Type of paper:Â | Essay |
Categories:Â | Criminal law Information technologies Cyber security |
Pages: | 8 |
Wordcount: | 1928 words |
There are several statutes that both the original hacker and Scott did break. Firstly, it is unlawful to have unauthorized access to a computer, or data by an outsider, or excessive access by an insider. Theses statutes apply majorly on the protected computers. The following are the areas in which the hacker and partly Scout broke out the laws:
Firstly, the hacker should get accused of having intentionally gotten to a P.C. without being authorized or surpassing the limits of the approved access, and by methods for such lead having acquired data that has been controlled by the X.Y.Z. Corp Company. Besides, the statute continues to explain that United States Government compliant, with an Executive request or resolution to require security against unapproved divulgence for reasons of national barrier or remote relations, or any confined information, as characterized in section y. of area of the Atomic Energy Act of 1954, with motivation to accept that such data so got could be utilized to the damage of the United States, or the benefit of any remote country persistently imparts, conveys, transmits, or causes to be expressed, carried, or transmitted, or endeavors to communicate, convey, communicate or generate to be revealed, expressed, or spread the equivalent to any individual not qualified forget it, or obstinately holds the equivalent and neglects to convey it to the official or representative of the United States qualified for getting into it (Jensen 81). Thus, according to the above elements of the statute is that the intruder should be held guilty for having intentionally gained unauthorized access to the company's database, and performed various tasks that can be termed as illegal.
Secondly, the intruder and Scout should be held responsible for having deliberately gotten into the company's P.C. without approval (for the intruder) or surpasses approved access (for Scout). Subsequently, the statute would require the following to get put into consideration as cyber offenses;
- (1)data contained in a budgetary record of a monetary organization, or of a card backer as characterized in segment 1602 (n) [1] of title 15, or contained in a document of a buyer announcing office on a customer, all things considered terms are characterized in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
- (2) Data from any office or organization of the United States; or
- (3) Data from any ensured P.C.
The following are statutes that were broken in the process of intrusion:
- iii) Access of a computer and data in it deliberately, without approval to get to any nonpublic P.C. of an office or organization of the United States, gets to such a P.C. of, that office or office that is solely for the utilization of the Government of the United States or, on account of a P.C. not only for such use, is utilized by or for the Government of the United States and such lead influences that utilization by or for the Government of the United States; this statute was also broken in the process of
- iv) intentionally and with plan to cheat, gets to a safeguarded P.C. without approval, or surpasses approved access, and by methods for such direct encourages the planned extortion and gets anything of significant worth, except if the object of the misrepresentation and the thing acquired comprises just of the utilization of the P.C. and the estimation of such use isn't more than $5,000 in any 1-year time frame;
- v) (A) Purposely causes the transmission of a program, data, code, or order, and because of such lead, deliberately prompts harm without approval, to an ensured P.C.;
- (B) Intentionally gets to a guaranteed P.C. without consent, and because of such direct, heedlessly causes damage; or
- (C) Purposefully gets to a secured P.C. without permission, and because of such straightforward, cause harm and misfortune.
- vi) purposely and with plan to cheat deals (as characterized in area 1029) in any secret key or comparative data through which a P.C. might be gotten to without approval, if- (A) such dealing influences interstate or remote trade; or (B) such P.C. is utilized by or for the Government of the United States;
- vii) With an aim to blackmail from any individual any cash or another thing of significant worth, transmits in interstate or outside business any correspondence containing any-
- (A) The risk to make harm an ensured P.C.;
- (B) danger to acquire data from a secured P.C. without approval or in abundance of consent or to disable the secrecy of data got from an ensured P.C. without support or by surpassing approved access; or
- (C) Request or solicitation for cash or another thing of significant worth in connection to harm to an ensured P.C., where such damage was caused to encourage the blackmail.
Gets to a P.C. without approval (untouchables) or in abundance of support (insiders) By methods for this direct acquires data identified with national security (the resolution presents what kinds of data fall into this class) Should be anything but difficult to demonstrate in light of the fact that numerous P.C.s with national security data are grouped, or have exceptional access confinements set up, so it's simple to show circumvention of those shields (hypothetically, there ought to be secure signing set up, which can be utilized as proof)
With the motivation to accept that the national security data can be used to the "damage of the United States" or the "benefit of any outside country." The individual tenaciously conveys, conveys or transmits the national security data (or endeavors to do as such) to an individual not qualified forgetting it or obstinately holds the data as opposed to conveying to the representative of the U.S. government qualified to forget it (Thaw 907). While the rule is a lawful offense and conveys up to a multiyear sentence for a first offense, the law isn't much of the time charged in light of the fact that there is another resolution that identifies with giving protection data to help a remote government (18 U.S.C. 793(e)), which has more case point of reference, and is somewhat simpler to demonstrate.
If you were the prosecutor looking at this case, trying to assess the strengths and weaknesses of the evidence for each of the statutes identified in the 1st question, what issues do you see potentially being raised (by the defendant) in response to the charges identified?
They are beginning with the issue of Scout, who is the current I.C.T. manager for the X.Y.Z. Corporative, several issues could stand strong to defend him in the court of law. In the very first incidence, Scout is viewed as having quite a heavy responsibility when it comes to ensuring that the computers and data belonging to the corporation is not in any way interfered with, either internally, or from the external intrusion. Legally, According to the CFAA statutes is that Scout had the permission to have access to the database, up to the degree of the administrative horizons (Von Solms and Van Niekerk 99). Duties such as ensuring the cooperative's computers work smoothly to achieve the set goals of the X.Y.Z. Company. It is again via the same responsibility that Scout is expected to have had regular troubleshooting of the entire system to ensure that nothing interferes with its functionality. Therefore, as a higher administrator, Scout has more privileges more than any other user of the system. It is through this advantage that he is entitled to ensure that all the possible sources of threats have been sealed and every authorized user of the account would feel secure while in their line duty. However, have been able to realize that the system had been attacked by an intruder, Scout took to a step to violate his extremes of authorization by droving into the cyber and set up a track to obtain the log files that belonged to private access of accounts. This was a wrong motive of work assigned to the system administrator since the action could not get regarded as an ethical approach at the moment.
On the other hand, the defendant Scout would have stood firm against the prosecutions to ensure that he remains innocent and not at any given time taken to be on the other side of the attacker's motives. Given the fact that he firmly broke the law constituting the excessive access of the system as Scout would have fallen under a similar category as according to the following two case scenarios:
The more straightforward situation for demonstrating access in overabundance of approval is the point at which an individual has a real record - for instance, a customer account on Gmail.com - and at that point utilizes that entrance to heighten his/her benefits, verifying regulatory rights in Gmail's framework, or getting to someone else's Gmail account. In the two cases, that individual has dodged innovative hindrances/shields and has in this manner surpassed approved access.
The more troublesome situation - one with which courts have wrestled-comes when the client does not bypass mechanical or physical boundaries intended to restrain get to, but instead, utilizes the entrance for purposes not initially expected - for instance, using approved access inside a business' framework to take exclusive data and give it to a contender. In such case, the individual may not physically get to the context in any capacity other than s/he ordinarily would for his/her activity, however plainly approved access was not allowed with the goal that the worker could take exclusive data and advantage a contender.
The primary defense Scout would have given against his accusations would be that at least he made an attempt of tracking where, when, and how the intruder has been carrying out the attacks. Thus, however far he had already gone through having excessive access to the system servers, he could actually not held guilty since all these were initiated by the activity of the attacker, and he only did so purposely to ensure that he protects the system.
Considering the case scenario of the attacker, it would also be not possible to hold the attacker to full responsibility of having performed foreign activities in the system without any authorization. In the very first account, the attacker has been there for more than a month, and the system administrator has never discovered that. Therefore, the system seems not secure enough to fight against external attackers and that it could be possible to launch as many attacks as possible in the future. In addition, there was no evidence of any damage to data or even loss of data that was associated with the hacker. Therefore, the hacker probably would defend himself by asking for any proof of damage or loss of data from the system, since every moment he accesses the system he deletes all the possible traces of activities he was performing in the server system.
Looking at the proposed investigative steps taken by Paul Agent and/or authorized by C.T.O. Jonathan, what issues do you see in terms of 4th Amendment concerns that need to be considered/addressed, and why?
From the proposed steps of the investigation by Paul Agent and authorized by CTO Jonathan, it appears to break the 4th amendment relating to cyber security crime investigation. Generally, the amendment bill stipulates the protection of individual privacy from the unreasonable examination (Casey 26). The amendment categorically states on procedural practices on which should be followed by the investigation agencies in surveilling the personal computer, phones and emails.
Cite this page
Free Essay. What Statutes Might Have Been Broken Here, by Either the Original Hacker or Scott?. (2023, Jan 30). Retrieved from https://speedypaper.com/essays/what-statutes-might-have-been-broken-here-by-either-the-original-hacker-or-scott
Request Removal
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
Popular categories