Tài liệu Module 02 Hacking Laws doc

Ethical Hacking

and

Countermeasures

Version 6

Mod le II Module II

Hacking Laws

Module Objective

This module will familiarize you with:

• SPY ACT

• U.S. Federal Laws

• United Kingdom’s Cyber Laws

• European Laws

• Japan’s Cyber Laws

• Atl us rai T a :h Cb i At e Cybercrime Act 2001

• Indian Law: The Information Technology Act

• Germany’s Cyber Laws

• Singp y a ore’s Cyber Laws

• Belgium Law

• Brazilian Law

• Canadian Laws

• France Laws

EC-Council

• France Laws

• Italian Law

Module Flow

SPY ACT Germany’s Cyber Laws

U.S. Federal Laws Singapore’s Cyber Laws

European Laws

United Kingdom’s Cyber Laws

Brazilian Law

Belgium Law

Japan’s Cyber Laws Canadian Laws

Australia Act France Laws

EC-Council

Indian Law Italian Law

United States

EC-Council

http://www.usdoj.gov

Mission of (USDOJ) United States Department of Justice is to

enforce the law and defend the interests of the United States; to

ensure p y ublic safety ag g ; ainst threats foreign and domestic; to provide

federal leadership in preventing and controlling crime; to seek just

punishment for those guilty of unlawful behavior; and to ensure fair

and impartial administration of justice for all Americans

EC-Council

http://www.usdoj.gov (cont’d)

EC-Council

NEWS

EC-Council

Source: http://www.usdoj.gov/

Securely Protect Yourself Against

Cyber Trespass Act (SPY ACT)

¿ SEC. 2. PROHIBITION OF [UNFAIR OR] DECEPTIVE ACTS OR

PRACTICES RELATING TO SPYWARE.

• (a) Prohibition- It is unlawful for any person, who is not the owner or

authorized user of a protected computer, to engage in unfair or deceptive

acts or p y ractices that involve any of the following conduct with respect to

the protected computer:

– (1) Taking control of the computer by--

– () g p A utilizing such computer to send unsolicited information or material

from the computer to others;

– (B) diverting the Internet browser of the computer, or similar program of

the computer used to access and navigate the Internet--

(i) i h h i i f h h i d f h (i) without authorization of the owner or authorized user of the computer;

and

(ii) away from the site the user intended to view, to one or more other Web

pages, such that the user is prevented from viewing the content at the

i d db l h di i i h i hid

EC-Council

intended Web page, unless such diverting is otherwise authorized;

Source: http://www.usdoj.gov

SPY ACT (cont’d)

– (C) accessing, hijacking, or otherwise using the modem, or Internet

connection or service for the comp connection or service, for the computer and thereby causing damage uter and thereby causing damage

to the computer or causing the owner or authorized user or a third

party defrauded by such conduct to incur charges or other costs for a

service that is not authorized by such owner or authorized user;

– (E) delivering advertisements that a user of the computer cannot

close without undue effort or knowledge by the user or without

turning off the computer or closing all sessions of the Internet

browser for the computer.

– (2) Modifying settings related to use of the computer or to the

computer's access to or use of the Internet by altering--

– (A) the Web page that appears when the owner or authorized user

launches an Internet browser or similar program used to access and

navigate the Internet;

(B) th d f lt id d t h th I t t th

EC-Council

– (B) the default provider used to access or search the Internet, or other

existing Internet connections settings;

SPY ACT (cont’d)

– (3) Collecting personally identifiable information

th h roug th f e use of a k k eystroke l if i ogging function

– (4) Inducing the owner or authorized user of the

comp p uter to disclose personally identifiable information

by means of a Web page that--

– (A) is substantially similar to a Web page established or

p yp rovided by another person; and

– (B) misleads the owner or authorized user that such Web

page is provided by such other person

EC-Council

Legal Perspective

(U S Federal Law) (U.S. Federal Law)

Federal Criminal Code Related to Computer Crime:

¿ 18 U.S.C. § 1029. Fraud and Related Activity in

Connection with Access Devices

¿ 18 U S C 18 U.S.C. § 1030 . Fraud and Related Activity in Fraud and Related Activity in

Connection with Computers

¿ 18 U.S.C. § 1362. Communication Lines, Stations, or

Systems

¿ 18 U.S.C. § 2510 et seq. Wire and Electronic

Communications Interception and Interception of Oral

Communications

¿ 18 U.S.C. § 2701 et seq. Stored Wire and Electronic

C i ti d T ti l R d A

EC-Council

Communications and Transactional Records Access

Section 1029

Subsection (a) Whoever -

(1) knowingly and with intent to defraud produces, uses, or traffics in

one or more counterfeit access devices;

(2) knowingly and with intent to defraud traffics in or uses one or

more unauthorized access devices during any one-year period, and

by such conduct obtains anything of value aggregating $1,000 or

more during that period;

(3) knowingly and with intent to defraud possesses fifteen or more

devices which are counterfeit or unauthorized access devices;

(4) knowingly, and with intent to defraud, produces, traffics in, has

control or custody of, or possesses device-making equipment;

EC-Council

Section 1029 (cont’d)

(5) knowingly and with intent to defraud effects transactions, with 1 or

more access devices issued to another person or persons to receive sons, to receive

payment or any other thing of value during any 1-year period the

aggregate value of which is equal to or greater than $1,000;

(6) ith t th th i ti f th i f th d i (6) without the authorization of the issuer of the access device,

knowingly and with intent to defraud solicits a person for the

purpose of—

(A) ff i d i (A) offering an access device; or

(B) selling information regarding or an application to obtain an access

device;

(7) knowingly and with intent to defraud uses, produces, traffics in,

has control or custody of, or possesses a telecommunications

instrument that has been modified or altered to obtain

th i d f t l i ti i

EC-Council

unauthorized use of telecommunications services;

Section 1029 (cont’d)

(8) knowingly and with intent to defraud uses, produces, traffics in,

has control or custody of or possesses a scanning r has control or custody of, or possesses a scanning receiver; eceiver;

(9) knowingly uses, produces, traffics in, has control or custody of, or

possesses hardware or software, knowing it has been configured to

insert or modify telecommunication identifying information

associated with or contained in a telecommunications instrument

so that such instrument may be used to obtain telecommunications

service without authorization; or

(10) without the authorization of the credit card system member or its

agent knowingly and with intent to defraud causes o agent, knowingly and with intent to defraud causes or arranges for anges for

another person to present to the member or its agent, for payment,

1 or more evidences or records of transactions made by an access

device

EC-Council

Thư viện tri thức trực tuyến

Tài liệu Module 02 Hacking Laws doc

Nội dung xem thử

Mô tả chi tiết

Tài liệu tương tự (6)

Tài liệu Module 6: Deployment Tools and ADC Tools pptx

Tài liệu Module 8: Cross- Forest/Multi-Forest pptx

Tài liệu Module 5: Clustering doc

Tài liệu Module 1: Introduction to Windows Clustering docx

Tài liệu Module 3: Preparing for Cluster Service Installation docx

Tài liệu Module 7: Minimizing the Impact on Network Operations During a Domain Restructure docx