Hackers

CultureLawWeb & Tech

On March 15, 2017 the US Department of Justice announced that they were laying charges against four people accused of hacking four hundred Yahoo email accounts in 2014. Two of the accused are Russian intelligence officers and a third was in the US but has since fled to Russia. The fourth is one of our own, Hamilton native Karim Baratov, age 22.

Baratov has been roasted by media and law enforcement because he openly flaunted his love of luxury items online. When people asked how he could afford these things, his reply was that he was providing online services.

In the court of public opinion, it sounds like Baratov is guilty of the crimes he’s accused of, even though “online services” could mean everything from sexy video chats to tech support.

This article is not about Baratov. He is currently in jail awaiting his bail hearing in April and plans to fight his extradition to the US where he would face charges of conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud and aggravated identity theft.

This article is about how we address hacking in Canada.

It should be said right off the bat that not all hacking is illegal. One of the definitions of hacking is writing computer programs for fun, which is not illegal if the programs are harmless.

The other definition of hacking is the one most people are most familiar with, which is the act of getting into a computer illegally.

Though it’s never called hacking in the Canadian Criminal Code, the section dealing with the crime is the one used to address mischief. That’s right; the laws against hacking are in the same place you find the law punishing leaving flaming bags of poop on doorsteps on Devil’s Night.

The crime of hacking in Canadian law is called “Mischief in relation to computer data” and is defined as willfully:

  • Detroying or altering computer data
  • Rendering computer data meaningless, useless or ineffective
  • Obstructing, interrupting or interfering with the lawful use of computer data
  • Obstructing, interrupting or interfering with a person in the lawful use of computer data or denying access to computer data to a person who is entitled to access to it.

The punishments are the same as for any other kind of mischief crime. If the act put a life in danger, you’re liable to spend life in jail. If the crime caused damages worth five thousand dollars or more, it’s an indictable offense with a maximum sentence of ten years in jail or a summary conviction which would mean six months in jail or a five thousand dollar fine. If the value of the damage was less than five thousand dollars, you’re facing either a summary conviction or an indictment with up to two years in jail.

Like many crimes, hacking is often done with intent to commit other crimes like fraud, theft, and unauthorized uses of credit card data. A person guilty of hacking could therefore also be found guilty of additional crimes, some of which – like fraud – carry stiffer penalties than mischief.

Canadian law also holds a person responsible if they counseled or made it easier for someone else to commit a crime and they can face the same penalty as the perpetrator who actually did it. They can also face those penalties if they knew or should have known the crime could be committed as a result of their actions or lack thereof.

Though Canadian governments have been criticized as being ill equipped to tackle computer crime, the government seems to be doing its best not only to protect itself from cyber-attacks but also to teach us to protect ourselves.

In 2010, the Harper Government launched the Cyber Security Strategy outlining a long term national plan to deal with computer crime. The website getcybersafe.gc.ca was created by Public Safety Canada and is full of guidelines for ordinary citizens and businesses with the goal of keeping Canadians safer by increasing awareness of common online threats and how to fight them. The Canadian Anti-Fraud Center was created by a joint effort by the RCMP, Ontario Provincial Police, and the Competition Bureau to fight mass marketing fraud online and is regularly updated with information regarding popular scams.

Technology is advancing at a greater pace than ever and our governments are trying to catch up to protect the victims. The problem with their initiatives is that they seem to place most of the pressure to protect against cybercrime on potential victims, which could lead to victim-blaming even in cases where, due to age or infirmity, a person may not be tech savvy enough to take every precaution. Their plan needs work to put the onus back on law enforcement to protect against cyber-crime back on those charged with protecting us, but at least it’s there.

Blog on BlogCulture

aaronswartzWhile considering this week’s keyword search for Blog on Blog, I got thinking about the untimely death of Aaron Swartz and his method of protest, hacktivism.

While many may not agree with Swartz’s reasoning for releasing thousands of academic journals from JSTOR,  the co-founder of Reddit’s suicide was undoubtedly a terrible tragedy.

I’m not going to get into whether or not online activists should be tracked and persecuted to the full extent of the law or whether or not hacktivism should be a legal form of protest; that’s for you to decide.

However, I think readers should keep in mind the government’s roll in his death. Conspiracy theories aside, Aaron Swartz faced numerous legal threats and multiple years in prison for his hacktivism while not a single banker received jail time for the financial crash of 2008.

Currently the government of Canada does not consider hacktivism to be a legal form or protest. Hacktivists are viewed as a threat to businesses and national security. For instance, when Visa’s system was shut down on December 8th, 2010, by the hacktivist group Anonymous, they lost over a hundred and fifty million dollars. That’s one costly hack!

Whatever your opinion of them, hacktivists have undeniably become major players in the world of politics.

So here it is, my top 5 blogs from this week’s keyword search:

Wall Street Protest5. New York Times: What is Hacktivism?

Okay New York Times, once again you have taught me so much. Even though Noam Chomsky tells me not to trust you, I just can’t help myself. So, hacktivism is made up of two words: hacking + activism. But is there more to this word? According to this post, there’s an undercurrent lexical war between parties that want to blemish the neologism for political purposes, and those that want acceptance between online activism and the broader outdoor form of protest. So this is about recognition. Intriguing…

 

bankers

 

4. Village Voice: Where’s the justice?

Once again the Village Voice has hit the nail on the head with underlying issues of judicial imbalance between the federal government’s pursuit of hacktivism and their slap on the wrist approach with big banks. This post will make you very, very angry.

3. Radware: Mitigating attacks in 2013

On the other side of the coin are the businesses trying to protect their back-ends from cyber attacks. There are many, many sites dedicated to protecting businesses’ cyber integrity from “cyber criminals, terrorists.”

catputer According to Radware, these cyber terrorist must be stopped by all means and knowing how to protect yourself can save you from financial ruin.

Well, one man’s hacktivist is another man’s cyber-terrorist.

2. The 9 Ways Hacktivist Shocked the world in 2012

From hackers turning informants to federal agents having their phone conferences tapped, 2012 was a very busy year in the news for hacktivists. This is a must-read list of the audacity of hacktivists and how they have joined different political forces and now must be recognized as either friend or foe.

1. Anon News
anonymousAnon news is the main news and discussion group site of Anonymous, the biggest, most ominously anonymous group on the internet. What makes Anonymous so effective is it’s lack of leadership. It is non-centralized and delivers messages through hacking. Recently this message addressed to President Obama was posted on the site regarding his State of the Union address, which was to be directed at cyber security and security in general. The message told Obama to refrain from trying to regulate the internet…or else!

Anonymous’ focus is to keep a free and open internet. Aaron Swartz would be proud!

 

CultureThe Lemonade Stand

As many of you know, Forget the Box got a wee bit hacked last week.   Unfortunately, these things happen to the best of us.   No cloud being without its smidgen of silver lining, however, our website troubles soon led us into an acquaintance with Terry Cutler, the co-founder of Digital Locksmiths.

Digital Locksmiths is a Montreal-based data defence services company that helps organizations defend themselves against hackers and other malicious online activity. In addition to this, Terry is a Certified Ethical Hacker, speaker and lecturer on internet safety for kids and parents, and a regular contributor to Securityweek.com.

I was able to get in touch with Terry to get some more details about hacking, ethical hacking and being smart on the internet. You’ll find some of the highlights of our conversation below.

 

1. Ethical hacking what is it exactly? How does one become an Ethical Hacker?
Ethical hacking is, essentially, learning how the bad guys do what they do, so that you can prevent it and fix it. I got into it because I was inspired by watching shows like CSI and 24 and wondered how Cloe O’Brian was breaking into all those systems so fast. I did some research and found an organization called The EC-Council that created a course called the Certified Ethical Hacker and in 2005 I got certified through them.

2. Who hacks? (And I mean hacks for malicious intent, not ethically). Is there a profile of a hacker? What are they trying to do?
Hackers come in all shapes and sizes they can be anyone from disgruntled employees, to bored teenagers, to organized criminals. If you remember the Sony Hacker story from earlier this year, you can start to get an idea of how this type of hacking can come from within an organization as well as from without. People hack for fun or revenge or profit it’s often hard to tell what the motivation could be. There are also those hackers that fall under the title of Hacktivists. Remember WikiLeaks? This can range from what seems like espionage to whistleblowing. It’s for, in the minds of the hacktivists at least, in the public interest.

3. What can a blog like ours, or a small business owner operating online, do to protect themselves from hacking and other cyber threats? (Short of hiring Digital Locksmiths!)
Always stay current on your website updates. If you get a few updates behind you can really be opening yourself up to attack. There can also be issues with one hosting provider over another, so do your research and be willing to change if you experience problems.

4. Most of our readers have grown up using the internet for everything – it’s about as natural as breathing. Are there stupid mistakes you find people often make on the internet without giving it a second thought?
A lot of this comes down to social media these days. Most people open emails from what appears to come from someone they know and are easily fooled into clicking on links. What they don’t know is that those links can pull down malware and viruses to your PC. Have you ever gotten an invite on Facebook or LinkedIn in your email inbox and accepted it without going through to the website? This is how a lot of information gets stolen. If you’re dealing with a social media site, always manage your interactions on the site itself and not through the Hotmail inbox.

5. What do you imagine the coming years will hold for internet security? Will we all have retina scanners on our monitors?
Biometrics are a possibility, but what is really happening is increased mobility, especially smartphones. More and more is being done on cell phones pretty soon they could even replace your computer and equally open you up to malicious hacking. When that occurs, you’ll be pretty much back to square one. It’s something that we’re thinking about now, but it can be difficult to predict exactly what will happen.

 

Talking with Terry was incredibly interesting. It’s fantastic to meet someone so knowledgeable in his field and active in the community especially one so willing to share what he knows with the rest of us! Thanks Terry, from all the staff at Forget the Box!

You can find more information about Terry Cutler on his website: www.TerryCutler.com and about Digital Locksmiths at www.digitallocksmiths.ca. I’d also like to recommend you check out one of Terry’s presentations on internet safety for kids and parents. A refresher never hurts for those of us who use the internet every day!

Title photo courtesy of www.photoxpress.com, body photo of Terry Cutler from www.terrycutler.com.