Computer Hacking
Activity 2.1 Researching Hacking Cases
Research one of the following hacking cases by either by typing one of the keywords into a search engine, or consulting of the recommended textbooks:
Kevin Mitnick
Raphael Gray
Master of Deception
Mafiaboy
Legion of Doom
Robert Mooris' Internet Worm
From your research, answer the following questions:
What was this case about?
The case is all about the Computer hacking, a computer system was hacked by an 18 years old Raphael Gray, he hacked an e-commerce sites and expose 26,000 credit card numbers.
Raphael Gray - (internet "hacker" exposes Microsoft security weaknesses) Raphael was arrested at his home on the 23 March 2000, he was 18 years old hacker from rural Wales. The case was alleged that he had intruded into nine e-commerce websites in Britain, America, Canada, Thailand and Japan and taken details of some 26,000 credit card numbers and disclosed some of the credit card information on the Internet. When he was interviewed that he had been concerned for some time at the inherent security weakness in one particular make of software called Microsoft Internet Information Server.
What were the protagonist and parties involved?
No protagonists were mentioned. Parties involved were the law enforcement officers, e-commerce sites, and other organizations concerned as well as the owners of credit card information.
Did any prosecution results? If so, what were their outcomes?
It was said that the result of the prosecution was accepting that Raphael’s motivation was he wants to expose and to publish the fact that the e-commerce retailers has a low security measures and it is vulnerable to hacking, and to inform the individuals and users of the e-commerce sites that they should not trust their credit card information to any of the e-commerce retailers sites.
In this case Raphael initially faced a ten count indictment; each count is under section 2 of the Computer Misuse Act 1990 which has intent to use the computer to perform a function to secure unauthorized access.
The case of Raphael Gray result in six initial counts alleging an offence under the Computer Misuse Act 1990 section 2(1), alleging the defendant had committed an offence under section 3(1) of the Computer Misuse Act by doing an act which caused an unauthorized modification of the contents of a computer. The remaining four counts alleged obtaining services by deception on two separate occasions, by using a credit card number he had downloaded to set up two separate websites upon which to display the credit card information. And the related offences under the Computer Misuse Act section 2(1). This result in the third section of Misuse act of 1990 which is unauthorized access.
But on March 28, 2001 the prosecution reduces the first six counts to section 1 charges of simple unauthorized access if the defendant pleaded guilty to the remaining four counts. And after that Raphael was given a two year community rehabilitation order for his case.
What ethical issues are raised by this case?
The ethical issue of this case was Raphael intention was to make the users of the e-commerce site to be aware that there credit card or personal information that they entered in those sites is vulnerable of hacking, and can be used with anyone who has a bad intention. But through this, Raphael Gray also violated the UK Computer Misuse acts, when he exposed this credit card numbers and information in the public. At first place Raphael's intention was good but to the owner of the e-commerce sites and the owner of those credit card basically would say that his act is unethical because he make an unauthorized access to this information.
Activity 2.3 The Computer Fraud And Abuse Act
Find out about the US Computer Fraud and Abuse Act(CFAA).
How does this Act compare with the UK Computer Misuse Act?
The following URL is recommended as a starting point for your research, though you may also want to consult some of the recommended texts and other articles:
www.eff.org/Legislation/CFAA
Activity 2.5 Arguments against Hacking
Write a summary of the main arguments against hacking - from a legal, professional and ethical perspective.
Hacking is argued to be an illegal act since an unauthorized access of a computer material can be considered as an criminal offense (also mentioned in the computer misuse act of 1990). In spite of the fact that it was considered illegal, hackers at some point do this offense in order to disclose information considered by others as "confidential", but the public deserves to know.
On an ethical perspective, hacking is also argued to be an unethical act of trespassing, since it involves an electronic entry to a computer system which is also viewed as a physical entry to an office or home. In this case, if computers are viewed as material possessions.
Hacking is considered as an unprofessional act, since the act of hacking into other's computer systems sometimes leads disruption of businesses and organizations. Though hacking can also be an issue on the professional perspective, since it was allowed on any code of conduct or any professional body, hackers often offered to work as security consultants in information security firms.
References:
http://www.mjreedsolicitors.co.uk/uncategorized/raphael-gray-curador/
http://jadefactura.wordpress.com/2010/12/09/research-hacking-cases-raphael-gray/
