PARTS:
Part 1
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 83 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

As our dependency upon technology
increases and society becomes more comfortable with carrying out an increasingly
broad range of transactions electronically, such threats will only become more prevalent.
Many of these statutes, including Section 1029, seek to curb illegal activities that
cannot be successfully fought with just technology alone. So basically you need several
tools in your bag of tricks to fight the bad guys??”technology, knowledge of how to use
the technology, and the legal system. The legal system will play the role of a sledgehammer
to the head that attackers will have to endure when crossing the boundaries.
Section 1029 addresses offenses that involve generating or illegally obtaining access credentials.
This can involve just obtaining the credentials or obtaining and using them. These
activities are considered criminal whether or not a computer is involved. This is different from
the statute discussed next, which pertains to crimes dealing specifically with computers.
Chapter 2: Ethical Hacking and the Legal System
21
PART I
Gray Hat Hacking: The Ethical Hacker??™s Handbook
22
Crime Penalty Example
Producing, using, or trafficking in
one or more counterfeit access
devices
Fine of $50,000 or twice the value of
the crime and/or up to 15 years in
prison, $100,000 and/or up to 20
years if repeat offense
Creating or using a software tool
to generate credit card numbers
Using an access device to gain
unauthorized access and obtain
anything of value totaling $1,000
or more during a one-year
period
Fine of $10,000 or twice the value of
the crime and/or up to 10 years in
prison, $100,000 and/or up to 20
years if repeat offense
Using a tool to capture credentials
and using the credentials to break
into the Pepsi-Cola network and
stealing their soda recipe
Possessing 15 or more
counterfeit or unauthorized
access devices
Fine of $10,000 or twice the value of
the crime and/or up to 10 years in
prison, $100,000 and/or up to 20
years if repeat offense
Hacking into a database and
obtaining 15 or more credit card
numbers
Producing, trafficking, having
control or possession of devicemaking
equipment
Fine of $50,000 or twice the value of
the crime and/or up to 15 years in
prison, $1,000,000 and/or up to 20
years if repeat offense
Creating, having, or selling devices
to illegally obtain user credentials
for the purpose of fraud
Effecting transactions with
access devices issued to another
person in order to receive
payment or other thing of value
totaling $1,000 or more during a
one-year period
Fine of $10,000 or twice the value of
the crime and/or up to 10 years in
prison, $100,000 and/or up to 20
years if repeat offense
Setting up a bogus website and
accepting credit card numbers for
products or service that do not
exist
Soliciting a person for the
purpose of offering an access
device or selling information
regarding how to obtain an
access device
Fine of $50,000 or twice the value of
the crime and/or up to 15 years in
prison, $100,000 and/or up to 20
years if repeat offense
A person obtains advance payment
for a credit card and does not
deliver that credit card
Using, producing, trafficking in,
or having a telecommunications
instrument that has been
modified or altered to obtain
unauthorized use of
telecommunications services
Fine of $50,000 or twice the value of
the crime and/or up to 15 years in
prison, $100,000 and/or up to 20
years if repeat offense
Cloning cell phones and reselling
them or using them for personal
use
Using, producing, trafficking in,
or having custody or control of
a scanning receiver
Fine of $50,000 or twice the value of
the crime and/or up to 15 years in
prison, $100,000 and/or up to 20
years if repeat offense
Scanners used to intercept
electronic communication to
obtain electronic serial numbers,
mobile identification numbers for
cell phone recloning purposes
Producing, trafficking, having
control or custody of hardware
or software used to alter or
modify telecommunications
instruments to obtain
unauthorized access to
telecommunications services
Fine of $10,000 or twice the value of
the crime and/or up to 10 years in
prison, $100,000 and/or up to 20
years if repeat offense
Using and selling tools that can
reconfigure cell phones for
fraudulent activities; PBX
telephone fraud and different
phreaker boxing techniques to
obtain free telecommunication
service
Causing or arranging for a
person to present, to a credit
card system member or its
agent for payment, records of
transactions made by an access
device
Fine of $10,000 or twice the value of
the crime and/or up to 10 years in
prison, $100,000 and/or up to 20
years if repeat offense
Creating phony credit card
transactions records to obtain
products or refunds
Table 2-1 Access Device Statute Laws
PART I
References
U.


Pages:
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
The Art of Agile Development (page 30) Absalom's Hair (page 136) Absolute Surrender and Other Addresses (page 11)