Return-Path: <sentto-279987-3645-1004452081-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 30 Oct 2001 06:29:08 -0800 (PST) Received: (qmail 1211 invoked by uid 510); 30 Oct 2001 14:27:19 -0000 Received: from n5.groups.yahoo.com (216.115.96.55) by 204.181.12.215 with SMTP; 30 Oct 2001 14:27:19 -0000 X-eGroups-Return: sentto-279987-3645-1004452081-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n5.groups.yahoo.com with NNFMP; 30 Oct 2001 14:28:01 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 30 Oct 2001 14:28:01 -0000 Received: (qmail 72463 invoked from network); 30 Oct 2001 14:27:47 -0000 Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 30 Oct 2001 14:27:47 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3 with SMTP; 30 Oct 2001 14:27:47 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9UERpo17344 for iwar@onelist.com; Tue, 30 Oct 2001 06:27:51 -0800 Message-Id: <200110301427.f9UERpo17344@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 30 Oct 2001 06:27:51 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Comment:.Hacking.is.not.terrorism] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Comment: Hacking is not terrorism By Neil Barrett, VNU Business Publications, 10/30/2001 <a href="http://www.vnunet.com/News/1126513">http://www.vnunet.com/News/1126513> The Americans are, it would seem, determined to equate hackers with terrorists: new legal proposals would make many system intrusions a terrorist act. On the face of it this is a surprising thing - some might say an overreaction. There is, though, a form of logic behind it, but one I believe the rest of us would be well advised to avoid. In the US, the major law covering hacking is the Computer Fraud and Abuse statute, which makes it a fraud-related offence, hence the primary responsibility of the US Treasury and its investigative arm, the Secret Service. Yes, the men in dark suits and sunglasses, with hearing aids and hidden guns, are responsible for tracking the night-pale brigade of network freeloaders. But a significant element of this act covers computers that are of 'federal interest': those that carry government traffic, operate directly or indirectly on behalf of a federal agency, or whose impairment would affect the operation of federal government. It's hard to imagine a major hacking target that could not be shoehorned into this loose specification. With worries over the critical national infrastructure - that general federation of networks and systems whose destruction or damage would in turn damage national interests - resulting quite naturally from the events of last month, it is no surprise that this topic is high on the US Government's agenda. But it is hard to make a justification for seeing hackers as terrorists in a legal framework that does not provide this 'federal interest' contingency. The UK's Computer Misuse Act, the nearest equivalent, makes no implied or explicit distinction regarding the systems that are intruded on. This is quite apart from the other major difference in the two laws: that of fraud in the US versus 'unauthorised access', or trespass, in the UK. Because of this, in the UK it would be necessary to introduce computer offences into the Terrorism Act - and indeed, the new version of that act has clauses that would cover the use of terror tactics with computers. However, we have to recognise some simple truths. A significant element of terrorism is that it causes terror. Sure, it has to be politically motivated, performed by an identifiable sub-state group, and illegal, but the major element is that it is intended to induce political activity or changes as a result of terror. Hacking does not cause terror. It makes people angry; it costs money; it can be offensive; it induces trepidation. But no one is likely to say a computer hack induces terror. Take a current TV advert, in which the website of a cheese manufacturer is hacked by a French cheese maker. It's funny! It's not terrifying, and that's what most hacking is like. I'm not saying we shouldn't take it seriously, but we shouldn't reflexively lump hacking in with bombs, bullets and torture simply on the basis of a belief that the terrorists of last month could have done things with a computer, and that some security experts believe a really clever, motivated hacker could intrude on some sensitive control systems. Let's instead make it clear just what we think of terrorism, in all its forms. If hackers eventually start to act like terrorists, then fine. We have laws to cover them. But let's not make a knee-jerk response and automatically interpret hacking as a form of terrorism. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST