Unlawful intrusions like the infamous Target hack that occurred on Black Friday in November 2103 would be prosecuted under 1030(a)(2)(c), (a)(4) and § 1030(b) of the Act. Although the Target hack was sophisticated in method and extensive in scope, the underlying principles of every computer crime is similar, i.e. hack into the system, obtain data of value, and use it directly for fraudulent purposes or sell it someone who will.
As with all federal offenses, people charged and convicted of crimes under the CFAA will be sentenced under the United States Sentencing Guidelines (Guidelines). The Guidelines applicable to cyber crime are the basic fraud and theft provisions of U.S.S.G. § 2B1.1. In computer fraud cases, the base offense level is normally 6 which is then increased after the amount of loss is calculated. In all fraud cases, calculation of the “amount of loss” can be a difficult endeavor but in cyber crime cases even more so. For example, in a credit card phishing case in which the defendant charged $100,000 worth of purchases to fraudulently obtained credit card numbers and also possessed an additional 25 credit card numbers that he had not used, the amount of loss will not be limited to the $100,000 but the “intended loss,” i.e. the additional unused 25 credit card numbers will be factored into the Guideline calculation.
Unfortunately for the defendant, the Government must prove the amount of loss only by a preponderance of evidence. In addition, the Guidelines suggest that courts look not only at the actual loss and intended loss but also any additional harms, whether or not reasonably foreseeable, including the reasonable cost to the victim of responding to the offense and restoring the computer system to its state prior to the offense.
Also problematic to the defendant are the number of enhancements under U.S.S.G. 2B1.1 to the offense level calculation. Besides the loss, the Guidelines enhances the sentence if the number of victims exceeds 10, if the offense involved sophisticated means, if the defendant used a “special skill” in a manner to facilitate the commission or conceal the offense, if the information obtained was of a private nature like medical records or emails, and if the offense was committed outside of the United States.
As one can see, the Guidelines are harsh for the individual charged with a computer fraud. An offense wherein the loss is over $120,000 but less than $200,000 starts with an offense level of 16 (base offense level of 6 + 10 for amount of loss). But if the hack was done with a special skill, sophisticated means, and more than 10 victims, the offense level increases to a level 22. If that individual has some misdemeanor offense, perhaps a D.U.I., resulting in a Criminal History II, then the Guidelines recommend a prison sentence of 46-57 months with no chance of probation.
Cyber crime and all types of computer fraud are on the rise and prosecutors and law enforcement are prepared to both investigate and prosecute in a zealous manner. The Federal Sentencing Guidelines are harsh for these offenses with many enhancements that recommend lengthy prison sentences. It is important to hire an experienced federal lawyer to protect your interest during an investigation and seek the best outcome for you if you are charged with a federal crime.
If you are under investigation for or charged with a federal offense, contact federal criminal defense attorney Joe Edwards at 614-309-0243.
View Joe’s Videos