Hacking School Information needed! -Alex Hashman

1. Types of hackers:script kiddies — thrill-seeking teens who mostly hack for fun and bragging rights.
2. hacking group — script kiddie who form groups to disrupt a good deal of business together rather than alone
3. hacktivists — skillful and politically motivated, these hackers believe they’re fighting a war and their weapon is cybersecurity
4. black hat professionals — do hacking for a living and are typically highly experienced in penetrating nearly impenetrable targets
5. organized criminal gangs — are the cybersecurity mafia; they are professional criminals who abide by rules and ensure all activities are done under the radar
6. nation-states — yes, there is such a thing. nation-states is organized cybercrime that runs internationally with political, economic, and military targets
7. then there are the cyber weapons dealer — this criminal is experienced and acts as a salesperson; motivated by money, the dealer sells software to organized criminal gangs and nation-states
8. Security is a continuous process and proper awareness can help you guard against cybersecurity threats!
9. Someone who hacks into another person's computer could be punished by a number of different crimes, depending on the circumstances. The law punishes hacking under the computer crime statutes. These crimes carry penalties ranging from a class B misdemeanor (punishable by up to six months in prison, a fine of up to $1,000, or both) to a class B felony (punishable by up to 20 years in prison, a fine of up to $15,000, or both). The law also punishes unauthorized access to a computer or computer network, with penalties ranging from a class B misdemeanor to a class D felony (punishable by up to five years in prison, a fine of up to $5,000, or both).
10.  
11. A number of generally applicable crimes could also apply. For example, hacking could be done to commit identity theft or larceny and it could be punished under those generally applicable crimes.
12. In addition to criminal penalties, the law specifically authorizes someone harmed by a computer or unauthorized use crime to bring a civil lawsuit against the perpetrator. These civil actions are in addition to any other grounds for a civil action that the injured party may have.
13.  
14. COMPUTER CRIMES
15.  
16. A person commits a “computer crime” when he or she:
17.  
18. 1. accesses a computer system without authorization;
19.  
20. 2. accesses or uses a computer system to obtain unauthorized computer services (including computer access, data processing, and data storage);
21.  
22. 3. intentionally or recklessly disrupts, degrades, or causes disruption or degradation of computer services or denies or causes denial of computer services to an authorized user; or
23.  
24. 4. intentionally or recklessly tampers with, takes, transfers, conceals, alters, or damages any equipment used in a computer system.
25. It is also a computer crime to misuse computer system data. A person commits this crime by:
26.  
27. 1. accessing a computer system to use, disclose, or copy data residing in, communicated by, or produced by a computer system;
28.  
29. 2. intentionally or recklessly and without authorization (a) tampering with, damaging, or taking data intended for use by a computer system or (b) intercepting or adding to data residing within a computer system;
30.  
31. 3. knowingly receiving or retaining data obtained through misuse of computer system information; or
32.  
33. 4. using or disclosing data he or she knows or believes was obtained through misuse of computer system information (CGS § 53a-251).
34.  
35. The punishment for committing one of these computer crimes depends on the damage caused and risk of harm created. Table 1 displays the five degrees of computer crime, the amount of damage or harm required for each, and their penalties.
36.  
37. Table 1: Degrees of Computer Crime and the Requirements for Each Penalty (CGS § 53a-252 et seq.)
38.  
39. Degree of Computer Crime
40.  
41. Amount of Damage or Harm Required
42.  
43. Penalty
44.  
45. 1st degree
46.  
47. Damage to or the value of the property or computer services is over $10,000
48.  
49. B felony (up to 20 years in prison, a fine of up to $15,000, or both)
50.  
51. 2nd degree
52.  
53. Damage to or the value of the property or computer services is over $5,000
54.  
55. C felony (up to 10 years in prison, a fine of up to $10,000, or both)
56.  
57. 3rd degree
58.  
59. ● Damage to or the value of the property or computer services is over $1,000
60.  
61. ● Reckless conduct that creates a risk of serious physical injury to another person
62.  
63. D felony (up to five years in prison, a fine of up to $5,000, or both)
64.  
65. 4th degree
66.  
67. Damage to or the value of the property or computer services is over $500
68.  
69. A misdemeanor (up to one year in prison, a fine of up to $2,000, or both)
70.  
71. 5th degree
72.  
73. Damage to or the value of the property or computer services, if any, is $500 or less
74.  
75. B misdemeanor (up to six months in prison, a fine of up to $1,000, or both)
76.  
77. By law, the value of property or computer services in a computer crime is (1) their market value; (2) if they are unrecoverable, damaged, or destroyed, the cost of reproducing or replacing them; (3) $250 if their value or damage cannot be satisfactorily ascertained; or (4) $1,500 for private personal data (CGS § 53a-259).
78.  
79. The law allows the court to require someone convicted of a computer crime to pay up to double the amount of the defendant's gain from the crime, instead of paying a fine (CGS § 53a-257).
80.  
81.  
82. The law gives Connecticut courts jurisdiction whenever any act in furtherance of a computer crime occurs in this state or any computer system or part of one accessed in a computer crime is located in this state (CGS § 53a-261).
83.  
84. UNAUTHORIZED USE OF COMPUTER OR COMPUTER NETWORK
85.  
86. It is a crime to use a computer or computer network without authority and with the intent to:
87.  
88. 1. temporarily or permanently remove, halt, or disable computer data, programs, or software;
89.  
90. 2. cause a computer to malfunction;
91.  
92. 3. alter or erase computer data, programs, or software;
93.  
94. 4. create or alter a financial instrument or an electronic funds transfer;
95.  
96. 5. cause physical injury to another's property;
97.  
98. 6. make or cause to be made an unauthorized copy of computer data, programs, or software residing in, communicated by, or produced by a computer or computer network; or
99.  
100. 7. falsify or forge email information or other routing information in any manner in connection with the transmission of unsolicited bulk email through or into the computer network of an electronic mail service provider or its subscribers.
101.  
102. This crime is a class B misdemeanor but if the person causes over $2,500 in property damage it is a (1) class A misdemeanor if the person acted with reckless disregard for the consequences of his or her actions and (2) class D felony if the person acted maliciously (CGS § 53-451).
103.  
104. TERRORISM
105.  
106. The law makes it a class B felony if a person commits a computer crime or unauthorized use of a computer or computer network with intent to intimidate or coerce the civilian population or a unit of government. When the crime is directed against a public safety agency, the law imposes a five year mandatory minimum sentence (CGS § 53a-301).
107.  
108. OTHER CRIMES
109.  
110. Depending on the circumstances, a person who hacks into another's computer could be punished by a number of generally applicable crimes.
111.  
112. For example, if the hacking is done to take personal identifying information for certain purposes, it could be punishable as identity theft. Penalties for identity theft range from a class D to class B felony, primarily based on the value of property taken through the use of personal identifying information and the victim's age (CGS § 53a-129a).
113.  
114. A person could also hack into a computer to commit larceny. Larceny is intentionally and wrongfully taking, obtaining, or withholding property from an owner in order to appropriate it to himself, herself, or another. The penalties for larceny range from a class C misdemeanor (punishable by up to three months in prison, a fine of up to $500, or both) to a class B felony, primarily based on the value of the property taken (CGS § 53a-118 et seq.).
115.  
116. CIVIL ACTIONS
117.  
118. The law specifically authorizes someone harmed by a computer or unauthorized use crime to bring a civil lawsuit against the perpetrator. These civil actions are in addition to any other grounds for a civil action that the injured party may have.
119.  
120. Computer Crime
121.  
122. Anyone who believes a person has engaged, is engaging, or is about to engage in a computer crime can file a civil action for (1) a temporary or permanent order preventing the activity; (2) restitution; or (3) appointment of a receiver.
123.  
124. A person who suffers a personal injury or damage to his or her business or property can also bring an action for damages. The person can recover actual damages, unjust enrichment, triple damages if the defendant acted wilfully and maliciously, reasonable costs, and reasonable attorney's fees (CGS § 52-570b).
125.  
126. Unauthorized Use
127.  
128. A person whose property or person is injured by unauthorized use of a computer or computer network can bring a civil action to enjoin further violations and to recover actual damages, including lost profits, and the costs of the action (CGS § 53-452). The attorney general can also bring an action (CGS § 53-453).
129.  
130.  
131. 7 easy ways to avoid being hacked
132. Cale Guthrie Weissman Apr. 1, 2015, 6:02 PM
133. Technically, everything that connects to the Internet can get hacked. But there are several things you can do to protect yourself and your data from an attack.
134.  
135. Here are a few tips that will mitigate the risk of getting your personal data stolen.
136.  
137. 1. Be suspicious of emails
138. finding_ip_email
139. Click "Show original" to find the source of the email Cale Guthrie Weissman
140. A lot of cyberattacks are launched through simple malicious email campaigns. Email is a wonderful communication platform because you can sending anything to anyone, but that means it can be a huge security risk. Phishing, for example, sends victims seemingly innocuous emails that will lead victims to fake websites asking to update their personal information.
141. The best way to avoid being scammed by phony emails is to just make sure the sender is who you think it is. Check their email address to see if they match with the website you think it's from. To be extra cautious you can check the IP address of the sender.
142.  
143. You can do this by finding the source information from the email and looking for the IP address that follows the line "Received: from." You can then Google the IP address to learn the email's source. (Here is a good primer on finding email IP addresses.)
144.  
145. 2. Check link locations
146. Unknown messages contain links to unknown sites. Surfing to a mysterious website can bring about unintended consequences. For one, it could mimic a site you know and trust and help you fall prey to a phishing scam. Or, it may be unsecure or infected with malware.
147.  
148. If you are tempted to click on one of these links, you better know exactly where it's taking you. The best way is to copy and paste the link location into a new browser to see what site is on the other side. If it's a shortened link, you can use tools like URL X-ray that figure out the real destination before you click it.
149.  
150. Also, encrypted sites are the safest ones to visit. You know they are safe when you see HTTPS in the URL and the lock icon on your browser.
151.  
152. 3. Never open attachments (unless you're really sure)
153. A good rule to follow is never open attachments unless you are 120% sure of where they came from. One of the easiest ways for hackers to download malicious code onto victim computers is by sending emails with virus-laden files.
154.  
155.  
156. A frequent way companies get hacked is by one unsuspecting employee downloading malicious software that infiltrates the entire network. The most dangerous file types are Word, PDFs, and .EXEs.
157.  
158. 4. Use two-factor authentication
159. As bigger companies get hacked, the likelihood that your password is leaked increases. Once hackers get passwords, they try to figure out which personal accounts they can access with the data they stole.
160.  
161. Two-factor authentication — which requires users to not only enter a password but to also confirm entry with another item like a code texted to a phone — is a good way to stop attackers who have stolen passwords. More companies are making it standard for logging in.
162.  
163. Slack, for example, instituted two-step authentication once it owned up to a recent data breach. This meant that if hackers did steal Slack user data, the hackers would still most likely not be able to get into a user's account unless they had another personal item that belonged to the user, like a phone. If two-factor authentication is an option for your accounts, it's wise to choose it.
164.  
165. Gmail two-step passwords 1
166. Business Insider/Julie Bort
167. 5. Use advanced passwords
168. This may be the most obvious yet overlooked tip. A strong password includes uppercase, lowercase, numbers, punctuation, and gibberish. Don't make the password a personal reference, and don't store a list in a saved file.
169.  
170.  
171. Most importantly, don't use the same password for multiple accounts.
172.  
173. There are some great tools like LastPass and 1Password that securely store passwords. Also, it's crucial to change passwords frequently — especially for vulnerable accounts like email and banking.
174.  
175. Google engineer, servers
176. AP Photo/Connie Zhou
177. 6. Be wary of the cloud
178. Here's a good rule of thumb — if you don't want people to access your information, don't share it. This includes cloud storage. No matter how secure a platform says it is, you ought to keep in mind that you're giving it to someone else to watch over. While it's in the company's best interests to keep it secure, many privacy experts maintain that anything you put online stands the chance of being published online.
179.  
180. Does this mean you shouldn't store anything in the cloud? Not necessarily, it's just helpful to remain aware of where your files are going. And to know the practices of your cloud storage provider.
181.  
182.  
183. Additionally, be sure that if you delete files on your computer or smartphone that they are also deleted on any cloud backups you have too.
184.  
185. Man Using Laptop Outside Cafe
186. Getty Images / Daniel Garcia
187. 7. On public Wi-Fi? Don't share personal data
188. Thinking about buying that plane ticket or checking your bank account while sitting at the coffee shop? You may want to think twice about that, as you have no idea how secure that connection is.
189.  
190. The same goes for places like hotels and conference centers. Security researchers just uncovered a vulnerability that made Wi-Fi traffic at some of the world's biggest hotels vulnerable to attack. There is no way for an individual to know if this is happening, so it's best to be judicious with where you are surfing.
191.  
192. If you must access private information while on these networks, it would be good to use tools like virtual private networks (VPNs), which encrypt traffic so the Wi-Fi network can't see where you're surfing. Or, better yet, just set up a hotspot using your mobile data.