On Saturday morning, I received a "notification" from my internet service provider that someone had accessed at least one of my computers from a location inconsistent with my past user locations. I pulled up the info, found out that two ISPs—one in the Czech Republic and the other in Texas—were listed as having (1) taken over my browser and (2) accessed my mail.
I have a security system on my computers. Also, having been "accessed" on a prior occasion, I had changed passwords on everything. I ran a scan on all of the computers. (Three viruses were found and isolated.) None of my confidential information was compromised, as I do not keep very much confidential information on my computers. Most of my law practice consists of appeals and post-conviction matters—cases in which the records already are public. The rest of the information for cases I keep on hard copy. Personal matters are protected by at least two systems—mine and the security system of the financial institution, credit card company, etc., with which I do business.
I still was angry about having to take time to call my ISP and a couple of other places. These incursions, I was told, in all likelihood were not committed by human beings. Zit-faced teenaged hackers in the Ukraine no longer are big in hacking. Computers (maybe owned by relatives or colleagues of Tony Soprano-types in "this thing we do"?)hack on a more massive and efficient scale than individuals.
Cross-word puzzles that draw on archaic knowledge sometimes refer to the phrase "There oughtta be a _____" with the missing word being "law." People used to say that frequently, or so I would surmise. I decided to check out laws available to address what I felt should be a crime.
Congress has acted on the matter of hacking, but only in the context of intent to defraud. That presents evidentiary difficulties because under a reasonable doubt standard, the elements of fraud are difficult to establish. Also, the mere unauthorized "entry" into my property of whomever these people or entities are smacks of trespass.
Then I checked Indiana’s laws. The General Assembly that, in the past, I have sharply criticized, has enacted a decent computer trespass statute, I.C. § 35-43-2-3(b). That provides that a person who knowingly or intentionally accesses a computer system, a computer network, or any part of a computer system or network without the consent of the owner or owner’s licensee, commits computer trespass, a Class-A misdemeanor.
By having entered my computer in Indiana, both intruders subjected themselves to the laws and courts of the State of Indiana. And I cannot conceive of any valid reason for those individuals or entities to have entered my computer—anymore than if they had broken into my house—without my permission.
From personal experience—by no means an expert view on the subject, but tips that are helpful—there are several means of optimizing one’s protection against hacking (although, as a car thief once said on "60 Minutes," if they want to steal your car, they will). Just make it as difficult as possible for the hacker: (1) Use an anti-virus/anti-spyware security system of reputable sort. (2) Do not store passwords on your computer. (3) Make passwords at least 14 characters in length comprised of random strings of letters (both lower- and upper-case) and write them down in someplace secure.
This morning I will call the Office of the Marion County Prosecutor and see if anything can be done about this. I am confident they do not want to extradite someone from Texas for a Class-A misdemeanor, but of more than one has been reported—committed by the same person/entity—then it might be worth the while of the county.