The boy who hacked celebrity heiress and vixen Paris Hilton’s mobile phone received a sentence of 11 months of detention in a juvenile facility in Massachusetts last month.
In another, separate hacking case this fall, involving juvenile defendants in Florida, the Bay County school administration, in Panama City, Fla., recommended that three students accused of hacking a computer to change grades for friends be expelled.
The standards for setting charges — and later sentences — differs dramatically on a state by state basis, experts tell the E-Commerce Times. But one thing is increasingly clear — authorities are stepping up action against hackers of mobile phones, PDAs and conventional computer systems.
“Computer hacking is not fun and games,” said U.S. Attorney Michael Sullivan, who prosecuted the Paris Hilton hacker case in Massachusetts. “Hackers cause real harm to real people as graphically illustrated in this case.”
The Hilton case began earlier this year, when a teenager, whose name has been withheld by authorities, hacked into T-Mobile’s systems and pilfered information from the socialite’s mobile phone. The boy confessed to other allegations too — such as making bomb threats.
Prosecutors say they would have had even harsher sentencing, had they chosen to charge the 17-year-old boy as an adult. “Would-be hackers, even juveniles, when appropriate, should be put on notice that such criminal activity will not be tolerated and that stiff punishments await them if they are caught,” said Sullivan.
In addition to the 11 months of detention in a Boston area facility, the youth will also have to endure two years of supervised release. What’s more, he is banned from using the Internet during that time, primarily for making Hilton’s mobile phone address book available on the Internet, and violating the privacy of other celebrities, like tennis star Anna Kournikova and rapper Eminem.
The boy apparently obtained some of his information through “social engineering” and by exploiting a flaw in T-Mobile’s Web site, which did not protect passwords effectively.
Mobile phone experts claim there are other, technological measures that can be taken by users such as Miss Hilton to prevent this kind of hacking in the future. “Mobile devices include basic security functions, such as turning off Bluetooth’s discoverable mode, and auto locking the device after assigning passwords to private records,” Shane Coursen, senior technical consultant for Kaspersky Lab, the Moscow-based IT security consultancy, told the E-Commerce Times. “And even with all of this, mobile phone security technology is still in its infancy.”
A Secure Future
New developments in mobile phone software should make the phones even more secure in the future, and prevent embarrassing incidents such as the disclosure of cell phone address books online.
“Most people do not realize the complexity of the operating systems that run on these devices,” Josh Daymont, director of research for SecureWorks, an IT security company, told the E-Commerce Times. “They are susceptible to the same breaches of security that desktops are.”
This includes the development of anti-virus scanners for mobile phones, similar to those available for PCs. Scanning of storage technology — like SD memory cards — is also emerging.
“As for the average consumer, the idea of mobile device security is just starting to take hold,” said Coursen. “This makes sense because most of us don’t consider our PDA or phone that critical of a device.”
Down the East Coast, in Florida, three 16-year-olds were turned over to police, and the school administration is seeking their expulsion from high school. The students obtained access to a computer system and changed grades for a friend. They did not change their own grades, for apparently they were excellent students, who were excelling in computer science classes and other subjects.
Ultimately, prevention — not just law enforcement — will be the key to stopping hackers of all ages. Bay High School Principal Larry Bollinger says that his school is now “taking steps” to improve cyber-security in the wake of the latest teenage hacking incident there.
Meanwhile, some would-be hackers have been taking advantage of weaknesses in personal and corporate wireless fidelity (WiFi) networks to gain free Internet access. While a few laws have been written in response to this behavior, a number of experts doubt whether criminal prosecution of any such “offenders” will succeed.
There has been at least one case overseas and some domestically in this area — in fact, one Michigan man was given the longest hacking-related sentence in American history over his WiFi finagling. But some lawyers think that if the defendants press their rights, in the end they will not be jailed.
Attorney Evan Barr, formerly the chief of the major crimes unit at the U.S. Attorney’s office for the Southern District of New York, and now a lawyer with Steptoe & Johnson, said the courts have long held it is not illegal to intercept calls placed by users of cordless and mobile phones.
“That’s because people who use these devices do not have any reasonable expectation of privacy under the Fourth Amendment,” Barr said. “WiFi basically operates on the same principle as these devices, so it seems unlikely that a prosecution for stealing a WiFi signal could withstand judicial scrutiny.”