Use your computer fearlessly.




[ Security | Consulting | Research ]





Criminal Hacking

by Brent Kirkpatrick

(Date Published: .)



Hacking became fully illegal only in 2008.



Legislatures are routinely crafting laws that regulate privacy, thereby indirectly legislating computer security. The Computer Fraud and Abuse Act made hacking fully criminal in 2008. Before that, the 1984 version of the Computer Fraud and Abuse Act made certain kinds of fraud and privacy violations illegal when they were due to hacking. That law made unauthorized access of government computers illegal, as well as fraud and unauthorized access of credit records and financial records.

Hackers have long been prosecuted for fraud and illegal access to government computers. Now, the Computer Fraud and Abuse Act, 2008, makes it illegal to obtain access to a computer or network without authorization. The 1984 version of the law made it a felony to access classified materials, and a misdemeanor to access credit records, financial records, or to trespass on a government computer. The 2008 update to that law, criminalized the threat to steal data or damage a computer, and broadened the class of protected computers to include those used in interstate or foreign commerce or communication. This means that most types of hacking, or unauthorized access, are now criminal.

Network crime has also been criminal since 1986. Since then, it has been a misdemeanor for intentional access without authorization to a facility that provided electronic communication services. It has been a felony if the access was done for commercial advantage or malicious destruction or damage.

With hacking having recently become fully illegal, in 2008, we have experienced hackers who are guilty of crimes under the new laws but not under the old ones. They probably expect their activities to be grand-fathered into the new laws so that they are not prosecuted. However, the purpose of the new laws is to hold people responsible for crimes in more situations.

With the 2008 revision to the Computer Fraud and Abuse Act, several new categories of activities are criminal. It will take some time for the computer security and law enforcement communities to catch up with the laws and hold newly guilty hackers responsible for their activities.


defendIT. AI-driven security measures derived from security incident data.


Jarrett, H. Marshall and Bailie, Michael W. "Prosecuritng computer crimes." Coputer Crime and Intellectual Property Section, Criminal Division. 2015.










bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.