He was caught as a result of an undercover sting operation by U.S. law enforcement authorities.
Nemeth faces up to ten years in prison for transmission of malicious computer code and up to five years in prison for threatening to expose confidential company information. The judge set sentencing on Feb. 3.
According to the plea agreement, Nemeth sent on Nov. 11, 2010, an initial email to Marriott employees advising that he had been accessing company computers for months and had obtained proprietary information.
He threatened to reveal the information if Marriott did not give him a job maintaining the company's computers, according to the documents. He admitted he installed malicious software that gave him a backdoor into the computer system.
Marriott in November last year created the identity of a fictitious employee for use by the U.S. Secret Service in an undercover operation to communicate with Nemeth.
Nemeth, believing he was communicating with Marriott human resources personnel, continued to call and email.
In January, he arrived at Washington Dulles Airport on a ticket purchased by Marriott for what he thought was an employment interview.
During the interview conducted by an undercover Secret Service agent, Nemeth admitted he accessed Marriott's computer system and demonstrated how he did it.
U.S. officials said the loss to Marriott caused by Nemeth ranged between $400,000 and $1 million in salaries, consultant expenses, and other costs associated with the intrusion.
source:http://uk.reuters.com

Recommendation: 
In my opinion it is two crime have been happened at the same time by Hungarian man 1. hacking and took the information and the worse one is the number 2. trying to use those information to treat them and make them to pay or in this case offer a job to you what a caseeeeee!!! it is like some one break into to your apartment and steal your document finally tells you if you don't pay me I will release them to public CAN YOU IMAGINE THIS!! he should get the highest sentence that is possible these case can be investigate under both civil and public law since it has two parties involved both individual and government.

Guilty plea entered in Missoula hacking case

MISSOULA- A Missoula man who's accused of trying to sabotage his former company by deleting, altering, and overwriting computer files has pleaded guilty to the crime.

Vladamir Shved worked for Education Logistics in Missoula, a sister company of Logistic Systems.

Prosecutors say the company laid off some of its workers, including Shved and shortly after the layoff, Education Logistics and Logistic Systems, found out that someone hacked into its system. The company was able to trace it back to Shved's home computer.

During a Thursday morning court appearance Shved admitted hacking into the computer system to damage the files, so the company would hire him back.

His plea agreement calls for a deferred sentence and he has to tell detectives what he did when he hacked into the computer systems and how he did it.

Logistic Systems provides software for Missoula law enforcement and EMS and Education Logistics provides software solutions for school districts. The company's vice president said the client files were not compromised by the hack.

source: WESTERN MONTANA CRIME NEWS

Recommendation:

cracking in order get back to the work? hello why don't you try to use your ability to make some business? that is the why cyber law should exist we would be plead guilty for cracking and breaking the data protection act 2010 and under computer crime act 1997 if he were in Malaysia but I hope cyber law can provide much more useful Acts in order to protect businesses and people from these criminals.