Well, this will be the first post in the new location. I hope everyone is able to find and read the blog easily. Please let me know if there are any problems.

Back on 26 Sep, President Bush signed the Identity Theft Enforcement and Restitution Act of 2008. This new law should make it easier for federal prosecutors to deal with hackers and other cybercriminals.

Specifically, the law makes it a felony to damage 10 or more protected computers used by or for the federal government or a financial institution. That means we finally have a tool to start using against the malware writers.

The law also eliminates the current requirement that a prosecutor show that the illegal activity caused $5,000 in damages before he/she could bring charges. This is a big deal for us. Because so many of the damages are “soft”-costs – labor to investigate or repair the breach, etc – few cases were ever brought under the old rules. Now, it should be much easier to get federal support if someone commits a cybercrime against your company.

  • If you suspect a cybercrime, be sure to call your local FBI office as soon as possible. They will have specific instructions on what to do in order to preserve as much evidence as possible.
  • Keep detailed notes of everything you do and all the time you spend working on the cybercrime investigation, repairs, etc. Even if the FBI no longer needs that magic $5,000 to get involved, your records about the damages and costs will be important to the judge when the criminal is finally caught and prosecuted.

The new law allows the Feds to take jurisdiction even when both the criminal and victim live in the same state. Under the old law, the crime had to affect interstate commerce before the Feds could get involved. Since it’s often hard to know where the criminal is working from until far into the investigation, the states were too often left on their own.

Finally, the law has some restitution clauses for the victims of identity theft. Those clauses are rather vague and I suspect will be difficult to enforce. Still, it’s a step in the right direction.

Leave a Reply