Index Hacking, crime and punishmentAbstractIntroduction The predator and the preyIssues Do our laws deal with hacking adequately and responsiblyDoes the punishment fit the crime?Does hacking have any qualities ransom?Arguments for and againstDoes punishment fit the crime?Philanthropic or ethical hackingIncreased securityIntellectual growthAnalysis and recommendations Finding a balanceFitting the punishment to the crimeAccountabilityRaising the barFreeloadersHacking, crime and punishmentAbstractThe purpose of this article is to explore the consequences of hacking and cracking computers in the United States. It briefly covers the laws surrounding computer hacking and their appropriateness. A large section is devoted to arguments for and against hacking in an attempt to identify the benefits and losses to individuals, businesses and society as a whole resulting from such activities. Analyzing the pros and cons of hacking is essential to determining the weight of punishment associated with cybersecurity crimes. Finally a recommendation on what needs to be reviewed and changed and what is acceptable. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay Introduction The Predator and the Prey John was a child. Yet, at just fourteen years old he was able to break into most computer systems. One day during the summer, he was sitting at the computer as usual. Bored, he started browsing his live IP logs. After a couple of port scans, he spotted one. He recognized some gates, 21, 134 and 31337. He recognized 31337 as the numerical representation of ELEET. Remembering that this is the port that a Sub7 Trojan horse program uses for remote access. He downloaded a Sub7 client and connected to this unknown remote system. He began to look around and, finding nothing particularly interesting, decided to let his victim know what was happening. Sub7 has a utility to hijack the mouse and display users' monitor output. Using it, laughing, he took control of the user's mouse while he browsed the Internet looking at pornographic images. He closed the browser and its plethora of pop-ups, then opened notepad. He typed some things to scare his victim, for example: This is your mother. You were very naughty, Richard. He had ascertained his name earlier while carousing through his files. Finally, after having fun, he said: You have been hacked by SUB7. Get a virus scanner, idiot. What he didn't know was that the computer he hacked into belonged to that of a 56-year-old lawyer. This particular lawyer, while not technically savvy, knew his rights. Three months later, after hiring a professional security expert and numerous communications with his ISP, he tracked down his attacker. He went to the police with the evidence, who then showed up at John's house. John was arrested, taken to court and sentenced to 6 months in juvenile detention. Problems Do our laws address hacking adequately and responsibly? Does the punishment fit the crime? First of all, is it important that the punishment fits the crime? Most people would say yes, for a variety of reasons. For example, some argue that the more unacceptable the crime is to society, the more severe the punishments must be to deter others from committing it. Others say it is our right to be punished fairly under the Constitution, which prohibits cruel and unusual punishment. Whatever the reasons, the company has made it clear that it believes the punishment should fit the crime. Hacking enthusiasts andCivil liberties organizations like the EFF have complained that in some cases the punishments far outweigh the crime. They say hacking laws are unfair and punishments disproportionate to crimes of a similar nature. Law enforcement and politicians believe that punishments are justified and just. In John's example, he was treated equally by the law. Did his access to another's computer, even though all it did was alert the user to a vulnerability, justify his time in juvie? Does hacking have any redeeming qualities? Although many people perceive hacking as a purely destructive activity, there may be some benefits to it. It could be harmful to our society if allowed to run amok, just like a disease. Yet even an illness has its beneficial elements. An illness can strengthen the body's immune system, improving the overall health of the individual. If our immune system wasn't trained by mildly infectious diseases, we would be in really bad shape if we caught a particularly harmful one. Are hackers similar to biological diseases, which have their own positive traits?Arguments for and againstDoes the punishment fit the crime?In the state of California, residents are subject to CA Penal Code 502, which states among other things:Accessing knowingly and without permission takes, copies or makes use of data from a computer, computer system or computer network, or makes or copies any supporting documentation, existing or resident on or off a computer, computer system or computer network, computer. Any person who violates any of the provisions. . . is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both the fine and imprisonment. Combine this with the Digital Millennium Copyright Act, which, according to Jessica Litman, states, every time a work appears in your computer's random access memory, you are making an actionable copy of it (Digital Copyright p28), can result in harsh penalties for seemingly harmless crimes. To put it simply, if you simply look at someone else's files, you could go to prison for up to three years. The penalty for the same crime without the use of a computer is only one year (Penal Code CA 631). However, for many, the prevalence of computer hacking and its disproportionately high cost to individuals, businesses and government justify disproportionately high fines. a more serious example, under the Anti-Terrorism Act of 2001, violations of the Computer Fraud and Abuse Act (CFAA) may be considered acts of terrorism. According to the CFAA, defacing a website or simply spamming another user would result in a small fine. However, after the Anti-Terrorism Law, these crimes are punishable by up to 40 years in prison. For many this is an outrageously high penalty for such a minor crime. Law enforcement officials say such severe penalties help get plea deals from suspects. This saves them a tremendous amount of time and money, which allows them to spend more money on other important issues, such as fighting the war on drugs or investigating violent crimes. Many times, cybersecurity professionals have to be called upon to track down the cybercriminal, which costs a huge amount of money (around $150 per hour). A third example is that of a Cal Poly student, Paul Reed. Paul ran a port scan using a computer on campus. Per Cal Poly's responsible use policy, port scans are prohibited. Checking a bank for security cameras before a robbery is the rough equivalentof a port scan. While robbing a bank is certainly illegal, the act of walking around one looking for cameras definitely isn't. Defenders of this policy argue that by far the most popular reason to scan a computer's ports is to obtain information that is used directly to break into that machine. For this reason they rationalize port scanning as a crime punishable by expulsion. Although Paul was not deported, he had some serious legal problems. Philanthropic or Ethical Hacking IBM defines ethical hacking as hacking aimed at finding and fixing security holes. Ethical hackers are sometimes employed by companies to perform security audits. More often, these are individuals or groups who breach networks and then inform administrators of the exploited security flaws. Some companies find this type of activity beneficial because it is a cost-effective way to identify potential problems. This process can cause some administrative problems, as they feel that their rights and privacy have been violated and that their resources have been used unfairly. Additionally, it is sometimes difficult to distinguish the ethical hacker from the malicious cracker. This leads to the hacked company taking legal action against the hacker regardless of their intentions. Some ethical hacking involves finding errors in products that can be used to gain unauthorized access to systems or information. The ethical hacker then provides this information to developers and the general public. This knowledge helps developers create a patch for the exploit. By informing the public of the problem, the hacker gives them a clear warning about possible security weaknesses. This also puts pressure on product makers to fix the problem before too many customers are harmed by the defect. Many companies complain that this damages the reputation of their products and costs them in lost revenue. Increased Security One consequence of the pervasiveness of hacking is that companies are encouraged to maintain higher security standards. This creates the need for more rigorous testing, better design, and a higher level of professionalism in the field if the company is to maintain the trust of its customers. This provides the public with more secure and well-tested software. The trade-off for the superior merchandise is increased costs, a delay in release schedules, and possibly a reduced feature set. This is mainly due to increased production and operating costs resulting from enhanced safety measures. So, while end users may benefit from a safer product, they may suffer by receiving a less useful product for their money. Intellectual GrowthLaws that prevent hacking also prevent the intellectual growth of hackers who often push the limits of their capabilities through system exploration. The difficulties encountered while hacking challenge the individual to increase their knowledge of all aspects of the target. These individuals often progress from mostly harmless youth hacking to become competent technicians and professionals. Companies can then take advantage of their in-depth systems knowledge to create superior products and offer better services. However, this training comes at a cost. Companies must pay for increased security in their networks and products to compensate for frequent attacks. Therefore, any benefits gained from more experienced personnel are lost in the increased cost of operations. Analysis and recommendations Finding a balance Tailoring the punishment to the crime What defacing a website can constitute,.