Computer crime, or “cybercrime,” is a broad category of offenses involving computers and computer networks. While many acts of cybercrime are essentially high-tech forms of theft or fraud, some have goals other than financial gain. These might include copyright infringement, exchange of child pornography, and even espionage. Some jurisdictions have expanded legal protections against harassment and stalking to include the Internet. Some acts of cybercrime, known as “cyberattacks,” seem intended only to disrupt or destroy computer networks. Internet security experts estimate that the global annual cost of cybercrime approaches $1 trillion.
A substantial amount of cybercrime consists of intrusions into business and personal computer networks, including servers, desktop computers, laptops, and mobile devices. This can be achieved through direct hacking, or through malicious code attached to an email or hidden on a website. Information obtained from these devices could be used in identity theft, bank fraud, credit card fraud, and other fraudulent schemes.
One of the largest cybersecurity breaches in history occurred in late 2013, when hackers stole millions of customers’ personal information from the retail company Target’s computer system. Investigators suspect that the hackers obtained access to Target’s network by hacking the company that operated its heating, ventilation, and air conditioning (HVAC) system, which shows just how determined and creative cybercriminals can be.
The federal wire fraud statute prohibits the use of “wire, radio, or television” as part of a “scheme or artifice to defraud.” As technology has advanced, this has been expanded by the courts to include the use of computer and cable networks.
The computer fraud statute prohibits accessing a computer or computer network without authorization, if the computer is used exclusively by a financial institution or the federal government, or if the computer is used in interstate commerce, for the purpose of:
Inchoate crimes refer to those crimes that were initiated but not completed, and acts that assist in the commission of another crime. Inchoate crimes require more than a person simply intending or hoping to commit a crime. Rather, the individual must take a “substantial step” towards the completion of the crime in order to be found guilty. Inchoate crimes include aiding and abetting, attempt, and conspiracy. In some cases, inchoate crimes can be punished to the same degree that the underlying crime would be punished, while in other cases, the punishment might be less severe.
The email fraud statute prohibits accessing a protected computer, as defined above, for the purpose of sending, relaying, or retransmitting “multiple commercial electronic mail messages” with fraudulent intent. It also prohibits fraudulently altering header information in commercial emails and other acts commonly associated with Internet spam.
Cybercrime also includes the use of computers and computer networks to transmit or receive illegal materials, such as child pornography, or to buy and sell illegal items like drugs. The use of the internet for copyright infringement can result in criminal prosecution, such as the case against Megaupload, a file-sharing website that once accounted for four percent of global internet traffic.
Some U.S. states have passed laws regarding online stalking and harassment, as well as “cyberbullying.” The federal statute prohibiting “obscene or harassing telephone calls” has also been applied to obscene or harassing internet communications. At least 11 states have passed laws that prohibit posting intimate photos of other people online without permission, commonly known as “revenge porn” laws.
In some cases of cybercrime, a computer or computer network is a target rather than a tool used to commit an offense. Malicious code, such as a computer virus, may be used in a targeted attack, or it may be released onto the Internet to sow chaos. A common type of cyberattack is called a distributed denial-of-service (DDoS) attack. Its purpose is to interrupt or disable a server, making it unavailable to other users on the Internet. This is often done by overloading a server with requests for access, causing it to essentially shut down network access. After the raid on Megaupload mentioned above, the U.S. Department of Justice’s website was disabled by a DDoS attack.
