One day politicians will learn what cyber means
The Obama administration is looking to make hacking attacks against critical infrastructure systems punishable by a mandatory three years imprisonment. It also wants an Act normally applied to mobsters to be applied to online criminals too. The proposal (8-page PDF/154KB) was among a long list for improvements to cybersecurity …
This is something I would usually ascribe to a REPUBLICAN party agenda, not Democratic. Between COICA and it's beefed up son PROTECT IP, the other Obama proposal declaring freeloaders 'terrorists' and now this one, it really makes me glad I don't live in the US.
RICO should be used against true crime organizations ... you know, like the RIAA. Oh wait, someone actually did this...
take a page from the book catch me if you can - give these people jobs to help identify the wholes that vendors either ignore or failed to catch during QA -
There are few absolutes -
1.) if it has wheels - you will have problems with it
2.) if it has tits - you will have problems with it
3.) if it can be used for Porn - it will be
4.) if it can be access by any type of device (keyboard, network, wireless etc) - it can be hacked.
Icon for *my* interrogations, not for the politicos (although it probably apply to them, too).
On one hand you have laws such as what was recently passed in France, making home network owner responsible for what is accessed through their network if it is not "sufficiently" secured*.
On the other hand you have this proposition, meaning in that no gov body (or big corpo -the ones "too big to let fail"-) has to take any step to secure their shit ever again.
I am quite puzzled. Anyone with half a brain and very basic knowledge of "them computah thinggies" knows that "permission", as far as networks go, means "my computer sent a request to yours, you computer answered 'please come on in', so in I go". That's just how networks work.
Now I understand that going out of your way to fake credentials may be considered a proof of bad faith, and possibly of nefarious intents. Whether that must be considered a criminal offense is debatable, I say no, it's civil matter, but I'm open to discussion.
However, the proposed US law looks like pointing your browser to "some.site.gov:8080" instead of the implicitly approved "some.site.gov:80" will send you behind the bars for at least 3 years. In the meantime, the tendency to make home user legally liable for intrusions in their network -illustrated by, but not limited to, the French law referred to above- means that home users are legally required to enforce "military-grade" security while government bodies and big corporations are (or would be) legally allowed to get away with consumer-grade security (or even no security at all).
Am I the only one to be a bit puzzled? Frightened, even?
DISCLAIMER: I don't vote in the US. As far as technical discussions go, I don't care about which clan is in charge down there, or pretty much anywhere else. They all look equally tech illitterate.
*sufficiently here meaning in essence "not crackable", which is a perfect example of circular thinking: user: "I didnt post this terrorist plot" ; LEA: "well, it was posted from your IP"; user: "My network must have been cracked"; LEA: "You are required by law to secure your network"; User: "I secured it"; LEA: "Well, obviously not well enough"; user: "But I used the best standard provided by my router"; LEA: ""Too bad, shoulda gotten a better router"; user: "Ho hi Bubba, how are things? Hey what are you doing? Ouch! That hurts you brute!" -at least in theory, details depend on how tech-litterate the judge is. And we all know about judges' tech-savvy.
Downvoters are hereby notified that they are legally required to post a comprehensive, valid rebuttal of any point they disagree with. By pressing the "downvote" button, you confirm that you understand and accept that clause, and that failure to comply gives the comment's author full right to obtain your name, IP, and street adress, for the purpose of legal action or regular off-the-mill online and offline harrassment. Our blackhawks are currently busy crashing somewhere in the middle-east so consider yourself lucky.
Thank you for using LINK. Be vigilant.
Yes, I agree. But this statement:
"Now I understand that going out of your way to fake credentials may be considered a proof of bad faith, and possibly of nefarious intents. Whether that must be considered a criminal offense is debatable, I say no, it's civil matter, but I'm open to discussion."
Not so much. If someone was to try to gain access to a military base using fake credentials, and was caught, it would certainly be seen as criminal. Trying to use fake credentials, by any means, to gain access to a network, especially one that controls vital equipment, should be seen as criminal also. We put up fences around military bases to keep people out, and we put up perimeter defenses on our networks to keep hackers out. If either are compromised by "nefarious intent" they should be dealt with accordingly.
My statement was strictly about the access. I understand your point, but I don't think that mere intrusion should be considered a crime. It is still illegal though, I never said otherwise. Probably not worth 3 years behind the bars, that's all.
What you do when you're in -if you do anything- can be considered criminal, and punished as such, I have no problem with that.
Uncle Sam has a really weird business model, which does not compute/is not sustainable and is criminally fraudulent when trading insolvent? ........ http://cryptogon.com/?p=22368
And if you want to blow your mind and see what $14.3 trillion looks like, imagine the last image here times 14.3 ...... http://www.zerohedge.com/article/what-does-trillion-dollars-look-0
Seems like default and start again with a Great New Virtual Beta World Order Game is most likely and therefore the only Great Game in town worth playing, for a Novel Derivative Future free of Calamitous Past Paper Trades?
Some people seem to think that if a network is hackable it's somehow the fault of the people running the network. I take reasonable steps to secure my property, but if a thieving scumbag breaks into my house, they are at fault. If caught, they will be dealt with by the judicial system. If you hack into someones systems you deserve to be treated in the same way.
"However, if someone stood at the bottom of your drive with a big box, then called you up asking you to put all you belongings in said box, and you did, whose fault was that?"
That is what hacking is?? Standing at the edge of someone's property and asking for a donation?