UNAUTHORIZED ACCESS (Accidental Felony or Computer Crime)


2007/11/26 Ray Lindeman

In 1977 Senator Abraham Ribikoff was the Chairman of the U.S. Senates Government Operations Committee. His committee is credited with drafting the first comprehensive proposal on computer crime in the United States; and, later that year Senator Ribikoff introduced legislation to congress referred to as the Ribikoff Bill 1. This Bill was the first Federal computer crime legislation in the U.S. that specifically prohibited unauthorized use of computers; the Bill, while not adopted, raised awareness in Congress to the potential problems unauthorized computer usage could cause. Since 1977 Congress (and all fifty states) passed computer laws, these new laws make a number of computer activities illegal. Congress, in 1984 adopted 18 USC 1030 The Computer Fraud and Abuse Act commonly referred to as CFAA. Congressional efforts to keep up with technology and cyber crime have seen the CFAA amended many times since 1984 (1986, 2001, 2004 and 2006) 2. Nowadays the CFAA makes activities intended to access restricted or classified information maintained on computers in financial institutions; credit card companies; consumer reporting agencies; any department or agency of the U.S Government; or, any protected computer, a crime.

You may or may not agree with me, but I relate crime to gangsters and outlaws, terrorists, spies or assassins; even so, take a moment and consider this: accessing a computer is the fundamental step for anything we do through a computer; so we shouldnt be too surprised to learn Unauthorized Access is becoming the base offense in the field of computer crime. The CFAA potentially criminalizes behavior like using a co-workers computer, using your laptop to connect to a wireless computer network, or transmitting an e-mail from your computer. Interestingly as you read through the CFAA nowhere does it define "access. The dictionary provides us with a general definition, to "gain access to, or exercise the "freedom or ability to . . . make use of" something. In other words, when you connect to a wireless computer network, regardless of where it is or who it belongs to, you would be accessing" bandwidth; or, when you send an e-mail message from your computer, and the message is transmitted to another computer or through a number of other computers until it reaches its destination, your are making use of all of those computers, and would therefore be "accessing" them; using a co-workers computer, even when permitted by the co-worker, is an access issue that becomes more complicated when company policy prohibits the use of any computers not assigned to you.

Any of that sound familiar? How many times have we used someone elses computer, or connected to a hotels wireless system. Think about it, then think about the guy in Sparta Michigan. Each day around noontime he would drive to the Union Street Coffee Shop, park just outside and without entering the cafe, connect to the internet using the shops unsecured wireless network. He would download his e-mails and surf the net. He was charged with unauthorized use of computer access (the shops WiFi System), a felony. He later pled guilty to a misdemeanor, was fined, ordered to perform community service and enroll in a diversion program 3. He could have gone to jail. Use common sense folks, casual access can lead to serious criminal charges, become a huge embarrassment, and cost you money and time. All this guy had to do was go inside, buy a cup of coffee, or just sit at a table, enjoy the ambiance and use their wireless system like everyone else in the cafe.

Did you ever wonder what kind of problems the wireless system you installed at home could create? Ask yourself is my wireless system secured or unsecured? If you dont know you better find out! Unsecured wireless systems can be used by anyone to gain access to the internet. Someone could, like the guy in Michigan, sit outside your home and use your unsecured wireless signal to access the internet and commit a crime. Adding insult to injury, Attorneys and victims are beginning to fight back not against the unauthorized user, but against the homeowner! It appears victims now have a cause-of-action against the owner of the unsecured wireless system used as the access point to commit a crime; the cause-of-action is negligence. Dont be twice a victim (hacker and a lawsuit), take steps to ensure your home wireless system is secure so you can continue to enjoy wireless flexibility safely within your home.

The information we handle everyday is also a source of potential problems. Several years ago, a young woman in Sacramento 4 working in a local financial institution, had access to confidential customer account information maintained on the institutions computer. She willingly provided this information to a girl friend that just started a Real Estate Business. Unknown to the young woman, her friend provided some of the confidential information to someone who just happened to be part of an identity theft scheme. Imposters used the customers account information to steal their identity and conduct transactions at the institution. The imposters were caught and prosecuted. The young woman was convicted of unauthorized access, a felony and sentenced to 36 months probation. Dont let yourself get schmoozed, cajoled or conned by friends or relatives into providing them with confidential information.

Sending e-mails is also a starting place for potential problems. Recently an older fellow in Connecticut retired and began working in a financial institution regulated by his former employer. One of his new responsibilities was to develop financial and operational programs designed to assist managers and staffs in small financial institutions. He loaded and personalized a software-program onto his work laptop. The program provided form and function while assisting the analysis process; this program was also used by his former employer and was capable of creating an e-mail request for financial information from his former employer. The guy created the request and addressed the e-mail to his former employers public access web site. When received at the web site, the e-mail was electronically read, redirected by the web site to another system of his former employer. The request was again electronically read and a new electronic e-mail response was created with the requested information attached. The new e-mail response was then returned to his e-mail address at the institution where he was working. Upon receipt he loaded this information into the software program on his laptop. This information received assisted the analysis process for institutions that contracted his employers services. After about a year, his former employer transitioned to a new software-program and created a list of those still requesting data from the software no longer in use. His name came up on the list; many knew him and knew he retired. The former employer referred the case to the FBI and US Attorney. The guy pled guilty to one count of unauthorized access and was sentenced to 2 years probation, a $4,000 fine and 50 hours of community service. Dont fool yourself into believing what you're doing is for the good of the people youre helping, youre only fooling yourself. Take the time to reinvent the wheel.

What am I getting at here? Simply this, please use common sense while youre working with computers, managing sensitive information in computer data bases, sending e-mail requests for information or accessing networks; hey, ignorance of the law is not an excuse. So whether youre at home or at work, here are some simple suggestions to follow while computering around:

  • While on the job, log off when you leave your computer and turn off the monitor. At home shut your system down when you leave for an extended period of time;

  • Report suspicious activity immediately; at work to your Information Security Officer (ISO), and at home to local authorities;

  • Report all security incidents immediately; at work to your ISO, or at home to local authorities;

  • Make sure you have the owner's approval to use their wireless system before you access their system. This includes but is not limited to Hotels, Coffee Shops and the Neighbors;

  • Secure your wireless system at home;

  • Use encryption software;

  • At work, obtain Supervisory or ISO permission before taking sensitive information from your assigned work area;

  • Whether at home or at work, protect sensitive information;

  • Do not share your access codes and passwords with anyone, and because we are all forgetful, store them in a secure area;

  • Do not load or use unapproved and or unauthorized software;

  • Do not attempt to bypass log-on procedures; and,

  • Do not E-mail sensitive data unencrypted,




Above all, while working with or around computers and or wireless systems, if it does't seem right to do, don't do it; you could accidentally be committing a felony.

References

1 Bill S. 1766 (95th Congress) "Federal Computer Systems Act of 1977"
2 U.S. Code Classification Tables
3 June 18, 2007 Wood TV8, Grand Rapids Michigan
4 US Department of Justice, Eastern District of California, November 30, 2001

Ray Lindeman sent an e-mail and was charged with unauthorized access; if you or someone you know had similar experiences and would like to share the story, you can contact him through this site.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> UNAUTHORIZED ACCESS (Accidental Felony or Computer Crime)


7 comments



Increase ad revenue 50-250% with Ezoic


More Articles by © Ray Lindeman







Mon Nov 26 16:53:29 2007: 3275   BigDumbDinosaur


While on the job, log off when you leave your computer and turn off the monitor.

Video monitors should not be turned off in the normal course of operation. With Windows, if the system goes into standby and later comes out of standby without the monitor being powered, Windows usually assumes there is no monitor and reverts the display to a lo-res condition. In any case, if the user has logged out there won't be anything on the screen worth stealing.

Do not E-mail sensitive data unencrypted...

Let's rephrase that "Do not E-mail sensitive data...period!" SMTP is an inherently insecure protocol and is no more trustworthy than posting information on a grocery strore bulletin board.



Mon Nov 26 17:17:54 2007: 3276   TonyLawrence

gravatar
I don't think I'd go so far as to say smtp is unsafe when encrypted. Also, if you are making a direct connection, the only possible inspection would be on the routers/networks between you and that server. In most cases, I think there's little reason to distrust those, though I suppose if you are sending something really secretive the only truly secure path is to hand it to them personally. In other words, yes, technically you may be right, but in ordinary practise I'm not going to think of my email as insecure even if unencrypted.





Sat Dec 1 14:59:55 2007: 3282   anonymous


"If we make enough laws, we can all be criminals"


That's what is happening in this country. It's bullshit. When will people learn that passing laws won't solve anybody's problems except under very specific circumstances? Making it illegal to do something with a computer isn't going to make insecure software secure, it's not going to make bad protocols better, and it's not going to stop criminals from stealing credit card information and other things.

Doing stuff like misusing credit card information or abusing medical records is already a felony. And in order to actually use that information for financial gain you'd have to engage in falsifying documentations, mail fraud, fake signatures and other things which are all felonies once you get up to a certain damage range. So if a person is already more then willing, in fact eager, to break a half a dozen laws then what one more is going to do?

The only thing that it will accomplish is to put normal people in jail for no good reason. No damages to anybody or anything. No loss of property, no loss of life. Just one guy in jail for connecting to the wrong wireless access point. Complete and total injustice.

This sort of law is why you have fish importers going to jail for 8 years because they had mistakenly imported lobster tails that were to small. The Federal government claimed they broke Honduras laws and thus violated the Lacy act. Of course having representatives from Honduras coming to court and telling everybody that there was no laws were broken didn't help the case and the small business owners still got almost a decade in prison.

"Are Civil Liberties at Risk in the War on Terror?"
(link)



Sat Dec 1 15:00:41 2007: 3283   drag


sorry, forgot to put my handle on the post above.



Sat Dec 1 17:03:24 2007: 3284   TonyLawrence

gravatar
I'm reminded of going to hook up a branch office some years back - the manager was surprised to see me because he said he was already all set.. that surprised me because I had just carried in his router.. turned out he had unknowingly connected to a neighboring business's wireless network. I suppose we'll have to put him in jail too.



Sun Dec 6 06:05:40 2009: 7714   anonymous

gravatar
I emailed the employee of the light company to connect me illegally offered him cash in the email. He says his going to the cops with the email his going to forward it to the police can that be a felony ? My email to him suggesting he do some thing for me for cash ?



Sun Dec 6 07:13:15 2009: 7715   TonyLawrence

gravatar
I am not a lawyer, but it wouldn't surprise me if doing that is a felony.

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





The activity of "debugging", or removing bugs from a program, ends when people get tired of doing it, not when the bugs are removed. (Datamation)

May you live long enough to regret your opinions - (Tony Lawrence)








This post tagged: