New U.S. legislation

27 Apr 2007

minute read

Authors

Shane Coursen

After its silent demise last year in Congress, a revamped computer-crimes bill once again made its way onto the dockets of this year’s 110th Congress. H.R. 1525 – an amendment to part one of Title 18 (Chapter 47, section 1030 of U.S. Code) – was approved by the House Energy and Commerce subcommittee. H.R. 1525 is ongoing evolution to the original (I-SPY) Internet Spyware Protection Act of 2005. Specifically, the new bill is “to discourage spyware, and for other purposes”.

One of the other purposes of the bill is to ensure that major security breaches do not go unreported. In certain cases, reporting a computer intrusion to authorities is not just an option, it is mandatory. Because attackers are increasingly going after data stored at large data warehouses (DSW Shoes, TJ Maxx, ChoicePoint, etc.), and then using the stolen information to commit fraud and ID theft-related crimes, this is important protection for consumers.

The bill also protects the company (or person) being attacked. When there is a computer intrusion that results in the potential disclosure of confidential information, details of the attack may not have to be reported to the public. The bill proposes that companies work with law enforcement agencies to investigate the incident before releasing details to the public. This offers the company time to harden its computer security and put into place monitors and procedures for affected clients. Both are preemptive actions that could save the company additional millions in costly lawsuits.

But while the new legislation serves an important purpose, it won’t bring an end to computer crime. We’ve seen attackers regularly target low-hanging fruits. The relatively easy money that can be made from mass-spammed phish e-mails fits in with that model. Too, the anonymity that attackers think the Internet affords to them is empowering; legislation in one country doesn’t necessarily affect somebody in another country. We can thus expect computer fraud and computer invasion crimes to continue for the foreseeable future.

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h1525ih.txt.pdf

Authors

Shane Coursen

New U.S. legislation

Latest Posts

Latest Webinars

Reports

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups.

New U.S. legislation

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

KL@Defcon

Microsoft updates released

Microsoft Updates for June 2007

Microsoft Updates for May, 2007

Patch-free Tuesday

The State of Stalkerware in 2023–2024

The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season

Gaming-related cyberthreats in 2023: Minecrafters targeted the most

Overview of IoT threats in 2023

How cybercrime is impacting SMBs in 2023

Latest Posts

Using the LockBit builder to generate targeted ransomware

XZ backdoor story – Initial analysis

DinodasRAT Linux implant targeting entities worldwide

Android malware, Android malware and more Android malware

Latest Webinars

The Future of AI in cybersecurity: what to expect in 2024

Responding to a data breach: a step-by-step guide

2024 Advanced persistent threat predictions

Overview of modern car compromise techniques and methods of protection

Reports

ToddyCat is making holes in your infrastructure

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

HrServ – Previously unknown web shell used in APT attack

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Subscribe to our weekly e-mails