Hacker Kid

You remember Jonathan James? He made national news a couple of weeks ago. You know, he's that nice 16-year old young man sentenced to juvenile detention for hacking into computers at the Pentagon, NASA, BellSouth, the Miami-Dade school system and many other places. That's pretty funny. Right?

Can you imagine that some nasty judge put him in jail? Young Jonathan put it so well when he said, "I don't think they should be putting a kid in jail because he proved they don't have very good security."

Fortunately, poor misunderstood Jonathan didn't delete files or infect any computers with viruses while he was engaged in his youthful mischief. As his father put it, "All he did was go look at top secret government information."

Hey, you know what they say--values come from the home. I can see where Jonathan learned his.

His father described his son as contrite. I guess that the obscene gesture he made at the courthouse to a photographer was yet another minor aberration.

Jonathan was lucky that I wasn't the judge.

Computer crime isn't a joke. This attitude that he did them a favor by showing them that their security was bad is warped-absolutely and completely warped.

I suppose that Daddy James would be the first one thanking the burglar for breaking into his poorly secured home if the burglar only looked at his most private and personal possessions, but didn't take anything.

We're at a point where computers are an essential part of our society's infrastructure. Any crime that touches the infrastructure of our society is by definition a significant crime. As such, we must begin to take computer crime seriously.

The "ILOVEYOU" virus fiasco a few months ago is yet another example of the types of problems that can come from computer crime. "ILOVEYOU" disrupted businesses, governments, and people worldwide. We cannot permit these sorts of things to happen.

"ILOVEYOU" demonstrates that every computer has the capability of being a weapon of mass disruption, even destruction. Look at the havoc caused by the "ILOVEYOU" virus. As we become even more dependant on computers, hackers will have even more opportunities to cause mass disruption or destruction.

"Wasn't it cool when I turned off the air traffic control system?" "Wasn't it great when I turned off all the respirators in the hospital from home?" I assure you that it's just a matter of time before the things hackers do become even more outrageous and dangerous.

Hey why not? As young Jonathan put it, "All the girls thought it was cool." If you're a male over about age 14, what more reason do you need to do something really stupid.

The problem with security, whether it's hi-tech computer security or physical security is that "perfect" is an impossible goal. We don't even really aspire for perfect security and safety in life. If the goal was "perfect," I doubt you'd let your kids out of the house. The goal is reasonable security.

No matter what you do with security, the maxim, "For every measure there's a counter-measure" holds true.

Still, everybody can and should implement three basic security concepts. You should start with controlling physical and logical access to sensitive information. Your methods could include passwords and encryption.

Next, you should require individual accountability for sensitive information and identify those with access. Finally, you need to have audit trails that show who accessed what information. Your audit trail should be able to answer the basic who, what, where, when, why, and how questions.

All too often, we see computer crime as not that big a deal. While the Computer Abuse Act of 1984 imposes a $250,000 fine or a five-year prison sentence, or both, for each offense, it just doesn't often work that way.

While I don't have any formal study to cite, experience has taught me that computer crime is generally not sternly punished. Look at what Jonathan's case has shown us. Break into Pentagon computers and get only six months of detention.

We need to have a basic change in attitude about computer crime. What we must to do is use harsh punishment along with reasonable security as deterrents. We have to deliver the message that hacking and other computer crime are so difficult to prevent and the dangers that come from them are so great that our society simply won't tolerate them.

What Jonathan did wasn't a childish prank. He was playing with - he didn't know what. Saying that there were no horrible consequences from what he did is like justifying drunk driving by saying, "But I got home and I didn't have an accident."

By the way, I said earlier that, "Jonathan was lucky that I wasn't the judge." If I'd been the judge in a world with perfect laws, Jonathan wouldn't get out of jail until he was 21 and would never, never, never earn a living in any job involving computers or programming. That's punishment. That's a message to others.