B.1.1. Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act (CFAA) was passed by the US Congress in 1986. The CFAA applies to cases of computer-related crimes that are relevant to federal as opposed to state law. It doesn't just target hackers, but also any interstate criminal activity that involves computers, such as money laundering or illegal gambling (though this is generally prosecuted under other statutes). The CFAA differs from the UK Computer Misuse Act in one important way: like many US laws it contains the concept of conspiracy.
Consider the following example: I decide I want to hack a telephone company in New York and I live in Washington DC. I call you (my partner in crime) on the phone and we discuss it, but unfortunately the FBI is monitoring the call. Any action that either of us now takes (even if we break no laws) to further the goal of compromising the telephone company is going to put both of us in a federal prison for conspiracy. The CFAA contains the following offences:
Knowingly accessing a computer without authorization in order to obtain national security data;
Accessing a computer without authorization;
Knowingly accessing a protected computer with the intent to defraud and thereby obtaining anything of value;
Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization and, as a result of such conduct, causing damage;
Knowingly and with the intent to ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
