Crime and Abuse in Cyberspace

Computer and Network Hacking

Hacking is a process where someone uses a vulnerability or misconfiguration to gain unauthorized access into a computer or network. While the term hacking is commonly tied to malicious motives and illegal activity, some hackers do use their skills for non-malicious activities. We commonly classify hackers into the following categories:

Black Hat	A hacker that uses their skills for malicious intent. Skills are used to illegally collect information, deceive, or steal money from their victims.
Grey Hat	A hacker that uses their skills for both malicious and non-malicious intent. Most grey hat hackers call themselves "security researchers" but may use vulnerabilities for personal gain. They may also improperly report vulnerabilities on the Internet before notifying the company or giving them proper time to respond and fix the issue.
White Hat	A hacker or "security researcher" that finds vulnerabilities and properly reports them to the company that developed the system.
Script Kiddie	An unskilled hacker that commonly uses scripts without understanding the operations happening in the background.

The term hacking refers to a broad range of Tactics, Techniques, and Procedures (TTP). Often, a hacker will use multiple TTPs to execute an attack on a computer or network. Some of these TTPs include but are not limited to:

• Network enumeration

• Vulnerability scanning

• Password cracking / guessing

• Network traffic analysis or "sniffing"

• Phishing

• Social engineering

• Installing malware

Make no mistake that if you decide to gain unauthorized access to a computer or network (to include a wireless network), you are committing a crime and may go to jail, or worse depending on the country. While the United States has laws that may fine or put a hacker in jail, some countries have stricter punishments and may sentence the hacker to death.

Notable Hackers

The following individuals that were pioneers in the hacking community:

Robert Tappan Morris

Robert Morris was a graduate student at Cornell University when he released the first worm commonly called the "Morris Worm." The worm exploited several vulnerabilities to gain unauthorized access to target systems. The mechanism Morris used to establish persistence led to system resources becoming overloaded and caused what the courts refer to as "potential loss in productivity" ranging from $200-$53,000 per system.

Morris was indicted for violating the Computer Fraud and Abuse Act in 1989 and was sentenced to three years of probation, fined $10,050, and required to serve 400 community service hours for his crime.

Kevin Mitnick

Despite reports, Kevin Mitnick is mainly noted for his social engineering skills. From the age of 13, Kevin used dumpster diving and social engineering to obtain confidential information usernames, passwords, and phone numbers (modem access). He would use this information to gain unauthorized access to various computer systems and networks. Then at the age of 16, Kevin gained unauthorized access to the

Digital Equipment Corporation

(DEC) network and stole the RSTS/E operating system. He was charged, convicted, and sentenced to 12 months in prison followed by three years of supervised release.

During his probation, Mitnick hacked into the Pacific Bell voicemail system which led to authorities issuing a warrant for his arrest. He fled the authorities and was considered a fugitive for two and a half years. During this time, Mitnick illegally gained access to "dozens of computer networks" [According to U.S. Department of Justice].

The FBI eventually arrested Mitnick and charged him with multiple counts of wire fraud, unauthorized access to federal computers, wiretapping, and possession of "unauthorized access devices" [According to Wikipedia]. He was sentenced to 46 months in prison with an additional 22 months for violating his supervised release for his previous crime. Mitnick served four and a half years of his sentence in solitary confinement because law enforcement officials convinced the judge that he could "start a nuclear war by whistling into a pay phone" [According to Mitnick]. Mitnick is now a security consultant, author, and speaker at multiple conferences and training events.

Other Notable Cyber Crimes

Identity theft is a growing threat to everyone using an Internet connected device. Hackers working for themselves or organized crime will often conduct phishing campaigns to install malware on victim systems. Once infected, the malware will scour the system looking for all personal information like: social security numbers, credit card numbers, private data. Stealing personal data and using it for personal gain is considered fraud and is illegal in most countries. Punishment, depending on the country, may carry heavy fines and prison time.

Cyber crimes do not stop at gaining unauthorized access to a system. Software piracy, reverse engineering a program to break security measures, illegally sharing files (e.g. music and videos), harassment over the Internet, etc. are examples that may not lead to a prison sentence and could cost you or your family hundreds, if not thousands, of dollars in fines.

For example: Jammie Thomas-Rasset was sued by Capitol Records, Inc for posting 24 music files through the Kazaa file sharing service. Capitol Records filed a suit and after multiple trials and appeals, Thomas-Rasset was charged to pay $1,920,000 to Capitol Records.

What could happen if you violated the law in the United States?

Punishments vary depend on the activity and the system a hacker gains access to. We will break up these punishments based on whether the criminal is a minor (less than 17 years old) or an adult:

As an adult

• Prison sentence

• Fines from $100 to $1,000,000

• Registered as a felon

• Possible probation or supervised release

• Possibly be restricted from ever touching a computer system

As a minor

• Juvenile detention sentence

• Parent or guardian fines from $100 to $1,000,000

• Registered as a felon till 18 years old

• Possible supervised release

• Possibly be restricted from ever touching a computer system

Child Pornography

In the United States, child pornography is a crime that entails the creation, possession, sale, and/or distribution of sexually explicit material involving a person under the age of 18 (minor). Individuals convicted in a child pornography case often face significant jail time, fines, and are required to register as a sex offender. This registration can often effect the ability to get a job and may cause unwanted attention due to publicly available websites that list register sex offenders in the area.

With the advent of smart phones, the ability to take digital photography are at the users fingertips. At times, some may take sexually explicit pictures of themselves and send them to someone they are dating or interested in. What some minors do not realize is that the distribution of these types of compromising photos is considered child pornography. Those individuals in possession of such photos or distributing them can be convicted of child pornography related crimes and will be required to register as a sex offender.

Bottom line, do not willingly accept or distribute these images if the person depicted is in fact a minor.

Cyber Harassment (Cyberstalking)

Criminals use the Internet because of its ability to make them anonymous. Others may use the Internet's anonymous nature to stalking or harass a individual or group. Some harassers will create fake social media or email account to perform:

• Monitoring

• Gather information

• Slander / defamation / create false accusations

• Threatening the target

The attacker's motivation is typically to intimidate or control the targeted victim. Some actions may involve some type of blackmail. Cyberstalking is addressed in U.S. federal law making it a criminal offense. Some states like California, Florida, and Texas have created additional state laws to further protect victims from cyber-related harassment.

Cyber Bullying

Cyber bullying is a type of harassment that also uses electronic means; however, the victim is commonly harassed both in person and electronically. While in some states, bullying is not necessarily a crime, it could be prosecuted as a more severe crime if the victim harms themselves. Kids that are cyber bullied exhibit the following symptoms:

• Frequently missing school

• Unwilling to attend school

• Poor grades

• Significant emotional or physical problems

• Low self-esteem

• Drug or alcohol abuse

It is our duty to recognize the symptoms of cyber bullying and report all types of these activities to our teachers, mentors, parents, and law enforcement.

Take the Quiz