Information Security News mailing list archives
Computer crime: Changing the public's perception
From: InfoSec News <isn () C4I ORG>
Date: Thu, 12 Oct 2000 05:50:29 -0500
Forwarded By: kelley <kwalker2 () gte net> http://www.herald.com/content/mon/business/tech/digdocs/076302.htm You remember Jonathan James? He made national news a couple of weeks ago. You know, he's that nice 16-year-old young man convicted of hacking into computers at the Pentagon, NASA, BellSouth, the Miami-Dade school system and many other places. That's pretty funny. Right? Can you imagine that some nasty judge put him in jail? Young Jonathan put it so well when he said, ``I don't think they should be putting a kid in jail because he proved they don't have very good security.'' Fortunately, poor misunderstood Jonathan didn't delete files or infect any computers with viruses while he was engaged in his youthful mischief. As his father put it, ``All he did was go look at top secret government information.'' Hey, you know what they say -- values come from the home. I can see where Jonathan learned his. His father described his son as contrite. I guess that the obscene gesture he made at the courthouse to a photographer was yet another minor aberration. Jonathan was lucky I wasn't the judge. Computer crime isn't a joke. This attitude that he did them a favor by showing them that their security was bad is warped -- absolutely and completely warped. I suppose that Daddy James would be the first one thanking the burglar for breaking into his poorly secured home if the burglar only looked at his most private and personal possessions, but didn't take anything. We're at a point where computers are an essential part of our society's infrastructure. Any crime that touches the infrastructure of our society is by definition a significant crime. The ``ILOVEYOU'' virus a few months ago is yet another example of the types of problems that can come from computer crime. ``ILOVEYOU'' disrupted businesses, governments, and people worldwide. We cannot permit these sorts of things to happen. ``ILOVEYOU'' demonstrates that every computer has the capability of being a weapon of mass disruption, even destruction. As we become even more dependent on computers, hackers will have even more opportunities to cause mass disruption or destruction. ``Wasn't it cool when I turned off the air traffic control system?'' ``Wasn't it great when I turned off all the respirators in the hospital from home?'' I assure you that it's just a matter of time before the things hackers do become even more outrageous and dangerous. Hey why not? As young Jonathan put it, ``All the girls thought it was cool.'' If you're a male over about age 14, what more reason do you need to do something really stupid. The problem with security, whether it's hi-tech computer security or physical security is that ``perfect'' is an impossible goal. The goal is reasonable security. Everybody can and should implement three basic security concepts. You should start by controlling physical and logical access to sensitive information. Your methods could include passwords and encryption. Next, you should require individual accountability for sensitive information and identify those with access. Finally, you need to have audit trails that show who accessed what information. Your audit trail should be able to answer the basic who, what, where, when, why, and how questions. All too often, we see computer crime as not that big a deal. While the Computer Abuse Act of 1984 imposes a $250,000 fine or a five-year prison sentence, or both, for each offense, it just doesn't often work that way. While I don't have any formal study to cite, experience has taught me that computer crime is generally not sternly punished. We need to have a basic change in attitude about computer crime. What we must do is use harsh punishment along with reasonable security as deterrents. We have to deliver the message that hacking and other computer crimes are so difficult to prevent and the dangers that come from them are so great that our society simply won't tolerate them. What Jonathan did wasn't a childish prank. Saying that there were no horrible consequences from what he did is like justifying drunk driving by saying, ``But I got home and I didn't have an accident.'' If I'd been the judge in a world with perfect laws, Jonathan wouldn't get out of jail until he was 21 and would never, never, never earn a living in any job involving computers or programming. That's punishment. That's a message to others. Mark Grossman is a shareholder and chairs the Computer and E-Commerce Law Group of Becker & Poliakoff, P.A. His website is http://www.EcomputerLaw.com and his e-mail address is techlaw () ecomputerlaw com. Research assistant is Andrew Chulock. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Computer crime: Changing the public's perception InfoSec News (Oct 12)