Home page logo

basics logo Security Basics mailing list archives

RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 2 Mar 2006 09:00:03 +1100

Dave stated;
"I am pretty certain that it isn't keeping someone's heart pumping. Most
hospitals still use DOS based systems for these tasks sometimes. I am
most certain that NONE of these machines have direct internet connection
with an internet IP address.

Dave, you are well behind the times. There are several virtual surgery
projects, these involve a Surgeon in a developed country (eg Australia,
the US or the UK) aiding a local medic to complete complex procedures.

We have several links from Australia to PNG to aid in cranial
reconstructive surgery and optical cataracts surgery as a start.

Some of these use dedicated links but most are VPN's. The hospitals in
3rd world countries do not have the resources to ensure that they are
configured the way that people seem to think they should be. Next a DOS
attack is never difficult and is VERY costly to mitigate in all cases.

Dave also stated:
"If you do no harm you should do know time, no 'weaseling'  necessary.
Class B and C misdemeanours should receive fine maybe probation."

MOST cases do not receive goal terms. If they do they are generally
suspended sentences. Most people are NOT kids as you keep stating.
Script kiddie does not mean child - it never did. The use of the
taxonomy does not change the age of the perpetrator.

The law does also have levels. You seem to have the idea that a simple
exploratory attack by a teenager will result in an automatic life goal
term. This is wrong. Read the statutes. You talk of comprehension, so
that you are willing to read the works of others with an open mind.

You state "The law has different degrees of crimes and punishment." Yes
- for computer crime as well.
The laws in the UK have a max. penalty of life imprisonment - when human
life is placed in danger as a result of the actions. This is a case for
the prosecution (in the UK the Crown) to prove - beyond all reasonable
doubt. If the system did not have control of life or could not effect
this than it would NOT result in a life term.

Most goal terms are a result of the actions. Mens Rea. The prosecution
needs to demonstrate intent. As the defendant you can (and it is your
right) say nothing. They have to prove intent beyond doubt. The cases
that have received sever terms have reason.

Some of the cases where goal terms have been awarded include:
   They have lied in court and have been demonstrated to have lied.
   They have stolen funds, IP or something else more than just exploring
   They have send/stored child pornographic materials
   They have emptied waste tanks into rivers
   They shut down power grids

In some cases the guilty party has done far more and not gone to goal.
[1999] 2 HKC 547; HMCA 723/1998
The accused broke into hospital computers and stole x-rays of the
secretary of justice
100 hours community service

Read the statutes David. "the laws will need to be rewritten to include
some sanity / reasoning." Shows that you do not understand them. Before
you judge - ensure that your opinion has some basis.


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]