The dangers of cyber warfare or cyber espionage are highlighted by the group “Crackas With Attitude“. This group recently targeted Mr. John Brennan, the Director of the U.S. Central Intelligence Agency. They cracked his AOL email account. Next, then cracked the accounts of Mr. Mark Guiliano, a Deputy Director of the U.S. Federal Bureau of Investigation. In order to provide more proof, Crackas hacked into the Chrome ComCast email account of his wife. This was reported by the group Anonymous.
Little if any information is known about the identity of the members of Crackas. But many people in law enforcement with to find out. The guidebook to prosecution of hacking is published by the U.S. Department of Justice. It is entitled “Prosecuting Computer Crimes“, and was published by the Office of Legal Education. A number of statutes are used to prosecute cyber crime including (Source: Hackerlaw.Org “Hacker Law”):
- Wiretap Act 18. U.S.C. Section 2510; which covers “wire communication” defined as “any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception”.
- Unlawful Access to Stored Communications: 18 U.S.C. § 2701; which is designed by stop anyone from intentionally accessing without authorization any electronic communication service (this would include emails, social media, and any other computer-hosted or telephone hosted service).
- Identity Theft and Aggravated Identity Theft: 18 U.S.C. § 1028A; which covers producing, transferring, or merely having in one’s possession with intent to use unlawfully any “identification document, authentication feature, or a false identification document”.
- Access Device Fraud: 18 U.S.C. § 1029; which covers use or transporting of any counterfeit access device, or any telecommunications device that has been modified to obtain unauthorized use of telecommunications services, or even having possession of a scanning receiver.
- CAN-SPAM Act: 18 U.S.C. § 1037; which is designed to stop the flood of spam in emails that some say is more than 3/4rs of the Internet’s email traffic.
- Wire Fraud: 18 U.S.C. § 1343; “Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both.” Fairly broad and comprehensive language.
- Communication Interference: 18 U.S.C. § 1362; “Whoever willfully or maliciously injures or destroys any of the works, property, or material of any radio, telegraph, telephone or cable, line, station, or system, or other means of communication,. . .”
But at the core of the problem is actually finding people. That is for law enforcement.
One of the challenges of international cyber arms control will be establishing a boundary between computer hacking laws and international laws of cyber arms. International hacking by private citizens is not cyber war, unless the hackers are hired by a nation state. Hackers who work for nation states are not guilty of breaking computer hacking laws if they are working for the government against a foreign adversary. Then, each agent of Government A who hacks into any establishment of Government B is breaking laws in nation B.
So what can we conclude? We can conclude that laws governing cyber-crime are insufficient to handle the specific challenges of country-to-country government initiated cyber hacking. That is one of many reasons why an international convention is needed.