Cybercrime Reference

US Code

• 18 USC § 1001 Statements or entries generally (sometimes cited on federal websites as a statute that would be violated by a hack)
• 18 U.S.C. § 1029.  Fraud and Related Activity in Connection with Access Devices
• Computer Fraud and Abuse Act of 1986 18 U.S.C. 1030.
• 18 U.S.C. § 1362.  Communication Lines, Stations, or Systems
• 18 U.S.C. § 2511.  Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited
• 18 U.S.C. § 2701.  Unlawful Access to Stored Communications
• 18 U.S.C. § 2702.  Disclosure of Contents
• 18 U.S.C. § 2703.  Requirements for Governmental Access
• See FISMA and FIPS requirements for the USG
• See also the Fraudulent Online Identity Sanctions Act (criminalizing false WHOIS records)
• Patriot Act
• Redline Showing Changes Resulting from 2001 USA Patriot Act
• Economic Espionage Act
• Computer Fraud and Abuse Act of 1986 18 U.S.C. 1030.
  • Computer Fraud and Abuse Act of 1984
  • 18 U.S.C. 1030.
  • The Computer Fraud and Abuse Act was originally enacted in 1984 to provide a clear statement of proscribed activity concerning computers to the law enforcement community, those who own and operate computers and those tempted to commit crimes by unauthorized access to computers. Rather than having to ``boot-strap'' enforcement efforts against computer crime by relying on statutory restrictions designed for other offenses, the Computer Fraud and Abuse statute, 18 U.S.C. 1030, set forth in a single statute computer-related offenses. This first Federal computer crime statute made it a felony to access classified information in a computer without authorization and a misdemeanor to access financial records or credit histories in financial institutions or to trespass into a Government computer. Report of the Senate Committee on the Judiciary on the National Information Infrastructure Protection Act (August 27, 1996)
  • Judiciary Committee, S Report No 99-432
    • at 6: "the premise of 18 U.S.C. § 1030(a)(2) will remain the protection, for privacy reasons, of computerized credit records and computerized information relating to customers' relationship with financial institutions... Because the premise of this subsection is privacy protection, the Committee wishes to make clear that 'obtaining information' in this context includes mere observation of data.".
    • At 10: "[T]he mere use of a computer or computer service has a value all of its own. Mere trespasses onto someone else's computer system can cost the system provider a "prot" or access channel that he might otherwise be making available for a fee to an authorized user. At the same time, the Committee believes it important to distinguish clearly between acts of fraud under (a)(4), punishable as felonies, and acts of simple trespass, punishable in the first instance as misdemeanors. That distinction would be wiped out were the Committee to treat every trespass as an attempt to defraud a service provider of computer time."

Amendments

• Patriot Act
• National Information Infrastructure Protection Act of 1996

  On June 29, 1995, Senators Kyl, Leahy, and Grassley introduced the NII Protection Act, S. 982. At hearings in both the House of Representatives and the Senate, representatives from Federal law enforcement agencies expressed the need for, and their support of, this bill. Specifically, Attorney General Janet Reno discussed the provisions of S. 982 in her October 30, 1995, responses to written questions in connection with the June 27, 1995, Judiciary Committee oversight hearing of the Department of Justice; Federal Bureau of Investigation Director Louis Freeh testified about S. 982 during the February 28, 1996, joint hearing with the Select Committee on Intelligence and the Judiciary Committee on economic espionage; and U.S. Secret Service Deputy Assistant Director of Investigations Robert Rasor testified about S. 982 during the October 11, 1995, hearing of the House Committee on Banking and Financial Services Subcommittee on domestic and International Monetary Policy.
        As intended when the law was originally enacted, the Computer Fraud and Abuse statute facilitates addressing in a single statute the problem of computer crime, rather than identifying and amending every potentially applicable statute affected by advances in computer technology. As computers continue to proliferate in businesses and homes, and new forms of computer crimes emerge, Congress must remain vigilant to ensure that the Computer Fraud and Abuse statute is up-to-date and provides law enforcement with the necessary legal framework to fight computer crime. The NII Protection Act will likely not represent the last amendment to this statute, but is necessary and constructive legislation to deal with the current increase in computer crime.
    On June 13, 1996, the Committee on the Judiciary first considered the NII Protection Act, S. 982, as an amendment made by Senators Leahy, Kyl, and Grassley to H.R. 1533, a bill to amend title 18, United States Code, to increase the penalty for escaping from a Federal prison. At that time, with a quorum present, by voice vote, the Committee unanimously accepted the Leahy-Kyl-Grassley amendment to H.R. 1533, and unanimously ordered H.R. 1533, so amended, favorably reported.
        On August 1, 1996, the Committee on the Judiciary, with a quorum present, again accepted an amendment in the nature of a substitute to S. 982 offered by Senator Leahy, on behalf of himself and Senators Kyl and Grassley. The amendment included the provisions in the S. 982, as introduced, with one modification. As discussed in more detail below, the amendment inserted the word ``nonpublic'' before ``computer of a department or agency'' in section 2(1)(C)(I) of the bill. The Leahy-Kyl-Grassley amendment was accepted by voice vote, and the Committee, also by voice vote, then unanimously ordered S. 982, as amended, favorably reported.
  Report of the Senate Committee on the Judiciary on the National Information Infrastructure Protection Act (August 27, 1996)

  • USDOJ, The National Information Infrastructure Protection Act of 1995 www.usdoj.gov/criminal/cybercrime/s982.htm.

• Electronic Communications Privacy Act
• Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347.
  • Requires annual report card of agencies' security efforts
• Information Infrastructure Protection Act of 1996
• Computer Security Act of 1987 | CIO Copy | EPIC | PL 100-235 |
• Jones Telecom:  Computer Fraud
• Electronic Communications Privacy Act
• GSA Computers and Information Technology
• CCIPS:  Federal Computer Intrusion Laws
• DOJ Material
• Legislative Analysis
• CCIPS: Federal Code Related to Cybercrime
• Example statement of a federal agency website warning against illegal activity.

State Law

• Computer Hacking and Unauthorized Access Laws, National Conference of State Legislatures

Government

• DOJ It’s Not Just Fun and "War Games" – Juveniles and Computer Crime, Joseph V. DeMarco, USA Bulletin (May 2001)
• DOJ Working with Victims of Computer Network Hacks, Richard P. Salgado, USA Bulletin(March 2001)
• DOJ Supervised Release and Probation Restrictions in Hacker Cases, Christopher M.E. Painter, USA Bulletin (March 2001)

Caselaw (select cases)

• DOJ Computer Intrusion Cases
• Appellate
  • US v Trotter, No 05-4202 (8th Cir. Feb. 23, 2007) (ruling that Salvation Army's computers are protected computers as they are engaged in interstate communications connected to the Internet)
  • Fiber Systems International v. Roehrs, 2006 WL 3378403 (5th Cir. Nov. 22, 2006) (finding that CFAA authorizes a private right of action for all of its provisions)
  • International Airports Centers v. Citrin, 440 F3d 418 (7th Cir 2006) (company has a cause of action where departing employ deleted files off of laptop and used a trace removal program to scrub the laptop of any vestige of the files)
  • PC Yonkers v. Celebrations the Party and Seasonal Superstore, __ F3d __ (3rd Cir. Nov. 2005) (dismissing claim pursuant to 1030(a)(4) for lack of evidence of anything taken)
  • Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. 2000), aff’d in part, rev’d in part, 356 F.3d 393 (2d Cir. 2004) (facts involved Verio's utilization of a search bot)
  • Theofel v. Farey-Jones, 359 F3d 1066, 1078 (9th Cir 2003)
  • EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (1st Cir. 2003)
  • EFCultural Travel BV v. Explorica, Inc. , 274 F.3d 577 (1st Cir. 2001)
  • former employees data-mined former employers website in contravention of confidentiality agreement and TOS
  • US v Middleton 231 F3d 1207 (9th Cir. 2000) (damages)
  • United States v Kevin Mitnick, 145 F.3d 1342 (9th Cir. 1998)
  • KEVIN DAVID MITNICK LICENSEE OF STATION N6NHG IN THE AMATEUR RADIO SERVICE FOR RENEWAL OF SATION KEVIN DAVID MITNICK FOR RENEWAL OF AMATEUR RADIO GENERAL CLASS OPERATOR LICENSE. Ordered a hearing on the application. (Dkt No. 01-344). Action by: The Commission. Adopted: 12/11/2001 by ORDER. (FCC No. 01-359). WTB
  • Mitnick Banned From Security Group, Security Focus 2/14/03
  • Why Kevin Mitnick Worries Me, Newsfactor 1/3/03
  • KEVIN DAVID MITNICK LICENSEE OF STATION N6NHG IN THE AMATEUR RADIO SERVICE FOR RENEWAL OF STATION LICENSE. Granted application of Kevin David Mitnick for Renewal of License of Station NGNHG in the Amateur Radio Service. (Dkt No. 01-344). Action by: ALJ Richard L. Sippel. Adopted: 12/20/2002 by Initial Decision. (FCC No. 02D-02). OALJ FCC-02D-02A1.pdf FCC-02D-02A1.txt, FCC 1/2/03
  • Freed Hacker Mitnick Debunks Myths Vnunet 10/18/02
  • Hacker Mitnick Sells Laptops, Allafrica 10/3/02
  • Mitnick to Plead for Ham License (Feb 8, 2002), Wired
  • "By this Order, we commence a hearing proceeding before an FCC Administrative Law Judge to determine, ultimately, whether the application of Kevin David Mitnick for renewal of Amateur Radio Station and General Class Operator License N6NHG should be granted. As discussed below, Mr. Mitnick is a convicted felon whose illegal activities have included the interception of electronic communications, computer fraud, wire fraud, and causing damage to computers. Based on the information before us, we believe that Mr. Mitnick's criminal behavior raises a substantial and material question of fact as to whether he possesses the requisite character qualifications to be and remain a Commission licensee. Because we are unable to make a determination that grant of Mr. Mitnick's application would serve the public interest, convenience, and necessity, we hereby designate the application for hearing, as required by Section 309(e) of the Communications Act of 1934, as amended."
  • Discussion of Kevin Mitnick
  • U.S. v. Czubinski, 106 F.3d 1069 (1st Cir. 1997)
    • unauthorized browzing aint no crime
    • unauthorized access to IRS database by IRS employee did not constitute a violation of 1030(a)(4) where government failed to establish anything of value was obtained
  • US v. Sablan, 92 F3d 865 (9th Cir. 1996)
  • Brown v. Waddell, 50 F.3d 285, 294 (4th Cir. 1995) (interception of pager signals)
  • United States v. Davis, 978 F.2d 415, 419–20 (8th Cir. 1992) (interception of satellite signals)
  • U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991)
    • First famous Internet worm from 1988 which led to the establishment of CERT finding that the morris worm fell under the CFAA - "discussing criminal liability for putting a "worm" on the Internet and causing many computer systems to crash.
  • United States v Brown , 925 F2d 1301, 1308 (10th Cir. 1991), where the court held that purely intangible intellectual property, such as a computer program, cannot constitute goods, wares, merchandise, securities, or moneys which have been stolen converted, or taking within the meaning of § 2314."
  • United States v. Stegora, 849 F.2d 291, 292 (8th Cir. 1988).
• District Court
  • Wilson v Moreau (DRI 2006) (attorneys fees do not count towards $5000 damage threshold)
  • Lockheed Martin Corp v. Speed, Case No 6:05-cv-1580-Orl-31KRS (MDFl Aug 1, 2006) (Defendant did not access computers in excess of authority pursuant to s 1030(a)(4) where defendant copied files while still employed by Lockheed, but prior to departing for a rival firm).
  • SecureInfo Corp. v. Telos Corp., 387 F. Supp. 2d 593 (E.D. Va. 2005)
  • Sotelo v. DirectRevenue, L.L.C., 384 F. Supp. 2d 1219 (N.D. Ill. 2005) (applying Trespass to Chattels)
  • IMS Inquiry Management Systems v. Berkshire Information Systems , __ FSupp2d __ (SDNY Feb. 23, 2004) (court found a potential cause of auction where a competitor allegedly gained unauthorized access to a password protected online database through the use of a password issued to and obtained from one of plaintiff’s clients)
  • Southwest Airlines v. Farechase, Co., 318 F. Supp. 2d 435 (N.D. Tex. 2004) (applying Trespass to Chattels)
  • Pacific Aerospace & Elecs., Inc. v. Taylor, 295 F Supp 2d 1188, 1195 (ED Wash 2003).
  • Four Seasons Hotels and Resorts B.V. v. Consorcio Barr, S.A., 267 F. Supp. 2d 1268, 1322 (S.D. Fla. 2003) (access to protected network achieved via spoofing so that unauthorized computer appeared authorized)
  • In re Doubleclick Inc. Privacy Litigation, 154 F.Supp.2d 497 (S.D.N.Y.2001)
    • Court dismissed Computer Fraud and Abuse Act cause of action on grounds that damage caused by cookies did not meet statutory threshold, and that the use of cookies constitutes permissive access
  • In re Intuit Privacy Litigation, 138 F.Supp.2d 1272 (C.D.Cal.2001) (claim that use of cookies violates CFAA dismissed)
  • dismissing claims that cookies violate CFAA but finding a possible cause of action under ECPA’s stored communications provisions
  • Chance v. Avenue A, Inc., 165 F.Supp.2d (W.D.Wash.2001) (claim that use of cookies violates CFAA dismissed)
  • U.S. v. Smith, (D. N.J. May 1, 2001) (David Smith was charged with, and plead guilt to, releasing the Melissa virus and violating 1030(a)(5)(A))
  • Register.com v. Verio, Inc., 126 F. Supp. 2d 238 (S.D. N.Y. 2000)
    • Register.com had given notice to Verio that Verio did not have permission to data mine Register.com’s DNS database
  • Am. Online, Inc. v. Nat’l Health Care Disc., Inc., 121 F. Supp. 2d 1255, 1274 (N.D. Iowa 2000) (degrading network service can constitute damage)
  • Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc., 119 FSupp2d 1121 (WD Wash 2000) (defining “protected computers” broadly)
    • "recent amendments to the federal Computer Fraud and Abuse Act create federal jurisdiction over damage caused to nearly all computers connected to the Internet."
    • "The CFAA was found in this case to provide a civil remedy by a private employer against employees who abuse their authority to access private company information by transmitting it to third parties via Internet email for their own personal advantage."
    • where individual was an employee who copied confidential business information and transmitted it to a competitor, the individual was acting as an agent of the competitor and therefore no longer was acting as an authorized employee, and the copying of the data constituted a breach to the integrity of the network and a loss to the plaintiff which could satisfy the damage thresholds of CFAA.
  • Scott Moulton and Network Installation Computer Services, Inc. v. VC3, Civ. Act. No. 1:00-CV-434-TWT (N.D.Ga. Nov. 6, 2000 ) (Court held that port scan was not actionable under CFAA).
  • eBay, Inc. v. Bidder’s Edge, 100 F. Supp. 2d 1058 (N.D. Cal. 2000) (applying Trespass to Chattels)
  • Shaw v. Toshiba America Information Systems, Inc. , 91 F. Supp. 2d 926 (E.D. Tex. 1999) where the court permitted a claim to go forward on the basis that faulty code had resulted in data loss.
  • America Online, Inc. v. LCGM, Inc., 46 F. Supp. 2d 444 (E.D. Va. 1998) (AOL TOS against SPAM meant access was unauthorized)
  • North Texas Preventive Imaging, L.L.C. v. Eisenberg 1996 U.S. Dist. LEXIS 19990 (C.D. Cal. Aug. 19, 1996) (SA CV 96-71 AHS (EEx))
    • Where plaintiff alleged that defendant placed a disabling code in software without authorization in the license, plaintiff has stated a cause of action for a violation of 1030(a)(5).
    • Sec. IV.A: "On this issue, Senator Leahy stated that the new language would not criminalize the use of disabling code 'when their use is pursuant to a lawful licensing agreement that specifies the conditions for reentry or software disablement.' Although Senator Leahy did not state the converse proposition, i.e., that the bill did criminalize the use of disabling codes which are not specified in a lawful licensing agreement, this is certainly a reasonable implication of the statement. The court has fund nothing in the statute or legislative history to suggest that Congress intended a blanket exemption for the use of time bombs for the CFAA's prohibitions. Rather, time bombs would appear to fall within the statute's proscription on the use of 'codes, information, programs, or commands' to cause harm to protected computer systems. Whether the use of a time bomb is illegal appears to require a case-by-case analysis of the defendant's intent, the type of computer involved, and the resulting harm."
  • US v. Fernandez, 1993 WL 88197 (CDNY): "overruling vagueness objection to 1030(a)(5) and defining the term "federal interest computer""
  • US v. Morris, 728 FSupp 95, 96 (NDNY 1990): "defining elements of crime under 1030(a)(5) (see circuit court)
• Unauthorized Access
  • Thrifty-Tel, Inc. v. Bezenek, 54 Cal. Rptr. 2d 468 (Cal. Ct. App. 1996) ("unauthorized access to telephone system constituted trespass to chattels")

Cybercrimes

1030 Damage

US v. McDaniel (defendant emailed customers of former employer, elucidating them to the security vulnerabilities of the former employee's systems). Stanford Cyberlaw Clinic.

Stored Communications

Christine Souhrada, User Privacy and Anonymity on the Internet 2002 UCLA J.L. & Tech. Notes 22 ("See In re Doubleclick Inc. Privacy Litigation, 154 F.Supp.2d 497 (S.D.N.Y.2001) ("Doubleclick"), In re Intuit Privacy Litigation, 138 F.Supp.2d 1272 (C.D.Cal.2001) ("Intuit"), Chance v. Avenue A, Inc., 165 F.Supp.2d [1153] (W.D.Wash.2001) ("Chance")..... The Intuit court held that accessing the cookies on a user's hard drive, even those that the accessing party placed there, could be found to be an unauthorized access under the statute; however, the Doubleclick and Chance courts held that the EPCA did not protect cookies and that the advertising companies in those cases, to whom the cookies belonged, were exempted from the EPCA.")

Public Information

• Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238, 255 (S.D.N.Y. 2000)
• eBay, Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058, 1065 n.11 (N.D. Cal. 2000)
• Niva Elkin-Koren, Let the Crawlers Crawl: On Virtual Gatekeepers and the Right to Exclude Indexing, 26 U. DAYTON L. REV. 179, 183 (2001)
• Maureen A. O’Rourke, Property Rights and Competition on the Internet: In Search of an Appropriate Analogy, 16 BERKELEY TECH. L.J. 561, 574-80 (2001)

Statistics

• Web Crime Spikes in 2007, Losses Near $240M, Ecommerce Times 4/8/2008
• 2007 Internet Crime Complaint Center Annual Report, IC3 4/8/2008
• Survey: Cost of Cybercrime Reaches $7 Billion, eweek 8/8/2007
• Cybercrime Costs US Economy at Least $117B Each Year, Ecommerce Times 7/27/2007
• E-Crime Watch Survey, CERT 10/3/2006
• 2005 E-CrimeWatch Survey Summary of Findings, CERT 7/26/2005
• Spam, Worms, And Spyware Flourished In Spring, Says Report, Internet Week 7/26/2005
• Updated CERT Statistics, CERT 8/9/2005
• 2005 E-Crime Watch Survey: Summary of Findings, CERT 7/22/2005
• Computer Security Institute Cybercrime report, CSI 7/19/2005
• Cyber Crime Rates, Losses Fall, Says Survey, Internet Week 7/19/2005
• Updated CERT/CC Statistics, CERT 4/11/2005
• Cyber crime booms in 2004, BBC 1/4/2005
• 2004 E-Crime Watch SurveyTM: Summary of Findings, CERT 9/24/2004
• Report finds 84% jump in security incidents, CW 4/7/03
• Cybercrime Statistics from the Bureau of Justice Statistics (BJS)
• CERT/CC Statistics CERT 10/23/02
• US hackers top ICC's annual review of cybercrime, ICC 5/14/03
• FBI survey finds computer attacks up, USA Today 4/8/02
• FBI Cybercrime Rising, CNN 4/8/02
• FBI: Computer System Attacks, Threats on the Rise, Newsfactor 4/8/02
• Updated CERT/CC Statistics, CERT 8/2/02
• Internet Attacks Seen Doubling This Year, ZDNN 10/16/01
• Law enforcers report spike in cybercrime, USAToday 09/01/01
• Record-breaking year for security incidents expected, CW 11/27/01
• Study: Nearly 4,000 DoS attacks occur per week, CNN 5/25/01
• Pentagon Computers Hacked 215 Times in Past Year, Newsfactor 5/18/01

Federal Activity

• Promoting Global Cybersecurity is theme of World Telecommunication Day 2006, ITU 7/26/2005
• Man Indicted for Hacking Computers Belonging to Public Affairs Group (October 22, 2001), DOJ 11/1/01
• May 22 Senate Judiciary Committee Technology Sub "Challenges in Cybercrime: The National Infrastructure Protection Center." 10:00 a.m. in DSOB 226
• Attorney General Ashcroft's Remarks before the First Annual Computer Privacy, Policy & Security Insititute (May 22, 2001), DOJ 5/25/01
• Thursday, May 24, 2001 House Judiciary Comm Oversight Hearing on "Fighting Cyber Crime: Efforts by State and Local Officials. 10:30 am 2237 RHOB, Cong 5/23/01
• Joseph DeMarco, It's Not Just Fun and "War Games" - Juveniles and Computer Crime, US Attorney's Bulletin (May 2001)
• "Cybercrime Summit:  A Law Enforcement/Information Technology Industry Dialogue  April 5 2000
• "On April 5, 2000, the Department of Justice hosted a Cybercrime Summit at Stanford Law School, titled "Cybercrime Summit:A Law Enforcement/Information Technology Industry Dialogue on Prevention, Detection, Investigation and Cooperation," at which Attorney General Janet Reno and members of the Justice Department and other law enforcement agencies met with  representatives of information technology and Internet companies.  The main topic of the Summit was how to improve cooperation between law enforcement and industry in investigating computer network hacking.  Linked below are the Attorney General’s Opening Remarks from the Summit, as well as the Question & Answer session between industry representatives and the Attorney General.
• "Opening Remarks of Attorney General Janet Reno at the Cybercrime Summit (April 5, 2000)
• "Question and Answer Session with Attorney General Janet Reno at the Cybercrime Summit (April 5, 2000) "
• THE ELECTRONIC FRONTIER: THE CHALLENGE OF UNLAWFUL CONDUCT INVOLVING THE USE OF THE INTERNET A Report of the President’s Working Group on Unlawful Conduct on the Internet March 2000
• Statement for the Record of W. Hagmaier III, Unit Chief Morgan P. Hardiman Child Abduction and Serial Murder Investigative Resource Center National Center for the Analysis of Violent Crime Critical Incident Response Group Federal Bureau of Investigation on Internet Predators Before the Senate Subcommittee on Children and Families of the  Health, Labor, and Pensions Washington, D.C. March 28 2000
• Mar 9 Senate Small Business Committee CyberCrime: Can a Small Business Protect Itself? 9:30 a.m. 428A Senate Russell Office Building.
• Testimony by Attorney General Janet Reno before the United States Senate Committee on Appropriations (February 16, 2000)
• Remarks of the Honorable Janet Reno, Attorney General of the United States, to the National Association of Attorneys General (January 10, 2000)
• Speech by Attorney General Janet Reno before the High Technology Crime Investigation Association 1999 International Training Conference (September 20, 1999)
• "The Cybercitizen Partnership:  Industry and Government Alliance
• "On March 15, 1999, Attorney General Janet Reno announced a new Cybercitizen Partnership, a new alliance between law enforcement and the technology community.  The goal of the partnership is to coordinate the efforts of government, industry and the public to ensure public safety and responsible computer use. The partnership will also promote computer ethics and civic responsibility in the cyber age and aid law enforcement and industry in the battle against  "on-line outlaws."  The partnership will consist of three complementary segments.  The first segment is a "good cybercitizenship" public awareness campaign.  The second is a user-friendly computer and network security directory to help public and private sector organizations quickly find computer security resources.  The third is an Information Security Professional fellowship program between industry and government that will raise the awareness levels of participants with respect to the views, perspectives and needs of their respective counterparts. Source
• "Statement by Attorney General Janet Reno to Announce the Cybercitizen Partnership at the ITAA Policy Summit (March 15, 1999)
• "ITAA and Attorney General Janet Reno Unveil New Tech Partnership (March 15, 1999)
• President Clinton's Speech to National Academy of Sciences (January 22, 1999)

Federal Agencies

Papers

• Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Research and Development Agenda. Institute for Security Technology Studies, Dartmouth College. June 2004.
• Christine D. Galbraith, Access Denied: Improper Use of the Computer Fraud and Abuse Act to Control Information on Publicly
  Accessible Internet Websites, 63 MD. L. REV. 320 (2004).
• Orin Kerr, Cybercrime's Scope: Interpreting "Access" and "Authorization" in Computer Misuse Statutes, 78 NYUL Rev. 1596, Nov. 2003 PDF
• Crime, Privacy, and Accountability on the Internet B599, Spring 2001Course Description
• Cybercrimes Along the Information Superhighway, The Difficulties of Prevention, Detection, and Prosecution, by Marc S. Friedman and Kristen Papathomas 2000
• MIT Course: 6.805/STS085: Readings on Computer Crime
• Lee M Zeichner, Use of the Defense Production Act of 1950 for Critical Infrastructure Protection (Sept 2001)
• Computer Records and the Federal Rules of Evidence Orin S. Kerr USA Bulletin (March 2001) 
• Crime, Privacy, and Accountability on the Internet B599, Spring 2001Course Description
• Cybercrimes Along the Information Superhighway, The Difficulties of Prevention, Detection, and Prosecution, by Marc S. Friedman and Kristen Papathomas 2000
• Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime Ralph Clifford 2001
• McConnell, CYBER CRIME . . . AND PUNISHMENT? ARCHAIC LAWS THREATEN GLOBAL INFORMATION December 2000
• Wendy Leibowitz, Judges Having Hard Time With Computer Crime: Sentencing Standards Aren't Clear Cut, National Law Journal (1998)
• Joseph M Olvenbaum, Ctrl-Alt-Delete: Rethinking Federal Computer Crime Legislation, Seton Hall L Rev. (1997)
• USG
  • GAO Cybercrime: Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
  • DOJ, The Electronic Frontier:  The Challenge of Unlawful Conduct Inviting the use of the Internet (March 2000)
  • DOJ: Field Guidance on New Authorities that Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001
  • DOJ, The Electronic Frontier:  The Challenge of Unlawful Conduct Inviting the use of the Internet (March 2000)
  • DOJ 1997 Report on the Availability of Bombmaking Information
  • US DOJ Search Manual
  • Secret Service:  Best Practices for Seazing Electronic Evidence 

Books

• John W. Rittinghouse, William M. Hancock, Cybersecurity Operations Handbook, Elsevier Press.
• David Loudy, Computer Crime, Information Warfare, And Economic Espionage ( Carolina Academic Press 2003)
• The Transnational Dimension of Cyber Crime and Terrorism, Hoover 2/28/03
• Networks and Netwars: The Future of Terror, Crime, and Militancy John Arquilla, David Ronfeldt (editors), RAND 2002
• The CERT(R) Guide to System and Network Security Practices by Julia H. Allen 
• Trust in Cyberspace by Fred B. Schneider (Editor), National Research Council (1999) 
• Inside Internet Security: What Hackers Don't Want You To Know by Jeff Crume 
• Definitive Guide to Criminal Justice and Criminology on the World Wide Web, The 
• Hack Attacks Encyclopedia: A Complete History of Hacks, Cracks, Phreaks, and Spies over Time by John Chirillo 
• The Hacker Ethic by Pekka Himanen, et al 
• Cyberpunk: Outlaws and Hackers on the Computer Frontier, 1991, by Hafner and Markoff (discusses Kevin Mitnick, Morris Worm, and the German Chaos Computer Club) 
• Bruce Sterling, The Hacker Crackdown: Law and Disorder on the Electronic Frontier, 1992 
• The Cuckoo's Egg, Clifford Stoll 
• Michelle Slatalla and Joshua Quittner, Masters of Deception: The Gang that Ruled Cyberspace, 1995 
• David Freedman and Charles Mann, At Large : The Strange Case of the World's Biggest Internet Invasion, 1997 
• The Fugitive Game : Online With Kevin Mitnick by Jonathan Littman 

Webcasts & Podcasts

• Links
  • FAA Cybersecurity Distinguished Lecturer Series
• Kevin Mitnick on the Kojo Nnamdi Show Jan 2003
• NANOG: CAIDA: Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?

Links

• NAAG Projects: Cybercrime
• Internet Crimes Against Children Task Force

News

• Drew Indictment Suggests Vast New Expanse of CFAA Liability, Techlaw 5/22/2008
• A girl's suicide is a very tragic case, but should it be a "federal case"?, CDT 5/15/2008
• Prosecutors Go Overboard In Indicting Woman Involved In MySpace Hoax That Resulted In Suicide, Techdirt 5/15/2008
• Tragic Case Could Lead to Very Bad Legal Precedent, IP Democracy 5/15/2008
• Police Officers' Can Search Your iPhone Following Arrest For A Traffic Violation, Techdirt 1/22/2008
• North Dakota Judge Gets it Wrong, CircleID 1/17/2008
• U.S. Man Gets Record Sentence for Computer Sabotage, NYT 1/9/2008
• Damage under CFAA must involve some diminution of the system to be actionable, Internet Cases 1/29/2008
• Anti-Spammer Fined For DNS Lookup Of Spammer, Techdirt 1/22/2008
• Damages available under Computer Fraud and Abuse Act, even though no "interruption of service", Internet Cases 8/24/2007
• Stiffer Cyber Laws to Crack Down on Botnets, Spyware, Wired 6/5/2007
• EU wages war on cybercrime, CNET 5/25/2007
• Brussels to Wage War on Cybercrime, Business Week 5/25/2007
• ITU 2006 Plenipotentiary Resolutions Relating to Cybersecurity, ITU 2/6/2007
• We're Number One! ... For Malicious Internet Activity, eWeek 3/21/2007
• Cyber-Criminals and Their Tools Getting Bolder, More Sophisticated, Wash Post 3/14/2007
• 3 Indicted in Online Brokerage Hacking Scheme, Wash Post 3/14/2007
• Net safety day marked worldwide, BBC 2/6/2007
• Click Fraud Reportedly Up, Clickz 2/1/2007
• DOJ official: Cybercrime cooperation advances, CW 10/24/2006
• In Washington, a Net protector or predator?, CNET 10/3/2006
• Cyber crimes becoming more organized ? official, America's Network 9/18/2006
• Morocco jails two for disrupting U.S. computers, Reuters 9/12/2006
• Computer System Under Attack, Wash Post 10/6/2006
• Scientists study terrorist Internet attack, Monsters 9/29/2006
• International crime rings, not hackers, true Internet villains, AFP 8/8/2006
• Denial-of-service hacking soars, BBC 3/9/2006
• Symantec Report: Cybercrime on the Rise, Ecommerce Times 3/7/2006
• Gov't Cyber-sleuths Focusing on Linux, iPod, Xbox, eweek 1/13/2006
• Internet Watchdogs Struggle to Keep Pace with Online Criminals, VoA 9/30/2005
• FAA CIO says cybersecurity incomplete govwide, FCW 8/5/2005
• Cyber criminals step up the pace, BBC 12/7/2004
• FBI Pursuing More Cyber-Crime Cases, Wash Post 11/5/2004
• Secret Service busts online organized crime ring, CW 10/29/2004
• ISS: Critical Netscape hole could be widespread, NW Fusion 8/25/2004
• Holes left in Windows XP update, BBC 8/25/2004
• California Man Admits Hacking Into Computers of High-Technology Company, DOJ 9/7/2004
• Justice to Announce Cyber-Crime Crackdown, Wash Post 8/25/2004
• Former Employee of a Massachusetts High-Technology Firm Charged with Computer Hacking (August 23, 2004), DOJ 8/25/2004
• Why cyberscofflaws get off easy, CNET 8/18/2004
• Feds nab 125 in global cybercrime sweep, CNN 11/21/2003
• Singapore tackles 'cyber terror', BBC 11/11/2003
• Feds nab 125 in global cybercrime sweep, CNN 11/21/2003
• Singapore tackles 'cyber terror', BBC 11/11/2003
• Questions cloud cyber crime cases, BBC 10/17/2003
• EU cybercrime plans may be put on hold, CNET 6/6/03
• Feds nab 135 in cybercrime sweep, CNN 5/16/03
• Government Arrests 135 in Cybercrime Crackdown, Ecommerce Times 5/19/03
• FBI, Lycos Team Up In Fugitive Hunt, AP 12/13/02
• Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, CERT 12/4/02
• CyberNotes Issue #2002-23, 11/18/2002, NIPC 12/2/02
• The FBI's Cybercrime Crackdown Newsfactor 11/8/02
• Europe's cops can't collar cybercriminals CNET 11/1/02
• Cybercrime Experts See Need For Laws Reuters 10/18/02
• Cybercrime Costs World Billions Reuters 10/15/02
• Cyber Terror Threat Overrated vnunet 10/15/02
• Cyberterrorism Concerns IT Pros, Cyberatlas 8/21/02
• Cybercrime reporting procedure draws fire , CW 2/20/02
• U.S. Backing for Guidelines on Fighting CyberCrime, NYT 2/13/02
• Government Renews Cybercrime Push, CNET 2/13/02
• Outside Hackers vs. the Enemy Within: Who's Worse?, Newsfactor 2/4/02
• NASA hacker gets 21 months in jail, MSNBC 2/4/02
• Internet Doctor Convicted in Oklahoma City (January 30, 2002), DOJ 2/4/02
• Justice Dept. To Hire More Computer Crime Attorneys, Newsbytes 2/1/02
• Overworked hackers' archive closes, Ananova 1/28/02
• FBI Raid Severely Disrupted Islamic Net - Group, Newsbytes 9/7/01FBI Terrorism Task Force Raids Arab Web Hosting Firm, Newsfactor 9/7/01
• India to open first cybercrime police station, CNN 09/01/01
• Hackers Move Too Fast For CIA, AP 6/21/01
• Attack On US State Dept. Shuts Down Internal Servers, Newsbytes 5//11/01
• U.S. in Quandary Over Cybercrime Issues, Newsfactor 3/19/01
• Fight Against Cybercrime Stalls, Boston Globe 3/21/01
• Internet crime sprees getting more costly, ZDNet 3/12/01
• A World Wide Web Of Organized Crime, BWO 3/14/01
• Congress seeks headway against hackers, CNET 3/2/01

• News Archive Continued