Re: Crackers & the law

jayjwa <jayjwa@nowhere.org> writes:


]I was just wondering, what are the chances of someone getting
]caught/prosecuted for cracking a system? It seems like it's a very low
]percentage of all the systems cracked. I've sent a couple of abuse
]reports before, and even on smaller networks, the compromised systems
]where still up, still there, attacking like usual. It doesn't seem like
]much is ever done about it. Is there anyone that's either had someone
]prosecuted for being caught cracking their system or even know of a
]case in which the crackers where caught?
]I'm not so much refering to large world-incidents like with the Sasser
]or Agobot authors, but rather someone exploiting any old system. What
]are the laws in various different countries?

Sure, but the goal must be worth it. If someone breaks into your house and
steals you TV, the police will record the fact but will not spend any time
trying track down the thief. They have too much else to do. similarly in
online crime, the damage must be severe enough for them to bother. Now when
a big company claims that a breaking cost them $950000 the police will tend
to spend more time on it (even if they know that the actual damages were
maybe $10, and the company has listed all of their expenses for the past 5
years to come up with the bigger figure). If you suffer three days of work
reinstalling your system, it is simply not worth their while to spend 5
man-months of work trying to track down the perpetrator, especially since
he is probably not in their jurisdiction and they could not do anything
about it anyway.

The laws in various contries differ. In Canada, any use of a computer is
illegal, so the prosecution has wide latitude in what they can
prosecute.Other countries have different laws.

Bill Unruh spilled the following:

> jayjwa <jayjwa@nowhere.org> writes:
>
>
> ]I was just wondering, what are the chances of someone getting
> ]caught/prosecuted for cracking a system?
>
> Sure, but the goal must be worth it. If someone breaks into your house and
> steals you TV, the police will record the fact but will not spend any time
> trying track down the thief. They have too much else to do.

Event the big crimes (IME) do not get investigated, the main reason is that
there are a lot of difficulties to overcome just in reporting a crime:

1) for an organisation to announce publicly that its computer systems are
insecure is widely perceived as an admission of liability, and undermining
trust.

2) few organisations are adequately prepared for the isolation / seizure
which is a consequence of persuing a prosecution against people breaking
the law

3) such crimes often span countries / continents and are therefore difficult
to bring to court

4) speaking personally, I do not have a lot of confidence in my local
law-enforcement's ability to investigate such crimes effectively.

> In Canada, any use of a computer is illegal,

Erk!

C.