Hackers = Mobsters?

Ok, so as promised: post number 2 of today (just to be pedantic, my today). So, I recently read this in which President Obama said that he wants hackers will be treated, for the purposes of the law, in a manner similar to that of organised crime. Yes, people, that means mobsters, as in Tony Montana or Al Capone. That does make hackers sound so much cooler now that we are imagining them in pinstripe suits and not nerdy T-Shirts, but we must question the validity of this.

My main objection to this is the term "organized", not only due to the fact that I prefer British spelling, but mainly because, it's not always true. Yes, one could say that LulzSec is/was somewhat akin to the famed "Cosa Nostra," but they do indeed prove to be the exception to the rule. The next closest thing is Anonymous, but they are at best a loose collection of similar-ish minded individuals, who got together for one job and then disbanded. Of course some members will carry out attacks in unison after that, but it would almost certainly not be the whole group again.

Further more, there is a somewhat implicit assumption of some form of heirarchy amongst hackers. There may well be "senior" and "junior" member of the group and there may well be some people with more influence or more authority, but no really chain of command, so to speak. To the best of my knowledge there is no Godfather in hacker communities. So, here again the organised argument breaks down.

Of course, the previous is in the case where there is actually more than one person involved. It is neither  impossible nor uncommon, for a single hacker to mounts attacks on a fairly large scale. Yes, I know that the article states that "complex and sophisticated electronic crimes are rarely perpetrated by a lone individual," but there have been reports of single attackers mounted somewhat complex attacks. Granted, they may have obtained resources from other individuals/groups, but they did mainly act alone.  In the case of this single perpetrator, the term organised seems to be a dash irrelevant. I can imagine that the lawmen would be well pressed to somehow fits such a scenario into these laws.

Furthermore one would assume that the Racketeer Influenced and Corrupt Organizations (RICO) Act would be the basis for this new version of the Computer Fraud and Abuse Act (CFAA). I am not a legal expert, but I can imagine that this would be quite challenging. You see, these two classes of criminals live and operate in very different environments, thus making any sort of an analogy difficult. However, this idea is not without merit.

Recently, this story emerged. An Australian blogger wrote about domain-name fraud and found himself in a spot of bother. He was, and still is from what I gather, being DDoSed. The thing is that the log files show the traffic coming from non-existent websites, which are actually death threats to him. One example is “http://lastwarning-shutdown-yourblog-or-die-withyourparklogic.com”. This does seem to be very much like old school mafia behaviour, which lends great credence to this new idea.

So, although it may not be IMHO the best way to go about, it is not without its merits. As this develops further, it may even become an excellent law. Until, all we can do is wait and see.