Unauthorized access to computer systems, commonly known as “hacking,” undoubtedly causes significant damage to individuals and businesses around the country. As often happens, however, the law has had difficulty keeping up with new technology. Federal law prohibits a wide range of computer fraud-related activities, but most offenses require proof that a defendant acted with intent, which is the most difficult mental state for prosecutors to prove. Perhaps as a result, some prosecutors have developed creative strategies to pursue alleged hackers. In one recently filed case, federal prosecutors have charged an individual under the federal hacking statute with no allegations that he personally engaged in any hacking activities. Instead, they essentially allege that he developed software with the intent that it would be used by hackers. United States v. Huddleston, No. 1:17-cr-00034, indictment (E.D. Va., Feb. 16, 2017).
Congress first enacted a criminal statute related to computer fraud, found at 18 U.S.C. § 1030, in 1984. It has amended this section numerous times over the years, perhaps most notably in 1986 with the Computer Fraud and Abuse Act (CFAA). That bill significantly expanded the legal definition of “computer fraud.” The original 1984 law made it a federal crime to access computer systems of the federal government or a financial institution without authorization. The CFAA added provisions about unauthorized access, or access that exceeds granted authority, to any “protected computer,” which it defined to include nearly any computer whose use affects interstate commerce. 18 U.S.C. §§ 1030(a)(4) – (6), (e)(2)(B).
Federal prosecutors are not accusing the defendant in Huddleston of hacking anybody. Instead, the alleged conduct leading to the indictment consisted solely of developing a software tool reportedly used by hackers. According to the indictment, the defendant created a “remote administration tool,” or “remote access trojan” (RAT), a type of software that allows a user to take control of someone else’s computer without their knowledge or consent. This RAT has allegedly been used in multiple cyberattacks around the world. Prosecutors allege that the defendant created this software for the specific purpose of making it available to hackers.
The indictment charges the defendant with two counts of aiding and abetting computer intrusions, as well as one count of conspiracy. The aiding and abetting charges cite a section of the CFAA that applies to someone who “intentionally accesses a protected computer without authorization.” 18 U.S.C. § 1030(a)(5)(B). Federal law allows charges against someone who merely aids and abets an alleged offense, id. at § 2, but the language of the statute suggests that prosecutors must prove that the defendant intended the software to be used in hacking. This should be a very tough burden of proof to bear.
These blog posts are meant to be illustrative only. Unless expressly stated to the contrary herein, these matters are not the result of any legal work of Michael J. Brown, but are used to communicate a particular point of view. Michael J. Brown does not claim credit for any legal work done by any lawyer or law firm either generally or specifically, with respect to the matters contained in this blog.
If you have been charged with an alleged criminal offense, a knowledgeable and experienced cyber crime attorney can help you understand your rights and prepare a strong defense. Michael J. Brown has represented defendants in West Texas criminal cases for over 20 years. Contact us today online or at (432) 687-5157 to schedule a confidential consultation to see how we can assist you.
More Blog Posts:
Federal Cybercrime Statute Covers Wide Range of Activity, Texas Criminal Lawyer Blog, January 25, 2017
Social Media, Digital Technology Create Unexpected Criminal Complications for Some Young People, Texas Criminal Lawyer Blog, January 25, 2017
How the U.S. Legal System Deals with Online “Trolling”, Texas Criminal Lawyer Blog, January 25, 2017