Cybercrime Law
Computer crime, or “cybercrime,” is a broad category of offenses involving computers and computer networks. While many acts of cybercrime are essentially high-tech forms of theft or fraud, some have goals other than financial gain. These might include copyright infringement, exchange of child pornography, and even espionage. Some jurisdictions have expanded legal protections against harassment and stalking to include the Internet. Some acts of cybercrime, known as “cyberattacks,” seem intended only to disrupt or destroy computer networks. Internet security experts estimate that the global annual cost of cybercrime approaches $1 trillion.
Theft and Fraud Offenses
A substantial amount of cybercrime consists of intrusions into business and personal computer networks, including servers, desktop computers, laptops, and mobile devices. This can be achieved through direct hacking, or through malicious code attached to an email or hidden on a website. Information obtained from these devices could be used in identity theft, bank fraud, credit card fraud, and other fraudulent schemes.
One of the largest cybersecurity breaches in history occurred in late 2013, when hackers stole millions of customers’ personal information from the retail company Target’s computer system. Investigators suspect that the hackers obtained access to Target’s network by hacking the company that operated its heating, ventilation, and air conditioning (HVAC) system, which shows just how determined and creative cybercriminals can be.
Federal Statutes
The federal wire fraud statute prohibits the use of “wire, radio, or television” as part of a “scheme or artifice to defraud.” As technology has advanced, this has been expanded by the courts to include the use of computer and cable networks.
The computer fraud statute prohibits accessing a computer or computer network without authorization, if the computer is used exclusively by a financial institution or the federal government, or if the computer is used in interstate commerce, for the purpose of:
- Accessing information deemed classified or sensitive by the federal government;
- Accessing confidential financial or credit data;
- Disrupting a government agency;
- Perpetrating a fraud in an amount greater than $5,000;
- Intentionally, knowingly, or recklessly damaging the computer by transmitting malicious code;
- Trafficking passwords or similar information for a government computer; or
- Transmitting threats to damage a computer or steal sensitive information with the intent of committing extortion.
The email fraud statute prohibits accessing a protected computer, as defined above, for the purpose of sending, relaying, or retransmitting “multiple commercial electronic mail messages” with fraudulent intent. It also prohibits fraudulently altering header information in commercial emails and other acts commonly associated with Internet spam.
Other Acts of Cybercrime
Cybercrime also includes the use of computers and computer networks to transmit or receive illegal materials, such as child pornography, or to buy and sell illegal items like drugs. The use of the internet for copyright infringement can result in criminal prosecution, such as the case against Megaupload, a file-sharing website that once accounted for four percent of global internet traffic.
Some U.S. states have passed laws regarding online stalking and harassment, as well as “cyberbullying.” The federal statute prohibiting “obscene or harassing telephone calls” has also been applied to obscene or harassing internet communications. A majority of states have passed laws that prohibit posting intimate photos of other people online without permission, commonly known as “revenge porn” laws.
Cyberattacks
In some cases of cybercrime, a computer or computer network is a target rather than a tool used to commit an offense. Malicious code, such as a computer virus, may be used in a targeted attack, or it may be released onto the Internet to sow chaos. A common type of cyberattack is called a distributed denial-of-service (DDoS) attack. Its purpose is to interrupt or disable a server, making it unavailable to other users on the Internet. This is often done by overloading a server with requests for access, causing it to essentially shut down network access. After the raid on Megaupload mentioned above, the U.S. Department of Justice’s website was disabled by a DDoS attack.