Initially a rare annoyance, as the Internet has grown, e-mail hacking has become a more common problem and one that both Internet service providers (ISPs) and law enforcement continue to fight. Because e-mail is considered private information, e-mail hacking can be a criminal offence and is defined as unauthorised use of an e-mail account. Here's how e-mails can be hacked, and the punishment that can befall the hacker, if caught.
Considered almost an art among hackers, social engineering is a scam combining psychological and computer skills. Simply, it is the process whereby a hacker convinces an Internet user via e-mail that she is corresponding with someone she can trust. Usually the hacker poses as a representative from a company the victim does business with or even her ISP. The hacker asks the victim to e-mail personal information to an untraceable address, usually under the guise of checking security. Oftentimes the hacker received information through a contact form on a bogus webpage.The personal information is then used in various fraud schemes. If caught, the hacker can lose his e-mail account and, if he does perpetuate a financial crime as a result of the hack, can be arrested and prosecuted for fraud. Losing an e-mail address is hardly a deterrent, as there are plenty of choices for service providers and the hacker can simply open another account.
Gmail is Google's e-mail component, it's free, offers plenty of features, and is a popular feature of the search engine. It can also be hacked. When Gmail customers lose or forget their passwords, they're asked a security question such as What was your mother's maiden name? What was the name of your first dog? or Where were you born? By using Google against itself, hackers can do an Internet search using the name of the intended victim and asking about the above answers to the security questions. Chances are some of that information is online somewhere, and with a few Internet searches, might be accessible to a hacker. The hacker then poses as the Gmail customer, says he lost his password, and is ready with the answer when the service asks the security question. Again, the penalty would be closing of the hacker's Gmail account, but probably nothing more severe than that unless the crime happens at the workplace and records are passed on to law enforcement.
Some of the most grievous cases of e-mail hacking happen in the workplace. Oftentimes the motive is revenge and the hacker is a recently terminated employee. These cases can also be the ones law enforcement chooses to prosecute because of the evidence left behind. In one such case an information systems manager for an organ donation database was fired and was able to hack into her e-mail account and maliciously delete important data before the company locked her account. She was arrested, tried and convicted of unauthorised computer use and was sentenced to two years in prison.
General Sentencing Guidelines
Even though they're perpetuated online, the most blatant e-mail hacks can be prosecuted with theft, fraud, destruction of property, forgery and even counterfeiting laws. While the most common penalty is loss of e-mail account services, in some instances fines, prison sentences and a combination of these two penalties can result from successful prosecution of e-mail hacking. Sentences range from a £3,250 fine for one instance of unauthorised access to twenty years in prison for multiple offences involving multiple victims and damage greater than £0.6 million.
The Department of Justice (DOJ) coordinates with law enforcement agencies across the country to punish e-mail hackers through its Cybercrime unit. The DOJ trains investigators, maintains a database of hackers and e-mail scams, and also advises the court system on penalties. It has established eight Computer Hacking and Intellectual Property offices staffed by 22 attorneys in these major metropolitan areas around the country: Los Angeles, San Diego, Atlanta, Boston, Dallas, Seattle, New York, and Alexandria, Virginia. These offices focus exclusively on the prosecution of computer fraud, including e-mail hacking, and intellectual property theft. They also advise the DOJ and the court system on the effectiveness of current penalties for these crimes.