Cybercrime And Unauthorized Computer Access Prosecutions
1. Cybercrime and Unauthorized Computer Access: Legal Concepts
Cybercrime refers to illegal activities that are carried out using computers, networks, or the internet. These activities can range from hacking into systems to stealing personal data, and even launching large-scale cyberattacks.
Unauthorized computer access typically refers to accessing a computer system, network, or database without permission. This is a central issue in many cybercrime prosecutions, including activities such as:
Hacking: Gaining unauthorized access to a system.
Data theft: Stealing sensitive information.
Malware distribution: Spreading viruses, worms, or ransomware.
Denial-of-Service (DoS) attacks: Overloading a system to make it inoperable.
The legal framework for prosecuting these crimes often relies on national laws, but international treaties also play a role. The Budapest Convention on Cybercrime (2001), for example, is an international treaty designed to tackle cybercrime by harmonizing national laws and facilitating international cooperation.
2. Legal Basis for Prosecution
National laws:
Many countries have their own laws specifically criminalizing unauthorized access to computer systems, such as the Computer Fraud and Abuse Act (CFAA) in the United States.
Computer Misuse Act 1990 in the UK is another example, making it a crime to access computer systems without authorization.
International treaties:
The Budapest Convention provides a framework for cooperation between countries in investigating and prosecuting cybercrimes.
3. Notable Cases on Cybercrime and Unauthorized Access
Case 1: United States v. Aaron Swartz (2013)
Facts: Aaron Swartz, a prominent computer programmer and internet activist, was charged under the Computer Fraud and Abuse Act (CFAA) for downloading large amounts of academic journal articles from the JSTOR database using the Massachusetts Institute of Technology (MIT) network without authorization.
Crimes: Unauthorized access to a protected computer, data theft, and wire fraud.
Prosecution: The government argued that Swartz's access to JSTOR's content without paying for it constituted an illegal access and theft of digital content.
Outcome: Swartz faced severe charges, and although he was not convicted (since he died by suicide before the trial), his case brought attention to overly broad computer crime laws.
Significance: The case raised concerns about the severity of cybercrime laws and how they can be applied to situations involving non-violent offenses. It sparked debate about the fairness of prosecuting hackers under laws meant for serious cybercrimes.
Case 2: United States v. David Kernell (2008)
Facts: David Kernell, a university student, was convicted for hacking into the email account of Sarah Palin, former Governor of Alaska and vice-presidential candidate. Kernell used publicly available information to guess the security answers and gain access to Palin’s account.
Crimes: Unauthorized access to a protected computer (hacking) and identity theft.
Prosecution: Kernell was prosecuted under the Computer Fraud and Abuse Act (CFAA) for illegal access to a government official’s private email account.
Outcome: Kernell was convicted and sentenced to one year of probation and 400 hours of community service.
Significance: The case highlighted how unauthorized access to private or public officials' email accounts can be prosecuted under computer crime laws, even if no malicious intent is shown beyond simple curiosity or political motivation.
Case 3: United Kingdom – R v. Collis (2013)
Facts: In the UK, a man named Matthew Collis was convicted of using the "Backdoor" malware to gain unauthorized access to thousands of computers. He had used the malware to steal personal information, which he then sold to cybercriminals.
Crimes: Unauthorized access to computer systems, identity theft, and fraud.
Prosecution: Collis’s actions were prosecuted under the Computer Misuse Act 1990, which makes it an offense to access computer material without authorization.
Outcome: Collis was sentenced to five years in prison.
Significance: This case reinforced the idea that even unwitting distribution of malware can result in criminal liability, and also served as a warning about the spread of cybercrime tools used to target individuals for financial gain.
Case 4: The Anonymous Hacking Group – Operation Payback (2010)
Facts: A group of hackers associated with Anonymous launched a series of Distributed Denial-of-Service (DDoS) attacks against companies and organizations they believed were attacking internet freedom, such as PayPal, MasterCard, and Visa. The attack was a form of protest in support of WikiLeaks, whose founder Julian Assange had been banned from using these services for donations.
Crimes: Unauthorized access to computer systems, DDoS attacks, and disruption of services.
Prosecution: Anonymous members were charged under various national cybercrime laws, including the Computer Fraud and Abuse Act in the United States. Several individuals associated with the group were arrested, including Ryan Cleary, a member of the group who was convicted of carrying out DDoS attacks.
Outcome: Several individuals received prison sentences for their involvement, including Cleary, who was sentenced to 30 months in prison for his role in the DDoS attacks.
Significance: The case underscored that hacktivism (hacking for political motives) is still prosecutable under existing cybercrime laws, and demonstrated the high level of international cooperation needed to combat transnational cyberattacks.
Case 5: United States v. Albert Gonzalez (2005-2007)
Facts: Albert Gonzalez, a former computer hacker, was the leader of a massive credit card fraud operation. He and his accomplices hacked into multiple retail systems and stole millions of credit card numbers.
Crimes: Computer intrusion, identity theft, wire fraud, and conspiracy.
Prosecution: Gonzalez was prosecuted under the Computer Fraud and Abuse Act for his role in accessing protected computer systems, stealing sensitive financial data, and using it for financial gain.
Outcome: Gonzalez was sentenced to 20 years in prison for his involvement in one of the largest data breaches in history.
Significance: The case highlighted the financial consequences of cybercrimes, especially data breaches, and emphasized the severity of the penalties for those involved in cybercrime networks.
4. Key Observations
Broad Interpretation of Unauthorized Access
Unauthorized access is not limited to traditional hacking (e.g., bypassing security), but also includes accessing publicly available data with the intent to commit a crime (e.g., Swartz or Kernell cases).
Severity of Penalties
Cybercrimes can carry severe penalties ranging from probation to long prison sentences, depending on the scale and intent of the crime.
Hacktivism and Political Protest
The Anonymous hacking group case demonstrates that cyberattacks for political reasons still face criminal prosecution, especially if they result in widespread disruption or damage.
The Role of Malware and Tools
Even distributing malware, like in the Matthew Collis case, can lead to criminal liability, underlining the importance of securing systems and preventing the spread of malicious tools.
5. Summary Table of Cases
| Case | Jurisdiction | Perpetrator | Crime | Outcome | Legal Framework |
|---|---|---|---|---|---|
| Swartz | US | Aaron Swartz | Data theft, wire fraud | Suicide before trial | Computer Fraud and Abuse Act (CFAA) |
| Kernell | US | David Kernell | Hacking, identity theft | Probation, community service | CFAA |
| Collis | UK | Matthew Collis | Malware distribution, fraud | 5 years prison | Computer Misuse Act 1990 |
| Anonymous | International | Anonymous Hackers | DDoS, cyberattacks | Multiple convictions | National cybercrime laws |
| Gonzalez | US | Albert Gonzalez | Credit card fraud, hacking | 20 years prison | CFAA |
Conclusion
These cases illustrate the growing scope of cybercrime prosecutions and the range of activities that can lead to criminal liability. From hacking and unauthorized access to more complex fraud schemes and cyberattacks, the law is increasingly being applied to combat technological crimes.
RELATED Blog
comments