Hackers will face tougher penalties in the U.S. if the Obama administration's proposed cyber-security measures become law, in an attempt to deter attacks on critical online infrastructure.Under the new law, hackers would face 20 years in prison for endangering national security, 10 years for stealing data and three years for accessing a government computer.
The proposal doubles the penalties from current laws in nearly every category, responding with force to the spate of hacks that have made headlines this last month.The Obama administration first suggested the law last month, before the hacking group LulzSec broke into FBI, CIA and U.S. Senate websites. If prosecuted under the new law, its members could face hefty prison terms for flaunting national security.Compared to the anonymous hacks against Lockheed Martin and the International Monetary Fund, however, LulzSec's distributed denials-of-service, or DDoS, attacks against government websites were merely an annoyance.
Groups like LulzSec, who hack for the fun of it, may face the same sentences as serious data thieves under the cyber-security plan.
Either way, the trouble lies in catching computer hackers who use botnets and server mis-location to cover their tracks. Months after Sony's disastrous data breach left 100 million users' information exposed, Sony and the FBI still haven't found those responsible for the attack.
Tracking down "smoking keyboards" is not impossible, however, as Spain and Turkey proved by arresting members of the Anonymous hacking group. Spain's authorities captured three men accused of intending to publish "sensitive data" about Spanish politicians and policemen. Turkey nabbed 32 Anonymous hackers that had coordinated DDoS attacks against the Turkish government after the country announced plans to restrict Internet services starting this August.
Arresting hackers may deter some from attempting further exploits, but in Anonymous' case the group's loose-knit organization means hundreds of new hackers can rise to fill one member's shoes.
Furthermore, some hackers may have government backing, as IMF officials believe was the case in their hack and as Google alleges happened to them in China.If governments are indeed involved in some of the major recent hacks, things could get sticky, as the Pentagon is set to publish a policy to use physical force against online crime. As one official warned, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
The difficulties of catching and prosecuting hackers seem nearly insurmountable. But the new law in the U.S. could encourage a reduction in cybercrimes if it makes an example of even a few.
