On Saturday morning, I received a "notification" from my internet service provider that someone had accessed at least one of my computers from a location inconsistent with my past user locations. I pulled up the info, found out that two ISPs—one in the Czech Republic and the other in Texas—were listed as having (1) taken over my browser and (2) accessed my mail.
I have a security system on my computers. Also, having been "accessed" on a prior occasion, I had changed passwords on everything. I ran a scan on all of the computers. (Three viruses were found and isolated.) None of my confidential information was compromised, as I do not keep very much confidential information on my computers. Most of my law practice consists of appeals and post-conviction matters—cases in which the records already are public. The rest of the information for cases I keep on hard copy. Personal matters are protected by at least two systems—mine and the security system of the financial institution, credit card company, etc., with which I do business.
I still was angry about having to take time to call my ISP and a couple of other places. These incursions, I was told, in all likelihood were not committed by human beings. Zit-faced teenaged hackers in the Ukraine no longer are big in hacking. Computers (maybe owned by relatives or colleagues of Tony Soprano-types in "this thing we do"?)hack on a more massive and efficient scale than individuals.
Cross-word puzzles that draw on archaic knowledge sometimes refer to the phrase "There oughtta be a _____" with the missing word being "law." People used to say that frequently, or so I would surmise. I decided to check out laws available to address what I felt should be a crime.
Congress has acted on the matter of hacking, but only in the context of intent to defraud. That presents evidentiary difficulties because under a reasonable doubt standard, the elements of fraud are difficult to establish. Also, the mere unauthorized "entry" into my property of whomever these people or entities are smacks of trespass.
Then I checked Indiana’s laws. The General Assembly that, in the past, I have sharply criticized, has enacted a decent computer trespass statute, I.C. § 35-43-2-3(b). That provides that a person who knowingly or intentionally accesses a computer system, a computer network, or any part of a computer system or network without the consent of the owner or owner’s licensee, commits computer trespass, a Class-A misdemeanor.
By having entered my computer in Indiana, both intruders subjected themselves to the laws and courts of the State of Indiana. And I cannot conceive of any valid reason for those individuals or entities to have entered my computer—anymore than if they had broken into my house—without my permission.
From personal experience—by no means an expert view on the subject, but tips that are helpful—there are several means of optimizing one’s protection against hacking (although, as a car thief once said on "60 Minutes," if they want to steal your car, they will). Just make it as difficult as possible for the hacker: (1) Use an anti-virus/anti-spyware security system of reputable sort. (2) Do not store passwords on your computer. (3) Make passwords at least 14 characters in length comprised of random strings of letters (both lower- and upper-case) and write them down in someplace secure.
This morning I will call the Office of the Marion County Prosecutor and see if anything can be done about this. I am confident they do not want to extradite someone from Texas for a Class-A misdemeanor, but of more than one has been reported—committed by the same person/entity—then it might be worth the while of the county.
If they steal the password remotely, they'll do it by capturing what you're typing in so having a complicated password may not help at all.
A lot of people are afraid of using their credit card to buy things on-line. Yet they think nothing of handing their credit card to the wait staff so that person can take it in another room. How do you know they're not copying down the information from the card? Identity theft/credit card fraud is still most commonly done by things like throwing sensitive information into the trash or handing a clerk your credit card.
Paul, Hackers rarely physically break into a place to hack. Keep a list of passwords close at hand in a secure place of your desk---definitely not on your hard drive. It is a hassle, but one that is necessary.
I agree about your point on making the charge a felony. You know, though, I am anti-DP, so I cannot agree w/you there. If the charge were a felony, there would be more likelihood of prosecutors seeking extradition of the individuals.
The charge for hacking should be a felony. I prefer the death penalty actually.
I don't agree with the password suggestion. All you're doing is making passwords so complex that you end up writing them down to remember them. You're a lot more likely to have a thief access your computer via finding your password laying around your compute than someone guessing what the password is when you don't write it down.
You need to be a member of Civil Discourse Now to add comments!
Join Civil Discourse Now