Scribd
Upload
10 views1 page

Gray Hat Hacking 60

The CFAA allows for the prosecution of unauthorized access to computers, including cases where employees exceed their access rights. Both the FBI and Secret Service handle these crimes, with the Secret Service's responsibilities expanding to protect critical infrastructure. High-profile hacking incidents, such as the breach of the Pentagon's Joint Strike Fighter Project, highlight the ongoing vulnerabilities in government systems and the potential risks posed by hackers.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views1 page

Gray Hat Hacking 60

The CFAA allows for the prosecution of unauthorized access to computers, including cases where employees exceed their access rights. Both the FBI and Secret Service handle these crimes, with the Secret Service's responsibilities expanding to protect critical infrastructure. High-profile hacking incidents, such as the breach of the Pentagon's Joint Strike Fighter Project, highlight the ongoing vulnerabilities in government systems and the potential risks posed by hackers.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition

32
The CFAA has been used to prosecute many people for various crimes. Two types
of unauthorized access can be prosecuted under the CFAA: These include wholly un-
authorized access by outsiders, and also situations where individuals, such as employ-
ees, contractors, and others with permission, exceed their authorized access and
commit crimes. The CFAA states that if someone accesses a computer in an unauthor-
ized manner or exceeds his or her access rights, that individual can be found guilty of
a federal crime. This clause allows companies to prosecute employees who carry out
fraudulent activities by abusing (and exceeding) the access rights their company has
given them.
Many IT professionals and security professionals have relatively unlimited access
rights to networks due to their job requirements. However, just because an individual
is given access to the accounting database, doesn’t mean she has the right to exceed that
authorized access and exploit it for personal purposes. The CFAA could apply in these
cases to prosecute even trusted, credentialed employees who performed such mis-
deeds.
Under the CFAA, the FBI and the Secret Service have the responsibility for han-
dling these types of crimes and they have their own jurisdictions. The FBI is respon-
sible for cases dealing with national security, financial institutions, and organized
crime. The Secret Service’s jurisdiction encompasses any crimes pertaining to the
Treasury Department and any other computer crime that does not fall within the
FBI’s jurisdiction.

NOTE The Secret Service’s jurisdiction and responsibilities have grown since
the Department of Homeland Security (DHS) was established. The Secret
Service now deals with several areas to protect the nation and has established
an Information Analysis and Infrastructure Protection division to coordinate
activities in this area. This division’s responsibilities encompasses the
preventive procedures for protecting “critical infrastructure,” which include
such things as power grids, water supplies, and nuclear plants in addition to
computer systems.

Hackers working to crack government agencies and programs seem to be working


on an ever-bigger scale. The Pentagon’s Joint Strike Fighter Project was breached in
2009, according to a Wall Street Journal report. Intruders broke into the $300 billion
project to steal a large amount of data related to electronics, performance, and design
systems. The stolen information could make it easier for enemies to defend against
fighter jets. The hackers also used encryption when they stole data, making it harder for
Pentagon officials to determine what exactly was taken. However, much of the sensitive
program-related information wasn’t stored on Internet-connected computers, so hack-
ers weren’t able to access that information. Several contractors are involved in the fight-
er jet program, however, opening up more networks and potential vulnerabilities for
hackers to exploit.

You might also like