Hacking Offences And Criminal Liability
Hacking Offences and Criminal Liability
Overview:
Hacking typically involves unauthorized access to computer systems, data theft, disruption of services, or use of malicious software to compromise security. Criminal liability arises when individuals intentionally bypass security measures to gain unauthorized access or cause harm.
Laws governing hacking vary by jurisdiction, but commonly include statutes related to:
Unauthorized access (often called “computer trespass”)
Computer fraud
Identity theft
Data theft or destruction
Denial of service attacks
Use and distribution of malware or viruses
The key element is usually “intentional unauthorized access” or “exceeding authorized access.”
Detailed Case Law Examples
1. United States v. Kevin Mitnick (1999)
Facts:
Kevin Mitnick was one of the most notorious hackers in the 1990s. He gained unauthorized access to dozens of computer systems, including those of major corporations like Nokia and Motorola, stealing software and causing damage.
Legal Issues:
Violations of the Computer Fraud and Abuse Act (CFAA)
Wire fraud
Unauthorized access to protected computers
Outcome:
Mitnick was arrested and charged with multiple counts of hacking and fraud. After a plea deal, he served five years in prison.
Significance:
This case highlighted the severity of hacking-related criminal liability in the US.
It set a precedent for prosecuting hackers under the CFAA and related statutes.
Raised awareness of the growing threat of cybercrime and the need for enhanced cybersecurity laws.
2. R v. Gold & Schifreen (1988) (UK)
Facts:
Two hackers, Robert Schifreen and Stephen Gold, accessed British Telecom’s Prestel system without authorization to obtain private messages.
Legal Issues:
Whether unauthorized access constituted a criminal offence under the Computer Misuse Act 1990 (CMA)—though the Act was passed after this case.
They were initially convicted but later acquitted on appeal because at the time, there was no specific law criminalizing unauthorized access.
Outcome:
Their conviction was overturned, but this case prompted the UK Parliament to enact the Computer Misuse Act 1990, the first legislation criminalizing hacking.
Significance:
Established the need for dedicated legislation on hacking.
The CMA 1990 now criminalizes unauthorized access and related offences in the UK.
3. Sony Pictures Hack (United States v. North Korean Hackers, 2014)
Facts:
In 2014, the hacker group Guardians of Peace, allegedly linked to North Korea, hacked Sony Pictures Entertainment. They leaked confidential data and emails, demanding the cancellation of the film The Interview.
Legal Issues:
Violations of the Computer Fraud and Abuse Act and other cybercrime statutes.
Use of malware (wiper virus) to destroy data and disrupt business operations.
Allegations of state-sponsored cyberterrorism.
Outcome:
The U.S. government publicly attributed the attack to North Korea.
Sanctions were imposed, but no individual arrests were made due to the international nature.
The case highlighted the challenges in prosecuting state-sponsored hacking.
Significance:
Demonstrated how hacking can be used as a geopolitical weapon.
Raised issues of attribution and jurisdiction in cybercrime prosecution.
4. United States v. Aaron Swartz (2013)
Facts:
Aaron Swartz, an internet activist, used MIT’s network to download millions of academic articles from JSTOR, violating terms of service.
Legal Issues:
Charges under the Computer Fraud and Abuse Act for unauthorized access and data theft.
Intent to distribute copyrighted material.
Outcome:
Swartz was charged with multiple felonies, facing up to 35 years in prison and large fines.
He tragically died by suicide before trial.
Significance:
The case sparked debates about the overly harsh application of the CFAA.
Raised concerns about criminalizing actions based on terms of service violations.
Prompted calls for reforming computer crime laws.
5. R v. Bow Street Magistrates’ Court, ex parte Allison (1999) (UK)
Facts:
Mark Allison was charged with hacking a telecommunications system to make free phone calls.
Legal Issues:
Whether the act constituted unauthorized access under the Computer Misuse Act 1990.
The court examined the interpretation of “unauthorized access” and intent.
Outcome:
The court held that accessing a system without permission to obtain services (like free calls) was criminal under the CMA.
Allison was convicted.
Significance:
Clarified that economic harm caused by hacking is punishable under the CMA.
Reinforced the idea that hacking for personal gain or to defraud is criminal.
6. TJX Companies Inc. Data Breach (U.S. v. Albert Gonzalez, 2010)
Facts:
Albert Gonzalez led a hacking ring that stole over 45 million credit and debit card numbers from TJX and other retailers by exploiting weak Wi-Fi security.
Legal Issues:
Computer fraud
Identity theft
Wire fraud
Conspiracy
Outcome:
Gonzalez pleaded guilty and was sentenced to 20 years in prison, one of the longest sentences for hacking.
Significance:
Showed the serious consequences for cybercriminals involved in large-scale data breaches.
Emphasized the link between hacking and identity theft.
Summary Table
| Case | Jurisdiction | Key Offences | Outcome | Significance |
|---|---|---|---|---|
| United States v. Mitnick | USA | CFAA violations, wire fraud | 5 years imprisonment | Landmark CFAA prosecution |
| R v. Gold & Schifreen | UK | Unauthorized access (pre-CMA) | Acquittal; CMA enacted | Prompted first hacking law (CMA 1990) |
| Sony Pictures Hack | USA | Cyber espionage, CFAA violations | Attribution; sanctions | State-sponsored cybercrime challenge |
| United States v. Aaron Swartz | USA | CFAA, unauthorized access | Charges; suicide | Debate over CFAA scope and harshness |
| R v. Allison | UK | Unauthorized access (CMA 1990) | Conviction | Economic harm via hacking punishable |
| U.S. v. Albert Gonzalez | USA | Computer fraud, identity theft | 20 years imprisonment | Largest credit card theft sentence |
Key Legal Principles
Unauthorized Access: Accessing a computer system without permission or exceeding authorized access is generally criminal.
Intent: Most hacking offences require a knowing or intentional violation.
Harm: Offences may involve data theft, system disruption, fraud, or damage.
Jurisdiction: Cybercrime often crosses borders, complicating prosecution.
Legislation: Laws like the Computer Fraud and Abuse Act (USA) and Computer Misuse Act (UK) are foundational.
Challenges: Proving identity, intent, and attribution in hacking cases can be difficult.
RELATED Blog
0 comments