DOCSLIB.ORG

Computer Fraud and Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Computer Fraud and Security CHAPTERCHAPTER 55 COMPUTERCOMPUTER FRAUDFRAUD ANDAND SECURITYSECURITY www.azizd.com OverviewOverview •• InformationInformation systemssystems areare becomingbecoming increasinglyincreasingly moremore complexcomplex andand societysociety isis becomingbecoming increasinglyincreasingly moremore dependentdependent onon thesethese systems.systems. –– CompaniesCompanies alsoalso faceface aa growinggrowing riskrisk ofof thesethese systemssystems beingbeing compromised.compromised. –– RecentRecent surveyssurveys indicateindicate 67%67% ofof companiescompanies sufferedsuffered aa securitysecurity breachbreach inin thethe lastlast yearyear withwith almostalmost 60%60% reportingreporting financialfinancial losses.losses. www.azizd.com OverviewOverview TheThe informationinformation securitysecurity systemsystem isis thethe subsystemsubsystem ofof thethe organizationorganization thatthat controlscontrols thethe specialspecial risksrisks associatedassociated withwith computercomputer--basedbased informationinformation systems.systems. TheThe informationinformation securitysecurity systemsystem hashas thethe basicbasic elementselements ofof anyany informationinformation system,system, suchsuch asas hardware,hardware, databases,databases, procedures,procedures, andand reports.reports. www.azizd.com OverviewOverview •• CompaniesCompanies faceface fourfour typestypes ofof threatsthreats toto theirtheir informationinformation systems:systems: 11-- NaturalNatural andand politicalpolitical disastersdisasters • Include: – Fire or excessive heat – Floods – Earthquakes – High winds – War and terrorist attack • When a natural or political disaster strikes, many companies can be affected at the same time. – Example: Bombing of the World Trade Center in NYC. • The Defense Science Board has predicted that attacks on information systems by foreign countries, espionage agents, and terrorists will soon be widespread. www.azizd.com OverviewOverview 22-- SoftwareSoftware errorserrors andand equipmentequipment malfunctionmalfunction • Include: – Hardware or software failures – Software errors or bugs – Operating system crashes – Power outages and fluctuations – Undetected data transmission errors • Estimated annual economic losses due to software bugs = $60 billion. • 60% of companies studied had significant software errors in previous year. www.azizd.com OverviewOverview 33-- UnintentionalUnintentional actsacts • Include – Accidents caused by: • Human carelessness • Failure to follow established procedures • Poorly trained or supervised personnel – Innocent errors or omissions – Lost, destroyed, or misplaced data – Logic errors – Systems that do not meet needs or are incapable of performing intended tasks • Information Systems Security Assn. estimates 65% of security problems are caused by human error. www.azizd.com OverviewOverview 44-- IntentionalIntentional actsacts (computer(computer crime)crime) • Include: – Sabotage – Computer fraud – Misrepresentation, false use, or unauthorized disclosure of data – Misappropriation of assets – Financial statement fraud • Information systems are increasingly vulnerable to these malicious attacks. www.azizd.com TheThe InformationInformation SecuritySecurity SystemSystem inin thethe OrganizationOrganization TheThe informationinformation securitysecurity systemsystem mustmust bebe managedmanaged byby aa chiefchief securitysecurity officerofficer (CSO).(CSO). ThisThis individualindividual shouldshould reportreport directlydirectly toto thethe boardboard ofof directorsdirectors inin orderorder toto maintainmaintain completecomplete independence.independence. www.azizd.com TheThe FraudFraud ProcessProcess •• FraudFraud isis anyany andand allall meansmeans aa personperson usesuses toto gaingain anan unfairunfair advantageadvantage overover anotheranother person.person. •• InIn mostmost cases,cases, toto bebe consideredconsidered fraudulent,fraudulent, anan actact mustmust involve:involve: – A false statement (oral or in writing) – About a material fact – Knowledge that the statement was false when it was uttered (which implies an intent to deceive) – A victim relies on the statement – And suffers injury or loss as a result www.azizd.com TheThe FraudFraud ProcessProcess • Since fraudsters don’t make journal entries to record their frauds, we can only estimate the amount of losses caused by fraudulent acts: – The Association of Certified Fraud Examiners (ACFE) estimates that total fraud losses in the U.S. run around 6% of annual revenues or approximately $660 billion in 2004. • More than we spend on education and roads in a year. • 6 times what we pay for the criminal justice system. – Income tax fraud (the difference between what taxpayers owe and what they pay to the government) is estimated to be over $200 billion per year. – Fraud in the healthcare industry is estimated to exceed $100 billion a year. www.azizd.com TheThe FraudFraud ProcessProcess •• FraudFraud againstagainst companiescompanies maymay bebe committedcommitted byby anan employeeemployee oror anan externalexternal party.party. – Former and current employees (called knowledgeable insiders) are much more likely than non-employees to perpetrate frauds (and big ones) against companies. • Largely owing to their understanding of the company’s systems and its weaknesses, which enables them to commit the fraud and cover their tracks. – Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company. www.azizd.com TypesTypes ofof FraudsFrauds • OCCUPATIONAL OTHER • Fraudulent Statements • Intellectual property theft – Financial • Financial institution fraud – Non-financial • Financial institution fraud • Asset Misappropriation • Check and credit card fraud – Theft of Cash • Insurance fraud – Fraudulent • Healthcare fraud disbursements • Bankruptcy fraud – Inventory and other • Bankruptcy fraud assets • Tax fraud • Bribery and Corruption • Securities fraud – Bribery • Money laundering – Illegal gratuities • Consumer fraud – Economic extortion – Conflict of interest • Computer and Internet fraud www.azizd.com TheThe FraudFraud ProcessProcess •• ThreeThree typestypes ofof occupationaloccupational fraud:fraud: 11-- MisappropriationMisappropriation ofof assetsassets • Involves theft, embezzlement, or misuse of company assets for personal gain. • Examples include billing schemes, check tampering, skimming, and theft of inventory. • In the 2004 Report to the Nation on Occupational Fraud and Abuse, 92.7% of occupational frauds involved asset misappropriation at a median cost of $93,000. www.azizd.com TheThe FraudFraud ProcessProcess 22-- CorruptionCorruption • Corruption involves the wrongful use of a position, contrary to the responsibilities of that position, to procure a benefit. • Examples include kickback schemes and conflict of interest schemes. • About 30.1% of occupational frauds include corruption schemes at a median cost of $250,000. www.azizd.com TheThe FraudFraud ProcessProcess 33-- FraudulentFraudulent statementsstatements • Financial statement fraud involves misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users. • Financial statements can be misstated as a result of intentional efforts to deceive or as a result of undetected asset misappropriations that are so large that they cause misstatement. • About 7.9% of occupational frauds involve fraudulent statements at a median cost of $1 million. (The median pales in comparison to the maximum cost.) www.azizd.com TheThe FraudFraud ProcessProcess • A typical employee fraud has a number of important elements or characteristics: – The fraud perpetrator must gain the trust or confidence of the person or company being defrauded in order to commit and conceal the fraud. – Instead of using a gun, knife, or physical force, fraudsters use weapons of deceit and misinformation. – Frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to greed. Most fraudsters can’t stop once they get started, and their frauds grow in size. – The fraudsters often grow careless or overconfident over time. – Fraudsters tend to spend what they steal. Very few save it. – In time, the sheer magnitude of the frauds may lead to detection. – The most significant contributing factor in most employee frauds is the absence of internal controls and/or the failure to enforce existing controls. www.azizd.com TheThe FraudFraud ProcessProcess •• FinancialFinancial statementsstatements cancan bebe falsifiedfalsified to:to: –– DeceiveDeceive investorsinvestors andand creditorscreditors –– CauseCause aa companycompany’’ss stockstock priceprice toto riserise –– MeetMeet cashcash flowflow needsneeds –– HideHide companycompany losseslosses andand problemsproblems www.azizd.com TheThe FraudFraud ProcessProcess •• FraudulentFraudulent financialfinancial reportingreporting isis ofof greatgreat concernconcern toto independentindependent auditors,auditors, becausebecause undetectedundetected fraudsfrauds leadlead toto halfhalf ofof thethe lawsuitslawsuits againstagainst auditors.auditors. •• InIn thethe casecase ofof Enron,Enron, aa financialfinancial statementstatement fraudfraud ledled toto thethe totaltotal eliminationelimination ofof ArthurArthur Andersen,Andersen, aa premierepremiere internationalinternational publicpublic accountingaccounting firm.firm. www.azizd.com TheThe FraudFraud ProcessProcess •• SASSAS 9999:: TheThe AuditorAuditor’’ss ResponsibilityResponsibility toto DetectDetect
Load more

Recommended publications
  • Identity Theft Literature Review
    The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Identity Theft Literature Review Author(s): Graeme R. Newman, Megan M. McNally Document No.: 210459 Date Received: July 2005 Award Number: 2005-TO-008 This report has not been published by the U.S. Department of Justice. To provide better customer service, NCJRS has made this Federally- funded grant final report available electronically in addition to traditional paper copies. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S. Department of Justice. This document is a research report submitted to the U.S. Department of Justice. This report has not been published by the Department. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S. Department of Justice. IDENTITY THEFT LITERATURE REVIEW Prepared for presentation and discussion at the National Institute of Justice Focus Group Meeting to develop a research agenda to identify the most effective avenues of research that will impact on prevention, harm reduction and enforcement January 27-28, 2005 Graeme R. Newman School of Criminal Justice, University at Albany Megan M. McNally School of Criminal Justice, Rutgers University, Newark This project was supported by Contract #2005-TO-008 awarded by the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the author and do not necessarily represent the official position or policies of the U.S.
    [Show full text]
  • Are the Current Computer Crime Laws Sufficient Or Should the Writing of Virus Code Be Prohibited?
    Fordham Intellectual Property, Media and Entertainment Law Journal Volume 18 Volume XVIII Number 3 Volume XVIII Book 3 Article 8 2008 Are the Current Computer Crime Laws Sufficient or Should the Writing of Virus Code Be Prohibited? Robert J. Kroczynski Fordham University School of Law Follow this and additional works at: https://ir.lawnet.fordham.edu/iplj Part of the Entertainment, Arts, and Sports Law Commons, and the Intellectual Property Law Commons Recommended Citation Robert J. Kroczynski, Are the Current Computer Crime Laws Sufficient or Should theriting W of Virus Code Be Prohibited?, 18 Fordham Intell. Prop. Media & Ent. L.J. 817 (2008). Available at: https://ir.lawnet.fordham.edu/iplj/vol18/iss3/8 This Note is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Fordham Intellectual Property, Media and Entertainment Law Journal by an authorized editor of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact [email protected]. Are the Current Computer Crime Laws Sufficient or Should theriting W of Virus Code Be Prohibited? Cover Page Footnote Alexander Southwell, Shari Sckolnick This note is available in Fordham Intellectual Property, Media and Entertainment Law Journal: https://ir.lawnet.fordham.edu/iplj/vol18/iss3/8 KROCZYNSKI_022508_FINAL 2/25/2008 7:20:52 PM Are the Current Computer Crime Laws Sufficient or Should the Writing of Virus Code Be Prohibited? Robert J. Kroczynski* INTRODUCTION .............................................................................818 I. BACKGROUND OF CYBERCRIME AND VIRUSES........................820 A. DEFINITION OF VIRUSES AND TECHNICAL DESCRIPTIONS ....822 1.
    [Show full text]
  • Computer Crime and Computer Fraud
    Computer Crime and Computer Fraud University of Maryland Department of Criminology and Criminal Justice Fall, 2004 Report to the Montgomery County Criminal Justice Coordinating Commission By Michael Kunz & Patrick Wilson This report was prepared in part as fulfillment of requirements in CCJS 604 and CCJS 605 for the Professional Masters Degree in the Department of Criminology and Criminal Justice. We express thanks to Dr. Charles Wellford, Dr. Doris MacKenzie, and Jean McGloin for assistance with this report. 2 Executive Summary The past several decades have brought a vast increase in the availability of electronic resources. With this increased availability has come a new form of criminal activity that takes advantage of electronic resources, namely computer crime and computer fraud. Currently, these new forms of crime are burgeoning and pose a new and lasting challenge to law enforcement agencies at all levels in how to prevent, investigate, and prosecute these crimes. Law enforcement agencies from the local to the federal level are beginning to institute specific units devoted to handling computer-related offenses, but there does not currently exist a uniform method to define and address computer crime and computer fraud. With this case study, we intend to analyze what the current level of understanding is regarding computer crime and computer fraud, as well as what is being done by law enforcement agencies to deal with these offenses. Using this information, we provided specific recommendations regarding computer-related offenses in the future including: • Uniform definition • Organizational requirements and procedures • Tools necessary to successful operation of computer crime units 3 Introduction Throughout the past several decades there have been numerous advances in electronic resources.
    [Show full text]
  • Cybercrime: an Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws
    Order Code 97-1025 CRS Report for Congress Received through the CRS Web Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws Updated June 28, 2005 Charles Doyle Senior Specialist American Law Division Alyssa Bartlett Weir Law Clerk American Law Division Congressional Research Service ˜ The Library of Congress Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws Summary The federal computer fraud and abuse statute, 18 U.S.C. 1030, protects federal computers, bank computers, and computers used in interstate and foreign commerce. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a comprehensive provision, but instead it fills crack and gaps in the protection afforded by other federal criminal laws. This is a brief sketch of section 1030 and some of its federal statutory companions. In their present form, the seven paragraphs of subsection 1030(a) outlaw: ! computer trespassing (e.g., hacking) in a government computer, 18 U.S.C. 1030(a)(3); ! computer trespassing (e.g., hackers) resulting in exposure to certain governmental, credit, financial, or commercial information, 18 U.S.C. 1030(a)(2); ! damaging a government computer, a bank computer, or a computer used in interstate or foreign commerce (e.g., a worm, computer virus, Trojan horse, time bomb, a denial of service attack, and other forms of cyber attack, cyber crime, or cyber terrorism), 18 U.S.C. 1030(a)(5); ! committing fraud an integral part of which involves unauthorized access to a government computer, a bank computer, or a computer used in interstate or foreign commerce, 18 U.S.C.
    [Show full text]
  • Credit Card Fraud: a New Perspective on Tackling an Intransigent Problem
    Fordham Journal of Corporate & Financial Law Volume 16 Issue 4 Article 2 2011 Credit Card Fraud: A New Perspective On Tackling An Intransigent Problem Lydia Segal Benjamin Ngugi Jafar Mana Follow this and additional works at: https://ir.lawnet.fordham.edu/jcfl Part of the Consumer Protection Law Commons Recommended Citation Lydia Segal, Benjamin Ngugi, and Jafar Mana, Credit Card Fraud: A New Perspective On Tackling An Intransigent Problem, 16 Fordham J. Corp. & Fin. L. 743 (2011). Available at: https://ir.lawnet.fordham.edu/jcfl/vol16/iss4/2 This Article is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Fordham Journal of Corporate & Financial Law by an authorized editor of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact [email protected]. Credit Card Fraud: A New Perspective On Tackling An Intransigent Problem Cover Page Footnote Lydia Segal is an Associate Professor of Business Law and Ethics at Suffolk University’s Sawyer Business School. With degrees from Harvard Law School and Oxford, her specialty is organizational stewardship and integrity. Her latest book is Battling Corruption in America’s Public Schools (Harvard University Press). ** Dr. Benjamin Ngugi, is an Associate Professor in the Information Systems and Operations Management Department at Suffolk University’s Sawyer Business School. He received his Ph.D. in Information Systems from New Jersey Institute of Technology and his bachelors degree in Electrical and Electronics Engineering from University of Nairobi, Kenya. He conducts his research in the areas of identity fraud, biometrics, security compliance, e-Health security and technology adoption.
    [Show full text]
  • Cybercrime: an Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws
    Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws Charles Doyle Senior Specialist in American Public Law October 15, 2014 Congressional Research Service 7-5700 www.crs.gov 97-1025 Cybercrime: An Overview of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, outlaws conduct that victimizes computer systems. It is a cyber security law. It protects federal computers, bank computers, and computers connected to the Internet. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a comprehensive provision, but instead it fills cracks and gaps in the protection afforded by other federal criminal laws. This is a brief sketch of CFAA and some of its federal statutory companions, including the amendments found in the Identity Theft Enforcement and Restitution Act, P.L. 110-326, 122 Stat. 3560 (2008). In their present form, the seven paragraphs of subsection 1030(a) outlaw • computer trespassing (e.g., hacking) in a government computer, 18 U.S.C. 1030(a)(3); • computer trespassing (e.g., hacking) resulting in exposure to certain governmental, credit, financial, or computer-housed information, 18 U.S.C. 1030(a)(2); • damaging a government computer, a bank computer, or a computer used in, or affecting, interstate or foreign commerce (e.g., a worm, computer virus, Trojan horse, time bomb, a denial of service attack, and other forms of cyber attack, cyber crime, or cyber terrorism), 18 U.S.C.
    [Show full text]
  • A REEVALUATION of the COMPUTER FRAUD and ABUSE ACT by Reid Skibelt
    CYBERCRIMES & MISDEMEANORS: A REEVALUATION OF THE COMPUTER FRAUD AND ABUSE ACT By Reid Skibelt ABSTRACT This Article contends that the Computer Fraud and Abuse Act is an overly punitive and largely ineffective approach to combating computer crime based on two fundamental critiques. The 1986 version of the CFAA contemplated a core distinction between harmless trespass and more substantial intrusions. Over time, this distinction has become ob- scured and is resulting in over-criminalization of offenders. Furthermore, the increased penalties for computer crime created by the USA PA- TRIOT Act, and the Cyber Security Enhancement Act, are unjust in ap- plication and ineffectual in deterring prospective computer criminals. TABLE OF CONTENTS I. IN TRO DUCTION ....................................................................................................... 9 10 II. THE EVOLUTION OF THE COMPUTER FRAUD AND ABUSE ACT ............................... 912 III. W HAT EXACTLY IS A "HACKER"? ..................................... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 917 IV. COPYING OF FILES AND THE TROPHY PROBLEM ..................................................... 922 V. M ENS REA AND THE $5,000 THRESHOLD ................................................................ 926 A. The Problem of "Resecuring" Costs .............................................................. 928 B. The Problem of Calculating Intangible Harms .............................................. 932 VI. THE USAPA AND THE PUNITIVE APPROACH TO CYBERCRIME ..............................
    [Show full text]
  • Prosecuting Computer Virus Authors: the Eedn for an Adequate and Immediate International Solution Kelly Cesare University of the Pacific, Mcgeorge School of Law
    Global Business & Development Law Journal Volume 14 Issue 1 Symposium: Biotechnology and International Article 10 Law 1-1-2001 Prosecuting Computer Virus Authors: The eedN for an Adequate and Immediate International Solution Kelly Cesare University of the Pacific, McGeorge School of Law Follow this and additional works at: https://scholarlycommons.pacific.edu/globe Part of the International Law Commons Recommended Citation Kelly Cesare, Prosecuting Computer Virus Authors: The Need for an Adequate and Immediate International Solution, 14 Transnat'l Law. 135 (2001). Available at: https://scholarlycommons.pacific.edu/globe/vol14/iss1/10 This Comments is brought to you for free and open access by the Journals and Law Reviews at Scholarly Commons. It has been accepted for inclusion in Global Business & Development Law Journal by an authorized editor of Scholarly Commons. For more information, please contact [email protected]. Comments Prosecuting Computer Virus Authors: The Need for an Adequate and Immediate International Solution Kelly Cesare * TABLE OF CONTENTS 1. INTRODUCTION ............................................... 136 II. THE CRIME OF THE COMPUTER VIRUS ............................. 138 A. The New Crime: The Computer Virus ......................... 139 1. What is a Computer Virus? .............................. 139 2. The Role of the Computer Virus in CriminalLaw ............ 141 3. Illustrative Examples of Recent Virus Outbreaks ............. 143 a. M elissa .......................................... 143 b. Chernobyl .......................................
    [Show full text]
  • Reducing Payment-Card Fraud
    Walden University ScholarWorks Walden Dissertations and Doctoral Studies Walden Dissertations and Doctoral Studies Collection 2020 Reducing Payment-Card Fraud Chares R. Ross Walden University Follow this and additional works at: https://scholarworks.waldenu.edu/dissertations Part of the Computer Sciences Commons, and the Quantitative, Qualitative, Comparative, and Historical Methodologies Commons This Dissertation is brought to you for free and open access by the Walden Dissertations and Doctoral Studies Collection at ScholarWorks. It has been accepted for inclusion in Walden Dissertations and Doctoral Studies by an authorized administrator of ScholarWorks. For more information, please contact [email protected]. Walden University College of Management and Technology This is to certify that the doctoral study by Charles Ross has been found to be complete and satisfactory in all respects, and that any and all revisions required by the review committee have been made. Review Committee Dr. Diane Dusick, Committee Chairperson, Doctor of Business Administration Faculty Dr. Lisa Pearo, Committee Member, Doctor of Business Administration Faculty Dr. Alexandre Lazo, University Reviewer, Doctor of Business Administration Faculty Chief Academic Officer and Provost Sue Subocz, Ph.D. Walden University 2020 Abstract Reducing Payment-Card Fraud By Charles Ross M.S. University of Phoenix, 2010 M.B.A, DeVry University, 2004 BS, DeVry University, 1993 Doctoral Study Submitted in Partial Fulfillment Of the Requirements for the Degree of Doctor of Business Administration Walden University June 2020 Abstract Critical public data in the United States are vulnerable to theft, creating severe financial and legal implications for payment-card acceptors. When security analysts and managers who work for payment card processing organizations implement strategies to reduce or eliminate payment-card fraud, they protect their organizations, consumers, and the local and national economy.
    [Show full text]
  • Interpreting Access and Authorization in Computer Misuse Statutes
    ARTICLES CYBERCRIME'S SCOPE: INTERPRETING "ACCESS" AND "AUTHORIZATION" IN COMPUTER MISUSE STATUTES ORIN S. KERR* The federal government, all fifty states, and dozens of foreign countries have enacted computer crime statutes that prohibit "unauthorizedaccess" to computers. No one knows what it means to "access" a computer, however, or when access becomes "unauthorized." The few courts that have construed these terms have offered widely varying interpretations. Several recent decisions suggest that any breach of contract renders an access unauthorized, broadly criminalizing contract law on the Internet. In this Article, Professor Orin Kerr explains the origins of unauthorized access statutes, and examines why the early beliefs that such statutes articulated a clear standard have proven remarkably naive. He then shows how and why the courts have construed these statutes in an overly broad manner that threatens to criminalize a surprising range of innocuous conduct involving com- puters. Finally, Professor Kerr offers a normative proposal for interpreting "access" and "authorization." Courts should reject a contract-based theory of authorization,and should limit the scope of unauthorized access statutes to circum- vention of code-based restrictions on computer privileges. This proposed interpre- tation best mediates between securing privacy and protecting the liberty interests of Internet users. It also mirrors criminal law's traditional treatment of consent defenses, and avoids possible constitutional difficulties that may arise under the broader constructions that courts have recently favored. INTRODUCTION Justice Holmes once noted that when a legislature enacts a new crime, "it is reasonable that a fair warning should be given to the world in language that the common world will understand, of what the law intends to do if a certain line is passed.
    [Show full text]
  • The Computer Fraud & Abuse
    Science and Technology Law Review Volume 16 | Number 3 Article 5 2013 The omputC er Fraud & Abuse Act: Failing to Evolve with the Digital Age W. Cagney McCormick Follow this and additional works at: https://scholar.smu.edu/scitech Recommended Citation W. Cagney McCormick, The Computer Fraud & Abuse Act: Failing to Evolve with the Digital Age, 16 SMU Sci. & Tech. L. Rev. 481 (2013) https://scholar.smu.edu/scitech/vol16/iss3/5 This Article is brought to you for free and open access by the Law Journals at SMU Scholar. It has been accepted for inclusion in Science and Technology Law Review by an authorized administrator of SMU Scholar. For more information, please visit http://digitalrepository.smu.edu. The Computer Fraud & Abuse Act: Failing to Evolve with the Digital Age W. Cagney McCormick* I. INTRODUCTION The Internet's evolving nature makes it difficult for the United States to develop and implement electronic criminal and civil laws that protect Ameri- cans, while continuing to follow constitutional fundamentals. Computer fraud and cyber attacks are carried out every day against citizens and corpo- rations while the federal government continues to fight cybercrime with an inadequate, outdated federal statute. The statute, known as the Computer Fraud and Abuse Act ("CFAA"), imposes civil and criminal liability on cybercriminals who undertake Internet attacks on corporations and the gov- ernment.' However, the use of one statute to prosecute both civil and crimi- nal cybercrimes distorts its applicability in case law. The CFAA's outdated language and idea of electronic communications needs to be updated regu- larly with a proactive mindset instead of the reactive mindset Congress has been using for decades.
    [Show full text]
  • Is Selling Malware a Federal Crime?
    40737-nyu_93-5 Sheet No. 132 Side A 11/09/2018 11:36:55 \\jciprod01\productn\N\NYU\93-5\NYU507.txt unknown Seq: 1 7-NOV-18 17:04 IS SELLING MALWARE A FEDERAL CRIME? MARCELO TRIANA* Congress enacted the Computer Fraud and Abuse Act (CFAA) to impose criminal penalties for a variety of computer misuse offenses. One provision, 18 U.S.C. § 1030(a)(5)(A), criminalizes hacking and the use of malicious software (“malware”) by making it a crime to transmit code (i.e., malware) with “intent to cause damage.” Today, § 1030(a)(5)(A) fails to adequately police the black market for malware. The United States Department of Justice has recently used the statute to combat these markets by prosecuting hackers who sold malware. This Note argues that § 1030(a)(5)(A) is ill suited to combat the sale of malware for two rea- sons. First, certain types of malware do not fit under the CFAA’s definition of “damage.” Second, selling malware does not necessarily satisfy the statute’s “intent” element. Ultimately, the black market for malware needs to be policed, and Congress must amend the CFAA’s outdated elements to deal with the dangers of malware attacks on our increasingly connected society. INTRODUCTION ................................................. 1312 R I. THE EVOLUTION OF FEDERAL COMPUTER MISUSE CRIMES ADDRESSING MALWARE ....................... 1316 R A. Early Attempts to Address Cybercrime .............. 1316 R B. The Computer Fraud and Abuse Act (CFAA) ...... 1319 R 1. The Violent Crime Control and Law Enforcement Act of 1994........................ 1321 R 2. The National Information Infrastructure Protection Act of 1996 .........................
    [Show full text]