Security Basics mailing list archives
RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 2 Mar 2006 09:00:03 +1100
Dave stated; "I am pretty certain that it isn't keeping someone's heart pumping. Most hospitals still use DOS based systems for these tasks sometimes. I am most certain that NONE of these machines have direct internet connection with an internet IP address. Dave, you are well behind the times. There are several virtual surgery projects, these involve a Surgeon in a developed country (eg Australia, the US or the UK) aiding a local medic to complete complex procedures. We have several links from Australia to PNG to aid in cranial reconstructive surgery and optical cataracts surgery as a start. Some of these use dedicated links but most are VPN's. The hospitals in 3rd world countries do not have the resources to ensure that they are configured the way that people seem to think they should be. Next a DOS attack is never difficult and is VERY costly to mitigate in all cases. Dave also stated: "If you do no harm you should do know time, no 'weaseling' necessary. Class B and C misdemeanours should receive fine maybe probation." MOST cases do not receive goal terms. If they do they are generally suspended sentences. Most people are NOT kids as you keep stating. Script kiddie does not mean child - it never did. The use of the taxonomy does not change the age of the perpetrator. The law does also have levels. You seem to have the idea that a simple exploratory attack by a teenager will result in an automatic life goal term. This is wrong. Read the statutes. You talk of comprehension, so that you are willing to read the works of others with an open mind. You state "The law has different degrees of crimes and punishment." Yes - for computer crime as well. The laws in the UK have a max. penalty of life imprisonment - when human life is placed in danger as a result of the actions. This is a case for the prosecution (in the UK the Crown) to prove - beyond all reasonable doubt. If the system did not have control of life or could not effect this than it would NOT result in a life term. Most goal terms are a result of the actions. Mens Rea. The prosecution needs to demonstrate intent. As the defendant you can (and it is your right) say nothing. They have to prove intent beyond doubt. The cases that have received sever terms have reason. Some of the cases where goal terms have been awarded include: They have lied in court and have been demonstrated to have lied. They have stolen funds, IP or something else more than just exploring They have send/stored child pornographic materials They have emptied waste tanks into rivers They shut down power grids In some cases the guilty party has done far more and not gone to goal. [1999] 2 HKC 547; HMCA 723/1998 The accused broke into hospital computers and stole x-rays of the secretary of justice 100 hours community service Read the statutes David. "the laws will need to be rewritten to include some sanity / reasoning." Shows that you do not understand them. Before you judge - ensure that your opinion has some basis. Craig Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking Craig Wright (Mar 01)
- <Possible follow-ups>
- Re: How hackers cause damage... was Vulnerabilites in new laws on computer hacking dave (Mar 01)
- RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking David Gillett (Mar 01)
- RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking Craig Wright (Mar 02)