Court drama shows holes in cyber laws
BY MOHAN VADAYAR
A "Bad Boy" who hacked the system administrator of a private company at 3 am on a usual weekday in the UAE, costing $20 million (Dhs73.4 million) in lost contracts to the company, was found guilty of a cyber crime, punishable with a maximum prison sentence of eight years, legal experts in Dubai said.
The "verdict" was reached at the first hacker's court session of the region, held at the Etisalat Academy, Dubai, on Monday evening.
The "real life court drama" was organised at the government academy, as part of the just-concluded IT security conference MEITSEC, held at the academy from Oct.5-7.
An ex-hacker and current security consultant with n.runs, a German network and the founder of the hacker think-tank Phenoelit, Felix Lindner, was invited to the UAE to "stand trial" posing as the Bad Boy in the court drama. The real hacker's court, the first held in the region and the second in the world, was attended by local judges, prosecutors, law enforcement forces in the UAE and the US, IT security specialists from the US, Egypt and the UAE and Etisalat officials.
Technical advisor of MEITSEC and professor of Etisalat Academy, Dr Khalid Nejm, told The Gulf Today that the court was held to find whether Bad Boy was guilty or not guilty under the UAE and US regulations on Internet security.
"The aim of the real court was to evoke the skills of the law-makers and to reach to the strength and weaknesses of legislation in foreign countries and for the better understanding of them in the UAE," he said while welcoming the guests to the court session.
Internet law regulations have pitfalls in all countries. However, the court is not to show that one is better than the other. "The court is held to address legal aspects of the regulations and on the holes in such regulations through which the criminals go unpunished," he said. After the trial, the court had found that Bad Boy, who broke into the system management of the fictitious company, is guilty under US regulations but not guilty under UAE regulations, Nejm said.
However, Bad Boy will be guilty under the new UAE federal regulations, yet to be enforced, pending green signal from the Arab League, Nejm said. The set of new regulation on Internet crimes was sent to the Arab League two years ago. "The regulations were not yet returned by the League and there is no information from the federal authorities on the fate of these laws as nobody from the federal authorities from Abu Dhabi attended the trial," Nejm told The Gulf Today.
Under Article 3 of the new UAE laws, the culprit is liable to get five to eight years in prison, depending on the type of network he hacked, whether governmental or FBI, properties stolen and the age of the criminal, he added.
IT experts from the UAE, US and other countries, posing as the Victim, Dirty Competitor, Bad Boy, system engineer, police investigators, attorneys and judges, re-created a cyber crime scene. The crime was committed by Bad Boy at 3 am on a day using a telephone system to break into the system administrator of the Victim. He also passed contract details to the Dirty Competitor.
The police investigates the crime and find the hacker's laptop and matching telephone numbers. A case was filed under UAE and US regulations. The judges ruled under both regulations, he said.
Earlier, talking on the success of MEITSEC, general manager of Etisalat Academy, Dr Doa'a Al Fares said it was a great success and several experts and several local and foreign law enforcement agencies took part. The recommendations of the conference will be made public in a short period which will be submitted to the government and other agencies, he said.