[asterisk-biz] attempt on hacking us ?

Paul ast2005 at 9ux.com
Fri Jun 9 14:30:20 MST 2006 

trixter aka Bret McDanel wrote:

>On Fri, 2006-06-09 at 13:51 -0400, Paul wrote:
>  
>
>>The FBI gives priority to cases where actual damages have exceeded X
>>dollars. That creates a problem because people building password lists
>>aren't investigated until the passwords actually get used in a way that
>>is costing the victim(s) money. I won't give the value of X here. Thye
>>tell me it's a budgetary problem.
>>    
>>
What I was talking about is the fact that due to budgetary constraints,
agents in the computer crimes division are given a monetary damages
guideline that is much higher than $5000 for pursuing a case. I'm sure
that sometimes those agents encounter cases that have a high potential
for future damages and get approval from superiors to investigate further.

If you can provide good evidence along with information that helps to
locate and identify the perpetrator they might take immediate action,
provided the perpetrator is in the US or a country where the authorities
have a good working relationship with the US. One of these agents told
me how badly he wanted to see some of the offshore phishers get sent to
prison. I'm sure if you gave him the right info at the right time, he
would quickly get approval to act on it.

>>    
>>
>
>The statute in the US (18 USC 1030) requires that damages exceed $5000.
>Damage is a defined term and US v Middleton is the best resource for
>what is damage, basically its anything the victim thought was
>reasonable, but must be pecuinary loss (ie not reputational harm but
>actual loss, including lost sales, time spent restoring the system to
>its condition prior to the attack, etc but not time spent preparing for
>litigation or criminal prosecution).  If you think it is reasonable to
>hire your brother at $5000/hr and he works for 1 hour you have your
>$5000 in 'damage'.
>
>The patriot act amended the hacking statute to include ATTEMPS, which
>means that if someone tries to break in but does not succeed, but if
>they had they would have caused $5000 in damage - they are guilty.  All
>that requires is the 'victim' claiming that it is their best belief that
>had the person succeeded it sure would have cost $5000.  
>
>On top of that the $5000 is aggregated over a 1 year period.  Pre
>patriot act it was for each singular act, but now it is all acts
>combined, $5 in 'damage' to 1000 places now rises to the level of a
>federal crime.  Initially the damage element was in place to allow only
>the most serious crimes to be federal everything else state.
>
>If that isnt bad enough the FBI claims world wide jurisdiction - how
>they do this is lets say that a guy in the UK hacks a box in Germany, in
>addition to Germany being able to prosecute, if that box in Germany has
>at one time been involved in commerce with just 1 US transaction (with
>voip it terminates *any* calls to the US, it has one US customer, 1
>person from the US goes to its web server, it really doesnt take much)
>the FBI can seek extradition in addition to germany authorities, and
>BOTH can charge, convict and sentence the same person for the same
>crime.  Double jeopardy wouldnt apply becuase its a seperate soverign
>entity and thus not double jeopardy.
>
>As you can see they really dont need much to go after anyone now, they
>used to need slightly more. 
>
>
>  
>
>>If someone reported that I was asking people to show me their
>>identification and credit cards in person, you can be sure that law
>>enforcement would arrive. They would look for any grounds suitable to
>>arrest me. If I do the same thing electronically, I probably won't be
>>pursued until after I have started using the credit card numbers.
>>
>>    
>>
>That is a different statute, 18 USC 1029 does allow for attempted
>aquisition of 'access devices' of which credit card numbers qualify (but
>then so do email addresses and mobile phone numbers).  Sheesh.
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>--Bandwidth and Colocation provided by Easynews.com --
>
>asterisk-biz mailing list
>To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>  
>

More information about the asterisk-biz mailing list