What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front
So you want to be a computer criminal?

Crime laws, continued...

SECTION 1030

18 USC, Chapter 47, Section 1030, enacted as part of the Computer Fraud and Abuse Act of 1986, prohibits unauthorized or fraudulent access to government computers, and establishes penalties for such access.  This act is one of the few pieces of federal legislation solely concerned with computers.  Under the Computer Fraud and Abuse Act, the U.S. Secret Service and the FBI explicitly have been given jurisdiction to investigate the offenses defined under this act.

The six areas of criminal activity covered by Section 1030 are:

1.  Acquiring national defense, foreign relations, or restricted atomic energy information with the intent or reason to believe that the information can be used to injure the United States or to the advantage of any foreign nation.  (The offense must be committed knowingly by accessing a computer without authorization or exceeding authorized access.)

2.  Obtaining information in a financial record of a financial institution or a card issuer, or information on a consumer in a file of a consumer reporting agency.  (The offense  must be committed intentionally by accessing a computer without authorization or exceeding authorized access.)

Important note: recently on the dc-stuff hackers’ list a fellow whose name we shall not repeat claimed to have “hacked TRW” to get a report on someone which he posted to the list. We hope this fellow was lying and simply paid the fee to purchase the report.

Penalty:  Fine and/or up to 1 year in prison, up to 10 years if repeat offense.

3.  Affecting a computer exclusively for the use of a U.S. government department or agency or, if it is not exclusive, one used for the government where the offense adversely affects the use of the government’s operation of the computer.  (The offense must be committed intentionally by accessing a computer without authorization.)

This could apply to syn flood and killer ping as well as other denial of service attacks, as well as breaking into a computer and messing around. Please remember to tiptoe around computers with .mil or .gov domain names!

Penalty:  Fine and/or up to 1 year in prison, up to 10 years if repeat offense.

4.  Furthering a fraud by accessing a federal interest computer and obtaining anything of value, unless the fraud and the thing obtained consists only of the use of the computer.  (The offense must be committed knowingly, with intent to defraud, and without authorization or exceeding authorization.)[The government’s view of  “federal interest computer” is defined below]

Watch out! Even if you download copies of programs just to study them, this law means if the owner of the program says, “Yeah, I’d say it’s worth a million dollars,” you’re in deep trouble.

Penalty:  Fine and/or up to 5 years in prison, up to 10 years if repeat offense.

5.  Through use of a  computer used in interstate commerce, knowingly causing the transmission of a program, information, code, or command to a computer system. There are two separate scenarios:

     a.  In this scenario, (I) the person causing the transmission intends it to damage the computer or deny use to it; and (ii) the transmission occurs without the authorization of the computer owners or operators, and causes $1000 or more in loss or damage, or modifies or impairs, or potentially modifies or impairs, a medical treatment or examination.

The most common way someone gets into trouble with this part of the law is when trying to cover tracks after breaking into a computer. While editing or, worse yet, erasing various files, the intruder may accidentally erase something important. Or some command he or she gives may accidentally mess things up. Yeah, just try to prove it was an accident. Just ask any systems administrator about giving commands as root. Even when you know a computer like the back of your hand it is too easy to mess up.

A simple email bomb attack, “killer ping,” flood ping, syn flood, and those huge numbers of Windows NT exploits where sending simple commands to many of its ports causes a crash could also break this law. So even if you are a newbie hacker, some of the simplest exploits can land you in deep crap!

Penalty with intent to harm:  Fine and/or up to 5 years in prison, up to 10 years if repeat offense.

More on computer crime law--->>

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group