Hacking Punishable up to 10+ Years in Federal Prison

Computer and Internet Fraud

Primary tabs


Fraud through the criminal use of a computer or the Internet can take many different forms. “Hacking” is a common form, in which a perpetrator uses technological tools to remotely access a protected computer or system. Another common form involves the interception of an electronic transmission unintended for the interceptor, such as passwords, credit card information, or other types of identity theft.

Statutory Definition

Computer fraud is defined in federal law in the Computer Fraud and Abuse Act (CFAA) as the access of a protected computer without authorization or exceeding authorization. The plain text of the statute appears to limit which computers are protected by the law:

(2) the term “protected computer” means a computer—
(A) …
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States

However, in practice a "protected computer" has been defined as any computer with Internet access,1 because the Internet is an "instrumentality and channel of interstate commerce".2  Thus, the courts apply the law to nearly all computers by invoking the Commerce Clause

Specifically, the CFAA prohibits computer espionage, computer trespassing in private or public computers, committing fraud with a computer, the distribution of malicious code, password trafficking, threatening to damage a protected computer. Although the CFAA is primarily a criminal statute, it does define a civil cause of action in § 1030(g).

Examples of computer or internet fraud in action include but are not limited to:

  • Emails requesting money in return for small deposits, also known as an advance-fee scam, such as the infamous Nigerian prince scam.
  • Emails attempting to gather personal information such as account numbers, Social Security numbers, and passwords; also known as phishing.
  • Using someone else’s computer to access personal information with the intent to use such fraudulently.
  • Installing spyware or malware to engage in data mining.
  • Violating copyright laws by copying information with the intent to sell it.
  • Hacking into or illegally using a computer to change information, such as grades, work reports, etc.
  • Sending computer viruses or worms with the intent to destroy or ruin another’s computer.
  • Denial of service, in which an authorized user’s access to a network is intentionally interrupted.

Violators may be prosecuted under:

See also White-collar crimeInvestor Protection Guide: Internet FraudOnline Copyright Infringement Liability Limitation Actspam.

Last updated in July of 2017 by Stephanie Jurkowski.