Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. New trends in cyber crime are emerging all the time, with estimated costs to the global economy running to billions of dollars.
In the past, cyber crime was committed mainly by individuals or small groups. Today, we are seeing highly complex cyber criminal networks bring together individuals from across the globe in real time to commit crimes on an unprecedented scale. Criminal organizations turning increasingly to the Internet to facilitate their activities and maximize their profit in the shortest time. The crimes themselves are not necessarily new – such as theft, fraud, illegal gambling, sale of fake medicines – but they are evolving in line with the opportunities presented online and therefore becoming more widespread and damaging.
Most states have enacted internet and computer crimes statutes: many of these statutes not only provide for criminal prosecution but also for civil liability. In Texas, cyber crime is defined by the Texas Computer Crimes Statute (Penal Code, Title 7, Chapter 33) to include:
- Knowingly accessing a computer, computer network or computer system without the consent of the owner;
- Knowingly soliciting a minor under the age of 17 over the internet, text message, or other electronic system, to meet in person for the purpose of engaging in sexual behavior with the defendant;
- Knowingly accessing a computer system, network, program, software or machine that is part of a voting system that uses direct recording electronic voting machines and tampers with the votes or the ability of someone to vote.
- Creating a web page or leaving messages on a social networking site using the persona of another without the person's consent and with the intent to harm, defraud, intimidate or threaten someone; or
- Referencing the name, domain address, phone number or any other identifying information of a person without that person's consent, intending to cause the recipient to think the message is truly coming from that person, with the intent to harm or defraud someone.
For gaining access to a computer without the consent of the owner the penalty may range all the way from a "Class B" misdemeanor (up to 180 days in a county jail and/or a fine of up to $2,000) up to a first degree felony (five to 99 years in a state prison and/or a fine of up to $10,000). The factor influencing the degree of the penalty imposed is the value of money or property that the defendant benefitted from and/or was lost by the victim.
For soliciting a minor, the crime is charged as a third degree felony (two to ten years in state prison and/or a fine of up to $10,000). However, if the minor is under 14 years of age, then it may be a second degree felony (two to twenty years in a state prison and/or a fine of up to $10,000).
For tampering with a voting machine, the penalty is a first degree felony. This is a very serious penalty with a sentence between five to 99 years in a state prison and/or a fine of up to $10,000.
Online harassment is usually charged as a third degree felony; however, if the crime involves falsifying an electronic message with the intent to harm or defraud, the defendant may instead be charged with a "Class A" misdemeanor (not more than one year in a county jail and/or a fine of no more than $4,000). If the message was intended to summon a response by emergency personnel, it will be elevated to a third degree felony.
In addition to state laws, the federal government has entire sections and task forces which are dedicated to computer crimes. Computer crimes are most often classified as federal offenses when they involve "crossed" state lines or actions which are unlawful under federal law.
In 1986, Congress passed the Computer Fraud and Abuse Act (CFAA) . This law has been amended and expanded as internet technology has advanced, and it continues to form the basis for federal prosecutions of computer-related criminal activities. Other relevant federal statutes include the Electronic Communications Privacy Act (ECPA), the Identity Theft Enforcement and Restitution Act of 2008 (ITERA), and certain provisions of the USA PATRIOT Act.
The federal computer fraud and abuse statute protects federal computers, bank computers, and computers used in interstate and foreign commerce. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a comprehensive provision, but instead it fills crack and gaps in the protection afforded by other federal criminal laws. In general subsection 1030(a) criminalise:
• Computer trespassing (e.g., hacking) in a government computer, or on any computer if it results in exposure to certain governmental, credit, financial, or computer-housed information;
• Damaging a government computer, a bank computer, or a computer used in, or affecting, interstate or foreign commerce (e.g., a worm, computer virus, Trojan horse, time bomb, a denial of service at tack, and other forms of cyber attack, cyber crime, or cyber terrorism);
• Committing fraud, an integral part of which involves unauthorized access to a government computer, a bank computer, or a computer used in, or affecting, interstate or foreign commerce;
• Threatening to damage a government computer, a bank computer, or a computer used in or affecting interstate or foreign commerce;
• Trafficking in passwords for a government computer, or when the trafficking affects interstate or foreign commerce, and
• Accessing a computer to commit espionage.
In general, violations are punishable by imprisonment for not more than 10 years (not more than 20 years for second and subsequent offenses) and/or a fine of not more than $250,000 (not more than $500,000 for organizations). However, the general espionage sentencing guideline may also apply in some cases, which calls for a base sentencing level of 30 (carrying an initial sentencing range beginning at 8 years' imprisonment) and of 35 (an initial sentencing range beginning at 14 years) if top secret information is involved.
Further, if a violation is committed for terrorist purposes the minimum sentencing level is 32 and the criminal history category is VI which means the sentencing range begins at 17.5 years' imprisonment (and begins at 24.33 years' imprisonment if top secret information is involved).