Hackers might face stiffer sentences in US

Even before a loosely organised group of hackers broke into the CIA's and Senate's public websites, the White House asked for stiffer sentences for breaking into government and private computer networks. Last month the Obama administration pressed Congress to pass stronger measures, including a doubling of the maximum sentence for potentially endangering national security to 20 years in prison. While it remains to be seen if the proposal will become law, the question of how to fight cyber-crime has risen to the fore in recent weeks with a spate of high-profile, and sometimes, sophisticated, attacks. The computer break-ins have targeted multinational companies and institutions, including Sony Corp, Citigroup and the International Monetary Fund. Sony faces dozens of lawsuits related to the theft of consumer data from its Playstation network. Article continues below Also, in the latest flurry of hack-ins, the loosely organised group Lulz Security said it broke into the Senate's and CIA's public websites, as well as Sony and other targets. "It's been a busy month," said James Lewis, of the Centre for Strategic and International Studies think tank. Big mistake Lewis said "hacktivists," who often break into websites to make a political point or generate publicity, made "a big mistake" in going after the public websites of the FBI and the CIA. But tackling cybercrime —as well as other kinds of cyberattacks — has often been complicated by the difficulty of determining who is responsible. "Smoking keyboards are hard to find," said Frank Cilluffo, director of George Washington University's Homeland Security Policy Institute. "Anonymity of cyberspace, the lack of being able to do 100 per cent attribution makes it difficult from a national security standpoint, obviously, if you don't know who is behind the clickety clack of the keyboard, or even if you do, you don't have 100 per cent confidence," he said. Under current law, for first-time offenders, the Computer Fraud and Abuse Act sets a maximum of 10-year prison sentences for breaking into a US government computer if national security is at stake, a maximum of five years for breaking into a computer in order to steal, and one year for stealing a password to a financial institution or accessing a government computer, for example to deface it. Under the White House proposal, the 10-year maximum sentence for potentially endangering national security would become a 20-year maximum, the five-year sentence for computer thefts up to $5,000 would become a 10-year sentence and the one year maximum for accessing a government computer — either to deface it or download an unimportant file — could become a three-year sentence.