Thursday, August 25, 2005

Hackers

According to US officials, Chinese websites are being used to breach hundreds of unclassified United States government computer networks.[1] Classified networks have not been breached, and the information gathered seems to be innocuous on its own, but it is possible that the information could yield useful intelligence if put together properly.[2]

The operation against American networks seems to stretch back two or three years, and analysts are divided on whether the attacks are a coordinated campaign by the Chinese government or simply the work of hackers using Chinese networks to disguise the origins of their attacks.[3]

China is considered a convenient place from which attacks van be launched because there are large numbers of computers there that can be compromised, and tracking hackers who use Chinese networks is complicated by the lack of “cyber investigation agreements” between the US and China,[4] and the lack of a formal extradition treaty between the two countries.[5] The number of attacks against the Pentagon last year totaled 79,000, which was an increase from 54,000 in 2003.[6]

Illegally accessing computers without authorization is a serious transnational crime covered primarily by 18 U.S.C. § 1030.

Section 1030 covers many different acts which constitute crimes. The acts that seem most appropriate to this discussion are
  • knowingly accessing a computer without authorization, obtaining defense-related information that be used against the United States, and communicating that information to someone not authorized to receive it;[7]
  • intentionally accessing a computer without authorization and obtaining information from any department or agency;[8]
  • intentionally, without authorization, accessing a nonpublic computer of a department or agency of the United States;[9] or
  • attempting to do any of the crimes listed in section 1030.[10]
The punishment for violating, or attempting to violate, section 1030 can be as follows:
  • for violating section 1030(a)(1): a fine, imprisonment for up to twenty years, or both;[11]
  • for violating sections 1030(a)(2)(B) and (a)(3): a fine, imprisonment for up to ten years, or both.[12]

[1] Bradley Graham, China a Staging Ground for Computer Attacks, Wash. Post, Aug. 24, 2005, available here.
[2] Id.
[3] Id.
[4] Id.
[5] For more information about extradition between the United States and China, please see our post about the extradition of Yu Zhendong, here.
[6] Graham, supra note 1.
[7] 18 U.S.C. § 1030(a)(1).
[8] Id. § 1030(a)(2)(B).
[9] Id. § 1030(a)(3).
[10] Id. § 1030(b).
[11] Id. § 1030(c)(1).
[12] Id. § 1030(c)(2).

posted by McNabb Associates, P.C. @ 3:59 PM