U.S. Department of Justice - CyberCrime.gov Archived Computer Crime Legal Resources

"Prosecuting Computer Crimes" Manual
First published February, 2007

Federal Criminal Code Related to Computer Intrusions
A number of federal criminal statutes relate to computer intrusion and other computer- and network-based offenses, including the following:

  • 18 U.S.C. 1028. Fraud and related activity in connection with identification documents, authentication features, and information
  • 18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices
  • 18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers
  • 18 U.S.C. § 1362. Communication Lines, Stations, or Systems
  • 18 U.S.C. § 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications
  • 18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access
  • 18 U.S.C. § 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information
The text of the United States Code is available on a number of sites, including the following:

Sentencing Guidelines that Relate to Computer Intrusions
For Sentencing Guidelines information (including U.S.S.G. § 2B1.1, the Guidelines provision applicable to most computer intrusion offenses) see the United States Sentencing Commission website.

Archived Computer Crime Legal Resources

The Department of Justice continually provides informal guidance to prosecutors and investigators as they work through complex substantive, procedural and practical elements of computer crime cases. While this guidance does not provide any legal rights or obligations, it is helpful to law enforcement as they address challenging questions of law, policy or practice. Additional information on this subject is available below.

  • Past Legislation

    Guidance on New Authorities that Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001 (October 2001)

    On October 26, 2001, the United States of America Patriot Act of 2001 was enacted into law. Within the Act, several laws relating to computer crime and electronic evidence have been amended.
    Specific information on these changes is available via the link below.

    Tracking a Computer Hacker, Daniel A. Morris, USA Bulletin (May 2001)

    A report written near the start of the Information Age warned that America's computers were at risk from hackers. It said that computers that"control [our] power delivery, communications, aviation and financial services [and] store vital information, from medical records to business plans, to criminal records," were vulnerable from many sources, including deliberate attack. "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb." National Research Council, "Computers at Risk," 1991.
    Additional information on this subject is available via the link below.

    It's Not Just Fun and "War Games" – Juveniles and Computer Crime, Joseph V. DeMarco, USA Bulletin (May 2001)

    In the 1983 movie "War Games," Matthew Broderick and Ally Sheedy play high school students who inadvertently access the NORAD computer network, thinking that they are merely playing a "war game" with the computers. As a consequence, Broderick and Sheedy come Hollywood-close to initiating a nuclear exchange between the United States and the Soviet Union. In order to accomplish this hack, Broderick configures his PC's modem to automatically dial random telephone numbers in the city where the computers he hopes to break into are located. When Sheedy asks Broderick how he pays for all the telephone calls, Broderick coyly tells her that "there are ways around" paying for the phone service. Sheedy asks: "Isn't that a crime"? Broderick's reply: "Not if you are under eighteen."

    Additional information on this subject is available via the link below.

    Working with Victims of Computer Network Hacks, Richard P. Salgado, USA Bulletin (March 2001)

    In our ten years' experience in detecting, locating, and prosecuting network intruders (hackers) we have seen that, as with many offline crimes, robust law enforcement alone cannot solve the network intruder problem. To be effective, any overall strategy must include the owners and operators of the nation's computer networks. They are the first line of defense and have the responsibility to take reasonable measures to ensure that their systems are secure. They are also in the best position to detect intrusions and take the first critical steps to respond. At the most basic level, we rely on network operators to report to us when their systems are hacked. Intrusion victims, however, are often even more reluctant to call law enforcement than other business victims. This reluctance has been reflected in the surveys conducted jointly by the Computer Security Institute and the FBI. In the year 2000 survey, for example, only 25% of the respondents who experienced computer intrusions reported the incidents to law enforcement. To better understand why and to learn how we can promote reporting, the Department of Justice has undertaken a concerted effort to reach out to the operators of our nation's computer networks.

    Additional information on this subject is available via the link below:

    Supervised Release and Probation Restrictions in Hacker Cases, Christopher M.E. Painter, (March 2001)

    An often overlooked aspect of sentencing in computer crime cases are conditions that the court can impose as part of a sentence of probation or supervised release. These conditions can be tailored to restrict, among other things, a defendant's employment, associations, and other activities, once he is released from any term of imprisonment the court imposes to protect the public and aid in a defendant's rehabilitation. Such conditions are routinely imposed in non-computer crime cases. For example, in bank fraud cases or insurance fraud cases, courts often impose conditions restricting a defendant's employment in those industries. In investment fraud cases, defendants are prohibited from handling other people's money and in telemarketing cases, courts have prohibited defendants from soliciting investors, using names other than their own and have even restricted their access to telephones.

    Additional information on this subject is available via the link below.






<<< Return to Cyber Crime Index