Computer Intrusions and Cyber Crimes

What is cybercrime?

Cybercrime refers to any criminal scheme involving an Internet service, including email, chat rooms, message boards, social media websites and e-commerce services. It includes, but isn’t limited to, defrauding individuals using SPAM emails; transmitting child pornography; running an online drug store; identity theft using online services; revenge porn and hacking into websites.

In order for a crime to be classified as a “cybercrime,” a prosecutor must allege — and later prove — that the evidence shows a suspect used an online service to carry out or attempt to carry out a criminal scheme.

What is computer fraud?

Computer fraud is very similar to cybercrime, except a prosecutor doesn’t have to allege or prove that a criminal act involved the Internet — they only must allege, and later prove, that the crime involved a computer device, which could include a desktop computer, a laptop, a tablet like an iPad, a smartphone like an iPhone or Android phone, a server or some other kind of computer or computer accessory.

What is the Computer Fraud and Abuse Act?

Photo courtesy Jochen Zick / Flickr Creative Commons

When you think of “computers,” the first thing that might come to mind is a desktop or a laptop. But computers are everywhere — from your smartphone to your tablet. Basically, anything crime involving a device that stores files, connects to the Internet and/or handles sensitive transactions is one that could fall under one or more various state and federal computer crimes statues.

The best known computer intrusion statute is the Computer Fraud and Abuse Act or CFAA. It’s the federal law used mainly to prosecute suspected hackers, but in recent years it’s been broadly applied to cases with very little resemblance of a traditional computer “hack.” You don’t need elite hacking skills or master knowledge of a database or system to be charged under the CFAA. A prosecutor only has to prove knowledgeintent, some kind of transmission (usually a command or code), damage and loss, or some combination of the five elements.

The CFAA (18 U.S.C. § 1030) covers two types of computer systems:

  • Computers that are used by financial institutions like banks; the United States government; or any computer that is affected by or connected to a bank or government system
  • Computers that are used in interstate or foreign commerce and/or communication. This can include computers located outside the United States that is used in a manner that affects interstate or foreign commerce and/or communication inside the United States.

While the first point is pretty narrow, the last point is extremely broad. In recent years, prosecutors have applied the CFAA mainly to computer incidents involving websites. They argue that when a website is compromised or forced offline through some act, it affects either commerce or communication because websites are inherently interstate — they’re available from state to state, and they are often visited by people living within and outside of a state.

The CFAA covers a number of computer-related offenses, including:

  • Theft of trade secrets from businesses or other organizations;
  • Computer hacking, data breaches and data leaks;
  • Causing a website outage through a flood of fraudulent web traffic (Distribute Denial of Service, or DDoS, attacks);
  • Trafficking in passwords to computers, websites or web services;
  • Transmitting viruses through email, blogs, social networks or other means;
  • Any kind of fraud connected to the Internet, including identity or email fraud;
  • Phishing campaigns and attempted phishing campaigns.

For years, journalists, politicians and advocacy groups have highlighted the flaws with the broad nature of the CFAA, noting that it has been expanded to include charges for offenses that weren’t originally intended when it was passed in the mid-1980s. Nonetheless, lawmakers have strengthened the law over the past few decades, and it has become a prosecutor’s favorite tool for bringing criminal charges against ordinary people who may have — wittingly or unwittingly — violated the law.

A conviction under the CFAA could earn a person between 1 and 10 years in prison per offense or up to 20 years in prison for repeat offenses, as well as fines in the hundreds of thousands of dollars. Even worse, since the passage of the USA PATRIOT ACT, certain elements of the CFAA have been designated crimes deserving of the label “domestic terrorism.” This principally applies to crimes involving government or financial computer systems, but in theory it could be applied to any offense under the CFAA.

Is there a similar state law in California?

In addition to the CFAA, certain states have their own computer crimes statutes on the books. Some are even more broad than the federal law. California law, for example, makes it a crime to knowingly use a computer or computer system to commit any crime.

Some activities that fall under California’s computer crimes law include:

  • Cyberstalking;
  • Harassment;
  • Revenge porn;
  • Bribery;
  • Extortion;
  • Threats or intimidation against others.

Under California Section 502(c), any misdemeanor conviction carries a potential sentence of up to 1 year in state prison or jail and/or a fine of up to $5,000. A felony conviction could earn 3 years in state prison and/or a fine of up to $10,000.

What should I do if I’m suspect of or charged with a computer crime?

It’s extremely important for anyone charged under the CFAA or a similar state law to immediately hire an experience defense lawyer. If the police have contacted you, or you’ve received a target letter or an indictment alleging a violation of the Computer Fraud and Abuse Act or a similar state law, contact criminal defense attorney Mark Reichel right now for a free consultation.

Legal Disclaimer:

The information contained in this web site is general in nature and should not be construed to be formal legal advice. It is provided for informational, illustrative and advertisement purposes only. It is not legal advice. It should not be relied upon in making legal decisions or in place of a consultation with an experienced and knowledgeable attorney regarding a specific matter. Reading this site, sending us information, or receipt of information from us does not establish an attorney – client relationship. Our review of, and/or response to, your query does not mean that we are representing you or that we are your lawyers.

Any results set forth here were, and are, dependent on the facts of that case. Results may differ from case to case. Please contact the Law Office of Mark Reichel for legal advice specific to your situation.

This web site is not intended to solicit clients for representation in criminal proceedings outside of the State of California, except for those matters prosecuted in U.S. Federal Courts. Mark Reichel is a licensed California attorney; a written, signed retainer agreement is a prerequisite for Mark Reichel or any other attorney at the Law Office of Mark Reichel to represent you.

If you wish to obtain a written, signed retainer from Mark Reichel and/or another attorney at the Law Office of Mark Reichel, please contact the firm at your earliest convenience.

Statements, testimonials and endorsements contained herein do not constitute a guarantee, warranty, or prediction regarding the ultimate result or outcome of your legal matter. External hyperlinks from this website to the website of another entity does not state or imply the existence of a relationship between Mark Reichel, the Law Office of Mark Reichel and/or that entity.