Do the Crime Do the Time. Dont be a cracker.
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Do the Crime Do the Time. Dont be a cracker.

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    149

    Do the Crime Do the Time. Dont be a cracker.

    Read this before you ask "how to hack"


    Section 1029 prohibits fraud and related activity that is made possible by counterfeit access devices such as PINs, credit cards, account numbers, and various types of electronic identifiers. The nine areas of criminal activity covered by Section 1029 are listed below. All *require* that the offense involved interstate or foreign commerce.

    1. Producing, using, or trafficking in counterfeit access devices. (The offense must be committed knowingly and with intent to defraud.)

    Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to 20 years if repeat offense.

    2. Using or obtaining unauthorized access devices to obtain anything of value totaling $1000 or more during a one-year period. (The offense must be committed knowingly and with intent to defraud.)

    Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10 years in prison, $100,000 and/or up to 20 years if repeat offense.

    3. Possessing 15 or more counterfeit or unauthorized access devices. (The offense must be committed knowingly and with intent to defraud.)

    Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10 years in prison, $100,000 and/or up to 20 years if repeat offense.

    4. Producing, trafficking in, or having device-making equipment. (The offense must be committed knowingly and with intent to defraud.)

    Penalty: Fine of $50,000 or twice the value of the of the crime and/or up to 15 years in prison, $1,000,000 and/or up to 20 years if repeat offense.

    5. Effecting transactions with access devices issued to another person in order to receive payment or anything of value totaling $1000 or more during a one-year period. (The offense must be committed knowingly and with intent to defraud.)

    Penalty: Fine of 10, or twice the value of the crime and/or up to 10 years in prison, 100,000 and/or up to 20 years if repeat offense.

    6. Soliciting a person for the purpose of offering an access device or selling information that can be used to obtain an access device. (The offense must be committed knowingly and with intent to defraud, and without the authorization of the issuer of the access device.)

    Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to 20 years if repeat offense.

    7. Using, producing, trafficking in, or having a telecommunications instruments that has been modified or altered to obtain unauthorized use of telecommunications services. (The offense must be committed knowingly and with intent to defraud.)

    This would cover use of “Red Boxes,” “Blue Boxes” (yes, they still work on some telephone networks) and cloned cell phones when the legitimate owner of the phone you have cloned has not agreed to it being cloned.

    Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to 20 years if repeat offense.


    8. Using, producing, trafficking in, or having a scanning receiver or hardware or software used to alter or modify telecommunications instruments to obtain unauthorized access to telecommunications services.

    This outlaws the scanners that people so commonly use to snoop on cell phone calls. We just had a big scandal when the news media got a hold of an intercepted cell phone call from Speaker of the US House of Representatives Newt Gingrich.

    Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to 20 years if repeat offense.

    9. Causing or arranging for a person to present, to a credit card system member or its agent for payment, records of transactions made by an access device.(The offense must be committed knowingly and with intent to defraud, and without the authorization of the credit card system member or its agent.

    Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10 years in prison, $100,000 and/or up to 20 years if repeat offense.

    SECTION 1030

    18 USC, Chapter 47, Section 1030, enacted as part of the Computer Fraud and Abuse Act of 1986, prohibits unauthorized or fraudulent access to government computers, and establishes penalties for such access. This act is one of the few pieces of federal legislation solely concerned with computers. Under the Computer Fraud and Abuse Act, the U.S. Secret Service and the FBI explicitly have been given jurisdiction to investigate the offenses defined under this act.

    The six areas of criminal activity covered by Section 1030 are:

    1. Acquiring national defense, foreign relations, or restricted atomic energy information with the intent or reason to believe that the information can be used to injure the United States or to the advantage of any foreign nation. (The offense must be committed knowingly by accessing a computer without authorization or exceeding authorized access.)

    2. Obtaining information in a financial record of a financial institution or a card issuer, or information on a consumer in a file of a consumer reporting agency. (The offense must be committed intentionally by accessing a computer without authorization or exceeding authorized access.)

    Important note: recently on the dc-stuff hackers’ list a fellow whose name we shall not repeat claimed to have “hacked TRW” to get a report on someone which he posted to the list. We hope this fellow was lying and simply paid the fee to purchase the report.

    Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.

    3. Affecting a computer exclusively for the use of a U.S. government department or agency or, if it is not exclusive, one used for the government where the offense adversely affects the use of the government’s operation of the computer. (The offense must be committed intentionally by accessing a computer without authorization.)

    This could apply to syn flood and killer ping as well as other denial of service attacks, as well as breaking into a computer and messing around. Please remember to tiptoe around computers with .mil or .gov domain names!

    Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.

    4. Furthering a fraud by accessing a federal interest computer and obtaining anything of value, unless the fraud and the thing obtained consists only of the use of the computer. (The offense must be committed knowingly, with intent to defraud, and without authorization or exceeding authorization.)[The government’s view of “federal interest computer” is defined below]

    Watch out! Even if you download copies of programs just to study them, this law means if the owner of the program says, “Yeah, I’d say it’s worth a million dollars,” you’re in deep trouble.

    Penalty: Fine and/or up to 5 years in prison, up to 10 years if repeat offense.

    5. Through use of a computer used in interstate commerce, knowingly causing the transmission of a program, information, code, or command to a computer system. There are two separate scenarios:

    a. In this scenario, (I) the person causing the transmission intends it to damage the computer or deny use to it; and (ii) the transmission occurs without the authorization of the computer owners or operators, and causes $1000 or more in loss or damage, or modifies or impairs, or potentially modifies or impairs, a medical treatment or examination.

    The most common way someone gets into trouble with this part of the law is when trying to cover tracks after breaking into a computer. While editing or, worse yet, erasing various files, the intruder may accidentally erase something important. Or some command he or she gives may accidentally mess things up. Yeah, just try to prove it was an accident. Just ask any systems administrator about giving commands as root. Even when you know a computer like the back of your hand it is too easy to mess up.

    A simple email bomb attack, “killer ping,” flood ping, syn flood, and those huge numbers of Windows NT exploits where sending simple commands to many of its ports causes a crash could also break this law. So even if you are a newbie hacker, some of the simplest exploits can land you in deep crap!

    Penalty with intent to harm: Fine and/or up to 5 years in prison, up to 10 years if repeat offense.

    b. In this scenario, (I) the person causing the transmission does not intend the damage but operates with reckless disregard of the risk that the transmission will cause damage to the computer owners or operators, and causes $1000 or more in loss or damage, or modifies or impairs, or potentially modifies or impairs, a medical treatment or examination.

    This means that even if you can prove you harmed the computer by accident, you still may go to prison.

    Penalty for acting with reckless disregard: Fine and/or up to 1 year in prison.

    6. Furthering a fraud by trafficking in passwords or similar information which will allow a computer to be accessed without authorization, if the trafficking affects interstate or foreign commerce or if the computer affected is used by or for the government. (The offense must be committed knowingly and with intent to defraud.)

    A common way to break this part of the law comes from the desire to boast. When one hacker finds a way to slip into another person’s computer, it can be really tempting to give out a password to someone else. Pretty soon dozens of clueless newbies are carelessly messing around the victim computer. They also boast. Before you know it you are in deep crud.

    Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.

    Re: #4 Section 1030 defines a federal interest computer as follows:

    1. A computer that is exclusively for use of a financial institution[defined below] or the U.S. government or, if it is not exclusive, one used for a financial institution or the U.S. government where the offense adversely affects the use of the financial institution’s or government’s operation of the computer; or

    2. A computer that is one of two or more computers used to commit the offense, not all of which are located in the same state.

    This section defines a financial institution as follows:

    1. An institution with deposits insured by the Federal Deposit Insurance Corporation(FDIC).

    2. The Federal Reserve or a member of the Federal Reserve, including any Federal Reserve Bank.

    3. A credit union with accounts insured by the National Credit Union Administration.

    4. A member of the federal home loan bank system and any home loan bank.

    5. Any institution of the Farm Credit system under the Farm Credit Act of 1971.

    6. A broker-dealer registered with the Securities and Exchange Commission(SEC) within the rules of section 15 of the SEC Act of 1934.

    7. The Securities Investors Protection Corporation.

    8. A branch or agency of a foreign bank (as defined in the International Banking Act of 1978).

    9. An organization operating under section 25 or 25(a) of the Federal Reserve Act.



    source

  2. #2
    Is it a bad thing that despite all the fines, I still want to remain a grey hat for the sake of learning and curiosity? I'm being honest in my question here, not sarcastic.

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    149
    Is it a bad thing that despite all the fines, I still want to remain a grey hat for the sake of learning and curiosity? I'm being honest in my question here, not sarcastic.
    If thats what it takes to learn, then that's each persons choice to make.

    I am not educated enough to comment on how someone should go about computer
    research/curiosity. This thread was more aimed at newbs who might not know what
    the penalties are.

  4. #4
    i think that depends on your intentions.... i think as long as you don't destroy things or steal data, many people won't really mind...

  5. #5
    Junior Member
    Join Date
    Jan 2003
    Posts
    28
    I guess it depends on how people could view it. Some people may not mind, but others may say don't do that on my equipment. If you own property, would you want someone sneaking around on it to find any way to reach your house without being caught, or would it not matter because no one actually sae you because they actually (physically) covered their tracks? Personally, I wouldn't want anyone invading my land, but I'm not too concerned with people trespassing on my computer, unless they have an intent to harm my computer. I think we could all learn more on how to secure systems, if peopel knew the difference between good and bad hackers. Now, even knowing all what I said, I still believe many people do not want any "trespassers" on their computers for just the fear of the word hacker and not because of what someone good could tell them about their security flaw. I guess in this sense you can see the positive vs the negative. It all is determined by the eye of the beholder. Just my couple cents worth, not like it's that much, and hopefully it made some sense too. :P

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    If you don't break into other's computers because of current law that's bullshit, the chance that you get sued is very small if not pretty much inexistent unless you steal private data from some company or something. It's all a matter of ethics, you wouldn't like someone to hack your computer would you? So don't hack someone else.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  7. #7
    It's all a matter of ethics, you wouldn't like someone to hack your computer would you? So don't hack someone else.
    I would find it very very humorous if someone broke my system security and let me know about it. The difference is if they broke in and stole/destroyed data versus just entered in for curiosity sake. That's when I have a problem with it.

    Grey versus black hat.

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Is it a bad thing that despite all the fines, I still want to remain a grey hat for the sake of learning and curiosity? I'm being honest in my question here, not sarcastic.
    If Pooh goes "grey hat" I reckon that grey is as white as the driven snow?



    leave it out Pooh..............the only reason you might know how to do it, was to stop it?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    I would find it very very humorous if someone broke my system security and let me know about it. The difference is if they broke in and stole/destroyed data versus just entered in for curiosity sake. That's when I have a problem with it.
    That's something different, if they let you know about it. I do that too. But if you just noticed someone had broken in your computer you'd be not certain whether (s)he still owns your computer or not despite possible countermesures.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  10. #10
    Senior Member
    Join Date
    Jul 2004
    Posts
    149
    I'm sure (not 100% though) that many security admins and tech staff in current
    professional employment, would in their journey have crossed the so called black/white
    line, in order to better understand exploits, vulnerabilities.

    As mentioned here, as long as no damage is done to peoples computers or data, it really
    isn't a crime, even though it is. Thin line..........Different ethical standards, etc,etc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides