As a hacker you should know the
penalties of unauthorized hacking into a system. You should be
judi-cious with your hacking skills and recognize the consequences of
misusing those skills. The most important U.S. laws regarding computer
crimes are described in this thread. Make sure you familiarize your-self
with these U.S. statutes and the punishment for hacking. Remember,
intent doesn’t make a hacker above the law; even an ethical hacker can
be prosecuted for breaking these laws.
Cyber Security Enhancement Act and SPY ACT
The Cyber Security Enhancement Act of 2002 mandates life sentences for hackers who “recklessly” endanger the lives of others. Malicious hackers who create a life-threatening situation by attacking computer networks for transportation systems, power companies, or other public services or utilities can be prosecuted under this law.
The Securely Protect Yourself Against Cyber Trespass Act of 2007 (SPY ACT) deals with the use of spyware on computer systems and essentially prohibits the following:
Taking remote control of a computer when you have not been authorized to do so
Using a computer to send unsolicited information to people (commonly known as spamming)
Redirecting a web browser to another site that is not authorized by the user
Displaying advertisements that cause the user to have to close out of the web browser (pop-up windows)
Collecting personal information using keystroke logging
Changing the default web page of the browser
Misleading users so they click on a web page link or duplicating a similar web page to mislead a user (Pishing).
The SPY ACT is important in that it starts to recognize annoying pop-ups and spam as more than mere annoyances and as real hacking attempts. The SPY ACT lays a foundation for prosecuting hackers that use RATs, spam, pop-ups, and links in emails.
18 USC §1029 and 1030
The U.S. Code categorizes and defines the laws of the United States by titles. Title 18 details “Crimes and Criminal Procedure.” Section 1029, “Fraud and related activity in connection with access devices,” states that if you produce, sell, or use counterfeit access devices or tele-communications instruments with intent to commit fraud and obtain services or products with a value over $1,000, you have broken the law. Section 1029 criminalizes the misuse of computer passwords and other access devices such as token cards.
Section 1030, “Fraud and related activity in connection with computers,” prohibits accessing protected computers without permission and causing damage. This statute criminalizes the spreading of viruses and worms and breaking into computer systems by unauthorized individuals.
USA PATRIOT Act
This act, with the official name Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, gives the government the authority to intercept voice communications in computer hacking and other types of investigations. The Patriot Act was enacted primarily to deal with terrorist activity but can also be construed as a wiretap mechanism to discover and prevent hacking attempts.
U.S. State Laws
In addition to federal laws, many states have their own laws associated with hacking. The National Security Institute has a website listing all the state laws applicable to computer crimes. The URL is
http://www.law.cornell.edu/states/listing.html
Not a US citizen? But it still matters...
Other countries each have their own applicable laws regarding protection of information and hacking attacks. With the use of the Internet and remote attacks, regional and international borders can be crossed very quickly. When you’re performing an outside remote attack, the data may be stored on servers in another country and the laws of that country may apply. It is better to be safe than sorry, so do the research prior to engaging in a attack aainst an international entity. In some countries, laws may be more lenient than in the United States, and this fact may work to your advantage.
*** I am not a lawyer and neither am I a US citizen. I do not get the credits for the information posted here. I read a book on ethical hacking and got the idea for this thread from it. I feel that everybody involved in hacking (ethical or not) should know the legal consiquences of what they are doing. I copy-pasted information from various sources and organised it into this thread. ***
Cyber Security Enhancement Act and SPY ACT
The Cyber Security Enhancement Act of 2002 mandates life sentences for hackers who “recklessly” endanger the lives of others. Malicious hackers who create a life-threatening situation by attacking computer networks for transportation systems, power companies, or other public services or utilities can be prosecuted under this law.
The Securely Protect Yourself Against Cyber Trespass Act of 2007 (SPY ACT) deals with the use of spyware on computer systems and essentially prohibits the following:
Taking remote control of a computer when you have not been authorized to do so
Using a computer to send unsolicited information to people (commonly known as spamming)
Redirecting a web browser to another site that is not authorized by the user
Displaying advertisements that cause the user to have to close out of the web browser (pop-up windows)
Collecting personal information using keystroke logging
Changing the default web page of the browser
Misleading users so they click on a web page link or duplicating a similar web page to mislead a user (Pishing).
The SPY ACT is important in that it starts to recognize annoying pop-ups and spam as more than mere annoyances and as real hacking attempts. The SPY ACT lays a foundation for prosecuting hackers that use RATs, spam, pop-ups, and links in emails.
18 USC §1029 and 1030
The U.S. Code categorizes and defines the laws of the United States by titles. Title 18 details “Crimes and Criminal Procedure.” Section 1029, “Fraud and related activity in connection with access devices,” states that if you produce, sell, or use counterfeit access devices or tele-communications instruments with intent to commit fraud and obtain services or products with a value over $1,000, you have broken the law. Section 1029 criminalizes the misuse of computer passwords and other access devices such as token cards.
Section 1030, “Fraud and related activity in connection with computers,” prohibits accessing protected computers without permission and causing damage. This statute criminalizes the spreading of viruses and worms and breaking into computer systems by unauthorized individuals.
USA PATRIOT Act
This act, with the official name Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, gives the government the authority to intercept voice communications in computer hacking and other types of investigations. The Patriot Act was enacted primarily to deal with terrorist activity but can also be construed as a wiretap mechanism to discover and prevent hacking attempts.
U.S. State Laws
In addition to federal laws, many states have their own laws associated with hacking. The National Security Institute has a website listing all the state laws applicable to computer crimes. The URL is
http://www.law.cornell.edu/states/listing.html
Not a US citizen? But it still matters...
Other countries each have their own applicable laws regarding protection of information and hacking attacks. With the use of the Internet and remote attacks, regional and international borders can be crossed very quickly. When you’re performing an outside remote attack, the data may be stored on servers in another country and the laws of that country may apply. It is better to be safe than sorry, so do the research prior to engaging in a attack aainst an international entity. In some countries, laws may be more lenient than in the United States, and this fact may work to your advantage.
*** I am not a lawyer and neither am I a US citizen. I do not get the credits for the information posted here. I read a book on ethical hacking and got the idea for this thread from it. I feel that everybody involved in hacking (ethical or not) should know the legal consiquences of what they are doing. I copy-pasted information from various sources and organised it into this thread. ***
0 comments:
Post a Comment