Cybercrime And Hacking Prosecutions
1. Overview of Cybercrime and Hacking
Cybercrime refers to criminal activities committed using computers, networks, or digital devices. Hacking specifically involves unauthorized access to computer systems or networks, often with intent to steal, alter, or destroy data.
Common Types of Cybercrime
Hacking and unauthorized access
Identity theft and phishing
Cyber fraud and financial crimes
Distribution of malware or ransomware
Cyberstalking and harassment
Intellectual property theft
Legal Frameworks
India: Information Technology Act, 2000 (Sections 66, 66B, 66C, 66D, 66F)
USA: Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030)
UK: Computer Misuse Act 1990
International: Budapest Convention on Cybercrime
2. Detailed Case Law Analyses
Case 1: United States v. Aaron Swartz (U.S., 2011–2013)
Facts:
Aaron Swartz, a programmer and activist, accessed JSTOR academic articles through MIT’s network without authorization.
Legal Issue:
Whether downloading large volumes of academic material without explicit permission constitutes a violation of the Computer Fraud and Abuse Act (CFAA).
Holding & Reasoning:
Swartz faced federal prosecution for computer trespass and fraud.
The case raised issues of overly broad application of hacking laws, highlighting criminal liability for access exceeding authorization.
Tragically, Swartz died before trial, sparking debate on proportionality in cybercrime prosecution.
Significance:
Illustrated the scope of unauthorized access under CFAA.
Influenced reforms and discussions on cybercrime law clarity.
Case 2: R v. Lennon [2006] (UK)
Facts:
Defendant hacked into a UK financial institution’s computer systems, causing temporary disruption and data theft.
Legal Issue:
Violation of the Computer Misuse Act 1990, specifically unauthorized access with intent to commit further offences.
Holding & Reasoning:
Court convicted Lennon for:
Unauthorized access to computer material (Section 1)
Unauthorized modification of data (Section 3)
Sentenced to custodial term due to seriousness and potential financial damage.
Significance:
Reinforced that hacking causing financial risk is a serious criminal offence in UK law.
Case 3: Shreya Singhal v. Union of India (Supreme Court of India, 2015)
Facts:
Challenge against Section 66A of the IT Act criminalizing online speech and messaging deemed offensive.
Legal Issue:
Constitutionality of cybercrime provisions affecting freedom of speech.
Holding & Reasoning:
Supreme Court struck down Section 66A as unconstitutional, citing overbroad and vague language.
Emphasized that criminal law must be precise in defining cyber offences to avoid arbitrary prosecution.
Significance:
Landmark in balancing cybercrime enforcement and fundamental rights.
Highlighted the need for clear definitions of hacking and cyber offences.
Case 4: People v. Aleynikov (New York, U.S., 2010)
Facts:
Sergey Aleynikov, a Goldman Sachs programmer, copied proprietary trading code and attempted to transfer it to a competitor.
Legal Issue:
Violation of CFAA and theft of trade secrets.
Holding & Reasoning:
Initially convicted, later partially overturned on appeal due to technical interpretation of “unauthorized access”.
Court stressed that prosecution must clearly prove unauthorized access and intent to steal proprietary data.
Significance:
Clarified the limits of computer fraud and hacking prosecutions in financial sectors.
Case 5: Sony PlayStation Network Hack (U.S., 2011)
Facts:
Hackers gained unauthorized access to Sony’s PlayStation Network, compromising 77 million user accounts.
Legal Issue:
Cyber intrusion, identity theft, and financial damage under CFAA and related laws.
Holding & Reasoning:
Sony filed civil suits against perpetrators.
Several arrests and convictions were made internationally.
Highlighted corporate responsibility for cybersecurity and breach mitigation.
Significance:
Demonstrated large-scale cybercrime impact and cross-border challenges in prosecution.
Case 6: R v. Andrews [2013] (UK)
Facts:
Defendant created malware to steal banking credentials from multiple users.
Legal Issue:
Unauthorized modification of computer data and intent to defraud.
Holding & Reasoning:
Convicted under Computer Misuse Act Sections 1 and 3.
Sentenced to several years in prison due to financial and social impact.
Significance:
Reinforced liability for malware distribution and cyber fraud under UK law.
Case 7: State v. Ganesh Kumar (India, 2016)
Facts:
Ganesh hacked into a bank server to alter account balances.
Legal Issue:
Violation of IT Act Sections 43, 66, 66B (hacking, data theft, and dishonesty).
Holding & Reasoning:
Convicted and sentenced to imprisonment and fine.
Court highlighted need for evidence from digital forensics and logs.
Significance:
Demonstrated Indian enforcement against financially motivated cyber hacking.
3. Key Principles from Case Law
Unauthorized Access is Criminal: Accessing systems without permission constitutes hacking (Lennon, Ganesh Kumar).
Intent Matters: Prosecution must prove intent to commit fraud, theft, or damage (Aleynikov, Andrews).
Proportionality of Punishment: Courts consider extent of damage, scale, and intent (Swartz, Sony Hack).
Balancing Rights and Security: Laws must be clear and precise to avoid arbitrary prosecution (Shreya Singhal).
Cross-Border Challenges: Cybercrime often requires international cooperation due to global network infrastructure.
Digital Evidence is Key: Logs, metadata, and forensic analysis are crucial for conviction.
RELATED Blog
comments