The attack resulted in
more than 300 passwords being obtained illegally, including one that was considered a
master key. This critical piece allowed the attacker to download customer files. The
charge against the Ohio cracker was called ???exceeding authorized access to a protected
computer and obtaining information.??? The victim was a Cincinnati-based company,
Acxiom, which reported that they suffered nearly $6 million in damages and listed the
following specific expenses associated with the attack: employee time, travel expenses,
security audits, and encryption software.
What makes this case interesting is that the data stolenwas never used in criminal activities,
but the mere act of illegally accessing the information and downloading it resulted in
Chapter 2: Ethical Hacking and the Legal System
31
PART I
Gray Hat Hacking: The Ethical Hacker??™s Handbook
32
a violation of lawand stiff consequences. The penalty for this offense under CFAA consists
of a maximum prison term of five years and a fine of $250,000.
As with all of the laws summarized in this chapter, information security professionals
must be careful to confirm with each relevant party the specific scope and authorization
for work to be performed.
Pages:
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119