P5

According to Berris (2020) the Computer Fraud and Abuse Act (CFAA) 18 USC 1030 was a result of movie the 1983 thriller WarGames starring Matthew Broderick (p.2).   The Computer Fraud and Abuse Act (CFAA) 18 USC 1030 was established in 1984 to protect federal computers connected to the internet.  The definition of computers has been expanded to included smartphones, computer servers, fitness trackers. The law attempted to safeguard federal computers from “trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud”.  Berris (2020) disclosed CFAA made the following actions a federal crime:

1. Cyber Espionage (18 U.S.C. § 1030(a)(1)), obtaining national security information through unauthorized computer access and sharing or retaining it;
2. Obtaining certain types of information through unauthorized computer access; (18 U.S.C.
§ 1030(a)(2))
3. Government Computer Trespassing;( 18 U.S.C. § 1030(a)(3))
4. Computer Fraud (18 U.S.C. § 1030(a)(4)) through unauthorized computer access;
5. Damaging a computer (18 U.S.C. § 1030(a)(5)), knowingly causing damage to certain computers by transmission of a program, information, code, or command;
6. Password Trafficking (18 U.S.C. § 1030(a)(6)) or other means of unauthorized access to a computer;
7. Threats and Extortion (18 U.S.C. § 1030(a)(7)), used to harm a computer or based on information obtained through unauthorized access to a computer 

Although the CFAA has been amended, the rapid growth of internet crimes has outpaced the changes to the CFAA.   Below I have detailed several emerging tools which the CFAA has not been able to clearly draft laws which can be applied and enforced during prosecution.  Link to Law: https://uscode.house.gov/view.xhtml?req=(title:18%20section:1030%20edition:prelim)#amendment-note 

Botnets: Password Trafficking (18 U.S.C. § 1030(a)(6))
The government and businesses have employed botnets as an efficient cost saving tools. Botnets are used to complete repetitive task; however, botnets are also used as tool to interrupt businesses in the form of DDos (Denial of Service Attacks) and commit crimes. Berris (2020) argue “the DOJ recounted one undercover investigation that revealed a seller offering a botnet comprised of thousands of computers; prosecutors were unable to bring charges against the seller because it was unclear whether he had created the botnet or was simply selling it. The CFAA generally “criminalizes the creation of a botnet” (p.27).   

Ransomware:  Threats and Extortion (18 U.S.C. § 1030(a)(7))
Berris & Gaffney, (2021) revealed that in FY 2020 the Federal Bureau of Investigation (FBI) received nearly 2,500 ransomware complaints with losses exceeding $29 million (p.2).  Additionally, Alert (AA21-243A) noted (2021) in FY 2021 the FBI received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020 (para.3) According to Keller (2021) “Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access” (para.1).  Ransomware can gain access through email phishing or malware. Since, requested ransom payments are unrealistically high the results of an attack are disruption of business operations or closure. The possibility of ransom recovery and prosecution is minimized due to the fact the U.S. does not have extradition treaties with many of the countries which these criminals reside. To compound matters victims of ransomware maybe prosecuted if payments to persons black listed by the Office of Foreign Assets Control (OFAC). 

Reference

Alert (AA21-243A) Ransomware Awareness for Holidays and Weekends. CISA. (2021, August 31). https://www.cisa.gov/uscert/ncas/alerts/aa21-243a#:~:text=Ransomware%20Trends&text=From%20January%20to%20July%2031,same%20time%20frame%20in%202020  

Berris, P. G. (2020, September 21). Cybercrime and the Law: Computer Fraud and … – Congress. Congressional Research Service. https://crsreports.congress.gov/product/pdf/R/R46536  

Berris, P. G., & Gaffney, J. M. (2021, October 5). Ransomware and Federal Law: Cybercrime and Cybersecurity. Congressional Research Service. https://crsreports.congress.gov/product/pdf/R/R46932  

Keller, N. (2021, September 27). Ransomware . NIST.  https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/ransomware#:~:text=Ransomware%20is%20a%20type%20of,demand%20payment%20to%20restore%20access.&text=The%20ransomware%20takes%20advantage%20of,to%20propagate%20throughout%20the%20organization  

United States House of Representative. (n.d.). [USC02] 18 USC 1030: Fraud and related activity in connection with computers. https://uscode.house.gov/view.xhtml?req=%28title%3A18+section%3A1030+edition%3Aprelim%29#amendment-note