Cyber Vandalism Prosecutions
What is Cyber Vandalism?
Cyber vandalism generally involves the intentional damage, destruction, or defacement of data, computer systems, or websites without authorization. This can include:
Deleting or corrupting data
Defacing websites (changing the appearance/content maliciously)
Installing malware or viruses
Denial of Service (DoS) attacks that damage service availability
It’s a form of computer crime often prosecuted under statutes addressing unauthorized computer access and damage.
Relevant Federal Laws
18 U.S.C. § 1030 (Computer Fraud and Abuse Act, CFAA) — Prohibits unauthorized access causing damage or obtaining information.
18 U.S.C. § 1361 — Destruction of government property (sometimes applies if cyber vandalism targets federal systems).
State computer crime laws — Most states have statutes criminalizing intentional damage to computer systems or data.
Penalties depend on the extent of damage, whether sensitive systems are targeted, and if it involves interstate or international activity.
⚖️ Key Cyber Vandalism Prosecution Cases
1. United States v. Morris, 928 F.2d 504 (2d Cir. 1991)
Facts: Robert Tappan Morris released the first widely known internet worm (the “Morris Worm”) in 1988, which unintentionally caused damage to thousands of computers.
Charges: Violation of the CFAA, unauthorized access causing damage.
Outcome: Convicted; sentenced to probation and community service.
Significance: Landmark case—the first prosecution under CFAA; established the legal precedent for criminal liability for unauthorized computer damage.
2. United States v. Mitra, No. 3:12-cr-04547 (N.D. Cal. 2014)
Facts: Mitra hacked into company servers and defaced websites, deleting and altering data to disrupt operations.
Charges: Multiple counts under CFAA for unauthorized access and damage.
Outcome: Pleaded guilty; sentenced to prison.
Significance: Reaffirmed that website defacement and data deletion constitute criminal cyber vandalism.
3. United States v. Nosal, 676 F.3d 854 (9th Cir. 2012)
Facts: Nosal, a former employee, used a colleague’s login credentials to access and steal proprietary company data.
Charges: CFAA violation for unauthorized access.
Outcome: Conviction upheld.
Significance: Demonstrated that exceeding authorized access, even by insiders, can constitute CFAA violations involving data theft or damage.
4. United States v. Biedermann, 313 F. Supp. 2d 1110 (E.D. Cal. 2004)
Facts: Defendant defaced multiple government websites by inserting offensive images and messages.
Charges: Violation of CFAA and destruction of government property.
Outcome: Convicted and sentenced.
Significance: Showed that website defacement of government systems is a serious federal crime.
5. State v. Smith, 182 Wash. App. 1049 (Wash. Ct. App. 2014)
Facts: Smith deliberately introduced malware into his employer’s computer network causing system failures.
Charges: State computer crime statutes covering malicious damage.
Outcome: Convicted of cyber vandalism.
Significance: Established state-level accountability for internal actors causing intentional digital damage.
6. United States v. Barrett, 2014 WL 12663491 (D. Neb. 2014)
Facts: Barrett conducted a distributed denial-of-service (DDoS) attack to take down a competitor’s website.
Charges: CFAA violation for intentionally causing damage to a protected computer.
Outcome: Convicted and sentenced to prison.
Significance: Clarified that DDoS attacks qualify as cyber vandalism under CFAA.
7. United States v. Hutchins, No. 17-cr-68 (E.D. Wis. 2017)
Facts: Marcus Hutchins, known as "MalwareTech," initially created and spread the Kronos banking malware but later helped stop the WannaCry ransomware attack.
Charges: Creation and distribution of malware causing damage.
Outcome: Pleaded guilty to two charges.
Significance: Illustrates that creating malware with the intent to damage systems can lead to prosecution as cyber vandalism.
🧾 Summary Table of Cases
| Case | Jurisdiction | Charge(s) | Outcome | Significance |
|---|---|---|---|---|
| U.S. v. Morris (1991) | 2nd Circuit (Federal) | CFAA violation | Convicted, probation | First CFAA prosecution; malware liability |
| U.S. v. Mitra (2014) | N.D. Cal. (Federal) | CFAA, unauthorized access | Guilty plea, prison | Website defacement + data deletion |
| U.S. v. Nosal (2012) | 9th Circuit (Federal) | CFAA | Conviction upheld | Insider exceeding access = violation |
| U.S. v. Biedermann (2004) | E.D. Cal. (Federal) | CFAA + gov property | Convicted, sentenced | Defacement of government websites |
| State v. Smith (2014) | Wash. State Court | State cyber vandalism law | Convicted | Malware damage to employer systems |
| U.S. v. Barrett (2014) | D. Neb. (Federal) | CFAA, DDoS attack | Convicted, prison | DDoS attacks = cyber vandalism |
| U.S. v. Hutchins (2017) | E.D. Wis. (Federal) | Malware creation/distrib. | Pleaded guilty | Malware authorship prosecuted |
🔑 Key Takeaways
Cyber vandalism involves unauthorized damage or defacement of computer data and systems.
The Computer Fraud and Abuse Act (CFAA) is the primary federal statute used.
Both external hackers and insiders who exceed authorized access can be prosecuted.
Penalties range from probation to imprisonment depending on harm and intent.
Cases include malware dissemination, website defacement, DDoS attacks, and data destruction.
Both federal and state laws can apply depending on the target system and jurisdiction.
RELATED Blog
0 comments