Legal Penalties: Hackers Face Longer SentencesLegal Penalties: Hackers Face Longer Sentences

Convicted virus writers and hackers face stiffer penalties under federal sentencing guidelines that take effect this month. Members of Congress had called for longer prison terms for cybercriminals, and earlier this year the U.S. Sentencing Commission obliged them with new guidelines for a variety of computer-related crimes.

For example, a hacker who deletes medical records, disables emergency systems such as 911, or causes death or serious injury now faces 20 years to life in prison. The maximum jail sentence for most other computer crimes ranges from one year to 15 years.

Those convicted of creating a computer worm or writing a virus can expect 50% more time behind bars than those who committed their crimes before Nov. 1. Hackers who share the information they steal on the Internet will see their prison time doubled. Hackers convicted of stealing personal data or taking over an E-mail account will see 25% more time tacked on at sentencing.

"The government is saying that invasions of privacy are serious crimes and need to be treated like other forms of theft," says Mark Rasch, former head of the Justice Department's computer crimes division and now senior VP and chief security counsel at security vendor Solutionary Inc. "They're also sending a message that interfering with critical infrastructure will have serious consequences."

In August, authorities arrested Jeffrey Parson for allegedly writing and releasing the Blaster-B worm variant. Parson faces up to 10 years in prison and a $250,000 fine if convicted. Under the new sentencing guidelines, he could have faced up to 15 years if convicted.

Serial hacker Adrian Lamo, who gained attention for breaking into the computer systems of large companies and then offering to help fix the security flaws for free, surrendered to authorities last month. A federal complaint alleges he illegally accessed The New York Times' network and racked up a $300,000 tab for searching LexisNexis and altered a database containing the personal information of editorial page contributors. Lamo faces up to 15 years in prison and a $500,000 fine. He would have faced 25% more time under the new guidelines.

It's a big change from 1988 when Cornell University grad student Robert Morris released a worm that infected 6,000 systems on the Internet. He was sentenced to three years probation and 400 hours of community service and was fined $10,000.

Return to main story, The Mind Of A Hacker

Illustration by Peter Horvath