Saturday, 30 August 2008
Criminal responsiblity for lack of security features?
http://www.techdirt.com/articles/20080825/2320012094.shtml (26 August 2008)
In the same line of thought is the comment of a Nigerian official who points out that victims of 419 scams should be held responsible "Nigerian Official Blames The Victims Of Nigerian 419 Advance Fee Scams" http://www.techdirt.com/articles/20080822/0315012062.shtml (22 August 2008)
And earlier, "Banks slip through virus loophole" (TheGuardian, 12 June 208): "A quiet rule change allows British banks to refuse to compensate the victims of online fraud if they do not have "up-to-date" anti-virus protection, says Danny Bradbury"
Hacking - insiders
http://news.bbc.co.uk/2/hi/uk_news/england/hereford/worcs/7585098.stm
- The employee does not work for Lloyds anymore. Has disciplinary action been taken? Concerning criminal proceedings, the behaviour falls under the CMAct 1990, for the employee modified computer data without authorisation
- Althought there has been no harm here (just a change of password without taking money or the like), the facts illustrate that crime can be generated from the inside. Security policies must be stronger to avoid this type of situation, despite a survey stating that insider crimes diminish "Insiders No Longer The Biggest Threat To Computer Networks" (TechDirt, 17 June 2008)
Scams -Nigeria and the challenge of cybercrime
http://www.crime-research.org/news/27.08.2008/3537/ (27 August 2008)
although one can validly argue that victims are now really fools to fall for 419 scams after all the publicity surronding them for the past few years. http://www.techdirt.com/articles/20080822/0315012062.shtml (22 August 2008) "Nigerian Official Blames The Victims Of Nigerian 419 Advance Fee Scams"
Friday, 29 August 2008
Hacking (Nasa hacker) - jurisdiction and policies
Three things here interest me:
- First, Mr McKinnon's admission that he hacked but to find documents on UFOs. In strict terms of criminal law, his motive (UFOs, pure fun, or terrorism) bears no influence on the existing offence. Mens rea, the mental component of an offence, discards motives which cannot be its component. Motives may come into play later, as an excuse (insanity for example) or justification. This is why the Asperger's syndrome argument becomes important as a ground for an excuse (constraint? barely insanity in today's understanding of the defence)
- Second, the procedural aspect of the case. 95% of criminal cases end up in a plea; plea bargaining is supposed to be a transaction between two parties and a minimum of fairness is supposed to exist, rules of the Supreme Court. But the conception of fairness is relative, especially in the eyes of Europeans: American fairness in relation to plea bargaining is not often perceived, rightly or wrongly, as fairness in the sense of ENglish law or European Human Rights. Pressures are great to accept the plea and not to do so is taking a huge risk.
- It is unclear what has been the attitude of the authorities. Pressure was claimed to have been exercised. Mistatements were supposedly made about the extent of the hack and its threat...
Overall, let's hope one thing: that Mr McKinnon's misapprehensions of his original actions does not cost him more than it is necessary. He should not be sanctioned for the symbol that some may want to see of him in the fight against cybercrime; he should be sanctioned for his actions only, not for political or policies reasons. He hacked into the computers; this is an offence. If hacking into governmental networks is an aggravating circomstance, fine; it is not, then he should be left alone.
"US: tackling cyber-crime" (22 August 2008)
http://news.zdnet.co.uk/security/0,1000000189,39475039,00.htm (28 August 2008)
http://www.crime-research.org/news/29.08.2008/3542/ (29 August 2008)
Earlier, "Nasa hacker to fight US extradition on Monday" (ZDNet.uk, 13 June 2008)
Crime in virtual world
http://news.zdnet.co.uk/security/0,1000000189,39466789,00.htm