So, I earlier wrote a post about how they want to try hackers under organised crime laws. Well, I must admit, must to my chagrin, that I may have overlooked some details. Well, not so much details as scenarios and/or types of attackers. My previous post focused primarily on the "breaking and entering" breed of hacker, specifically the kind without any financial motivations. There in, lies my folly.
The attacker I described was the kind that will break a system, to quote the famed LulzSec group, "just for lulz," or with some form of activist agenda, a la Operation Payback. Here the attacker(s) main objective was to point out a weakness in a system, cripple a system as a form of protest, or simply to entertain themselves. Well, in any case, here the idea of organised crime does fall a tad flat, as explained previously.
Now, we move to something a colleague pointed out to me today. If we consider fiscally motivated crimes, then we begin to see the motivation for this kind of approach. Consider the case of identity theft via phishing, for argument's sake. Although this kind of attack can be done alone, there is essentially a mafia that controls large parts of this trade. It is very reminiscent of the classical mobsters, to the extent that there is large speculation of them being linked. Of course I know no knowledge beyond the rumblings of their existance, but I am convinced.
Although there are other, and arguably more sophisticated, ways of committing digital identity fraud, they all do have the same mafia-esque touch to them. Here, the idea of treating these in the same manner as organised crime is not a far fetched idea at all. In fact, I believe it is the right idea.
So, in summary, this idea is not all bad and in fact is very good for certain classes of digital criminals, but not so much for others. Hopefully, the law all over will catch up to all the crazy types of security threats in our crazy world.
Posts
No comments:
Post a Comment