Legal Definitions - computer and internet fraud

Computer and internet fraud refers to a broad category of illegal activities that involve using computers, computer networks, or the internet to deceive, steal, or cause harm. These actions typically involve gaining unauthorized access to a computer system or network, or using such systems in ways that exceed authorized permissions, with the intent to commit fraud, theft, or other malicious acts.

In the United States, many of these offenses are addressed by the Computer Fraud and Abuse Act (CFAA). The CFAA is a federal law primarily designed to protect computers and networks from unauthorized access and misuse. It broadly defines a "protected computer" as almost any computer connected to the internet, recognizing the internet's role in interstate commerce.

The CFAA prohibits various activities, including:

• Accessing a computer without permission or going beyond the permission granted.
• Obtaining classified information or financial records from a protected computer without authorization.
• Committing fraud using a computer.
• Distributing malicious software like viruses or ransomware.
• Trafficking in stolen passwords or similar access information.
• Threatening to damage a protected computer.

Here are some examples illustrating computer and internet fraud:

• Example 1: Corporate Data Breach for Financial Gain

  A cybercriminal infiltrates a large online retailer's customer database by exploiting a vulnerability in their network security. The criminal then downloads sensitive customer information, including names, addresses, and encrypted payment card details, with the intention of selling this data on illicit online marketplaces. The retailer's systems are connected to the internet and process transactions across state lines.

  This scenario illustrates computer and internet fraud because the cybercriminal gained unauthorized access to a "protected computer" (the retailer's server) and exceeded authorization to obtain confidential data. The act of stealing and attempting to sell this information for profit constitutes fraud committed through computer misuse, directly violating the CFAA's prohibitions against unauthorized access to commit fraud and obtain information.

• Example 2: Ransomware Attack on a Healthcare Provider

  A malicious actor deploys ransomware onto the computer systems of a regional hospital, encrypting patient records, appointment schedules, and billing information. The hospital's operations are severely disrupted, and the attacker demands a cryptocurrency payment to provide the decryption key, threatening to permanently delete the data if the ransom is not paid.

  This is a clear instance of computer and internet fraud. The attacker used malicious software to gain unauthorized access and control over the hospital's "protected computers," disrupting critical services and attempting to extort money. This falls under the CFAA's prohibitions against distributing malicious code and committing fraud with a computer, as the intent is to defraud the hospital by holding its data hostage for financial gain.

• Example 3: Online Investment Impersonation Scam

  An individual creates a sophisticated fake website and social media profiles that closely mimic a well-known, reputable financial advisory firm. They then use these fake platforms to solicit investments from unsuspecting individuals, promising exceptionally high returns. Victims transfer funds, believing they are investing with the legitimate firm, but the money is instead diverted to the scammer's personal accounts.

  This constitutes computer and internet fraud because the perpetrator utilized internet platforms (websites and social media, accessed via "protected computers") to create a deceptive scheme. They engaged in fraud by misrepresenting their identity and services to steal money from victims, even if no "hacking" in the traditional sense occurred. The use of computers and the internet as instruments for deception and financial gain directly aligns with the definition of computer and internet fraud.