SUN EDITORIAL:

Hacking your life

The law fails to deter hired cyber thieves from breaking into people’s online accounts

Saturday, Sept. 12, 2009 | 2:07 a.m.

A Virginia woman discovered that her married boyfriend had other girlfriends, and she decided to seek revenge online. According to federal prosecutors, she hired computer hackers to help.

Elaine Cioni paid hackers $100 for the password to her boyfriend’s AOL e-mail account, according to prosecutors, and for an extra $100, she received the e-mail passwords of her boyfriend’s wife, children and one of his girlfriends.

No one had a clue she had access.

The Washington Post recently reported that she was caught only after she started making harassing phone calls to her boyfriend and his family. (She used an online “spoofing” system that disguised her voice.)

Convicted of violating federal law, she is serving a 15-month prison sentence.

The case raises the frightening reality of the online world: You’re not as secure as you think you are. E-mail, Facebook, Twitter and other online accounts can be compromised.

“This is an important point that people haven’t grasped,” said Peter Eckersley of the Electronic Frontier Foundation. “If you have any hacker who is competent and spends the time and targets you, he’s going to get you.”

There are plenty of online hackers for hire who can do the job, and they have largely been out of the reach of law enforcement. Many are thought to operate from other countries.

Law enforcement typically ends up chasing the people who hire the hackers. Under federal law, it is a misdemeanor — not a felony — to hack into someone’s e-mail or online account, making it less of a priority for law enforcement officials. It takes other criminal activity — such as the harassment in Cioni’s case — to become a felony.

Given the American public’s reliance on e-mail, breaking into someone’s e-mail account should be viewed as the same as breaking into a home mailbox. Congress should make it a felony and give federal officials more resources to crack down on this crime.

Discussion: 2 comments so far…

Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy.

By KillerB

Sept. 12, 2009

6:25 a.m.

Suggest removal

"...breaking into someone's e-mail account should be viewed as the same as breaking into a home mailbox."

Wrong, Sun -- the home mailbox technically isn't private property, it belongs to the federal government.

With all the email providers available, the "victims" you spotlighted here had the choice to just move to a more secure provider and didn't take it. + AOL could have solved the problem as a security breach.

The problem is the odd case like this creates justification for unwarranted invasions of privacy by more intrusive federal law. The internet needs to stay free!
By JohnF

Sept. 12, 2009

10:01 a.m.

Suggest removal

Some things you can do to protect yourself:

1. Don't make passwords to any on-line account something easy to figure out, like your birthday, your spouse's birhday, or your dog's name.

2. Don't use the same password for multiple accounts.

3. Make sure your computer has a firewall protecting it from intrusion.

4. If you use a wireless router in your home, make absolutely certain access is protected.

5. Change your passwords frequently. It doesn't have to be by much to confound a hacker.

If for instance, you've started with the names of your two dogs - roverspot - as a password, it's a simple thing to change a number or two to a letter. So now roverspot can become r8versp8t. A month from now change another and r8versp8t turns into r8v3rsp8t.

No hacker will ever guess that and it will take any program that tries brute force attacks much longer to figure out.

6. Most of all, stay vigilant and be aware of things like e-mails you haven't read being opened unusual account activity.