Computer Fraud And Hacking Offences
Computer fraud and hacking offences generally involve unauthorized access to a computer system, unauthorized modification or extraction of data, use of digital devices to deceive or defraud, or causing loss or damage through digital means.
Such offences are addressed under various national laws, such as:
U.S. – Computer Fraud and Abuse Act (CFAA)
UK – Computer Misuse Act 1990 (CMA)
International cybercrime conventions (e.g., Budapest Convention)
Key elements often include:
Unauthorized access (hacking)
Unauthorized modification or interference
Intent to defraud, cause loss, or compromise integrity
Use of malware or digital tools
Extraction, destruction, or alteration of digital information
📌 Major Case Laws Explained (Detailed)
Below are multiple landmark cases from different jurisdictions that shaped computer-fraud and hacking law.
1. United States v. Morris (1989) – The First CFAA Conviction
Court: U.S. Federal Court
Key Issue: Unauthorized access, propagation of malware
Facts:
Robert Tappan Morris, a graduate student, released a computer worm on the early Internet. Although he claimed it was a research experiment, the worm exploited vulnerabilities and caused thousands of systems to crash, leading to major economic loss.
Holding:
He was the first person convicted under the CFAA.
Significance:
Established that intent to cause harm is not required; unauthorized action causing damage is sufficient.
Demonstrated how a “benign experiment” can still violate the law.
Set early precedent for malware-related liability.
2. R v Gold & Schifreen (UK, 1988) – Pre-CMA Case Leading to Creation of CMA 1990
Court: UK Court of Appeal
Key Issue: Unauthorized access to British Telecom’s Prestel system
Facts:
Gold and Schifreen hacked into BT’s Prestel system and accessed the Duke of Edinburgh’s mailbox by guessing administrative passwords.
Outcome:
Their convictions were overturned because, at the time, the UK had no law specifically criminalizing hacking unless property was damaged.
Significance:
This case exposed the legal gap in UK law.
Directly triggered the creation of the Computer Misuse Act 1990, which now governs all hacking offences in the UK.
3. R v Lennon (2006) – Email “Mail Bombing” as Unauthorized Modification
Court: UK Crown Court
Key Issue: Sending millions of emails to crash a system
Facts:
Lennon sent thousands of emails to his former employer intending to overwhelm and disrupt the company’s mail servers.
Holding:
He was convicted under Section 3 of the CMA for unauthorized modification of data.
Significance:
Established that denial-of-service (DoS) attacks count as unlawful modification.
Clarified that sending excessive data is a criminal act even if no system is “hacked.”
4. R v Caffrey (2003) – Hacking for Financial Gain
Court: UK Crown Court
Key Issue: Unauthorized access for financial advantage
Facts:
Caffrey hacked into a rival company’s server and made it appear that the company had ordered expensive goods. The aim was to cause financial harm and gain a commercial advantage.
Holding:
He was convicted for unauthorized modification under the CMA.
Significance:
Confirmed that hacking for economic harm or competitive advantage is a serious criminal offence.
One of the first UK cases successfully proving intent to cause loss.
5. United States v. Aaron Swartz (2011–2013) – JSTOR/Network Access Case
Court: U.S. Federal Court
Key Issue: Unauthorized access to academic databases
Facts:
Swartz, a digital-rights activist, accessed MIT’s network and downloaded millions of academic articles from JSTOR without authorization. He was charged with multiple counts under the CFAA.
Outcome:
The case never went to full trial due to Swartz’s tragic death, but it caused major debate.
Significance:
Sparked national criticism that the CFAA was overly broad and harsh.
Raised questions about the difference between civil disobedience and criminal hacking.
Influenced later reform proposals to narrow the definition of unauthorized access.
6. R v Calvert (2011) – Distributed Denial of Service Attack for Personal Motive
Court: UK Crown Court
Key Issue: DDoS attack against a rival
Facts:
Calvert launched a coordinated DDoS attack to disrupt a rival online business. The attack caused extensive downtime and financial losses.
Holding:
He was convicted under Section 3 of the CMA for impairing the operation of a computer.
Significance:
Reinforced that digital attacks intended to disrupt business operations are serious crimes.
Demonstrated that personal vendettas conducted via digital means fall squarely within hacking offences.
7. United States v. Gary McKinnon (2002–2012) – High-Profile Government System Hacking
Court: U.S. federal indictment; UK extradition hearings
Key Issue: Unauthorized access to U.S. military and NASA systems
Facts:
McKinnon, a UK citizen, hacked into numerous U.S. military and NASA computers, allegedly searching for UFO information. U.S. prosecutors claimed he caused significant security risks and system downtime.
Outcome:
After a long legal battle, the UK Home Secretary blocked extradition due to medical concerns.
Significance:
Highlighted international cybercrime jurisdiction issues.
Demonstrated the seriousness of hacking government systems.
Became a major political case influencing how cyber-offences are charged across borders.
⭐ Key Legal Principles Illustrated by These Cases
Unauthorized access is criminal even without financial loss
Cases like Morris and Gold show that simply breaking into systems violates the law.
Intent is crucial but can be interpreted broadly
The law punishes both intentional and reckless digital behavior.
Digital harm equals physical harm in the eyes of the law
DDoS attacks and mass emailing (Lennon, Calvert) are treated like tangible sabotage.
Economic motives increase severity
Cases like Caffrey show courts treat cyber-fraud harshly when linked to monetary gain.
Cybercrime is international
McKinnon illustrates cross-border enforcement challenges.
RELATED Blog
comments