It's not Just Snooping, It's Wiretapping

Recently Sarah Palin made headline news yet again due to someone hacking into her personal email account. Apparently, the dude guessed and guessed until he got her password to gain access. Unfortunately for him, that little guessing game landed him a year long, federal sentence for the hacking. He also got a 20 year sentence for obstruction of justice because he tried to delete things from his personal computer that would incriminate him. (You can never fully delete anything on a computer-it's there in the hard drive’s binary basement forever.) Another twist to this case and those similar is that by accessing someone's email account, one has to "impersonate" them, use their password, etc. That in effect is identity theft and one of the other charges brought against the Sarah Palin hacker.

Here's another example:

http://mainlinemedianews.com/articles/2010/04/11/main_line_suburban_life/news/doc4bbe21c45ea5c686047690.txt

PROTECT YOURSELF

There are ways to track if you think someone is accessing your email without authorization. While Teen Girl isn't familiar with all email clients like hotmail, yahoo, etc., she is familiar with gmail so she will use that as an example. Check your email client for their specific ways of determining potential unauthorized access.

When you log into your gmail account online (not using Outlook or Outlook Express) scroll to the bottom and you will see a link that says "details." If you click that, it will bring up the last 5 IP addresses that accessed your account. So, what the heck is an IP address? IP stands for internet protocol. All ISPs (internet service providers) have a range of numbers they assign to everyone in their network (all the peeps that pay to get internet service from them). What this means is your household and all computers in it are assigned a specific IP address from the ISP. It will look something like 174.198.00.01. Following that is another number called a CIDR that designates a specific computer within your household. This is the way they can track people using computers down to the specific computer being used, within a household, within a network. Pretty spiffy!

You can determine the location of an IP address by Googling "reverse IP lookup" and finding a site that does that. There are many. You then would type or copy/paste the questionable IP address into their search field. From that you can get quite a bit of information that may help you determine who is intercepting your email. To find out your own IP address if you don't know it, just Google, "what's my IP address" and follow along...you'll get it quickly.

If you feel your email account has been accessed without authorization, you can do one of two things. Change your password immediately to try and keep the "intruder" out or log their activity for a period of time and collect evidence against them. If you feel this person may have motives for collecting information about you (including identity theft, blackmail, extortion, etc.) you may want to log their activity for a period of time to be able to produce evidence for filing charges and going to court before changing your password. In speaking with the local FBI office, this is what they do so you can get a step ahead by doing it yourself first.

You can do that by utilizing screen captures of the activity that show the unauthorized IP address logging into your account along with the date of activity. When you do the screen capture with programs like Photoshop, the date will be embedded (forever and is unalterable) … just like when you take pictures with a digital camera or cell phone.

Gmail has a nifty security thing that if another IP address (computer) is accessing your account while you are, it highlights it! Teen Girl has actually captured this with a screen cap! so Teen Girl knows of which she speaks. Recently, while doing some web work for a client, TG noticed some odd IP addresses logging into her client’s personal and business email account so she has first-hand experience with all of this.

If you have web capabilities (like Teen Girl has), you can also set up your own "sting operation" and utilize real time video to capture and collect proof that the intruders are in your account while you are and/or before you have opened an email.

Because Teen Girl has access to back-end user stats in her web hosting business, she was able to determine (and screen cap/video) that her person(s) of question were actually opening mail before it got to the recipient! That is considered interception...and oh so bad...one person was doing it from a college computer (which of course was traceable without problem) and brings the whole FERPA stuff (college privacy act) into play, a federal offense along with violations of college computer use rules. This type of activity should be reported to the dean of students at the college that owns the computer being used. Anyone using a college computer to commit state and federal crimes, will likely  be expelled and face charges.

Teen Girl has also included a legal paragraph below about cyber stalking because in her recent experience, the activity was happening at least 10 times a day...that tends to make one feel uncomfortable. When someone is in ‘your’ email account more times than ‘you’ are that’s totally creepy and considered stalking…much like if someone is following you around all day and lurking, waiting for you everywhere you go, following your every move.

WHO TO CONTACT

If you are the victim of a wiretapping crime you can contact your local authorities and file a complaint. If the wiretapping crime crosses state boundaries, that falls under federal jurisdiction. Because of this situation, TG investigated and discovered that the FBI has a special online site called “the cybercrime unit” where complaints can be formally recorded and investgated http://www.ic3.gov/default.aspx .

Also, you should contact your internet and email providers to make them aware of the situation. They may be able to provide you with more information. For instance, because Teen Girl just happened to stumble upon the unauthorized access of an email account, she is unsure how long the activity had been going on. To find that out (so as to present even more evidence) she has contacted Google/gmail for logs of account activity. Because crimes such as these are not based on time (as in days, weeks, months) but on the number of unauthorized accesses, this log would determine how many "counts" will need to be filed. Since Teen Girl noticed an average of 10 log-ins per day with her specific situation...over a week's time alone, that would already be around 70 counts!

If someone has accessed your personal information and is trying to use it against you for ANY reason, has made it public, discussed it with others or caused a financial loss/problem with it, report it to your local or federal authorities, then hire an attorney and get litigeous! While the criminal charges will be out of your hands and in those of the criminal court system, a civil suit is well within your rights. In civil suits, victims are awarded monetary compensation for the crimes, emotional distress, financial losses and more. http://en.allexperts.com/q/Computer-Law-913/2009/1/Email-hacking-private-investigators-1.htm

God forbid, if you are thinking about digging into someone's email, think twice. Below are the laws that apply to that. Also, if you think you can get some info on someone to use against them by these illegal maneuvers, think again. By presenting information gained illegally (called extortion), you open yourself up to even more federal and state laws, prosecution. Not a good path to tread down...unless you look super fabulous in an orange jumpsuit.

Read along, be safe and be aware!

TGSG

Federal Wiretap Statute

TITLE 18 > PART I > CHAPTER 119 > § 2511....

§ 2511. Interception and disclosure of wire, oral, or electronic communications prohibited....

(1) Except as otherwise specifically provided in this chapter any person who— ....

(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication; ....

(b) intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication when— ....

(i) such device is affixed to, or otherwise transmits a signal through, a wire, cable, or other like connection used in wire communication; or ....

(ii) such device transmits communications by radio, or interferes with the transmission of such communication; or ....

(iii) such person knows, or has reason to know, that such device or any component thereof has been sent through the mail or transported in interstate or foreign commerce; or ....

(iv) such use or endeavor to use (A) takes place on the premises of any business or other commercial establishment the operations of which affect interstate or foreign commerce; or (B) obtains or is for the purpose of obtaining information relating to the operations of any business or other commercial establishment the operations of which affect interstate or foreign commerce; or ....

(v) such person acts in the District of Columbia, the Commonwealth of Puerto Rico, or any territory or possession of the United States; ....

(c) intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; ....

(d) intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; or ....

(e) ....

(i) intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, intercepted by means authorized by sections 2511 (2)(a)(ii), 2511 (2)(b)–(c), 2511(2)(e), 2516, and 2518 of this chapter, ....

(ii) knowing or having reason to know that the information was obtained through the interception of such a communication in connection with a criminal investigation, ....

(iii) having obtained or received the information in connection with a criminal investigation, and ....

(iv) with intent to improperly obstruct, impede, or interfere with a duly authorized criminal investigation, ....

shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5). ....

.........

Invasion of Privacy Tort Law (all states have their own tort laws)

Definitions of 4 Privacy Torts:....

Most states give common law or statutory recognition to some or all four of the privacy torts.....

.........

Cyberstalking

What Is Cyberstalking?
From the U.S. Department of Justice....

Although there is no universally accepted definition of cyberstalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victim's immediate family; and still others require only that the alleged stalker's course of conduct constitute an implied threat. While some conduct involving annoying or menacing behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously. ....

Certain forms of cyberstalking also may be prosecuted under 47 U.S.C. 223. One provision of this statute makes it a federal crime, punishable by up to two years in prison, to use a telephone or telecommunications device to annoy, abuse, harass, or threaten any person at the called number. The statute also requires that the perpetrator not reveal his or her name. See 47 U.S.C. 223(a)(1)(C). Although this statute is broader than 18 U.S.C. 875 -- in that it covers both threats and harassment -- Section 223 applies only to direct communications between the perpetrator and the victim. Thus, it would not reach a cyberstalking situation where a person harasses or terrorizes another person by posting messages on a bulletin board or in a chat room encouraging others to harass or annoy another person. Moreover, Section 223 is only a misdemeanor, punishable by not more than two years in prison.

.........

Identity Theft and Assumption Deterrence Act

In October 1998, Congress passed the Identity Theft and Assumption Deterrence Act of 1998 (Identity Theft Act) to address the problem of identity theft. Specifically, the Act amended 18 U.S.C. § 1028 to make it a federal crime when anyone:

knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.

Violations of the Act are investigated by federal investigative agencies such as the U.S. Secret Service, the FBI, and the U.S. Postal Inspection Service and prosecuted by the Department of Justice.

.........

§ 2515. Prohibition of use as evidence of intercepted wire or oral communications....

Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived there from may be received in evidence in any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision thereof if the disclosure of that information would be in violation of this chapter.

(A similar prohibition exists that also applies to gaining 'content' during any illegal activity, such as entering a home without authorization/permission, trespassing on property, in the process of a burglery, etc.)