Ethical Hacking Course (step by step) Part 3

BenDjeribie

25 Feb, 2024

Ethical Hacking (Part 3)

Computer Crimes and Implications

~ Cyber Security Enhancement Act 2002 – implicates life sentences for hackers who ‘recklessly’ endanger the lives of others.

~ The CSI/FBI 2002 Computer Crime and Security Survey noted that 90% of the respondents acknowledged security breaches, but only 34% reported the crime to law enforcement agencies.

~ The FBI computer crimes squad estimates that between 85 to 97 percent of computer intrusions are not even detected.

~ Stigma associated with reporting security lapses

Legal Perspective (US Federal Law)

Federal Criminal Code Related to Computer Crime:

~ 18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices

~ 18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers

~ 18 U.S.C. § 1362. Communication Lines, Stations, or Systems

~ 18 U.S.C. § 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications

~ 18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access

Section 1029

Subsection (a) Whoever -

(1) knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices;

(2) knowingly and with intent to defraud traffics in or uses one or more unauthorized access devices during any one-year period, and by such conduct obtains anything of value aggregating $1,000 or more during that period;

(3) knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices;

(4) knowingly, and with intent to defraud, produces, traffics in, has control or custody of, or possesses device-making equipment;

(5) knowingly and with intent to defraud effects transactions, with 1 or more access devices issued to another person or persons, to receive payment or any other thing of value during any 1-year period the aggregate value of which is equal to or greater than $1,000;

(6) without the authorization of the issuer of the access device, knowingly and with intent to defraud solicits a person for the purpose of— (A) offering an access device; or (B) selling information regarding or an application to obtain an access device;

(7) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services;

(8) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a scanning receiver;

(9) knowingly uses, produces, traffics in, has control or custody of, or possesses hardware or software, knowing it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization; or

(10) without the authorization of the credit card system member or its agent, knowingly and with intent to defraud causes or arranges for another person to present to the member or its agent, for payment, 1 or more evidences or records of transactions made by an access device.