On March 15, 2017 the US Department of Justice announced that they were laying charges against four people accused of hacking four hundred Yahoo email accounts in 2014. Two of the accused are Russian intelligence officers and a third was in the US but has since fled to Russia. The fourth is one of our own, Hamilton native Karim Baratov, age 22.
Baratov has been roasted by media and law enforcement because he openly flaunted his love of luxury items online. When people asked how he could afford these things, his reply was that he was providing online services.
In the court of public opinion, it sounds like Baratov is guilty of the crimes he’s accused of, even though “online services” could mean everything from sexy video chats to tech support.
This article is not about Baratov. He is currently in jail awaiting his bail hearing in April and plans to fight his extradition to the US where he would face charges of conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud and aggravated identity theft.
This article is about how we address hacking in Canada.
It should be said right off the bat that not all hacking is illegal. One of the definitions of hacking is writing computer programs for fun, which is not illegal if the programs are harmless.
The other definition of hacking is the one most people are most familiar with, which is the act of getting into a computer illegally.
Though it’s never called hacking in the Canadian Criminal Code, the section dealing with the crime is the one used to address mischief. That’s right; the laws against hacking are in the same place you find the law punishing leaving flaming bags of poop on doorsteps on Devil’s Night.
The crime of hacking in Canadian law is called “Mischief in relation to computer data” and is defined as willfully:
- Detroying or altering computer data
- Rendering computer data meaningless, useless or ineffective
- Obstructing, interrupting or interfering with the lawful use of computer data
- Obstructing, interrupting or interfering with a person in the lawful use of computer data or denying access to computer data to a person who is entitled to access to it.
The punishments are the same as for any other kind of mischief crime. If the act put a life in danger, you’re liable to spend life in jail. If the crime caused damages worth five thousand dollars or more, it’s an indictable offense with a maximum sentence of ten years in jail or a summary conviction which would mean six months in jail or a five thousand dollar fine. If the value of the damage was less than five thousand dollars, you’re facing either a summary conviction or an indictment with up to two years in jail.
Like many crimes, hacking is often done with intent to commit other crimes like fraud, theft, and unauthorized uses of credit card data. A person guilty of hacking could therefore also be found guilty of additional crimes, some of which – like fraud – carry stiffer penalties than mischief.
Canadian law also holds a person responsible if they counseled or made it easier for someone else to commit a crime and they can face the same penalty as the perpetrator who actually did it. They can also face those penalties if they knew or should have known the crime could be committed as a result of their actions or lack thereof.
Though Canadian governments have been criticized as being ill equipped to tackle computer crime, the government seems to be doing its best not only to protect itself from cyber-attacks but also to teach us to protect ourselves.
In 2010, the Harper Government launched the Cyber Security Strategy outlining a long term national plan to deal with computer crime. The website getcybersafe.gc.ca was created by Public Safety Canada and is full of guidelines for ordinary citizens and businesses with the goal of keeping Canadians safer by increasing awareness of common online threats and how to fight them. The Canadian Anti-Fraud Center was created by a joint effort by the RCMP, Ontario Provincial Police, and the Competition Bureau to fight mass marketing fraud online and is regularly updated with information regarding popular scams.
Technology is advancing at a greater pace than ever and our governments are trying to catch up to protect the victims. The problem with their initiatives is that they seem to place most of the pressure to protect against cybercrime on potential victims, which could lead to victim-blaming even in cases where, due to age or infirmity, a person may not be tech savvy enough to take every precaution. Their plan needs work to put the onus back on law enforcement to protect against cyber-crime back on those charged with protecting us, but at least it’s there.
Actually regular everyday small target people are getting hacked in Canada and so long as it’s just snooping around, no file changes are made, even if the hacker’s tracks were discovered it sounds like Canada doesn’t have a law yet to accuse them of anything “mischievous” given the info in this article and my own research. Fun fact, the 2015 Digital Privacy Act (toothless btw) is still not being enforced even though it got royal accent in 2015. The CEH market in Canada is going to boom. And while I’m on my soap box, “Responsible Disclosure” is robbing us of our ability to protect ourselves especially the Open Source community (what up!!!) Canada needs to enforce “Full Disclosure” KRACK was discovered in 2016! (WPA2 started in 2004 so that means all our wifi has been unsecured for over a decade! – probably) Blueborne was know about since July but was “Responsibly Disclosed” in September 2017.