Network News

X My Profile
View More Activity

Senate Approves Bill to Fight Cyber-Crime

The Senate on Wednesday passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks.

Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated.

Instead, the legislation would make it a felony to install spyware or keystroke-monitoring programs on 10 or more computers regardless of the amount of damage caused.

This change is important because most of today's cyber criminals break into thousands of computers at a time, but seldom inflict $5,000 worth of damages on any one individual. Moreover, while most commit their crimes by tunneling their connections through hacked computers, the crooks may never damage the PCs they are using as a proxy or try to steal personal and financial data from victims.

The real damage to cyber-crime victims -- the loss of privacy and the time and effort it takes to clean up a compromised machine and/or stolen identity -- is extremely hard to quantify monetarily. Nevertheless, one section of the measure would give identity theft victims the ability to seek restitution for the loss of time and money spent restoring credit.

The bill also would allow federal courts to prosecute attackers who go after computers located in the same state in which they live. Under current law, federal courts only have jurisdiction if the thief uses interstate communication to access the victim's PC.

Another new provision covers cyber extortion. Under existing law, the government can prosecute cyber extortionists who threaten to delete a victim's data or to crash a computer. But there is no specific statute that addresses cyber crooks who try to extort companies by, say, publishing or releasing stolen information. This bill would criminalize that activity.

This reminds me of the attack against CD Universe in 2000, when a hacker broke into the online music store's redit card database and threatened to publish the information online unless it paid $100,000. CD Universe refused, and the hacker went ahead and posted the data on the Web.

These new provisions will be added to a bill known as The Former Vice President Protection Act (H.R. 5938). The original Senate cyber-crime bill from November, 2007, was stalled in the House of Representatives, so lawmakers have tacked on these new cyber-crime-fighting measures to legislation that the House already approved. The measure now heads back to the House for reconsideration.

By Brian Krebs  |  July 31, 2008; 3:45 PM ET
Categories:  Cyber Justice , From the Bunker , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Fun with Spam Subject Lines
Next: Black Hat Talk on Apple Encryption Flaw Pulled


It's past time when commercial web sites aren't held to products liability standards. Law is already on the books to deal with it.

Posted by: Mike | July 31, 2008 5:20 PM | Report abuse

It's past time when commercial web sites should be held to products liability standards. Law is already on the books to deal with it.

Posted by: Mike | July 31, 2008 5:22 PM | Report abuse

It's about damn time they start cracking down on these cyber crooks. It seems like the government has been moving at a snails pace in passing new legislature to fight online security fraud and spyware infestation. Clearly the trend has been getting worse with each coming year. Uncle Sam has to step up to the place

Posted by: Jim | August 4, 2008 1:45 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company