Cybercrimes

What Are Cybercrimes?

Cyber-crimes, sometimes also referred to as “computer-oriented crimes”, are crimes that typically require the use of a computer and network to facilitate the criminal activity. However, not all cyber-crimes require the use of a computer. In some instances, a computer may be used in the commission of the crime, while in others, the computer may be the target of the crime.  There is not a single aspect of modern life that does not involve computers to one degree or another.  Most cybercrimes involve the following elements: 

• An act committed against an individual, or group of individuals
• The act is done with a criminal motive or intent to cause harm or loss to the victim(s)
• Using modern telecommunication networks, such as the internet or mobile phone

How are Cybercrimes Classified?

When most people think of a cybercrime, the first thing that typically comes to mind is “hacking”. While hacking is most definitely considered a cybercrime, there are many other cybercrimes as well.  Most cybercrimes can be broken down into three major categories:

• Crimes against people or organizations,
• Crimes against property, and
• Crimes against the government.

These three major categories can be further divided into seven subcategories: financial fraud crimes, cyberterrorism, cyberextortion, cyberwarfare, online harassment, obscene or offensive content and cyber trafficking.

Cybercrimes against individuals are those that directly affect an induvial, their reputation or status, or infringes upon their individual and personal rights, causing the victim harm or loss. This category usually includes cybercrimes such as internet stalking or harassment, distribution of child pornography, credit card fraud, spoofing, human trafficking, identity theft, and online libel or slander.

Cybercrimes against property are those in which the target is typically not a person. Some examples of cybercrimes against property include hacking, distributed denial of service (DDoS) attacks, virus transmission, cyber-squatting, computer vandalism, and violations of intellectual property rights (IPR).

Cybercrimes against the government are fairly self-explanatory. Some common examples of these types of cybercrimes include accessing confidential information, cyber warfare, cyberterrorism and distributing propaganda.  The punishment for these crimes can be particularly harsh, as these are considered crimes against the nation’s sovereignty.

A Brief Overview of Select Cybercrimes

What Is Hacking?

Hacking is one of the most widely recognized cybercrimes. Hacking can generally be defined as gaining unauthorized access to data in a system or protected computer. A “protected computer” does not just mean a government computer, it can include any computer that is connected to the internet.

One of the reasons hacking is so widely recognized, is because we now live in an age where computers are necessary to run any type of successful business or to have a functioning government. Just like people, in order to facilitate transactions, computers must talk to one another – and this requires the use of a network. The fact that computers must be linked to a network to talk to one another, the exposes them to external hacking.

What Is Identity Theft?

Criminal identity theft occurs when someone uses the personal data or documents of another person, without permission, for economic gain.  In 2017, the U.S. Bureau of Justice Statistics reports that almost 16.7 million Americans had their identities fraudulently used to open bank accounts, credit cards, or utility accounts.  Identity theft is quickly becoming a greater risk to the public, so much so that in 1998, Congress passed the Identity Theft and Assumption Deterrence making it a federal offense. 

A violation of the Act can carry a sentence of up to 15 years in prison, a fine, and criminal forfeiture of any personal property used or intended to be used to commit the crime. Some of the most common ways identity theft occurs is through “shoulder surfing” (where someone watches you from a distance while you input your credit card or PIN number), activating “pre-approved” credit cards using mailings discarded by the intended recipients, or requesting personal information through “email scams”.

What Is Cyberextortion?

In its simplest terms, the crime of cyberextortion occurs when a person, or group of people, uses electronic means to attack, or threaten to attack someone else, coupled with a demand for money or some other response in return for stopping the attack. One of the most common examples of cyberextortion is the use of ransomware.

Ransomware is a type of malicious software designed to block access to a computer system until some form of payment is received. Ransomware is often deployed by the software program tricking employees into clicking a link or message within an email, thereby triggering the cyber lockdown. The hacker’s objective is typically to receive a sum of money in exchange for releasing the encryption key to restore access.

Cybercrimes and Federal Law

At the federal level, most offenders accused of cybercrimes are charged under the Computer Fraud and Abuse Act of 1986 (“CFAA”)  codified at 18 U.S.C § 1030.  This federal law criminalizes a  wide range of computer-related conduct such as the following:

• Computer trespassing (hacking),
• Damaging a government computer, bank computer or computer used in or affecting interstate commerce,
• Using a computer to commit a fraud where the computer belongs to the government, a bank or is used in, or affects, interstate commerce,
• Threatening to damage a government computer, bank computer or one used in or affecting interstate commerce,
• Trafficking in passwords for a government computer or when the trafficking affects interstate or foreign commerce, and
• Accessing a computer to commit espionage.    

The individual most credited with causing this federal law to be put into place, is Kevin Mitnick, who at just seventeen years old allegedly broke into the North American Aerospace Defense Command (NORAD) computer in 1981.  Mitnick is the first alleged “hacker” to make the FBI’s Most Wanted List.

The CFAA forbids unauthorized access, use, or distribution of any information:

(1) Related to national security,

(2) Financial records belong to financial institutions, including credit card companies,

(3) Any information belonging to any U.S. Department or Agency, or

(4) Related to foreign or interstate commerce or communication. 

With respect to cases in which fraud is alleged, the CFAA’s use of the term “protected computer” has been widely interpreted to include any computer connected to the internet and not just a government computer.  Similarly, the term “without authorization” employed under CFAA has been interpreted by the federal courts very broadly to encompass activities that exceeds the user’s authorization or for any improper purpose.  These interpretations have led to criticisms of the law’s potentially broad application.

A good example illustrating how the CFAA can be applied broadly can be found in the case of United States v. Nosal.  In that case, a former corporate recruiter was prosecuted for asking an employee at his former employer to share her password and login credentials so that, according to the government, either he or his co-conspirators could access his former employer’s database.  The defendant, David Nosal, was prosecuted for obtaining a former colleague’s computer password that allegedly allowed him access to his former employer’s computer database.  This case demonstrates how the CFAA can be applied very broadly to cover activities that many might not realize even constitute federal crimes.

In addition to the CFFA, there are other federal laws the government uses with frequency to prosecute people for activities involving computers and other forms of technology.  Federal law, 18 U.S.C. § 2261A,  prohibits a person from “stalking” (conduct that is meant to injure, harass or intimidate another).  The federal extortion statute, 18 U.S.C. § 825, prohibits extortionate threats to physically harm another or obtain a thing of value (i.e. money).  And, 47 U.S.C. § 223 criminalizes obscene and threatening communications.

The federal government also enacted the Electronic Communications Privacy Act of 1986 (“ECPA”), 18 U.S.C. § 2511, which covers data stored on and transferred from and between computer systems. The ECPA prohibits illegal use or interception of wire, oral or electronic  communications, which includes data sent over the internet. It also protects messages that are archived and stored, such as e-mail servers.  Similarly, federal statute 18 U.S.C. § 2701 makes it a federal crime to unlawfully access stored communications.     

Finally, the CAN-SPAM Act is a federal law that is intended to impose civil and criminal penalties on persons who send large amounts of unsolicited commercials emails (“spam”).  Running afoul of this statute can result in serious penalties.    

THE KEY TO A FIVE STAR DEFENSE

The law is very nuanced. Federal prosecutors have almost unlimited advantages and resources at their disposal. Having attorneys on your team that understand the law, keep abreast of legal developments in the law, have the experience dealing with the complexities of federal statutes and, finally, possess the skills to stand before a jury to make a compelling case on behalf of a client are not just important qualities, they’re critical. At The Federal Defenders. we pride ourselves on being advocates for our clients. With decades of experience with all variety and manner of federal criminal issues and defenses, we understand what it takes to put our clients in a winning position. For a free and confidential consultation, call us today at (800) 712-0000. Just like our toll-free number, we operate nationwide.