Paul Brown wrote:
>
> Eric,
>
> > Reading the Texas Penal Code, Chapter 33, Computer Crimes,
> > makes me think that port scanning is probably considered a
> > Class B Misdemeanor in Texas.
> >
> > Section 33.01 defines "Access" as:
> > (1) "Access" means to approach, instruct, communicate with,
> > store data in, retrieve or intercept data from, alter data or
> > computer software in, or otherwise make use of any resource
> > of a computer, computer network, computer program, or computer
> > system.
> >
> > Under this definition, a port scan is certainly an "access" of
> > a computer.
> >
> > Then, in section 33.02, Breach of Computer Security, we find that
> >
> > (a) A person commits an offense if the person knowingly accesses
> > a computer, computer network, or computer system without the
> > effective consent of the owner.
> >
> > Thus, if a port scan is an "access" of a computer, the person
> > performing the port scan is committing an offense.
> >
> > Continuing on with the penalties:
> >
> > (b) An offense under this section is a Class B misdemeanor
> > unless in committing the offense the actor knowingly obtains a
> > benefit, defrauds or harms another, or alters, damages, or
> > deletes property, in which event the offense is:
> >
> > (1) a Class A misdemeanor if the aggregate amount involved
> > is less than $1,500;
> >
> > (2) a state jail felony if:
> >
> > (A) the aggregate amount involved is $1,500 or more but
> > less than $20,000; or
> >
> > (B) the aggregate amount involved is less than $1,500
> > and the defendant has been previously convicted two
> > or more times of an offense under this chapter;
> >
> > (3) a felony of the third degree if the aggregate amount
> > involved is $20,000 or more but less than $100,000;
> >
> > (4) a felony of the second degree if the aggregate amount
> > involved is $100,000 or more but less than $200,000; or
> >
> > (5) a felony of the first degree if the aggregate amount
> > involved is $200,000 or more.
> >
> > Thus, in a simple port scan with no subsequent break-in, the
> > scanner is guilty of a Class B misdemeanor (see section 12.03
> > for classification of misdemeanors).
>
> I think the issue here is not the definition of access, but the phrase,
> "without the effective consent of the owner.". If you are connected to
> the Internet, then you "effectively", give consent to be "accessed" for
> lawful purposes. Now the issue become "lawful purposes". By what I've
> read in the Texas penal code, as it pertains to port scanning, only a
> denial of service would be considered unlawful.
Except that the law does not require that you suffer any harm for it
to be a Class B misdemeanor. As I read it, the harm comes into
effect to determine the level of the violation, not the fact that a
violation occurred.
In fact, look at Sec 33.02(b):
An offense under this section is a Class B misdemeanor
unless in committing the offense the actor knowingly obtains a
benefit, defrauds or harms another, or alters, damages, or
deletes property, in which event the offense is:
Thus, the access itself is a Class B misdemeanor even if there is
no harm done. If there is harm done, then it might be a Class A
misdemeanor, a state jail felony, a felony of the third degree,
a felony of the second degree, or a felony of the first degree.
> Port scans do not alter
> or destroy data so that's not an issue. If your port scan caused someone
> to not access something that they should be able to, this would be a class
> B misdemeanor.
If the port scan was done as part of a denial of service attack,
it could easily be much worse depending on damages. If the damages
amounted to $200,000 or more, it would be a felony of the first degree.
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
