Information Technology Reference
In-Depth Information
.
Transmitting code (such as a virus or worm) that causes damage to a computer
system
.
Accessing without authorization any computer connected to the Internet,
even if no
files are examined, changed, or copied
.
Transmitting classified government information
.
Trafficking in computer passwords
.
Computer fraud
.
Computer extortion
The maximum penalty imposed for violating the Computer Fraud and Abuse Act is 20
years in prison and a $250,000 fine.
Another federal statute related to computer hacking is the Electronic Communica-
tions Privacy Act. This law makes it illegal to intercept telephone conversations, email,
or any other data transmissions. It also makes it a crime to access stored email messages
without authorization.
The use of the Internet to commit fraud or transmit funds can be prosecuted under
the Wire Fraud Act and/or the National Stolen Property Act. Adopting the identity of
another person to carry out an illegal activity is a violation of the Identity Theft and
Assumption Deterrence Act.
Despite potentially severe penalties for convicted hackers, computer systems continue
to be compromised by outsiders. Many break-ins are orchestrated by organized groups
with a high degree of expertise, but others are committed by solo hackers who exploit a
security weakness.
In 2003 a hacker broke into computers at the University of Kansas and copied the
personal files of 1,450 foreign students. The files contained names, Social Security num-
bers, passport numbers, countries of origin, and birth dates. The University of Kansas
had collected the information in one place in order to comply with a Patriot Act require-
ment that it report the information to the Immigration and Naturalization Service [7].
In a similar incident two years later, an intruder broke into a University of Nevada, Las
Vegas, computer containing personal information on 5,000 foreign students [8].
In March 2005, someone discovered a security flaw in the online-admissions soft-
ware produced by ApplyYourself and used by six business schools. The discoverer posted
instructions on a
Business Week
online forum explaining how business school applicants
could circumvent the software security system and take a look at the status of their appli-
cations. It took ApplyYourself only nine hours to fix the flaw, but in the interim period
hundreds of eager applicants had exploited the bug and peeked at their files. A week
later, Carnegie Mellon University, Harvard University, and the Massachusetts Institute
of Technology announced that they would not admit any of the applicants who had ac-
cessed their computer systems without authorization [9].
A hacker gained access to the
Sesame Street
channel on YouTube in October 2011,
changed the home page, and replaced the videos with pornographic material. The
