Two Senators, Orrin Hatch (R-UT) and Joe Biden (D-DE), have introduced a new bill to increase the penalties for several types of cyber crime, as well as close several loopholes in current cyber crime law. Or, "Pull the Plug on Internet Criminals", if you will (does somebody actually get paid to come up with that stuff?).
Full text of the bill is available from Senator Hatch's website here: CyberCrimeBill.pdf
The bill isn't overly long, but it does make some serious changes to current punishments, mostly for large-scale computer disruption (most of the wording appears to be aimed at making the formation and use of botnets less appealing). There are several fairly interesting points of the Bill:
Cyber Extortion
Section 3 of the Act amends Section 1030(a)(7) of title 18USC to include:
(A) threat to cause damage to a protected computer;
(B) threat to obtain information or impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion.
Simply, not only making it illegal to do damage to systems, but also to steal information from systems and even threatening to steal information or make any stolen information public.
Investigation
Section 4 of the Act makes it easier for investigators to prosecute hacking cases with a lot of victims:
(3) by adding at the end the following:
(vi) damage affecting 10 or more protected computers during any 1-year period.
Previous law states that aggregate damages for an attack had to exceed $5000, which meant that investigators had to piece together damages from a lot of systems to prove that it exceeded the threshold before a case could be prosecuted. Now, investigators could prove the $5000 threshold OR prove that at least 10 computers were affected.
Sec. 7 Civil Forfeiture for Section 1030 Violations
This one speaks for itself.
The court, in imposing sentence for an offense under this section, shall, in addition to any other sentence imposed and irrespective of any provision of State law, order that the person forfeit to the United States-
(i) the person's interest in any personal property that was used or intended to be used to commit or to facilitate the commission of such violation; and
(ii) any property, real or personal, constituting or derived from, any proceeds the person obtained, directly or indirectly, as a result of such violation.
What's that? Get caught hacking, the government seizes your computers, and all your other equipment that happens to be nearby and connected. Had a botnet that generated money or extorted cash from someone? The government seizes anything you bought with the money.
The bill also outlines a list of 13 things to consider in sentencing, most considerations having to do with whether the US government owned the systems and whether the system was part of critical infrastructure (looks like all those SCADA news reports made it through to someone). The bill also earmarks money for training for the US Secret Service (to investigate cyber crimes) and the Attorney General (to prosecute cyber crimes).
Comments