Computer Fraud and Abuse Act – Page 2

Virginia state lawmaker accused of breaching former campaign manager’s Facebook, Gmail accounts

Posted on July 12, 2019 by Jeff Stone

Dawn Adams, a sitting member of the Virginia House of Delegates, is accused in a new lawsuit of violating federal anti-hacking laws for allegedly accessing the Facebook, banking and other personal accounts of her former campaign manager. Maureen Hains, Adams’ former campaign manager and communications director, filed suit Thursday, alleging her former boss broke laws including the Computer Fraud and Abuse Act, the Stored Communications Protection Act and the Virginia Computer Crimes Act. Hains was working for Adams, a Democrat representing a district outside Richmond, as a legislative assistant in April of this year when she experienced a health crisis for which she needed to be hospitalized. According to the 20-page complaint, upon learning of Hains’ condition, Adams immediately began asking Hains about her condition and when she would return to work. During the hospital stay, according to the lawsuit, Adams asked Hains’ girlfriend for the password to her personal […]

The post Virginia state lawmaker accused of breaching former campaign manager’s Facebook, Gmail accounts appeared first on CyberScoop.

Continue reading Virginia state lawmaker accused of breaching former campaign manager’s Facebook, Gmail accounts→

Judge won’t toss ex-hedge fund manager’s claim Brevet Capital hacked his email

Posted on July 11, 2019 by Jeff Stone

A federal judge has ruled that a former managing director of Brevet Capital Management — an asset firm that oversees billions of investment dollars — can move forward with a proposed lawsuit alleging that the company hacked into his personal accounts. U.S. District Judge William H. Pauley on Tuesday denied a request from Brevet Capital to reconsider a previous court decision not to dismiss the case. In May, another judge ruled that Paul Iacovacci could move forward with claims that Brevet had violated the Computer Fraud and Abuse Act and other laws by accessing accounts and hard drives to read his personal email and extract data from his personal hard drives. Brevet previously has acknowledged accessing the data but denies any wrongdoing. The case, first filed in September, highlights uncomfortable questions about what information employers can access about their employees, and how they obtain that access. The issue is an especially pressing security question, as […]

The post Judge won’t toss ex-hedge fund manager’s claim Brevet Capital hacked his email appeared first on CyberScoop.

Continue reading Judge won’t toss ex-hedge fund manager’s claim Brevet Capital hacked his email→

Private sector warms to U.S. Cyber Command carrying out ‘hack backs’

Posted on June 19, 2018 by Ryan Duffy

The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector, and when appropriate, the military’s hacking unit should hit back, three experts said Monday. The controversial idea entails taking the fight to nefarious actors by attacking their computer network in-kind, probing for exfiltrated data and employing measures to retrieve or destroy stolen information. The three individuals, with experience in the private sector, intelligence community and military, spoke at a panel organized by APCO. They concurred that if companies feel compelled to hack back, they should delegate any potential response to the government. If retaliation is warranted, U.S. Cyber Command should carry it out. “I think if it’s going to happen, it’s best in the hands of the government,” said Sean Weppner, chief strategy officer at NISOS Group and a former DOD cyber officer. No company has the intelligence, offensive tools and contextual understanding of the […]

The post Private sector warms to U.S. Cyber Command carrying out ‘hack backs’ appeared first on Cyberscoop.

Continue reading Private sector warms to U.S. Cyber Command carrying out ‘hack backs’→

Rep. Graves: ‘Active defense’ bill will launch a new industry

Posted on November 27, 2017 by Patrick Howell O'Neill

One of the authors of a controversial “hack back” bill in Congress believes the legislation can launch a new industry around “active defense” that allows companies to strike back against hackers who steal data. Rep. Tom Graves, R-Ga., predicts the private sector will develop new tools that will add a new layer of deterrence. Graves, who strenuously objects to the “hack back” terminology for the bill, spoke with CyberScoop earlier this month about the legislation. “You currently have a 1.5 percent conviction rate in cyberattacks,” Graves said. “I think you’ll see that rate go up because attribution will go up, but also because I think you’ll see the number of attacks reduced. And then you’ll see information sharing occurring prior to successful attacks, which will protect additional systems and networks as information being shared about attacks taking place or attempted attacks and the process they’re going about.” Graves and Rep. Kyrsten Sinema, D-Ariz., […]

The post Rep. Graves: ‘Active defense’ bill will launch a new industry appeared first on Cyberscoop.

Continue reading Rep. Graves: ‘Active defense’ bill will launch a new industry→

AC/DC Act: Good in Theory, Terrible in Practice

Posted on November 9, 2017 by Mark Rasch

Earlier this month, Georgia Congressman Tom Price introduced H.R. 4036, the Active Cyber Defense Certainty Act (AC/DC Act). The legislation would permit certain “victims” of cyberattacks to engage in certain types of “active defense” or “hack back” free from both civil and criminal liability under the Computer Fraud and Abuse Act. It would also empower..

The post AC/DC Act: Good in Theory, Terrible in Practice appeared first on Security Boulevard.

Continue reading AC/DC Act: Good in Theory, Terrible in Practice→

“Hacking back” legislation is back in Congress

Posted on October 13, 2017 by Patrick Howell O'Neill

A bill legalizing companies’ ability to “hack back” after they’ve been attacked is back on track after months of feedback. Let’s unpack. Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Ariz., introduced a modified Active Cyber Defence Certainty (ACDC) Act on Friday allowing companies to “hack back” against hackers in an effort to identify and stop cyberattacks. The ACDC amends the Computer Fraud and Abuse Act (CFAA), which makes it illegal to access computers without authorization. Companies and individuals would be granted the right to “active defense” using various ways to identify, disrupt and possibly even destroy data in the name of “hacking back.” “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” Graves said in a statement. “I thank everyone who helped sharpen this idea and improve the legislation. I look forward to continuing the conversation and formally introducing ACDC in the next few weeks.” […]

The post “Hacking back” legislation is back in Congress appeared first on Cyberscoop.

Continue reading “Hacking back” legislation is back in Congress→

New Bill Seeks Basic IoT Security Standards

Posted on August 1, 2017 by BrianKrebs

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices. Continue reading New Bill Seeks Basic IoT Security Standards→

Bill proposes letting victims of cybercrime hack the hackers

Posted on March 13, 2017 by Lisa Vaas

What could possibly go wrong? Republican Tom Graves’ bill ‘might result in harm to innocent parties’, warns law professor Continue reading Bill proposes letting victims of cybercrime hack the hackers→

Proposed Bill Would Legally Allow Cyber Crime Victims to Hack Back

Posted on March 8, 2017 by Mohit Kumar

Is it wrong to hack back in order to counter hacking attack when you have become a victim? — this has been a long time debate.

While many countries, including the United States, consider hacking back practices as illegal, many security firms and experts believe it as “a terrible idea” and officially “cautions” victims against it, even if they use it as a part of an active defense strategy.

Continue reading Proposed Bill Would Legally Allow Cyber Crime Victims to Hack Back→

DoD Opens .Mil to Legal Hacking, Within Limits

Posted on November 23, 2016 by BrianKrebs

Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense, according to a new military-wide policy for reporting and fixing security vulnerabilities.

Security researchers are often reluctant to report programming flaws or security holes they’ve stumbled upon for fear that the vulnerable organization might instead decide to shoot the messenger and pursue hacking charges. But on Nov. 21, the DoD aimed to clear up any ambiguity on that front for the military’s substantial online presence, creating both a centralized place to report cybersecurity flaws across the dot-mil space as well as a legal safe harbor (and the prospect of public recognition) for researchers who abide by a few ground rules. Continue reading DoD Opens .Mil to Legal Hacking, Within Limits→