1 / 98

Unauthorized Access to Computers

Unauthorized Access to Computers. Sean B. Hoar sean.hoar@usdoj.gov 541-465-6792 (voice). Readings. United States v. Morris , 928 F.2d 504 (2 nd Cir.), cert. denied , 502 U.S. 817, 112 S.Ct. 72 (1991); United States v. Trotter, 478 F.3d 918 (8th Cir. 2007);

raisie
Download Presentation

Unauthorized Access to Computers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unauthorized Access to Computers Sean B. Hoar sean.hoar@usdoj.gov 541-465-6792 (voice)

  2. Readings . . . United States v. Morris, 928 F.2d 504 (2nd Cir.), cert. denied, 502 U.S. 817, 112 S.Ct. 72 (1991); United States v. Trotter, 478 F.3d 918 (8th Cir. 2007); United States v. Kilbride, 584 F.3d 1240 (9th Cir. 2009); LVRC Holding v. Brekka, 581 F.3d 1127 (9th Cir. 2009); United States Sentencing Guidelines § 2B1.1

  3. United States Sentencing Guidelines The USSG were developed to combat perceived disparate federal sentencing practices. USSG divided into types of offense conduct. USSG provide for a base offense level which is then increased or decreased based upon aggravating or mitigating factors.

  4. United States Sentencing Guidelines • Offense Level • Base Offense Level • Specific Offense Characteristics • Cross References • Aggravating/Mitigating Factors • Acceptance of Responsibility • Departures • Total Offense Level • Criminal History Category • Applicable Advisory Sentencing Guideline Range

  5. United States Sentencing Guidelines • Discussion Questions: Punitive sanctions in fraud cases are largely driven by the amount of financial loss. Do you think that is an appropriate basis for punishment? If so, why? If not, why not? In addition to financial loss, punitive sanctions in fraud cases may be enhanced due to “Specific Offense Characteristics.” Do you believe these “characteristics” capture the appropriate potential scope of an offense?

  6. United States Sentencing Guidelines Discussion Questions: Do you believe the Sentencing Guidelines favor one party to a criminal case (the prosecution or defense) over another? Why? Do you believe the Sentencing Guidelines should take into account non-economic damages, such as harm to reputation or credit record? If so, how? If not, why?

  7. Prosecution guidelines for computer fraud(for U.S. Attorney’s Office in Oregon) • Prosecution is authorized where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist. The federal offense requires one of the following required factors: • The offense involved espionage. 18 U.S.C. § 1030(a)(1); • The victim is a financial institution or a federal government agency. § 1030(a)(2) and (3); • The offense affected use of a protected computer. § 1030(a)(3). • The offense was in furtherance of a fraud scheme. § 1030(a)(4). • The offense caused “damage” (see definition at § 1030(e)(8)). § 1030(a)(5); • The offense involved trafficking in passwords or similar information. § 1030(a)(6). (See also 18 U.S.C. § 1029(a)(3) relating to possession of unauthorized access devices); • The offense involved threats or extortion. § 1030(a)(7).

  8. Prosecution guidelines for computer fraud(for U.S. Attorney’s Office in Oregon) • The following aggravating factors may justify prosecution when the loss is less than $70,000: • The defendant has a prior criminal record, particularly one involving computers; • The offense involved more than one victim; • The offense involved sophisticated methods or a conspiracy; • The offense involved abuse of a position of trust. • The above aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis. For offenses involving traditional fraud committed through using the Internet or otherwise using a computer, prosecution will be authorized if the matter would be prosecuted under these guidelines if committed without the use of a computer.

  9. United States v. Morris • Facts: In 1987, Morris graduated from Harvard. In 1988, while a graduate student at Cornell he developed and released a “worm” into the developing Internet. The worm duplicated itself at an unexpectedly rapid pace, causing many university, military and medical research computers to crash.

  10. United States v. Morris • Issues: • (1) Must the government prove not only that Morris intended to access a federal interest computer, but that he intended to prevent authorized use of the computer's information and thereby cause loss? • (2) What satisfies the statutory requirement of “access without authorization”?

  11. United States v. Morris • Holding: • (1) After conducting an analysis of the legislative history, the court held that the “intentionally” mens rea applied only to the “accesses” phrase of the statute and not to the “damages” phrase. • (2) The court also held that Morris’ release of the worm constituted access without authorization as he used certain application features beyond their intended function and his access went beyond the computers at Cornell, Harvard and Berkeley to which he had authorized access.

  12. United States v. Morris • Pre- and Post-script for Robert Tappan Morris • The son of Robert Morris, a former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA). • 1983 - Graduated Valedictorian from Delbarton High School, Morristown, New Jersey; • 1987 - Received A.B. from Harvard; • 1988 - Released “Morris worm” while a graduate student at Cornell; • 1989 – First person indicted under the Computer Fraud and Abuse Act of 1986 - on July 26, 1989; • 1990 - Convicted and sentenced to three years of probation, 400 hours of community service, a fine of $10,050., and the cost of his supervision; • 1995 – Cofounded Viaweb, a start-up company that made software for building online stores; • 1998 – Sold Viaweb for $48 millionto Yahoo who renamed the software "Yahoo! Store“; • 1999 - Received Ph.D. in Applied Sciences from Harvard; • 1999 - Appointed as a professor at MIT where he is currently tenured in the Electrical Engineering and Computer Science Department.

  13. United States v. Trotter • Facts/issue: Trotter was charged with violating 18 USC §1030(a)(5)(A)(i) for hacking into a Salvation Army computer. On appeal, he challenged the constitutionality of the CFAA, as applied, because he hacked into the Salvation Army computer, located in Missouri, from his home computer, also located in Missouri. He contended that in this circumstance, the Salvation Army computer was not a “protected computer” as defined by the CFAA. He argued that since virtually all computers are connected to the Internet, Congress never intended mere Internet connectivity as a prerequisite to jurisdiction.

  14. United States v. Trotter • Holding: The court rejected Trotter’s argument, holding instead that the Internet is an instrumentality of interstate commerce, and if the Salvation Army’s computer was connected to the Internet, it was intertwined with interstate commerce and properly within the realm of the Commerce Clause. An attack on a computer connected to the Internet, which is an instrumentality of interstate commerce, is sufficient to bring the act under the CFAA.

  15. U.S. v. Kilbride (the D.Ct. case) Facts:This case involved one of the first contested trials under the CAN-SPAM Act.  The defendants were convicted of multiple violations of the Act.  Their criminal scheme was to use spam to disseminate pornography.  This opinion provides a nice description of the case, and establishes the elements of the statutory offense (false header information; falsification of domain registration information), and how the government proved the elements at trial.  The defendants were sentenced to serve over five years in jail, fined $100,000, ordered to pay $77,500 to AOL, and ordered to forfeit $1.1 million.  See, 2007 WL 2990116.

  16. U.S. v. Kilbride (9th Cir. case) Holding: The bulk of the 9th Circuit opinion discusses issues regarding contemporary community standards. However, the defendants also mounted an attack on the criminal provisions of the CAN-SPAM Act.  The court rejected the defendants’ challenge to their convictions, including a void for vagueness challenge of the CAN-SPAM Act. 

  17. LVRC Holding v. Brekka Facts: In civil case brought under 1030(a)(2) and (4), LVRC alleged that former employee Brekka accessed computer without authorization when, while still employed with LVRC, he accessed information he was authorized to access, but emailed it to his personal computer for his personal use. Notably, LVRC had no written employment agreement or any guidelines that would have prohibited such conduct.

  18. LVRC Holding v. Brekka Holding: Court found no violation of 1030 because while Brekka was employed by LVRC, he had authorization to access the information that he accessed and there was no agreement that he keep the information confidential or return or destroy the information.

  19. READING FOR NEXT CLASS • 18 U.S.C. §§ 1028 and 1028A - the federal identity theft statutes; • Flores-Figueroa v. United States, 129 S.Ct. 1886 (2009); • United States v. Abdelshafi, 2010 WL 279357 (Jan. 25, 2010); • United States v. Melendrez, 389 F.3d 829 (9th Cir. 2004); • Identity Theft: The Crime of the New Millennium, 80 Or L. Rev. 1423 (2001); • U.S.S.G. §2B1.1

  20. 18 U.S.C. § 1030 federal “computer fraud” statute • 18 U.S.C. § 1030(a)(1): Unauthorized access and obtains national security information for the purpose of espionage. • 18 U.S.C. § 1030(a)(2): Unauthorized access and obtains information from a financial institution or federal government computer. • 18 U.S.C. § 1030(a)(3): Unauthorized access which affects use of protected computer. • 18 U.S.C. § 1030(a)(4): Unauthorized access to protected computer in furtherance of a fraud scheme. • 18 U.S.C. § 1030(a)(5): Intentionally causes damage through transmission of program or code, intentionally accesses protected computer without authorization and recklessly causes damage, or intentionally accesses protected computer without authorization and causes damage. • 18 U.S.C. § 1030(a)(6): With intent to defraud traffics in passwords or similar information through which a computer may be accesses without authorization. • 18 U.S.C. § 1030(a)(7): With the intent to extort something of value, transmits threats to cause damage to protected computer.

  21. 18 U.S.C. § 1030 • The primary focus for purposes of the Cyber Crime Class will be Section 1030(a)(5) , the federal hacking statute. • Section 1030(a)(5)(A) prohibits the knowing transmission of code that intentionally causes damage to a protected computer. • Section 1030(a)(5)(B) prohibits the intentional access to a protected computer that recklessly causes damage. • Section 1030(a)(5)(C) prohibits the intentional access to a protected computer that negligently or accidentally causes damage. • Note: The increased mens rea equates to increased punitive sanctions under section1030(c).

  22. Text of 18 U.S.C. § 1030(a)(1) -- Obtaining information by computer – injurious to USA • (a) Whoever-- • (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in . . . the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it; * * * • Shall be punished as provided in subsection (c) of this section.

  23. Statutory penalties for 18 U.S.C. § 1030(a)(1) – Obtaining information by computer -- injurious to USA a fine of $250,000 or imprisonment for not more than ten (10) years, or both, if it is a first offense under § 1030; a fine of $250,000 or imprisonment for not more than twenty (20) years, or both, if the offense occurs after a prior conviction under § 1030.

  24. Sentencing guidelines for 18 U.S.C. § 1030(a)(1) • § 2M3.2. Gathering National Defense Information • (a) Base Offense Level: • (1) 35, if top secret information was gathered; or • (2) 30, otherwise.

  25. Text of 18 U.S.C. § 1030(a)(2) – Obtaining information by computer – from financial institution or government computer • (a) Whoever— * * * • (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains-- • (A) information contained in a financial record of a (federally insured) financial institution, or of a card issuer as defined in § 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.); • (B) information from any department or agency of the United States; or • (C) information from any protected computer if the conduct involved an interstate or foreign communication; * * * • Shall be punished as provided in subsection (c) of this section.

  26. Definition of “protected computer” • 18 U.S.C. § 1030(e)(2) the term "protected computer" means a computer- • (A) exclusively for the use of a federally insured financial institution or the United States government, or, in the case of a computer not exclusively for such use, • used by or for a federally insured financial institution or • the United States government and • the conduct constituting the offense affects that use by or for the financial institution or the government; or • (B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

  27. Statutory penalties for 18 U.S.C. § 1030(a)(2) – Obtaining information by computer – from financial institution or government computer • a fine of $250,000 or imprisonment for not more than one (1) year, or both, if it is a first offense under § 1030; • a fine of $250,000 or imprisonment for not more than five (5) years, or both, in the case of an offense under subsection (a)(2), or an attempt to commit an offense punishable under this subparagraph, if– • (i) the offense was committed for purposes of commercial advantage or private financial gain; • (ii) the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or • (iii) the value of the information obtained exceeds $5,000; • a fine of $250,000 or imprisonment for not more than ten (10) years, or both, if the offense occurs after a prior conviction under 1030.

  28. Elements of 18 U.S.C. 1030(a)(2)(A) & (B) – Obtaining information by computer – from financial institution or government computer • (1) D intentionally accessed without authorization or exceeded authorized access to a computer; and • (2) By accessing without authorization or exceeding authorized access to a computer, D obtained information • contained in a record of a federally insured financial institution or credit card issuer or • contained in a file of consumer reporting agency on a consumer or • from any department or agency of the United States.

  29. Elements of 18 U.S.C. 1030(a)(2)(C) – Obtaining information by computer – from protected computer • (1) D intentionally accessed without authorization or exceeded authorized access to a computer; • (2) By accessing without authorization or exceeding authorized access to a computer, D obtained information from • a computer exclusively for the use of a federally insured financial institution or the United States Government, or • not exclusively for the use of a federally insured financial institution or the United States Government, but the defendant’s conduct affected the computer’s use by or for the financial institution or government, or • used in or affecting interstate or foreign commerce or communication, including a computer outside the U.S. that is used in a manner that affects interstate or foreign commerce or communication of the U.S.

  30. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer U.S.S.G. § 2B1.1. Larceny, Embezzlement, and Other Forms of Theft; Offenses Involving Stolen Property; Property Damage or Destruction; Fraud and Deceit; Forgery; Offenses Involving Altered or Counterfeit Instruments Other than Counterfeit Bearer Obligations of the United States (a)(2) Base Offense Level: 6

  31. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • U.S.S.G. 2B1.1(b) Specific Offense Characteristics • (1) If the loss exceeded $5,000, increase the offense level as follows: • Loss (Apply the Greatest) Increase in Level • (A) $5,000 or less no increase • (B) More than $5,000 add 2 • (C) More than $10,000 add 4 • (D) More than $30,000 add 6 • (E) More than $70,000 add 8 • (F) More than $120,000 add 10 • (G) More than $200,000 add 12 • (H) More than $400,000 add 14 • (I) More than $1,000,000 add 16 • (J) More than $2,500,000 add 18 • (K) More than $7,000,000 add 20 • (L) More than $20,000,000 add 22 • (M) More than $50,000,000 add 24 • (N) More than $100,000,000 add 26.

  32. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • U.S.S.G. 2B1.1(b) Specific Offense Characteristics -- multiple victim enhancement * * * • (2) (Apply the greater) If the offense— • (A)(i) involved more than 10, but less than 50, victims; or (ii) was committed through mass-marketing, increase by 2 levels; or • (B) involved 50 or more victims, increase by 4 levels • (C) involved 250 or more victims, increase by 6 levels. • “Victim” means any person who sustained any part of the actual loss. “Person” includes individuals, corporations, companies, etc.

  33. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • U.S.S.G. 2B1.1(b)(14) (Apply the greater) If— • (A) the defendant derived more than $1,000,000 in gross receipts from one or more financial institutions as a result of the offense, increase by 2 levels; or • (B) increase by 4 levels if the offense substantially • jeopardized the safety and soundness of a financial institution, or • endangered the solvency or financial security of an organization that, at any time during the offense • Was a publicly traded company, or • Had 1000 or more employees, or • Endangered the solvency or financial security of 100 or more victims. • If the resulting offense level is less than level 24, increase to level 24.

  34. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • U.S.S.G. 2B1.1(b)(15): increase by 2 levels if • D was convicted under 1030 and offense involved an intent to obtain personal information, or • The offense involved the unauthorized public dissemination of personal information

  35. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • (16)(A) (Apply the greatest) If the defendant was convicted of an offense under: • (i) 18 U.S.C. § 1030, and the offense involved (I) a computer system used to maintain or operate a critical infrastructure, or used by or for a government entity in furtherance of the administration of justice, national defense, or national security, increase by 2 levels. • (ii) 18 U.S.C. § 1030(a)(5)(A), increase by 4 levels. • (iii) 18 U.S.C. § 1030, and the offense caused a substantial disruption of a critical infrastructure, increase by 6 levels. • (B) If subdivision (A)(iii) applies, and the offense level is less than level 24, increase to level 24.

  36. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • §3B1.1. Aggravating Role -- Based on the defendant’s role in the offense, increase the offense level as follows: • (a) If the defendant was an organizer or leader of a criminal activity that involved five or more participants or was otherwise extensive, increase by 4 levels. • (b) If the defendant was a manager or supervisor (but not an organizer or leader) and the criminal activity involved five or more participants or was otherwise extensive, increase by 3 levels. • (c) If the defendant was an organizer, leader, manager, or supervisor in any criminal activity other than described in (a) or (b), increase by 2 levels.

  37. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • §3B1.2. Mitigating Role -- Based on the defendant’s role in the offense, decrease the offense level as follows: • (a) If the defendant was a minimal participant in any criminal activity, decrease by 4 levels. • (b) If the defendant was a minor participant in any criminal activity, decrease by 2 levels. • In cases falling between (a) and (b), decrease by 3 levels.

  38. Sentencing guidelines for 18 U.S.C. 1030(a)(2) Obtaining information by computer • §3B1.3. Abuse of Position of Trust or Use of Special Skill -- • If the defendant abused a position of public or private trust, or used a special skill, in a manner that significantly facilitated the commission or concealment of the offense, increase by 2 levels. This adjustment may not be employed if an abuse of trust or skill is included in the base offense level or specific offense characteristic. If this adjustment is based upon an abuse of a position of trust, it may be employed in addition to an adjustment under §3B1.1 (Aggravating Role); if this adjustment is based solely on the use of a special skill, it may not be employed in addition to an adjustment under §3B1.1 (Aggravating Role).

  39. Text of 18 U.S.C. 1030(a)(3) Unlawfully accessing non-public computer used by the government • (a) Whoever— * * * • (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States; * * * • Shall be punished as provided in subsection (c) of this section.

  40. Penalties for 18 U.S.C. 1030(a)(3) Unlawfully accessing non-public computer used by the government a $250,000 fine or imprisonment for not more than one (1) year, or both, if it is a first offense under section 1030; a $250,000 fine or imprisonment for not more than ten (10) years, or both, if the offense occurs after a prior conviction under section 1030.

  41. Sentencing guidelines for 18 U.S.C. 1030(a)(3) Unlawfully accessing non-public computer used by the government • §2B2.3. Trespass • (a) Base Offense Level: 4 • (b) Specific Offense Characteristics • Increase by 2 levels if the trespass occurred (A) at a secured government facility; (B) at a nuclear energy facility; (C) on a vessel or aircraft of the United States; (D) in a secured area of an airport or a seaport; (E) at a residence; (F) at Arlington National Cemetery or a cemetery under the control of the National Cemetery Administration; or (G) on a computer system used • To maintain or operate a critical infrastructure, or • By or for a government entity in furtherance of the administration of justice, • Increase by 2 levels if a dangerous weapon (including a firearm) was possessed. • If the offense involved invasion of a protected computer; the loss resulting from the invasion • exceeded $2,000 but did not exceed $5,000, increase by 1 level; or • exceeded $5,000, increase by the number of levels from the table in §2B1.1 (Theft, Property Destruction, and Fraud) corresponding to that amount.

  42. Text of 18 U.S.C. 1030(a)(4) - computer fraud – use of “protected computer” • (a) Whoever – * * * • (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period; * * * • Shall be punished as provided in subsection (c) of this section.

  43. Penalties for18 U.S.C. 1030(a)(4) -Computer fraud – use of protected computer a $250,000 fine or imprisonment for not more than five (5) years, or both, if it is a first offense under section 1030; a $250,000 fine or imprisonment for not more than ten (10) years, or both, if the offense occurs after a prior conviction under section 1030.

  44. Sentencing guidelines for 18 U.S.C. 1030(a)(4) – computer fraud – use of a protected computer • U.S.S.G. 2B1.1. • (a)(2) Base Offense Level: 6 • Loss? • Multiple victims? • Means of identification used to create other means of identification? • Involve intent to obtain personal information? • Involve unauthorized public dissemination of personal information? • Involve computer used to operate critical infrastructure, further administration of justice or national security?

  45. Text of 18 U.S.C. 1030(a)(5) Damage to a protected computer • (a) Whoever – * * * • (5) • (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; • (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or • (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss; and

  46. Definition of “damage” and “loss” • 18 U.S.C. 1030(e)(8) provides that the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information; • 18 U.S.C. 1030(e)(11) provides that the term "loss" means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service;

  47. Text of 18 U.S.C. 1030(a)(5)(A) Intentional damage to a protected computer • (a) Whoever – * * * • (5)(A) • knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; * * * • Shall be punished as provided in subsection (c) of this section.

  48. Penalties for 18 U.S.C. 1030(a)(5)(A) Intentional damage to a protected computer • a $250,000 fine, imprisonment for not more than ten (10) years, or both, if it is a first offense under section 1030, if • (i) loss to 1 or more persons during any 1-year period aggregating at least $5,000 in value; • (ii) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals; • (iii) physical injury to any person; • (iv) a threat to public health or safety; or • (v) damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security; or • (vi) damage affecting 10 or more protected computers during any 1-year period. • a $250,000 fine, imprisonment for not more than 20 years, or both, in if the offense occurs after a prior conviction under section 1030.

  49. Penalties for 18 U.S.C. 1030(a)(5)(A) Intentional damage to a protected computer A $250,000 fine, imprisonment for not more than 20 years, or both -- if the offender knowingly or recklessly causes or attempts to cause serious bodily injury from conduct in violation of subsection (a)(5)(A); and A $250,000 fine, imprisonment for any term of years or for life, or both -- if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A);

  50. Elements of 18 U.S.C. 1030(a)(5)(A) Intentional damage to a protected computer • (1) D knowingly caused the transmission of a program, code, command, or information to a computer without authorization; • (2) As a result of the transmission, D intentionally impaired the integrity or availability of data, a program, a system, or information; and • (3) The computer damaged was • used exclusively by a financial institution or the United States government, • not used exclusively by a financial institution or the United States government, but D's transmission affected the computer's use by or for a financial institution or the United States government, or • used in interstate or foreign commerce or communication.

More Related