Thursday, June 19, 2008

Hacking And Malware Victim Almost Goes To Jail, The Bad Guy Gets Away.

In early 2007, Michael Fiola was fired from his job. His I.T Department found some really bad material on his computer, these included child pornography images. No one really likes such a man, family and friends abandoned him. Legal proceedings would start soon and Michael would most certainly spend over a dozen years in jail. Michael denied any wrong doing and caused many observers to comment that it was typical for a child pornographer to behave that way. His wife was the only one who believed his story and stood by him during those terrible moments. It took the services of an extremely talented and hard working forsenic investigator, to bring out the truth. As it turned out, the images on the laptop were pretty bad and would prove to be juicy proof in the legal hearing. However it was not Michael who downloaded them, the images appeared on the machine without his knowledge and without any action on his part.

It turned out that the Massachusetts state service that gave Michael the computer was to blame. The I.T department of this office had issued him a laptop that was not well protected. This caused the laptop to be infested with several malware program all without the knowledge of Michael! The story ended well for Michael but it is quite likely that many other computer users could be faced with a similar program. A hacked computer could have it's security compromised and become a puppet, controlled by pranksters and probably fraudsters. The public in general and the legal system in particular has no sympathy for victims like Michael. With the rapid spread of computer and internet usage, frauds related to this technology have managed to keep pace too.

Frightening possibilities exist, a terrorist organization could spread propoganda by sending emails through a computer which had it's security compromised! The U.S could then have the innocent victim rotting in a high security torture prison in the many islands and nations that allow it to open such prisons. Losing a job or being shunned by family members, would be very light as compared to facing systematic physical and mental torture by state investigators. It is unlikely that any lessons will be learned in such cases. The perpetuators of Internet crimes are rarely caught. Special deals with law makers often leave the few that are caught with a light sentence.

There is a very interesting view point that the author of this article would like to make. When you buy a licensed software like MS Windows or MS Office, you do not become the owner of the software. The amount you pay for the licence is something like a rental charge for using the software. It would be illegal to reverse code the software and make any changes to it even if, you are an expert. The reasoning is that, you do not own the software (just rented it) and therefore cannot make any modifications to the software. At the same time, the software publisher (eg. Microsoft) can at any time stop supporting the software and return nothing to you. Given this scenario, it would mean that any security loopholes in the rented software, are the responsibility of Microsoft. The responsibility should not be limited to Microsoft publishing a patch on their website and hoping that you will download it. The resulting damage caused by the security bug should also be compensated for, wait a moment before you criticize this comment. Software publishers are always raising hell regarding piracy and are quick to point out that a software is intellectual property, much like a pen, book, car or house. If this is so let's compare this to renting a house. Let's assume that there was a secret door in the house that you rented, the landlord never informed you regarding this secret door. A thief enters through that door and burgles your house, would the landlord not be held responsible. So let's treat a security loophole in a software as the publisher's (landlord's) respobsibility. The ensuing damages caused by a fraudster exploiting the security loophole should be compensated for by the software publishers. If this is done, the software houses would make a desperate dash to get hold of the fraudsters and the internet would become a safer place to browse, learn, transact and relax in.

No comments: