Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
New Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 
 

Do hacker how-to guides constitute aiding and abetting a criminal?

  Because you have the right to my opinion

The world of cyberspace is fraught with criminals, and many law abiding citizens are struggling to apply existing laws to the web.

For example, we see SQL Injection Hacking Attacks on video all published under the guise of helping the security administrator understand the methods used by criminals to steal data, but with complete disregard for the criminals who will use the instructions to commit crimes.  Many of these "researchers" hide behind the DMCA (Digital Millennium Copyright Act), saying that it gives them the right to reverse engineer software, find vulnerabilities and broadcast them to the public at-large.

However, the DMCA was designed to protect web hosting services and ISP's and not specific web publishers.  In this article, a retired judge Fadeley notes that offering DMCA protection to bloggers and web authors is a serious loophole in the DMCA, and that new legislation is required to make bloggers and "cyber bullies" responsible for damage to people.  See Time for DMCA reform for details.

Irresponsible or illegal?

But not everyone agrees.  Oracle Corporation recently chided some security experts as being "selfish", "irresponsible" and "dangerous" for openly publishing instruction on how-to hack into Oracle databases:

"A few hours after Litchfield went public with a technical description of the flaw, including a blow-by-blow demonstration of ease in which an attack could occur, Oracle lashed back, accusing the British researcher of putting its customers at severe risk for selfish, irresponsible reasons...

Even as he downplayed the severity of the flaw, Harris said Litchfield's decision to go the way of "irresponsible disclosure" was a "dangerous thing to do.""

These types of detailed hacking directions clearly provide criminals with a recipe for hacking into internet databases. 

So, is advising a criminal illegal?

It's clearly irresponsible to publish these guides knowing that criminals will use the techniques, and it shows a clear disregard for the safety of confidential data.  But is it illegal?

The US has felony laws prohibiting aiding and abetting criminal activities, but it is not clear whether these laws extend to aiding cyber criminals, computer fraud, and computer forgery.  According to the FindLaw entry on criminal aiding and abetting a criminal (emphasis added):

"A criminal charge of aiding and abetting or accessory can usually be brought against anyone who helps in the commission of a crime, though legal distinctions vary by state.

A person charged with aiding and abetting or accessory is usually not present when the crime itself is committed, but he or she has knowledge of the crime before or after the fact, and may assist in its commission through advice..."

The larger question is whether giving advice that might be used by criminals constitutes aiding and abetting?  It appears that fore-knowledge that the advice could be used to commit a crime is required to sustain charges of criminal aiding and abetting.

Aiding and abetting a criminal is a serious crime

An argument could be made that someone who publishes step-by-step instructions for hacking into a database could reasonably expect that their instructions will be used by criminals, thereby making them an accessory to the crime.

But what about the "white hat" hacker sites that publishes useful information for criminals under the guise of helping the good guys?  Do they have any culpability when the criminal testifies that they used the instructions to commit their crime, and they could not have done it without the step-by-step directions?

With today's internet technology it's relatively easy to restrict access to hacking how-to guides by simply verifying the "need to know" of readers and verifying the job title of the security administrator who wishes to see the information.

Obvious there is no simple answer to this question.  Free speech advocates strongly believe that people should have the right to publish instruction on how to commit mass murder by tainting consumer products, how to build a hidden bomb, how to embezzle money and other detailed how-to instructions that are of no value to anyone except criminals. 

On the other hand, courts have upheld that publishers are completely responsible for their works, and there is clear culpability when someone publishes information that hurts others.

See my related notes on internet publishing:


 


 

 

��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational