News (Media Awareness Project) - US: Hacking Rarely Draws Jail Time |
| Title: | US: Hacking Rarely Draws Jail Time |
| Published On: | 2000-03-12 |
| Source: | Foster's Daily Democrat (NH) |
| Fetched On: | 2008-09-05 00:55:14 |
HACKING RARELY DRAWS JAIL TIME
AG Stands Firm In Face Of Precedents
New Hampshire's attorney general is taking a tough stand and pressing
for 15-year sentences in the state's prosecution of a Wolfeboro
hacker, but if past cases are any precedent, 17-year-old Dennis
"Coolio" Moran Jr. may never see jail time.
Attorney General Philip McLaughlin said Saturday that the state would
be looking to prosecute Moran to the full extent of the law, but
insisted that its prosecution wasn't fueled by any intent to send any
kind of nationwide message against computer hacking.
"We don't look at this case as a chance to set an example," McLaughlin
said. "We are looking to deal with this youngster straight on,
according to what the law allows us to do."
At the state level, Moran faces two charges of unauthorized access to
a computer system, a Class A felony under New Hampshire law, each
count punishable by up to 15 years in prison and a $4,000 fine. He
acknowledged his role in hacking Dare.com, an anti-drug site connected
to the Los Angeles Police Department, a U.S. Commerce Department site
that outlines rules for exporting chemicals that could be used to make
weapons, and Rsa.com, operated by RSA Security Inc., one of the
nation's most prominent Internet security companies.
Under state law in New Hampshire, Moran is an adult for the purposes
of criminal prosecution. Federally, however, a 17-year-old is
considered a juvenile.
According to the U.S. Department of Justice records, only a handful of
attackers are actually caught and convicted of cyber-crimes.
But computer crimes are on a definite increase. In 1999, the Justice
Department received 8,268 reports of hacking incidents from the
private sector, more than double the 3,700 reported in 1998.
The Federal Bureau of Investigation opened and investigated less than
15 percent of the reported cases in 1998. Of the 547 cases, the DOJ
convicted 56 people for violations of the Computer Fraud and Abuse
Act, of which only 12 were sent to prison.
According to an FBI spokeswoman, in the Wolfeboro case, Moran cannot
be charged at the federal level because of his age.
"Seventeen-years-old is considered a juvenile in the federal system,"
said Kimberly McAllister, a special agent in the Boston office. "Our
involvement in the case at this point is that we are assisting, that's
all."
Commenting on the lack of cyber-crime convictions over the last few
years, McAllister said without having the actual case files to look
at, there could be any number of reasons the numbers appear as low as
they are.
"A good number of the reported cases could involve juveniles," she
said. "We can investigate those cases, but we can't prosecute them."
Analysts are quick to point out that a large number of hackers are
teen-age boys, not considered to be the most socially responsible
demographic group. And another group of potential hackers, hackers
operating from foreign countries, lies outside the reach of U.S. law
enforcement.
At the national level, Congress has looked at the possibility of
prosecuting cyberspace delinquents as adults. In 1998 a legislator in
Pennsylvania proposed a bill concerning the increased threats to
national security and the amount of time and money teen-age computer
hackers cost the government.
Local prosecutors worried that if Congress passed the law elevating
computer hacking to an adult crime, it would drive their budgets up,
as the bulk of the cases would fall on their laps.
According to Justice Department statistics, charges for cyber-crimes
have ranged from community service and small fines to jail terms and
substantial restitution, but most of Moran's ilk fail to draw any
prison time.
In early 1997 a computer hacker known as "Happy Hardcore" was
sentenced in federal district court in Virginia for breaking into
America Online Inc.'s computer system. For the felony charge, Nicholas
Ryan, 21, received two years probation, six months of home
confinement, a fine, and ordered to pay $62,000 in restitution. Ryan
faced 30 years in jail for the crimes.
In November 1998, two California teen-agers were found guilty of hack
attacks on U.S. military computers and sentenced to three years
probation, during which they were ordered to refrain from possessing
or using a computer modem, from acting as computer consultants, or
having any contact with computers out of sight of a schoolteacher, a
librarian, an employer, or other person approved by the probation
officer. If they had been sentenced to the maximum allowed by law,
they both could have seen 15 years in jail.
In Tennessee federal court, Wendall Dingus was sentenced to six months
of home monitoring after he admitted to a series of attacks using
computers at Vanderbilt University. An interesting aspect of the case
was that the $40,000 restitution he was ordered to pay was not only
based on damages he caused, but the cost of tracking and catching him.
Later that year, and for the first time in its history, the Justice
Department charged a Bay State juvenile with computer crimes for three
separate cracking, or criminal hacking, charges.
In a negotiated plea with the U.S. Attorney and the District of
Massachusetts, the unidentified Worcester youth received no jail time
for crippling an airport tower for six hours, damaging a town's phone
system and breaking into pharmacy records. He was sentenced to
two-years probation; barred from computer access and employment; given
250 hours community service; and ordered to pay $5,000
restitution.
In December 1999, a young man who hacked into AOL's computer and
replaced their programs with his own was sentenced to a year in jail
and five years without a home computer. Records indicate that
19-year-old Jay Satiro's sentence was stiffer than normal because the
AOL computer tampering was a violation of his probation from an
earlier offense of using bogus money orders to purchase computers on
the Internet. AOL would not comment on how access was gained, but said
the damage was in excess of $50,000.
Moran's style of hacking, sometimes referred to as "gray hat," occurs
when insecure sites are entered and notes are left pointing out the
security flaws. Compared to others on record, this style could be
considered mild.
On the RSA Security site, where Moran admitted hacking last November,
he basically "hijacked" the site and signed it, "Owned by Coolio."
Moran hacked the DARE site twice, both times leaving either disturbing
messages or graphics. On one occasion he left a cartoon image of
Donald Duck with a syringe in his arm. On the other occasion, Moran
wrote "Drugs are really excellent," he signed it, "Coolio is k-r4d and
so are drugs."
When he entered the Department of Commerce site however, pornography
was left with the message, "If prayers do not become mandatory
throughout the United States, we will detonate our nuclear bombs and
your President Clinton and his interns will die."
While the exact total amount of damage has not been determined, a RSA
spokesman said it cost between $5,000 and $10,000 in labor to
investigate and tighten security at their company. Dare.com and the
Department of Commerce have not indicated how much monetary damage was
done to their sites.
In New Hampshire, a person can be convicted of the computer crime of
unauthorized access to a computer system, if the damage to or the
value of the property or computer services exceeds $1,000.
AG Stands Firm In Face Of Precedents
New Hampshire's attorney general is taking a tough stand and pressing
for 15-year sentences in the state's prosecution of a Wolfeboro
hacker, but if past cases are any precedent, 17-year-old Dennis
"Coolio" Moran Jr. may never see jail time.
Attorney General Philip McLaughlin said Saturday that the state would
be looking to prosecute Moran to the full extent of the law, but
insisted that its prosecution wasn't fueled by any intent to send any
kind of nationwide message against computer hacking.
"We don't look at this case as a chance to set an example," McLaughlin
said. "We are looking to deal with this youngster straight on,
according to what the law allows us to do."
At the state level, Moran faces two charges of unauthorized access to
a computer system, a Class A felony under New Hampshire law, each
count punishable by up to 15 years in prison and a $4,000 fine. He
acknowledged his role in hacking Dare.com, an anti-drug site connected
to the Los Angeles Police Department, a U.S. Commerce Department site
that outlines rules for exporting chemicals that could be used to make
weapons, and Rsa.com, operated by RSA Security Inc., one of the
nation's most prominent Internet security companies.
Under state law in New Hampshire, Moran is an adult for the purposes
of criminal prosecution. Federally, however, a 17-year-old is
considered a juvenile.
According to the U.S. Department of Justice records, only a handful of
attackers are actually caught and convicted of cyber-crimes.
But computer crimes are on a definite increase. In 1999, the Justice
Department received 8,268 reports of hacking incidents from the
private sector, more than double the 3,700 reported in 1998.
The Federal Bureau of Investigation opened and investigated less than
15 percent of the reported cases in 1998. Of the 547 cases, the DOJ
convicted 56 people for violations of the Computer Fraud and Abuse
Act, of which only 12 were sent to prison.
According to an FBI spokeswoman, in the Wolfeboro case, Moran cannot
be charged at the federal level because of his age.
"Seventeen-years-old is considered a juvenile in the federal system,"
said Kimberly McAllister, a special agent in the Boston office. "Our
involvement in the case at this point is that we are assisting, that's
all."
Commenting on the lack of cyber-crime convictions over the last few
years, McAllister said without having the actual case files to look
at, there could be any number of reasons the numbers appear as low as
they are.
"A good number of the reported cases could involve juveniles," she
said. "We can investigate those cases, but we can't prosecute them."
Analysts are quick to point out that a large number of hackers are
teen-age boys, not considered to be the most socially responsible
demographic group. And another group of potential hackers, hackers
operating from foreign countries, lies outside the reach of U.S. law
enforcement.
At the national level, Congress has looked at the possibility of
prosecuting cyberspace delinquents as adults. In 1998 a legislator in
Pennsylvania proposed a bill concerning the increased threats to
national security and the amount of time and money teen-age computer
hackers cost the government.
Local prosecutors worried that if Congress passed the law elevating
computer hacking to an adult crime, it would drive their budgets up,
as the bulk of the cases would fall on their laps.
According to Justice Department statistics, charges for cyber-crimes
have ranged from community service and small fines to jail terms and
substantial restitution, but most of Moran's ilk fail to draw any
prison time.
In early 1997 a computer hacker known as "Happy Hardcore" was
sentenced in federal district court in Virginia for breaking into
America Online Inc.'s computer system. For the felony charge, Nicholas
Ryan, 21, received two years probation, six months of home
confinement, a fine, and ordered to pay $62,000 in restitution. Ryan
faced 30 years in jail for the crimes.
In November 1998, two California teen-agers were found guilty of hack
attacks on U.S. military computers and sentenced to three years
probation, during which they were ordered to refrain from possessing
or using a computer modem, from acting as computer consultants, or
having any contact with computers out of sight of a schoolteacher, a
librarian, an employer, or other person approved by the probation
officer. If they had been sentenced to the maximum allowed by law,
they both could have seen 15 years in jail.
In Tennessee federal court, Wendall Dingus was sentenced to six months
of home monitoring after he admitted to a series of attacks using
computers at Vanderbilt University. An interesting aspect of the case
was that the $40,000 restitution he was ordered to pay was not only
based on damages he caused, but the cost of tracking and catching him.
Later that year, and for the first time in its history, the Justice
Department charged a Bay State juvenile with computer crimes for three
separate cracking, or criminal hacking, charges.
In a negotiated plea with the U.S. Attorney and the District of
Massachusetts, the unidentified Worcester youth received no jail time
for crippling an airport tower for six hours, damaging a town's phone
system and breaking into pharmacy records. He was sentenced to
two-years probation; barred from computer access and employment; given
250 hours community service; and ordered to pay $5,000
restitution.
In December 1999, a young man who hacked into AOL's computer and
replaced their programs with his own was sentenced to a year in jail
and five years without a home computer. Records indicate that
19-year-old Jay Satiro's sentence was stiffer than normal because the
AOL computer tampering was a violation of his probation from an
earlier offense of using bogus money orders to purchase computers on
the Internet. AOL would not comment on how access was gained, but said
the damage was in excess of $50,000.
Moran's style of hacking, sometimes referred to as "gray hat," occurs
when insecure sites are entered and notes are left pointing out the
security flaws. Compared to others on record, this style could be
considered mild.
On the RSA Security site, where Moran admitted hacking last November,
he basically "hijacked" the site and signed it, "Owned by Coolio."
Moran hacked the DARE site twice, both times leaving either disturbing
messages or graphics. On one occasion he left a cartoon image of
Donald Duck with a syringe in his arm. On the other occasion, Moran
wrote "Drugs are really excellent," he signed it, "Coolio is k-r4d and
so are drugs."
When he entered the Department of Commerce site however, pornography
was left with the message, "If prayers do not become mandatory
throughout the United States, we will detonate our nuclear bombs and
your President Clinton and his interns will die."
While the exact total amount of damage has not been determined, a RSA
spokesman said it cost between $5,000 and $10,000 in labor to
investigate and tighten security at their company. Dare.com and the
Department of Commerce have not indicated how much monetary damage was
done to their sites.
In New Hampshire, a person can be convicted of the computer crime of
unauthorized access to a computer system, if the damage to or the
value of the property or computer services exceeds $1,000.
Commentaires des membres |
Aucun commentaire du membre disponible...
